From 691d2b865b9ef659d76e3025b9f61f9d4d56bdab Mon Sep 17 00:00:00 2001 From: Henry Schreiner Date: Wed, 18 Mar 2026 10:31:26 -0400 Subject: [PATCH] Revert "fix(pylock): check that url and path match if name is not set (#1117)" This reverts commit 00b7e7585715c808687ca2be0cd5fffefc38408f. --- src/packaging/pylock.py | 35 +--------- tests/test_pylock.py | 150 +++++----------------------------------- 2 files changed, 20 insertions(+), 165 deletions(-) diff --git a/src/packaging/pylock.py b/src/packaging/pylock.py index 6dbee3666..96aa35c6d 100644 --- a/src/packaging/pylock.py +++ b/src/packaging/pylock.py @@ -233,25 +233,6 @@ def _validate_path_url(path: str | None, url: str | None) -> None: raise PylockValidationError("path or url must be provided") -def _validate_path_url_names( - name: str | None, path: str | None, url: str | None -) -> None: - if name: - # When name is set, it is authoritative, - # and the path and url names can be anything. - return - if not path or not url: - # We only need to validate if both path and url are set. - return - path_name = _path_name(path) - url_name = _url_name(url) - if path_name != url_name: - raise PylockValidationError( - f"'path' name {path_name!r} and 'url' name {url_name!r} must be identical " - f"when 'name' is not set" - ) - - def _path_name(path: str | None) -> str | None: if not path: return None @@ -466,9 +447,6 @@ def _from_dict(cls, d: Mapping[str, Any]) -> Self: hashes=_get_required_as(d, Mapping, _validate_hashes, "hashes"), # type: ignore[type-abstract] ) _validate_path_url(package_sdist.path, package_sdist.url) - _validate_path_url_names( - package_sdist.name, package_sdist.path, package_sdist.url - ) try: parse_sdist_filename(package_sdist.filename) except Exception as e: @@ -480,11 +458,8 @@ def _from_dict(cls, d: Mapping[str, Any]) -> Self: @property def filename(self) -> str: """Get the filename of the sdist.""" - # name is authoritative if set, else url and path names are guaranteed - # to be identical by validation. - filename = self.name or _path_name(self.path) or _url_name(self.url) + filename = self.name or _url_name(self.url) or _path_name(self.path) if not filename: - # This error will be caught by validation too. raise PylockValidationError("Cannot determine sdist filename") return filename @@ -527,9 +502,6 @@ def _from_dict(cls, d: Mapping[str, Any]) -> Self: hashes=_get_required_as(d, Mapping, _validate_hashes, "hashes"), # type: ignore[type-abstract] ) _validate_path_url(package_wheel.path, package_wheel.url) - _validate_path_url_names( - package_wheel.name, package_wheel.path, package_wheel.url - ) try: parse_wheel_filename(package_wheel.filename) except Exception as e: @@ -541,11 +513,8 @@ def _from_dict(cls, d: Mapping[str, Any]) -> Self: @property def filename(self) -> str: """Get the filename of the wheel.""" - # name is authoritative if set, else url and path names are guaranteed - # to be identical by validation. - filename = self.name or _path_name(self.path) or _url_name(self.url) + filename = self.name or _url_name(self.url) or _path_name(self.path) if not filename: - # This error will be caught by validation too. raise PylockValidationError("Cannot determine wheel filename") return filename diff --git a/tests/test_pylock.py b/tests/test_pylock.py index 88d806558..7c0090ecc 100644 --- a/tests/test_pylock.py +++ b/tests/test_pylock.py @@ -331,6 +331,15 @@ def test_pylock_invalid_vcs() -> None: ), "example-2.0.tar.gz", ), + ( + # url preferred over path + PackageSdist( + url="https://example.com/example-2.0.tar.gz", + path="./example-1.0.tar.gz", + hashes={}, + ), + "example-2.0.tar.gz", + ), # wheels ( PackageWheel( @@ -378,6 +387,15 @@ def test_pylock_invalid_vcs() -> None: ), "example-2.0-py3-none-any.whl", ), + ( + # url preferred over path + PackageWheel( + url="https://example.com/example-2.0-py3-none-any.whl", + path="./example-1.0-py3-none-any.whl", + hashes={}, + ), + "example-2.0-py3-none-any.whl", + ), ], ) def test_dist_filename( @@ -442,138 +460,6 @@ def test_pylock_invalid_sdist_filename() -> None: ) -def test_pylock_sdist_path_url_mismatch() -> None: - data = { - "lock-version": "1.0", - "created-by": "pip", - "packages": [ - { - "name": "example", - "sdist": { - "path": "./that-1.0.tar.gz", - "url": "https://example.com/this-1.0.tar.gz", - "hashes": {"sha256": "f" * 40}, - }, - }, - ], - } - with pytest.raises(PylockValidationError) as exc_info: - Pylock.from_dict(data) - assert str(exc_info.value) == ( - "'path' name 'that-1.0.tar.gz' and 'url' name 'this-1.0.tar.gz' " - "must be identical when 'name' is not set in 'packages[0].sdist'" - ) - - -def test_pylock_sdist_path_url_match() -> None: - data = { - "lock-version": "1.0", - "created-by": "pip", - "packages": [ - { - "name": "example", - "sdist": { - "path": "./that-1.0.tar.gz", - "url": "https://example.com/that-1.0.tar.gz", - "hashes": {"sha256": "f" * 40}, - }, - }, - ], - } - Pylock.from_dict(data) - - -def test_pylock_wheel_path_url_mismatch() -> None: - data = { - "lock-version": "1.0", - "created-by": "pip", - "packages": [ - { - "name": "example", - "wheels": [ - { - "path": "./that-1.0-py3-none-any.whl", - "url": "http://example.com/this-1.0-py3-none-any.whl", - "hashes": {"sha256": "f" * 40}, - } - ], - }, - ], - } - with pytest.raises(PylockValidationError) as exc_info: - Pylock.from_dict(data) - assert str(exc_info.value) == ( - "'path' name 'that-1.0-py3-none-any.whl' and " - "'url' name 'this-1.0-py3-none-any.whl' " - "must be identical when 'name' is not set in 'packages[0].wheels[0]'" - ) - - -def test_pylock_wheel_path_url_match() -> None: - data = { - "lock-version": "1.0", - "created-by": "pip", - "packages": [ - { - "name": "example", - "wheels": [ - { - "path": "./that-1.0-py3-none-any.whl", - "url": "http://example.com/that-1.0-py3-none-any.whl", - "hashes": {"sha256": "f" * 40}, - } - ], - }, - ], - } - Pylock.from_dict(data) - - -def test_pylock_sdist_path_url_mismatch_use_name() -> None: - data = { - "lock-version": "1.0", - "created-by": "pip", - "packages": [ - { - "name": "example", - "sdist": { - "name": "./example-1.0.tar.gz", - "path": "./that-1.0.tar.gz", - "url": "https://example.com/this-1.0.tar.gz", - "hashes": {"sha256": "f" * 40}, - }, - }, - ], - } - Pylock.from_dict(data) - pylock = Pylock.from_dict(data) - assert pylock.packages[0].sdist - assert pylock.packages[0].sdist.filename == pylock.packages[0].sdist.name - - -def test_pylock_wheel_path_url_mismatch_use_name() -> None: - data = { - "lock-version": "1.0", - "created-by": "pip", - "packages": [ - { - "name": "example", - "wheels": [ - { - "name": "example-1.0-py3-none-any.whl", - "path": "./that-1.0-py3-none-any.whl", - "url": "http://example.com/this-1.0-py3-none-any.whl", - "hashes": {"sha256": "f" * 40}, - } - ], - }, - ], - } - pylock = Pylock.from_dict(data) - assert pylock.packages[0].wheels - assert pylock.packages[0].wheels[0].filename == pylock.packages[0].wheels[0].name - - def test_pylock_invalid_wheel() -> None: data = { "lock-version": "1.0",