Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Calculate and store hash for url dependencies #7122

Closed
2 tasks done
dunkmann00 opened this issue Nov 30, 2022 · 1 comment · Fixed by #7121
Closed
2 tasks done

Calculate and store hash for url dependencies #7122

dunkmann00 opened this issue Nov 30, 2022 · 1 comment · Fixed by #7121
Labels
kind/feature Feature requests/implementations status/triage This issue needs to be triaged

Comments

@dunkmann00
Copy link
Contributor

  • I have searched the issues of this repo and believe that this is not a duplicate.
  • I have searched the FAQ and general documentation and believe that my question is not already covered.

I think it would be useful if poetry calculated hashes for URL dependencies and stored them in poetry.lock.

After exporting dependencies into a requirements.txt file I tried to then install them with pip. I was met with this error message:

ERROR: Hashes are required in --require-hashes mode, but they are missing from
some requirements. Here is a list of those requirements along with the hashes
their downloaded archives actually had. Add lines like these to your
requirements files to prevent tampering. (If you did not enable --require-hashes
manually, note that it turns on automatically when any package has a hash.)

One of the dependencies I was using is a GitHub zip download that is a patch of a library. This was the problem, as it had no hash in the requirements file.

After looking about the poetry docs and GitHub Issues, I came across python-poetry/poetry-plugin-export#146 and python-poetry/poetry-plugin-export#164. This seemed to be exactly the same issue I was having. From reading through those, it seems the issue as to why the hashes aren't exported is due to the lock file not actually having any hashes stored for a URL dependency.

I tried some different ways of including the dependency and found something interesting. When using a local file as a dependency, the sha hash is created. Better still, it is included in the export command as one would expect.

After finding this, I thought it would be interesting to dig into poetry and try to figure out how to replicate the behavior in file dependencies. So here we are...

I have opened #7121 and python-poetry/poetry-core#535 which are the two changes that I made to add this functionality. I don't know if these changes will be welcomed, so I am hoping to get some feedback from the maintainers! I would be happy to make any changes deemed appropriate.

Thanks for taking a look at this and for all you do with poetry.
@dunkmann00 dunkmann00 added kind/feature Feature requests/implementations status/triage This issue needs to be triaged labels Nov 30, 2022
This was referenced Nov 30, 2022
Merged
Merged
@github-actions GitHub Actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/feature Feature requests/implementations status/triage This issue needs to be triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Calculate and store hash for url dependencies dunkmann00/poetry
1 participant
@dunkmann00