Skip to content

Comments

feat: Check all hash types when validating archives#4740

Closed
neersighted wants to merge 2 commits intomasterfrom
neersighted/hash_algos
Closed

feat: Check all hash types when validating archives#4740
neersighted wants to merge 2 commits intomasterfrom
neersighted/hash_algos

Conversation

@neersighted
Copy link
Member

@neersighted neersighted commented Nov 12, 2021

This allows for much-improved compatibility when interfacing with legacy
PyPI-compatible repositories.

This is a successor PR to #4486, and closes #4578 and #4085.
This PR is also a forward-port of #4529.

@neersighted neersighted added status/waiting-on-core Requires changes to poetry-core first kind/feature Feature requests/implementations labels Nov 12, 2021
@neersighted neersighted force-pushed the neersighted/hash_algos branch from 8b1a3b4 to a38ec72 Compare November 12, 2021 16:23
@neersighted neersighted requested a review from a team November 12, 2021 16:23
@sdispater
Copy link
Member

I think we can implement it similarly to what is present in 1.1 (see #4529).

To be honest, I forgot to port it to the master branch when fixing it in the 1.1 branch.

@neersighted
Copy link
Member Author

neersighted commented Nov 12, 2021

I think we can implement it similarly to what is present in 1.1 (see #4529).

To be honest, I forgot to port it to the master branch when fixing it in the 1.1 branch.

Didn't even see that! I'll port that version to master and push it to this PR in a bit.

@neersighted neersighted force-pushed the neersighted/hash_algos branch 2 times, most recently from 16c445c to ad027bb Compare November 13, 2021 06:31
@neersighted neersighted changed the title feat: Support algorithms other than sha256 when validating hashes feat: Check all hash types when validating archives Nov 13, 2021
@neersighted neersighted force-pushed the neersighted/hash_algos branch from ad027bb to d4498a1 Compare November 13, 2021 16:36
@neersighted neersighted marked this pull request as draft November 13, 2021 16:37
@neersighted neersighted force-pushed the neersighted/hash_algos branch 3 times, most recently from dfee00c to a1245d1 Compare November 13, 2021 20:07
@neersighted neersighted removed the status/waiting-on-core Requires changes to poetry-core first label Nov 13, 2021
@neersighted neersighted mentioned this pull request Nov 14, 2021
2 tasks
@neersighted neersighted force-pushed the neersighted/hash_algos branch 2 times, most recently from 5e2d872 to a0dec58 Compare November 16, 2021 10:36
This allows for much-improved compatibility when interfacing with legacy
PyPI-compatible repositories.

This is a successor PR to #4486, and closes #4578 and #4085.
This PR is also a forward-port of #4529.
@neersighted neersighted force-pushed the neersighted/hash_algos branch from a0dec58 to 439dd97 Compare November 19, 2021 05:34
@haf
Copy link

haf commented Feb 4, 2022

What's the status of this?

Poetry 1.1.11 fails with

'Link' object has no attribute 'name'

1.1.12 fails with:

Package operations: 34 installs, 0 updates, 0 removals

  • Installing fonttools (4.29.1): Failed

  RuntimeError

  Invalid hashes (sha256:9f14340a5d9b83844a568fd5df480b4a9c915d98803e750094b810b16653a4a7) for fonttools (4.29.1) using archive fonttools-4.29.1-py3-none-any.whl. Expected one of sha256:1933415e0fbdf068815cb1baaa1f159e17830215f7e8624e5731122761627557, sha256:2b18a172120e32128a80efee04cff487d5d140fe7d817deb648b2eee023a40e4.

@neersighted
Copy link
Member Author

Closing this as not a complete design/unable to be merged in its present form.

@github-actions
Copy link

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 29, 2024
@neersighted neersighted deleted the neersighted/hash_algos branch March 23, 2024 17:30
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

kind/feature Feature requests/implementations

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Enable multiple file hashing methods for backwards and forwards compatibility

3 participants