Revert "Ensure all accepted hash types are checked"

sdispater · sdispater · commit f457d2630b3d · 2021-09-20T23:29:00.000+02:00
This reverts commit f8a55c5.
diff --git a/poetry.lock b/poetry.lock
diff --git a/poetry/installation/executor.py b/poetry/installation/executor.py
@@ -608,30 +608,16 @@ def _download_link(self, operation, link):
                 archive = self._chef.prepare(archive)
 
         if package.files:
-            hashes = {f["hash"] for f in package.files}
-            hash_types = {h.split(":")[0] for h in hashes}
-            archive_hashes = set()
-            for hash_type in hash_types:
-                archive_hashes.add(
-                    "{}:{}".format(
-                        hash_type,
-                        FileDependency(
-                            package.name,
-                            Path(archive.path)
-                            if isinstance(archive, Link)
-                            else archive,
-                        ).hash(hash_type),
-                    )
-                )
-
-            if archive_hashes.isdisjoint(hashes):
+            archive_hash = (
+                "sha256:"
+                + FileDependency(
+                    package.name,
+                    Path(archive.path) if isinstance(archive, Link) else archive,
+                ).hash()
+            )
+            if archive_hash not in {f["hash"] for f in package.files}:
                 raise RuntimeError(
-                    "Invalid hashes ({}) for {} using archive {}. Expected one of {}.".format(
-                        ", ".join(sorted(archive_hashes)),
-                        package,
-                        archive.name,
-                        ", ".join(sorted(hashes)),
-                    )
+                    "Invalid hash for {} using archive {}".format(package, archive.name)
                 )
 
         return archive
diff --git a/pyproject.toml b/pyproject.toml
@@ -24,7 +24,7 @@ classifiers = [
 [tool.poetry.dependencies]
 python = "~2.7 || ^3.5"
 
-poetry-core = { git = "https://github.com/awilkins/poetry-core.git", branch = "fix/support-guaranteed-hashes" }
+poetry-core = "~1.0.5"
 cleo = "^0.8.1"
 clikit = "^0.6.2"
 crashtest = { version = "^0.3.0", python = "^3.6" }
diff --git a/tests/installation/test_executor.py b/tests/installation/test_executor.py
@@ -11,8 +11,6 @@
 
 from poetry.config.config import Config
 from poetry.core.packages.package import Package
-from poetry.core.packages.utils.link import Link
-from poetry.installation.chef import Chef
 from poetry.installation.executor import Executor
 from poetry.installation.operations import Install
 from poetry.installation.operations import Uninstall
@@ -253,78 +251,3 @@ def test_executor_should_delete_incomplete_downloads(
         executor._download(Install(Package("tomlkit", "0.5.3")))
 
     assert not destination_fixture.exists()
-
-
-def test_executor_should_check_every_possible_hash_types(
-    config, io, pool, mocker, fixture_dir, tmp_dir
-):
-    mocker.patch.object(
-        Chef, "get_cached_archive_for_link", side_effect=lambda link: link,
-    )
-    mocker.patch.object(
-        Executor,
-        "_download_archive",
-        return_value=fixture_dir("distributions").joinpath(
-            "demo-0.1.0-py2.py3-none-any.whl"
-        ),
-    )
-
-    env = MockEnv(path=Path(tmp_dir))
-    executor = Executor(env, pool, config, io)
-
-    package = Package("demo", "0.1.0")
-    package.files = [
-        {
-            "file": "demo-0.1.0-py2.py3-none-any.whl",
-            "hash": "md5:15507846fd4299596661d0197bfb4f90",
-        }
-    ]
-
-    archive = executor._download_link(
-        Install(package), Link("https://example.com/demo-0.1.0-py2.py3-none-any.whl")
-    )
-
-    assert archive == fixture_dir("distributions").joinpath(
-        "demo-0.1.0-py2.py3-none-any.whl"
-    )
-
-
-def test_executor_should_check_every_possible_hash_types_before_failing(
-    config, io, pool, mocker, fixture_dir, tmp_dir
-):
-    mocker.patch.object(
-        Chef, "get_cached_archive_for_link", side_effect=lambda link: link,
-    )
-    mocker.patch.object(
-        Executor,
-        "_download_archive",
-        return_value=fixture_dir("distributions").joinpath(
-            "demo-0.1.0-py2.py3-none-any.whl"
-        ),
-    )
-
-    env = MockEnv(path=Path(tmp_dir))
-    executor = Executor(env, pool, config, io)
-
-    package = Package("demo", "0.1.0")
-    package.files = [
-        {"file": "demo-0.1.0-py2.py3-none-any.whl", "hash": "md5:123456"},
-        {"file": "demo-0.1.0-py2.py3-none-any.whl", "hash": "sha256:123456"},
-    ]
-
-    with pytest.raises(RuntimeError) as e:
-        executor._download_link(
-            Install(package),
-            Link("https://example.com/demo-0.1.0-py2.py3-none-any.whl"),
-        )
-
-    expected_message = (
-        "Invalid hashes "
-        "("
-        "md5:15507846fd4299596661d0197bfb4f90, "
-        "sha256:70e704135718fffbcbf61ed1fc45933cfd86951a744b681000eaaa75da31f17a"
-        ") "
-        "for demo (0.1.0) using archive demo-0.1.0-py2.py3-none-any.whl. "
-        "Expected one of md5:123456, sha256:123456."
-    )
-    assert str(e.value) == expected_message
