[Issue/Discussion] rocks can't install packages with weird versions

[mrcjkb]

Some packages have really strange versioning schemes:

Example:

• lua-cjson: 2.1.0.10-1 has a 4th digit, and the patch version is always 0.

Currently, we fail to parse these versions.
We could try to put anything between the patch version and the specrev as a semver::Prerelease.
But the behaviour might be undefined.

luarocks.core.vers actually allows for an arbitrary number of digits and compares up to

math.max(#v1, #v2)

effectively appending zeros.

From the semver docs:

/// # Syntax
///
/// Pre-release strings are a series of dot separated identifiers immediately
/// following the patch version. Identifiers must comprise only ASCII
/// alphanumerics and hyphens: `0-9`, `A-Z`, `a-z`, `-`. Identifiers must not be
/// empty. Numeric identifiers must not include leading zeros.
///
/// # Total ordering
///
/// Pre-releases have a total order defined by the SemVer spec. It uses
/// lexicographic ordering of dot-separated components. Identifiers consisting
/// of only digits are compared numerically. Otherwise, identifiers are compared
/// in ASCII sort order. Any numeric identifier is always less than any
/// non-numeric identifier.

... we might have to do something hacky.

An alternative option would be to say we just don't support non-SemVer compliant versions.
If a package wants to be compatible with rocks, they have to support SemVer.
In the long run, that might make life easier for everyone.

[mrcjkb]

In any case, I think we currently don't parse prerelease or build metadata, which we probably should.

[mrcjkb]

Damn... with arbitrary numbers of digits allowed in version requirements (e.g., > 1-1, < 1.2.0.10.15.200.1.0) - which is what you'll need if you want to install the latest lua-cjson "version", this is going to be a huge PITA.

Our current implementation removes all specrevs by splitting on -.
This also removes potential prerelease identifiers.