From 435ff8137c58ea5cf09c688f8423ce61a8ed7af6 Mon Sep 17 00:00:00 2001
From: Nicolas Simonds <0xDEC0DE@users.noreply.github.com>
Date: Thu, 29 Apr 2021 01:31:02 -0700
Subject: [PATCH 1/3] Throw a RuntimeError on hash mismatch in
 Chooser._get_links (#3885)

Throw a specific exception in the case of finding a matching
name+version, but none of the digests for a link matching the
`poetry.lock` metadata.

Fixes Issue #2422

Co-authored-by: Nicolas Simonds <nisimond@cisco.com>
---
 poetry/installation/chooser.py     |  5 +++++
 tests/installation/test_chooser.py | 33 ++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/poetry/installation/chooser.py b/poetry/installation/chooser.py
index 6d9e92e0b1f..d48fa5e0522 100644
--- a/poetry/installation/chooser.py
+++ b/poetry/installation/chooser.py
@@ -109,6 +109,11 @@ def _get_links(self, package):  # type: (Package) -> List[Link]
 
             selected_links.append(link)
 
+        if links and not selected_links:
+            raise RuntimeError(
+                f"Retrieved digest for link {link.filename}({h}) not in poetry.lock metadata {hashes}"
+            )
+
         return selected_links
 
     def _sort_key(self, package, link):  # type: (Package, Link) -> Tuple
diff --git a/tests/installation/test_chooser.py b/tests/installation/test_chooser.py
index cf3f931b942..79588dd2698 100644
--- a/tests/installation/test_chooser.py
+++ b/tests/installation/test_chooser.py
@@ -195,3 +195,36 @@ def test_chooser_chooses_distributions_that_match_the_package_hashes(
     link = chooser.choose_for(package)
 
     assert "isort-4.3.4.tar.gz" == link.filename
+
+
+@pytest.mark.parametrize("source_type", ["", "legacy"])
+def test_chooser_throws_an_error_if_package_hashes_do_not_match(
+    env,
+    mock_pypi,
+    mock_legacy,
+    source_type,
+    pool,
+):
+    chooser = Chooser(pool, env)
+
+    package = Package("isort", "4.3.4")
+    files = [
+        {
+            "hash": "sha256:0000000000000000000000000000000000000000000000000000000000000000",
+            "filename": "isort-4.3.4.tar.gz",
+        }
+    ]
+    if source_type == "legacy":
+        package = Package(
+            package.name,
+            package.version.text,
+            source_type="legacy",
+            source_reference="foo",
+            source_url="https://foo.bar/simple/",
+        )
+
+    package.files = files
+
+    with pytest.raises(RuntimeError) as e:
+        chooser.choose_for(package)
+    assert files[0]["hash"] in str(e)

From 8956a0c3f1aa2ed134a7420351c0ed917309eca2 Mon Sep 17 00:00:00 2001
From: pietrodn <powerpdn@gmail.com>
Date: Sat, 21 Aug 2021 22:31:31 +0200
Subject: [PATCH 2/3] fix: python 2.7 syntax

---
 poetry/installation/chooser.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/poetry/installation/chooser.py b/poetry/installation/chooser.py
index d48fa5e0522..d49a183d9f8 100644
--- a/poetry/installation/chooser.py
+++ b/poetry/installation/chooser.py
@@ -111,7 +111,7 @@ def _get_links(self, package):  # type: (Package) -> List[Link]
 
         if links and not selected_links:
             raise RuntimeError(
-                f"Retrieved digest for link {link.filename}({h}) not in poetry.lock metadata {hashes}"
+                "Retrieved digest for link {}({}) not in poetry.lock metadata {}".format(link.filename, h, hashes)
             )
 
         return selected_links

From d033cba5ea1dbe457cc87a6d899aa4658054c9c9 Mon Sep 17 00:00:00 2001
From: Pietro De Nicolao <pd@bendingspoons.com>
Date: Fri, 27 Aug 2021 11:41:06 +0200
Subject: [PATCH 3/3] style: linting

---
 poetry/installation/chooser.py     | 4 +++-
 tests/installation/test_chooser.py | 6 +-----
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/poetry/installation/chooser.py b/poetry/installation/chooser.py
index d49a183d9f8..0e97d0ea3e7 100644
--- a/poetry/installation/chooser.py
+++ b/poetry/installation/chooser.py
@@ -111,7 +111,9 @@ def _get_links(self, package):  # type: (Package) -> List[Link]
 
         if links and not selected_links:
             raise RuntimeError(
-                "Retrieved digest for link {}({}) not in poetry.lock metadata {}".format(link.filename, h, hashes)
+                "Retrieved digest for link {}({}) not in poetry.lock metadata {}".format(
+                    link.filename, h, hashes
+                )
             )
 
         return selected_links
diff --git a/tests/installation/test_chooser.py b/tests/installation/test_chooser.py
index 79588dd2698..7586d27c4e5 100644
--- a/tests/installation/test_chooser.py
+++ b/tests/installation/test_chooser.py
@@ -199,11 +199,7 @@ def test_chooser_chooses_distributions_that_match_the_package_hashes(
 
 @pytest.mark.parametrize("source_type", ["", "legacy"])
 def test_chooser_throws_an_error_if_package_hashes_do_not_match(
-    env,
-    mock_pypi,
-    mock_legacy,
-    source_type,
-    pool,
+    env, mock_pypi, mock_legacy, source_type, pool,
 ):
     chooser = Chooser(pool, env)