Merge pull request #11085 from pypa/revert-10962-fix-hashes

news/10962.bugfix.rst

@@ -0,0 +1 @@
+Revert `#9243 <https://github.com/pypa/pip/issues/9243>`_ since it introduced a regression in certain edge cases.

src/pip/_internal/req/req_install.py

@@ -53,7 +53,7 @@ from pip._internal.utils.misc import (
     hide_url,
     redact_auth_from_url,
 )
-from pip._internal.utils.packaging import is_pinned, safe_extra
+from pip._internal.utils.packaging import safe_extra
 from pip._internal.utils.subprocess import runner_with_spinner_message
 from pip._internal.utils.temp_dir import TempDirectory, tempdir_kinds
 from pip._internal.utils.virtualenv import running_under_virtualenv
@@ -241,7 +241,8 @@ class InstallRequirement:
 
         For example, some-package==1.2 is pinned; some-package>1.2 is not.
         """
-        return is_pinned(self.specifier)
+        specifiers = self.specifier
+        return len(specifiers) == 1 and next(iter(specifiers)).operator in {"==", "==="}
 
     def match_markers(self, extras_requested: Optional[Iterable[str]] = None) -> bool:
         if not extras_requested:

src/pip/_internal/resolution/resolvelib/factory.py

@@ -45,7 +45,7 @@ from pip._internal.req.req_install import (
 from pip._internal.resolution.base import InstallRequirementProvider
 from pip._internal.utils.compatibility_tags import get_supported
 from pip._internal.utils.hashes import Hashes
-from pip._internal.utils.packaging import get_requirement, is_pinned
+from pip._internal.utils.packaging import get_requirement
 from pip._internal.utils.virtualenv import running_under_virtualenv
 
 from .base import Candidate, CandidateVersion, Constraint, Requirement
@@ -303,12 +303,18 @@ class Factory:
             # solely satisfied by a yanked release.
             all_yanked = all(ican.link.is_yanked for ican in icans)
 
-            pinned = is_pinned(specifier)
+            def is_pinned(specifier: SpecifierSet) -> bool:
+                for sp in specifier:
+                    if sp.operator == "===":
+                        return True
+                    if sp.operator != "==":
+                        continue
+                    if sp.version.endswith(".*"):
+                        continue
+                    return True
+                return False
 
-            if not template.is_pinned:
-                assert template.req, "Candidates found on index must be PEP 508"
-                template.req.specifier = specifier
-                template.hash_options = hashes.allowed
+            pinned = is_pinned(specifier)
 
             # PackageFinder returns earlier versions first, so we reverse.
             for ican in reversed(icans):

src/pip/_internal/utils/hashes.py

@@ -63,10 +63,6 @@ class Hashes:
     def digest_count(self) -> int:
         return sum(len(digests) for digests in self._allowed.values())
 
-    @property
-    def allowed(self) -> Dict[str, List[str]]:
-        return self._allowed
-
     def is_hash_allowed(self, hash_name: str, hex_digest: str) -> bool:
         """Return whether the given hex digest is allowed."""
         return hex_digest in self._allowed.get(hash_name, [])

src/pip/_internal/utils/packaging.py

@@ -5,7 +5,6 @@ from typing import NewType, Optional, Tuple, cast
 
 from pip._vendor.packaging import specifiers, version
 from pip._vendor.packaging.requirements import Requirement
-from pip._vendor.packaging.specifiers import SpecifierSet
 
 NormalizedExtra = NewType("NormalizedExtra", str)
 
@@ -56,15 +55,3 @@ def safe_extra(extra: str) -> NormalizedExtra:
     the same to either ``canonicalize_name`` or ``_egg_link_name``.
     """
     return cast(NormalizedExtra, re.sub("[^A-Za-z0-9.-]+", "_", extra).lower())
-
-
-def is_pinned(specifier: SpecifierSet) -> bool:
-    for sp in specifier:
-        if sp.operator == "===":
-            return True
-        if sp.operator != "==":
-            continue
-        if sp.version.endswith(".*"):
-            continue
-        return True
-    return False

tests/functional/test_new_resolver_hashes.py

@@ -373,34 +373,3 @@ def test_new_resolver_hash_with_extras(script: PipTestEnvironment) -> None:
         child="0.1.0",
         extra="0.1.0",
     )
-
-
-def test_new_resolver_hash_with_pin(script: PipTestEnvironment) -> None:
-    find_links = _create_find_links(script)
-
-    requirements_txt = script.scratch_path / "requirements.txt"
-    requirements_txt.write_text("base")
-
-    constraints_txt = script.scratch_path / "constraints.txt"
-    constraints_txt.write_text(
-        """
-        base==0.1.0 --hash=sha256:{sdist_hash} --hash=sha256:{wheel_hash}
-        """.format(
-            sdist_hash=find_links.sdist_hash,
-            wheel_hash=find_links.wheel_hash,
-        )
-    )
-
-    script.pip(
-        "install",
-        "--no-cache-dir",
-        "--no-index",
-        "--find-links",
-        find_links.index_html,
-        "--requirement",
-        requirements_txt,
-        "--constraint",
-        constraints_txt,
-    )
-
-    script.assert_installed(base="0.1.0")