mirrors/uv
1
0
Fork 0
mirror of https://github.com/astral-sh/uv.git synced 2025-11-20 03:49:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Support unnamed requirements in --require-hashes (#2993)

Browse source 
## Summary

This PR enables `--require-hashes` with unnamed requirements. The key
change is that `PackageId` becomes `VersionId` (since it refers to a
package at a specific version), and the new `PackageId` consists of
_either_ a package name _or_ a URL. The hashes are keyed by `PackageId`,
so we can generate the `RequiredHashes` before we have names for all
packages, and enforce them throughout.

Closes #2979.
This commit is contained in:
Charlie Marsh 2024-04-11 11:26:50 -04:00 committed by GitHub
parent d56d142520
commit 96c3c2e774
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
25 changed files with 256 additions and 185 deletions
Download patch file Download diff file Expand all files Collapse all files

6
crates/uv-distribution/src/index/built_wheel_index.rs
View file

@ -47,7 +47,7 @@ impl<'a> BuiltWheelIndex<'a> {
// Enforce hash-checking by omitting any wheels that don't satisfy the required hashes.
let revision = pointer.into_revision();
if !revision.satisfies(self.hasher.get(&source_dist.name)) {
if !revision.satisfies(self.hasher.get(source_dist)) {
return Ok(None);
}
@ -81,7 +81,7 @@ impl<'a> BuiltWheelIndex<'a> {
// Enforce hash-checking by omitting any wheels that don't satisfy the required hashes.
let revision = pointer.into_revision();
if !revision.satisfies(self.hasher.get(&source_dist.name)) {
if !revision.satisfies(self.hasher.get(source_dist)) {
return Ok(None);
}
@ -91,7 +91,7 @@ impl<'a> BuiltWheelIndex<'a> {
/// Return the most compatible [`CachedWheel`] for a given source distribution at a git URL.
pub fn git(&self, source_dist: &GitSourceDist) -> Option<CachedWheel> {
// Enforce hash-checking, which isn't supported for Git distributions.
if self.hasher.get(&source_dist.name).is_validate() {
if self.hasher.get(source_dist).is_validate() {
return None;
}

6
crates/uv-distribution/src/index/registry_wheel_index.rs
View file

@ -123,7 +123,7 @@ impl<'a> RegistryWheelIndex<'a> {
CachedWheel::from_http_pointer(wheel_dir.join(file), cache)
{
// Enforce hash-checking based on the built distribution.
if wheel.satisfies(hasher.get(package)) {
if wheel.satisfies(hasher.get_package(package)) {
Self::add_wheel(wheel, tags, &mut versions);
}
}
@ -139,7 +139,7 @@ impl<'a> RegistryWheelIndex<'a> {
CachedWheel::from_local_pointer(wheel_dir.join(file), cache)
{
// Enforce hash-checking based on the built distribution.
if wheel.satisfies(hasher.get(package)) {
if wheel.satisfies(hasher.get_package(package)) {
Self::add_wheel(wheel, tags, &mut versions);
}
}
@ -184,7 +184,7 @@ impl<'a> RegistryWheelIndex<'a> {
if let Some(revision) = revision {
// Enforce hash-checking based on the source distribution.
if revision.satisfies(hasher.get(package)) {
if revision.satisfies(hasher.get_package(package)) {
for wheel_dir in symlinks(cache_shard.join(revision.id())) {
if let Some(wheel) = CachedWheel::from_built_source(wheel_dir) {
Self::add_wheel(wheel, tags, &mut versions);