Fuzzy version matching does not work and does not raise an error

[mbrancato]

The apk package manager supports fuzzy version matching: https://wiki.alpinelinux.org/wiki/Alpine_Package_Keeper#Package_pinning

When using the fuzzy matching operator in apko, it does not produce expected results. Generally, if you attempt to use valid or invalid version matching operators, apko installs the latest version. It also doesn't raise any error. I've tested this with apko 0.22.0 thru 0.25.5.

Minimal example:

contents:
  repositories:
    - https://packages.wolfi.dev/os
  keyring:
    - repo-keys/wolfi-signing.rsa.pub
  packages:
    - kubectl~=1.28

This will install kubectl 1.32, currently.

2025/03/25 18:51:14 INFO installing kubectl-1.32 (1.32.3-r2) arch=aarch64
2025/03/25 18:51:14 INFO installing kubectl-1.32-default (1.32.3-r2) arch=aarch64

Compare that to using apk in Wolfi, which installs 1.28.

% docker run -it --rm chainguard/wolfi-base
d985a69c5250:/# apk update
fetch https://packages.wolfi.dev/os/aarch64/APKINDEX.tar.gz
 [https://packages.wolfi.dev/os]
OK: 146280 distinct packages available
d985a69c5250:/# apk add kubectl~=1.28
(1/1) Installing kubectl-1.28 (1.28.6-r0)
Executing busybox-1.37.0-r0.trigger
OK: 58 MiB in 16 packages

Additionally, some other odd operators have unexpected results. This includes things like >~, >>~, ~<>~ - which likely should throw an error as well.

[aryasoni98]

@mbrancato I've raised the PR. Please review it, and if everything looks good, feel free to merge it.

Thanks!