Fix certain hash miss matches in case of non weel installations

src/poetry/installation/chef.py

@@ -86,6 +86,8 @@ def install(self, requirements: Collection[str]) -> None:
 
 
 class Chef:
+    tmp_dir_prefix = "poetry-chef-"
+
     def __init__(self, config: Config, env: Env, pool: RepositoryPool) -> None:
         self._env = env
         self._pool = pool
@@ -100,8 +102,7 @@ def prepare(
             return archive
 
         if archive.is_dir():
-            tmp_dir = tempfile.mkdtemp(prefix="poetry-chef-")
-
+            tmp_dir = tempfile.mkdtemp(prefix=self.tmp_dir_prefix)
             return self._prepare(archive, Path(tmp_dir), editable=editable)
 
         return self._prepare_sdist(archive, destination=output_dir)
@@ -198,13 +199,20 @@ def _should_prepare(self, archive: Path) -> bool:
     def _is_wheel(cls, archive: Path) -> bool:
         return archive.suffix == ".whl"
 
-    def get_cached_archive_for_link(self, link: Link) -> Path | None:
+    def get_cached_archive_for_link(self, link: Link, strict: bool) -> Path | None:
         archives = self.get_cached_archives_for_link(link)
         if not archives:
             return None
 
         candidates: list[tuple[float | None, Path]] = []
         for archive in archives:
+            if strict:
+                # in strict mode return the original cached archive instead of the
+                # prioritized archive type.
+                if link.filename == archive.name:
+                    return archive
+                else:
+                    continue
             if archive.suffix != ".whl":
                 candidates.append((float("inf"), archive))
                 continue

src/poetry/installation/executor.py

@@ -5,6 +5,7 @@
 import itertools
 import json
 import os
+import tempfile
 import threading
 
 from concurrent.futures import ThreadPoolExecutor
@@ -514,6 +515,10 @@ def _install(self, operation: Install | Update) -> int:
         else:
             archive = self._download(operation)
 
+        tmp_path_prefix = str(Path(tempfile.gettempdir(), self._chef.tmp_dir_prefix))
+        if str(archive).startswith(tmp_path_prefix):
+            cleanup_archive = True
+
         operation_message = self.get_operation_message(operation)
         message = (
             f"  <fg=blue;options=bold>•</> {operation_message}:"
@@ -693,11 +698,12 @@ def _download_link(self, operation: Install | Update, link: Link) -> Path:
         package = operation.package
 
         output_dir = self._chef.get_cache_directory_for_link(link)
-        archive = self._chef.get_cached_archive_for_link(link)
-        if archive is None:
-            # No cached distributions was found, so we download and prepare it
+        # Try to get cached original package for the link provided
+        original_archive = self._chef.get_cached_archive_for_link(link, strict=True)
+        if original_archive is None:
+            # No cached original distributions was found, so we download and prepare it
             try:
-                archive = self._download_archive(operation, link)
+                original_archive = self._download_archive(operation, link)
             except BaseException:
                 cache_directory = self._chef.get_cache_directory_for_link(link)
                 cached_file = cache_directory.joinpath(link.filename)
@@ -708,6 +714,13 @@ def _download_link(self, operation: Install | Update, link: Link) -> Path:
 
                 raise
 
+        # Get potential higher prioritized cached archive, otherwise it will fall back
+        # to the original archive.
+        archive = self._chef.get_cached_archive_for_link(link, strict=False)
+        # 'archive' can at this point never be None. Since we previously downloaded
+        # an archive, we now should have something cached that we can use here
+        assert archive is not None
+
         if archive.suffix != ".whl":
             message = (
                 f"  <fg=blue;options=bold>•</> {self.get_operation_message(operation)}:"
@@ -717,7 +730,8 @@ def _download_link(self, operation: Install | Update, link: Link) -> Path:
 
             archive = self._chef.prepare(archive, output_dir=output_dir)
 
-        self._populate_hashes_dict(archive, package)
+        # Use the original archive to provide the correct hash.
+        self._populate_hashes_dict(original_archive, package)
 
         return archive
 
@@ -729,9 +743,9 @@ def _populate_hashes_dict(self, archive: Path, package: Package) -> None:
     @staticmethod
     def _validate_archive_hash(archive: Path, package: Package) -> str:
         archive_hash: str = "sha256:" + get_file_hash(archive)
-        known_hashes = {f["hash"] for f in package.files}
+        known_hashes = {f["hash"] for f in package.files if f["file"] == archive.name}
 
-        if archive_hash not in known_hashes:
+        if known_hashes and archive_hash not in known_hashes:
             raise RuntimeError(
                 f"Hash for {package} from archive {archive.name} not found in"
                 f" known hashes (was: {archive_hash})"

tests/installation/test_chef.py

@@ -38,20 +38,80 @@ def setup(mocker: MockerFixture, pool: RepositoryPool) -> None:
 
