Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Check all hash types when validating archives #4740

Closed
wants to merge 2 commits into from
Closed

feat: Check all hash types when validating archives #4740

wants to merge 2 commits into from

Conversation

neersighted
Copy link
Member

@neersighted neersighted commented Nov 12, 2021
edited
Loading

This allows for much-improved compatibility when interfacing with legacy
PyPI-compatible repositories.

This is a successor PR to #4486, and closes #4578 and #4085.
This PR is also a forward-port of #4529.

@neersighted neersighted added status/waiting-on-core Requires changes to poetry-core first kind/feature Feature requests/implementations labels Nov 12, 2021
@neersighted neersighted force-pushed the neersighted/hash_algos branch from 8b1a3b4 to a38ec72 Compare November 12, 2021 16:23
@neersighted neersighted requested a review from a team November 12, 2021 16:23
@neersighted neersighted mentioned this pull request Nov 12, 2021
Closed
1 task
@sdispater
Copy link
Member

I think we can implement it similarly to what is present in 1.1 (see #4529).

To be honest, I forgot to port it to the master branch when fixing it in the 1.1 branch.

@neersighted
Copy link
Member Author

neersighted commented Nov 12, 2021
edited
Loading

I think we can implement it similarly to what is present in 1.1 (see #4529).

To be honest, I forgot to port it to the master branch when fixing it in the 1.1 branch.

Didn't even see that! I'll port that version to master and push it to this PR in a bit.

@neersighted neersighted force-pushed the neersighted/hash_algos branch 2 times, most recently from 16c445c to ad027bb Compare November 13, 2021 06:31
@neersighted neersighted changed the title feat: Support algorithms other than sha256 when validating hashes feat: Check all hash types when validating archives Nov 13, 2021
@neersighted neersighted force-pushed the neersighted/hash_algos branch from ad027bb to d4498a1 Compare November 13, 2021 16:36
@neersighted neersighted marked this pull request as draft November 13, 2021 16:37
@neersighted neersighted force-pushed the neersighted/hash_algos branch 3 times, most recently from dfee00c to a1245d1 Compare November 13, 2021 20:07
@neersighted neersighted removed the status/waiting-on-core Requires changes to poetry-core first label Nov 13, 2021
@neersighted neersighted mentioned this pull request Nov 14, 2021
Closed
2 tasks
@neersighted neersighted force-pushed the neersighted/hash_algos branch 2 times, most recently from 5e2d872 to a0dec58 Compare November 16, 2021 10:36
@neersighted neersighted mentioned this pull request Nov 19, 2021
Open
@neersighted
feat: Check all hash types when validating archives
d342448 
This allows for much-improved compatibility when interfacing with legacy
PyPI-compatible repositories.

This is a successor PR to #4486, and closes #4578 and #4085.
This PR is also a forward-port of #4529.
@neersighted
feat: always use sha256 for pep610 archive_info
439dd97
@neersighted neersighted force-pushed the neersighted/hash_algos branch from a0dec58 to 439dd97 Compare November 19, 2021 05:34
@haf
Copy link

haf commented Feb 4, 2022

What's the status of this?

Poetry 1.1.11 fails with

'Link' object has no attribute 'name'

1.1.12 fails with:

Package operations: 34 installs, 0 updates, 0 removals

  • Installing fonttools (4.29.1): Failed

  RuntimeError

  Invalid hashes (sha256:9f14340a5d9b83844a568fd5df480b4a9c915d98803e750094b810b16653a4a7) for fonttools (4.29.1) using archive fonttools-4.29.1-py3-none-any.whl. Expected one of sha256:1933415e0fbdf068815cb1baaa1f159e17830215f7e8624e5731122761627557, sha256:2b18a172120e32128a80efee04cff487d5d140fe7d817deb648b2eee023a40e4.

This was referenced Mar 15, 2022
Closed
Closed
@neersighted
Copy link
Member Author

Closing this as not a complete design/unable to be merged in its present form.

@neersighted neersighted closed this Jun 4, 2022
@neersighted neersighted mentioned this pull request Sep 26, 2022
Closed
2 tasks
@github-actions GitHub Actions
Copy link

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 29, 2024
@neersighted neersighted deleted the neersighted/hash_algos branch March 23, 2024 17:30
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
kind/feature Feature requests/implementations
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enable multiple file hashing methods for backwards and forwards compatibility
3 participants
@neersighted @sdispater @haf