From 361ebea85c17bcb68f6aacf376d22de05141a929 Mon Sep 17 00:00:00 2001 From: Dorian Date: Sun, 19 Apr 2026 15:41:48 -0400 Subject: [PATCH] fix(iso): verify_backend_version uses fixed-string substring match MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Anchored regex was too strict — `strings` concatenates adjacent printable bytes so the version never sits on its own line. The 1.5.0-alpha binary DOES contain the version but as part of `1.5.0-alpharpcNot Found`. Fixed by switching to `grep -qF $VERSION`: substring match is safe because the version string is specific enough that accidental collisions are vanishingly unlikely. Caught mid-build today: check rejected the correct local binary, fell through to container source-build — ISO still produced correctly but wasted ~10 min on an unnecessary rebuild. Co-Authored-By: Claude Opus 4.7 (1M context) --- image-recipe/build-auto-installer-iso.sh | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/image-recipe/build-auto-installer-iso.sh b/image-recipe/build-auto-installer-iso.sh index 777fafff..6ed53534 100755 --- a/image-recipe/build-auto-installer-iso.sh +++ b/image-recipe/build-auto-installer-iso.sh @@ -1024,17 +1024,18 @@ echo " Expected backend version (from Cargo.toml): $EXPECTED_VERSION" verify_backend_version() { local bin="$1" - local embedded - # CARGO_PKG_VERSION is compiled into the binary as a string literal; - # the easiest way to recover it without running the daemon is to grep - # the binary for an anchored version string. This is cheap and safe. - embedded=$(strings "$bin" 2>/dev/null | grep -E "^${EXPECTED_VERSION}$" | head -1) - if [ -z "$embedded" ]; then - echo " ⚠️ Captured binary does NOT contain expected version $EXPECTED_VERSION — it is stale" - return 1 + # CARGO_PKG_VERSION is compiled into the binary as a string literal. + # `strings` output concatenates adjacent printable bytes, so the + # version rarely sits on its own line — a fixed-string substring + # match is the right tool. The version is specific enough (e.g. + # "1.5.0-alpha") that accidental collisions with unrelated data + # are vanishingly unlikely. + if strings "$bin" 2>/dev/null | grep -qF "$EXPECTED_VERSION"; then + echo " ✅ Version match: binary contains $EXPECTED_VERSION" + return 0 fi - echo " ✅ Version match: binary contains $EXPECTED_VERSION" - return 0 + echo " ⚠️ Captured binary does NOT contain expected version $EXPECTED_VERSION — it is stale" + return 1 } # Check for local release binary first (works for both BUILD_FROM_SOURCE and normal mode)