Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue with installing dependencies with extras & hashes #9995

Merged
merged 3 commits into from
Dec 3, 2021
Merged

Fix issue with installing dependencies with extras & hashes #9995

merged 3 commits into from
Dec 3, 2021

Conversation

di
Copy link
Member

@di di commented May 18, 2021
edited
Loading

Adds a test for #9644.

Fixes #9644.

@di di mentioned this pull request May 18, 2021
Open
@uranusjr uranusjr mentioned this pull request May 18, 2021
Closed
@uranusjr uranusjr closed this May 19, 2021
@uranusjr
Copy link
Member

Re-initialiting CI

@uranusjr uranusjr reopened this May 19, 2021
@uranusjr
Copy link
Member

@di How about marking the test as xfail(strict=True)? That way I can merge this into main and the acual fix can be submitted separately. I might have some time to spend on this as well.

@uranusjr uranusjr closed this May 22, 2021
@uranusjr uranusjr reopened this May 22, 2021
@di
Copy link
Member Author

di commented Jun 8, 2021

Could a maintainer or contributor point me in the right direction here? Is this an issue in the resolver itself, outside the resolver, etc? Any leads would be helpful for me figure out where to start with fixing this.

@uranusjr
Copy link
Member

uranusjr commented Jun 8, 2021

This is not strictly a resolver issue, but you’ll need to make changes to the resolver implementation so user-specified hashes and extras pass through it into the hash-checking component to satisfy the check. I believe the exception is raised during prepare_linked_requirement() (someone need to verify this), which is called when an _InstallRequirementBackedCandidate is instantiated. But the underlying InstallRequirement that backs the candidate does not currently have the correct hashes populated, so when prepare_linked_requirement() is called, the InstallRequirement passed into it fails the hash check.

So to fix the issue, you’ll need to find out where the user-specified hashes are dropped and not correctly passed to the InstallRequirement backing the _InstallRequirementBackedCandidate (it has two subclasses, but only LinkCandidate is relevant since EditableCandidate cannot have hashes), and fix that to correctly pass on the hash values. I would probably start with somewhere in factory.py, that’s where the hashes are collected in the current implementation.

@github-actions github-actions bot added the needs rebase or merge PR has conflicts with current master label Aug 15, 2021
@pypa-bot pypa-bot removed the needs rebase or merge PR has conflicts with current master label Dec 2, 2021
@di di marked this pull request as ready for review December 2, 2021 22:53
@di
Copy link
Member Author

di commented Dec 2, 2021

Hey, look at that, the failing test is now passing 🙂

@pradyunsg pradyunsg merged commit 94bbdfa into pypa:main Dec 3, 2021
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 19, 2021
@di di deleted the fix/9644 branch January 27, 2023 18:24
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

--require-hashes does not correctly handle pinned package with extras
4 participants
@di @uranusjr @pradyunsg @pypa-bot