 
 @pytest.mark.parametrize(
-    ("link", "cached"),
+    ("link", "strict", "available_packages"),
+    [
+        (
+            "https://files.python-poetry.org/demo-0.1.0.tar.gz",
+            True,
+            [
+                Path("/cache/demo-0.1.0-py2.py3-none-any"),
+                Path("/cache/demo-0.1.0-cp38-cp38-macosx_10_15_x86_64.whl"),
+                Path("/cache/demo-0.1.0-cp37-cp37-macosx_10_15_x86_64.whl"),
+            ],
+        ),
+        (
+            "https://example.com/demo-0.1.0-cp38-cp38-macosx_10_15_x86_64.whl",
+            False,
+            [],
+        ),
+    ],
+)
+def test_get_not_found_cached_archive_for_link(
+    config: Config,
+    mocker: MockerFixture,
+    link: str,
+    strict: bool,
+    available_packages: list[Path],
+):
+    chef = Chef(
+        config,
+        MockEnv(
+            version_info=(3, 8, 3),
+            marker_env={"interpreter_name": "cpython", "interpreter_version": "3.8.3"},
+            supported_tags=[
+                Tag("cp38", "cp38", "macosx_10_15_x86_64"),
+                Tag("py3", "none", "any"),
+            ],
+        ),
+        Factory.create_pool(config),
+    )
+
+    mocker.patch.object(
+        chef, "get_cached_archives_for_link", return_value=available_packages
+    )
+
+    archive = chef.get_cached_archive_for_link(Link(link), strict=strict)
+
+    assert None is archive
+
+
+@pytest.mark.parametrize(
+    ("link", "cached", "strict"),
     [
         (
             "https://files.python-poetry.org/demo-0.1.0.tar.gz",
             "/cache/demo-0.1.0-cp38-cp38-macosx_10_15_x86_64.whl",
+            False,
+        ),
+        (
+            "https://example.com/demo-0.1.0-cp38-cp38-macosx_10_15_x86_64.whl",
+            "/cache/demo-0.1.0-cp38-cp38-macosx_10_15_x86_64.whl",
+            False,
+        ),
+        (
+            "https://files.python-poetry.org/demo-0.1.0.tar.gz",
+            "/cache/demo-0.1.0.tar.gz",
+            True,
         ),
         (
             "https://example.com/demo-0.1.0-cp38-cp38-macosx_10_15_x86_64.whl",
             "/cache/demo-0.1.0-cp38-cp38-macosx_10_15_x86_64.whl",
+            True,
         ),
     ],
 )
-def test_get_cached_archive_for_link(
-    config: Config, mocker: MockerFixture, link: str, cached: str
+def test_get_found_cached_archive_for_link(
+    config: Config, mocker: MockerFixture, link: str, cached: str, strict: bool
 ):
     chef = Chef(
         config,
@@ -77,7 +137,7 @@ def test_get_cached_archive_for_link(
         ],
     )
 
-    archive = chef.get_cached_archive_for_link(Link(link))
+    archive = chef.get_cached_archive_for_link(Link(link), strict=strict)
 
     assert Path(cached) == archive
 

tests/installation/test_executor.py

@@ -40,6 +40,7 @@
 
     from httpretty.core import HTTPrettyRequest
     from pytest_mock import MockerFixture
+    from typing_extensions import Self
 
     from poetry.config.config import Config
     from poetry.installation.operations.operation import Operation
@@ -139,9 +140,14 @@ def callback(
         )
 
         if not fixture.exists():
-            fixture = Path(__file__).parent.parent.joinpath(
-                "fixtures/distributions/demo-0.1.0-py2.py3-none-any.whl"
-            )
+            if name == "demo-0.1.0.tar.gz":
+                fixture = Path(__file__).parent.parent.joinpath(
+                    "fixtures/distributions/demo-0.1.0.tar.gz"
+                )
+            else:
+                fixture = Path(__file__).parent.parent.joinpath(
+                    "fixtures/distributions/demo-0.1.0-py2.py3-none-any.whl"
+                )
 
         return [200, headers, fixture.read_bytes()]
 
@@ -533,7 +539,7 @@ def test_executor_should_delete_incomplete_downloads(
     )
     mocker.patch(
         "poetry.installation.chef.Chef.get_cached_archive_for_link",
-        side_effect=lambda link: None,
+        side_effect=lambda link, strict: None,
     )
     mocker.patch(
         "poetry.installation.chef.Chef.get_cache_directory_for_link",
@@ -611,7 +617,7 @@ def test_executor_should_not_write_pep610_url_references_for_cached_package(
     verify_installed_distribution(tmp_venv, package)
 
