From 081d213e3d466ef8144e95ac4d229d45956d56a9 Mon Sep 17 00:00:00 2001 From: Charlie Marsh Date: Sat, 11 May 2024 18:30:24 -0400 Subject: [PATCH] Always require hashes for wheels --- crates/uv-resolver/src/lock.rs | 16 ++-- ...r__lock__tests__hash_optional_missing.snap | 96 ------------------- ...er__lock__tests__hash_required_absent.snap | 16 ++++ 3 files changed, 24 insertions(+), 104 deletions(-) delete mode 100644 crates/uv-resolver/src/snapshots/uv_resolver__lock__tests__hash_optional_missing.snap create mode 100644 crates/uv-resolver/src/snapshots/uv_resolver__lock__tests__hash_required_absent.snap diff --git a/crates/uv-resolver/src/lock.rs b/crates/uv-resolver/src/lock.rs index f67b092a967..bcb0e8e6063 100644 --- a/crates/uv-resolver/src/lock.rs +++ b/crates/uv-resolver/src/lock.rs @@ -163,9 +163,9 @@ impl TryFrom for Lock { } // Also check that our sources are consistent with whether we have // hashes or not. - let requires_hash = dist.id.source.kind.requires_hash(); if let Some(ref sdist) = dist.sourcedist { - if requires_hash != sdist.hash.is_some() { + let requires_hash = dist.id.source.kind.requires_hash(); + if dist.id.source.kind.requires_hash() != sdist.hash.is_some() { return Err(LockError::hash( dist.id.clone(), "source distribution", @@ -174,8 +174,8 @@ impl TryFrom for Lock { } } for wheel in &dist.wheels { - if requires_hash != wheel.hash.is_some() { - return Err(LockError::hash(dist.id.clone(), "wheel", requires_hash)); + if wheel.hash.is_none() { + return Err(LockError::hash(dist.id.clone(), "wheel", true)); } } } @@ -1160,24 +1160,24 @@ source = "registry+https://pypi.org/simple" [[distribution.wheel]] url = "https://files.pythonhosted.org/packages/14/fd/2f20c40b45e4fb4324834aea24bd4afdf1143390242c0b33774da0e2e34f/anyio-4.3.0-py3-none-any.whl" +hash = "sha256:048e05d0f6caeed70d731f3db756d35dcc1f35747c8c403364a8332c630441b8" "#; let result: Result = toml::from_str(data); insta::assert_debug_snapshot!(result); } #[test] - fn hash_optional_missing() { + fn hash_required_absent() { let data = r#" version = 1 [[distribution]] name = "anyio" version = "4.3.0" -source = "path+file:///foo/bar" +source = "registry+https://pypi.org/simple" [[distribution.wheel]] -url = "file:///foo/bar/anyio-4.3.0-py3-none-any.whl" -hash = "sha256:048e05d0f6caeed70d731f3db756d35dcc1f35747c8c403364a8332c630441b8" +url = "https://files.pythonhosted.org/packages/14/fd/2f20c40b45e4fb4324834aea24bd4afdf1143390242c0b33774da0e2e34f/anyio-4.3.0-py3-none-any.whl" "#; let result: Result = toml::from_str(data); insta::assert_debug_snapshot!(result); diff --git a/crates/uv-resolver/src/snapshots/uv_resolver__lock__tests__hash_optional_missing.snap b/crates/uv-resolver/src/snapshots/uv_resolver__lock__tests__hash_optional_missing.snap deleted file mode 100644 index c8479f99d35..00000000000 --- a/crates/uv-resolver/src/snapshots/uv_resolver__lock__tests__hash_optional_missing.snap +++ /dev/null @@ -1,96 +0,0 @@ ---- -source: crates/uv-resolver/src/lock.rs -expression: result ---- -Ok( - Lock { - version: 1, - distributions: [ - Distribution { - id: DistributionId { - name: PackageName( - "anyio", - ), - version: "4.3.0", - source: Source { - kind: Path, - url: Url { - scheme: "file", - cannot_be_a_base: false, - username: "", - password: None, - host: None, - port: None, - path: "/foo/bar", - query: None, - fragment: None, - }, - }, - }, - marker: None, - sourcedist: None, - wheels: [ - Wheel { - url: Url { - scheme: "file", - cannot_be_a_base: false, - username: "", - password: None, - host: None, - port: None, - path: "/foo/bar/anyio-4.3.0-py3-none-any.whl", - query: None, - fragment: None, - }, - hash: Some( - Hash( - HashDigest { - algorithm: Sha256, - digest: "048e05d0f6caeed70d731f3db756d35dcc1f35747c8c403364a8332c630441b8", - }, - ), - ), - filename: WheelFilename { - name: PackageName( - "anyio", - ), - version: "4.3.0", - python_tag: [ - "py3", - ], - abi_tag: [ - "none", - ], - platform_tag: [ - "any", - ], - }, - }, - ], - dependencies: [], - }, - ], - by_id: { - DistributionId { - name: PackageName( - "anyio", - ), - version: "4.3.0", - source: Source { - kind: Path, - url: Url { - scheme: "file", - cannot_be_a_base: false, - username: "", - password: None, - host: None, - port: None, - path: "/foo/bar", - query: None, - fragment: None, - }, - }, - }: 0, - }, - }, -) diff --git a/crates/uv-resolver/src/snapshots/uv_resolver__lock__tests__hash_required_absent.snap b/crates/uv-resolver/src/snapshots/uv_resolver__lock__tests__hash_required_absent.snap new file mode 100644 index 00000000000..abeba41bcd4 --- /dev/null +++ b/crates/uv-resolver/src/snapshots/uv_resolver__lock__tests__hash_required_absent.snap @@ -0,0 +1,16 @@ +--- +source: crates/uv-resolver/src/lock.rs +expression: result +--- +Err( + Error { + inner: Error { + inner: TomlError { + message: "since the distribution `anyio 4.3.0 registry+https://pypi.org/simple` comes from a registry dependency, a hash was expected but one was not found for wheel", + raw: None, + keys: [], + span: None, + }, + }, + }, +)