This tremendously helps understand why a package is being fetched and
can help investigate and fix dependency resolver backtracking issues
when incoherent constraints/package sets are provided or when new
versions of a package trigger a completely different backtracking
strategy, leading to very hard to debug situations.
The PEP 668 expects an override mechanism to ease the transition.
This provides an override.
---------
Co-authored-by: Pradyun Gedam <pradyunsg@gmail.com>
Refactored `_get_index_url()` to get integration tests for the subprocess backend working.
Keyring support via the 'subprocess' provider can only retrieve a password, not a username-password combo. The username therefor MUST come from the URL.
If the URL obtained from the index does not contain a username then the username from a matching index is used. `_get_index_url()` does that matching.
The problem this refactoring solves is that the URL where a wheel or sdist can be downloaded from does not always start with the index url. Azure DevOps Artifacts Feeds are an example since it replaces the friendly name of the Feed with the GUID of the Feed. Causing `url.startswith(prefix)` to evaluate as `False`.
The new behaviour is to return the index which matches the netloc and has the longest common prefix of the `path` property of the value returned by `urllib.parse.urlsplit()`. The behaviour for resolving ties is unspecified.
The fix merged in 3b60e36289 also fixed
the wheel cache; this cherry-picks the test and news from the other pull
request to validate and document the fact.
Commit bad03ef931 introduced the new
link_hash attribute that holds the link's hash info, but that attribute
does the same thing as _hashes, and some existing usages still populate
that old attribute. Since the plural variant covers more use cases (a
file can be hashed with multiple algorithms), we restore the old logic
that uses _hashes before the commit, and consolidate link_hash back into
that attribute.
Windows does not implement LC_MESSAGES, and since PEP 668 is mainly
designed for Linux distributions, we simply take the easier way out
until someone wants an equivalent on Windows.
This turns invalid egg fragments into a soft error, with a scheduled
deprecation period of two releases.
Signed-off-by: William Woodruff <william@trailofbits.com>
This exercises our expectation that egg fragments don't include version
specifiers and are evaluated eagerly.
Signed-off-by: William Woodruff <william@trailofbits.com>