Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support specifying algorithm when calculating file dependency hash. #196

Closed
wants to merge 1 commit into from
Closed

support specifying algorithm when calculating file dependency hash. #196

wants to merge 1 commit into from

Conversation

kaos
Copy link

@kaos kaos commented Sep 8, 2021
edited
Loading

Signed-off-by: Andreas Stenius [email protected]

Pre-work for: python-poetry/poetry#4085

  • Added tests for changed code.

Currently, poetry assumes all archive file hashes are using sha256. This opens for the ability to support other algorithms. (I have a real use case, where the archive uses md5, for instance.)

@kaos kaos mentioned this pull request Sep 8, 2021
Closed
1 task
@kaos
Copy link
Author

kaos commented Sep 16, 2021

Ping. Any feedback on this?

@wcn00
Copy link

wcn00 commented Sep 21, 2021

I am currently blocked because all the packages in my gemfury repo are md5 signed so we cannot upgrade/install anything using them. Is there any circumvention I can use while we wait for this pr to land? This is a significant blocker for my company.

@kaos
Copy link
Author

kaos commented Sep 21, 2021
edited
Loading

@wcn00 Yes, the feature toggle I discovered, and present in python-poetry/poetry#4488 should allow you to use the old mechanism for installing dependencies, bypassing this entirely:

poetry config experimental.new-installer false

I think it was a mistake to enable this new installer by default, would have been better as an opt-in.

@wcn00
Copy link

wcn00 commented Sep 21, 2021

Thankyou @kaos You're a gentleperson and a scholar :) Disabling that feature gets me out of this bind which was threatening to ruin my week!
Thanks again

@kaos
Copy link
Author

kaos commented Sep 23, 2021

Ping. @finswimmer @abn
I've got no reaction at all from any maintainers in the past two weeks on any of my 3 PRs. If you are really busy, a quick comment as such, would be appreciated, acknowledging that you've seen this.

Thank you.

@kaos
Copy link
Author

kaos commented Oct 19, 2021

Bump.

I can address conflicts etc, if there is any sign this PR will be getting any review activity.
As I've found a work-around for the issues I had (with simply using the old resolver) I will not fret over these fixes..

@FlorianLudwig
Copy link

@kaos Patience. I also once wanted wrote a patch for the same feature. I would estimate you have to wait another year to get it merged. (ref: python-poetry/poetry#2422 for ETA for changes like this)

Writing "bump" here just gives notifications to those interested in the feature (like me) but doesn't make things faster

neersighted
neersighted approved these changes Nov 12, 2021
View reviewed changes
Copy link
Member

@neersighted neersighted left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is very small and well-tested. While overall I'm not enthusiastic about md5 support, I think we need to take the pragmatic approach here.

@kaos
Copy link
Author

kaos commented Nov 12, 2021

This was fixed in 68bf052

@kaos kaos closed this Nov 12, 2021
@kaos kaos deleted the file_dependency_hash_algorithm branch November 12, 2021 07:59
@neersighted
Copy link
Member

Yep -- you're right. I'll take a look at the poetry changes next.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neersighted neersighted neersighted approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kaos @wcn00 @FlorianLudwig @neersighted