From d7e043ec31c91f56d353309b9decb3c58945aba3 Mon Sep 17 00:00:00 2001
From: Kate <kit-ty-kate@outlook.com>
Date: Fri, 5 May 2023 14:52:04 +0100
Subject: [PATCH] Fix opam installing packages without checking their checksum
 when the local cache is corrupted in some cases

---
 src/repository/opamRepository.ml |  7 +++----
 tests/reftests/local-cache.test  | 18 ++++++------------
 2 files changed, 9 insertions(+), 16 deletions(-)

diff --git a/src/repository/opamRepository.ml b/src/repository/opamRepository.ml
index ad1070e07df..2ebe5ccc501 100644
--- a/src/repository/opamRepository.ml
+++ b/src/repository/opamRepository.ml
@@ -93,15 +93,14 @@ let fetch_from_cache =
       failwith "Version control not allowed as cache URL"
   in
   try
-    let hit_checksum, hit_file =
+    let hit_file =
       OpamStd.List.find_map (fun ck ->
           let f = cache_file cache_dir ck in
-          if OpamFilename.exists f then Some (ck, f) else None)
+          if OpamFilename.exists f then Some f else None)
         checksums
     in
     if List.for_all
-        (fun ck -> ck = hit_checksum ||
-                   OpamHash.check_file (OpamFilename.to_string hit_file) ck)
+        (fun ck -> OpamHash.check_file (OpamFilename.to_string hit_file) ck)
         checksums
     then Done (Up_to_date (hit_file, OpamUrl.empty))
     else mismatch hit_file
diff --git a/tests/reftests/local-cache.test b/tests/reftests/local-cache.test
index ccd6b124822..70885f29490 100644
--- a/tests/reftests/local-cache.test
+++ b/tests/reftests/local-cache.test
@@ -363,18 +363,12 @@ The following actions will be performed:
   - install good-sha256 1
 
 <><> Processing actions <><><><><><><><><><><><><><><><><><><><><><><><><><><><>
--> retrieved good-sha256.1  (cached)
-[ERROR] The compilation of good-sha256.1 failed at "test -f hello".
-
-
-
+[ERROR] Conflicting file hashes, or broken or compromised cache!
+          - sha256=hash (MISMATCH)
 
-<><> Error report <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
-+- The following actions failed
-| - build good-sha256 1
-+- 
-- No changes have been performed
-# Return code 31 #
+-> retrieved good-sha256.1  (file://${BASEDIR}/archive.tgz)
+-> installed good-sha256.1
+Done.
 ### sh check-cache.sh
 MD5: link, to sha256 archive
-SHA256: archive, with mismatching checksum
+SHA256: archive, with matching checksum