Perform case-insensitive hash comparisons #12729
Conversation
dtrodrigues
force-pushed
the
case-insensitive-hashes
branch
from
3b685a0
to
65da1f9
Compare
dtrodrigues
changed the title
src/pip/_internal/utils/hashes.py
Outdated
| @@ -82,7 +82,7 @@ def check_against_chunks(self, chunks: Iterable[bytes]) -> None: | |||
| hash.update(chunk) | |||
|
|
|||
| for hash_name, got in gots.items(): | |||
| if got.hexdigest() in self._allowed[hash_name]: | |||
| if got.hexdigest() in [x.lower() for x in self._allowed[hash_name]]: | |||
There was a problem hiding this comment.
I feel we should convert more eagerly when the values go into _allowed.
There was a problem hiding this comment.
I had initially lowercased prior to storing in _allowed, but it ends up creating a larger overall change and changes an unrelated test because it loses track of the case of what the user initial supplied, and therefore the error message. If that's preferable, I can go back to that behavior.
There was a problem hiding this comment.
I updated the code to lowercase the hashes prior to adding them to _allowed.
dtrodrigues
force-pushed
the
case-insensitive-hashes
branch
from
72082be
to
6a9ea31
Compare
|
This fixes a real bug and seems simple enough to be included in 24.1 but I’ll let the RM make the final decision. |
|
It's a bit late for 24.1 (I cut that yesterday), but we're not that far from 24.2. |
|
Thanks @dtrodrigues! ^.^ |
This allows packages to be installed when the hash values differ only by case.
Resolves #12680