• I am on the latest Poetry version.

• I have searched the issues of this repo and believe that this is not a duplicate.

• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Ubuntu Bionic (within Docker)

• Poetry version: 1.0.5

• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/slai/9d0d442fe7e4f4ea04e8f658b675192a#file-poetry_no_hash_check-dockerfile-L22-L33

Issue

It appears that Poetry does not check the hashes of the packages in poetry.lock when installing packages using poetry install.

The Dockerfile in this gist (https://gist.github.com/slai/9d0d442fe7e4f4ea04e8f658b675192a) demonstrates the issue. It runs poetry lock, mangles the hashes in poetry.lock, then runs poetry install. This succeeds, with no errors.

I would expect poetry install to fail in this case, or at least print a warning for packages where the hash does not match.