support hash checks for url reqs with hash fragment #735

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
7 participants
@qwcode
Contributor

qwcode commented Nov 25, 2012

solution for #468, with unit and functional tests.

this makes pip validate the hash if you did this:
pip install http://domain.com/pkg-1.2.tar.gz#md5=fce076628d299baa2f699ac3475a674c

the complicated part in this was the possibility of using #egg and hash fragments together. I've used #egg fragments in the past when using url tar requirements to give it a definite identity in the dependency resolution process to prevent this problem: #724

Review on Reviewable

@qwcode

This comment has been minimized.

Show comment Hide comment
@qwcode

qwcode Nov 25, 2012

Contributor

the errors in this are caused by pypa/virtualenv#361

Contributor

qwcode commented Nov 25, 2012

the errors in this are caused by pypa/virtualenv#361

@qwcode

This comment has been minimized.

Show comment Hide comment
@qwcode

qwcode Nov 26, 2012

Contributor

@dstufft, fyi, if you want to review this, since you opened up #468 on this awhile back.

Contributor

qwcode commented Nov 26, 2012

@dstufft, fyi, if you want to review this, since you opened up #468 on this awhile back.

@d1b

This comment has been minimized.

Show comment Hide comment
@d1b

d1b Nov 28, 2012

Contributor

👍

Contributor

d1b commented Nov 28, 2012

👍

@d1b

This comment has been minimized.

Show comment Hide comment
@d1b

d1b Dec 5, 2012

Contributor

/me hopes this gets merged soon.

Contributor

d1b commented Dec 5, 2012

/me hopes this gets merged soon.

@g2p

This comment has been minimized.

Show comment Hide comment
@g2p

g2p Apr 21, 2013

Contributor

It might be useful to add a flag that enforces this check. This way pip versions that are too old to compute the hash would fail the install (unrecognised flag), and a hash fragment with a syntax typo or a missing hash would also fail the install.

Contributor

g2p commented Apr 21, 2013

It might be useful to add a flag that enforces this check. This way pip versions that are too old to compute the hash would fail the install (unrecognised flag), and a hash fragment with a syntax typo or a missing hash would also fail the install.

@msabramo

This comment has been minimized.

Show comment Hide comment
@msabramo

msabramo Dec 21, 2014

Contributor

This looks like a nice enhancement. Maybe it can be revived?

Contributor

msabramo commented Dec 21, 2014

This looks like a nice enhancement. Maybe it can be revived?

@msabramo

This comment has been minimized.

Show comment Hide comment
@msabramo

msabramo Mar 10, 2015

Contributor

Sounds sort of like @erikrose's peep. Could be a nice addition to pip.

Contributor

msabramo commented Mar 10, 2015

Sounds sort of like @erikrose's peep. Could be a nice addition to pip.

@xavfernandez

This comment has been minimized.

Show comment Hide comment
@xavfernandez

xavfernandez Mar 4, 2016

Contributor

@qwcode now that #3231 is merged, this one seems less useful and could be closed ?

Contributor

xavfernandez commented Mar 4, 2016

@qwcode now that #3231 is merged, this one seems less useful and could be closed ?

@erikrose

This comment has been minimized.

Show comment Hide comment
@erikrose

erikrose Mar 4, 2016

Contributor

Yep. It even satisfies #735 (comment).

Contributor

erikrose commented Mar 4, 2016

Yep. It even satisfies #735 (comment).

@dstufft dstufft closed this May 18, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment