Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

repository/legacy: calculate sha256 if unavailable #2958

Merged
merged 1 commit into from
Mar 22, 2021

Conversation

abn
Copy link
Member

@abn abn commented Sep 25, 2020

In some cases, legacy repositories might not provide a checksum as a
url fragment or use a deprecated algorithm. In these scenarios, this
change ensures that poetry downloads and calculates the sha256 checksum
for the file.

Resolves: #1631 #1553

@abn abn requested a review from a team September 25, 2020 00:21
@abn abn marked this pull request as ready for review September 25, 2020 13:51
@aidan-melen
Copy link

Hey @abn, when is this slotted to be released? Is there a beta with this functionality that I can test with?

@aidan-melen
Copy link

nvm. i just did pipx install git+http://github.com/abn/poetry.git@issue/1631

@abn
Copy link
Member Author

abn commented Nov 19, 2020

No fixed plans; the release after when this is reviewed as this is not in the roadmap explicitly.

@abn
Copy link
Member Author

abn commented Nov 19, 2020

@finswimmer can you take a peek at this?

In some cases, legacy repositories might not provide a checksum as a
url fragment or use a deprecated algorithm. In these scenarios, this
change ensures that poetry downloads and calculates the sha256 checksum
for the file.

Resolves: python-poetry#1631 python-poetry#1553
@paulmelnikow
Copy link

Hi! Is it possible this change could have caused a regression when installing from legacy repositories which return md5 checksums? #4085 (comment)

Copy link

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 29, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Private repository dependency isn't exported with sha256 hash
4 participants