 
-def test_executor_should_write_pep610_url_references_for_files(
+def test_executor_should_write_pep610_url_references_for_wheel_files(
     tmp_venv: VirtualEnv, pool: RepositoryPool, config: Config, io: BufferedIO
 ):
     url = (
@@ -645,6 +651,38 @@ def test_executor_should_write_pep610_url_references_for_files(
     verify_installed_distribution(tmp_venv, package, expected_url_reference)
 
 
+def test_executor_should_write_pep610_url_references_for_non_wheel_files(
+    tmp_venv: VirtualEnv, pool: RepositoryPool, config: Config, io: BufferedIO
+):
+    url = (
+        Path(__file__)
+        .parent.parent.joinpath("fixtures/distributions/demo-0.1.0.tar.gz")
+        .resolve()
+    )
+    package = Package("demo", "0.1.0", source_type="file", source_url=url.as_posix())
+    # Set package.files so the executor will attempt to hash the package
+    package.files = [
+        {
+            "file": "demo-0.1.0.tar.gz",
+            "hash": "sha256:9fa123ad707a5c6c944743bf3e11a0e80d86cb518d3cf25320866ca3ef43e2ad",  # noqa: E501
+        }
+    ]
+
+    executor = Executor(tmp_venv, pool, config, io)
+    executor.execute([Install(package)])
+    expected_url_reference = {
+        "archive_info": {
+            "hashes": {
+                "sha256": (
+                    "9fa123ad707a5c6c944743bf3e11a0e80d86cb518d3cf25320866ca3ef43e2ad"
+                )
+            },
+        },
+        "url": url.as_uri(),
+    }
+    verify_installed_distribution(tmp_venv, package, expected_url_reference)
+
+
 def test_executor_should_write_pep610_url_references_for_directories(
     tmp_venv: VirtualEnv,
     pool: RepositoryPool,
@@ -703,13 +741,23 @@ def test_executor_should_write_pep610_url_references_for_editable_directories(
     )
 
 
-def test_executor_should_write_pep610_url_references_for_urls(
+@pytest.mark.parametrize("cached", [False, True])
+def test_executor_should_write_pep610_url_references_for_wheel_urls(
     tmp_venv: VirtualEnv,
     pool: RepositoryPool,
     config: Config,
     io: BufferedIO,
     mock_file_downloads: None,
+    mocker: MockerFixture,
+    fixture_dir: FixtureDirGetter,
+    cached: bool,
 ):
+    if cached:
+        link_cached = fixture_dir("distributions") / "demo-0.1.0-py2.py3-none-any.whl"
+        mocker.patch(
+            "poetry.installation.chef.Chef.get_cached_archive_for_link",
+            return_value=link_cached,
+        )
     package = Package(
         "demo",
         "0.1.0",
@@ -739,6 +787,60 @@ def test_executor_should_write_pep610_url_references_for_urls(
     verify_installed_distribution(tmp_venv, package, expected_url_reference)
 
 
+@pytest.mark.parametrize("cached", [False, True])
+def test_executor_should_write_pep610_url_references_for_non_wheel_urls(
+    tmp_venv: VirtualEnv,
+    pool: RepositoryPool,
+    config: Config,
+    io: BufferedIO,
+    mock_file_downloads: None,
+    mocker: MockerFixture,
+    fixture_dir: FixtureDirGetter,
+    cached: bool,
+):
+    if cached:
+        link_cached = fixture_dir("distributions") / "demo-0.1.0.tar.gz"
+        original_func = Chef.get_cached_archive_for_link
+
+        def mock_get_cached_archive_for_link(self: Self, link: Link, strict: bool):
+            if link.filename == "demo-0.1.0.tar.gz":
+                return link_cached
+            else:
+                return original_func(self, link, strict)
+
+        mocker.patch(
+            "poetry.installation.chef.Chef.get_cached_archive_for_link",
+            new=mock_get_cached_archive_for_link,
+        )
+    package = Package(
+        "demo",
+        "0.1.0",
+        source_type="url",
+        source_url="https://files.pythonhosted.org/demo-0.1.0.tar.gz",
+    )
+    # Set package.files so the executor will attempt to hash the package
+    package.files = [
+        {
+            "file": "demo-0.1.0.tar.gz",
+            "hash": "sha256:9fa123ad707a5c6c944743bf3e11a0e80d86cb518d3cf25320866ca3ef43e2ad",  # noqa: E501
+        }
+    ]
+
+    executor = Executor(tmp_venv, pool, config, io)
+    executor.execute([Install(package)])
+    expected_url_reference = {
+        "archive_info": {
+            "hashes": {
+                "sha256": (
+                    "9fa123ad707a5c6c944743bf3e11a0e80d86cb518d3cf25320866ca3ef43e2ad"
+                )
+            },
+        },
+        "url": package.source_url,
+    }
+    verify_installed_distribution(tmp_venv, package, expected_url_reference)
+
+
 def test_executor_should_write_pep610_url_references_for_git(
     tmp_venv: VirtualEnv,
     pool: RepositoryPool,