pradyunsg
commented
1 year ago Thanks for this PR @BlueGlassBlock, and appreciate your patience on this.
I'm doing a brain-dump TBH, so apologies for the somewhat unpolished phrasing.
Instintively, I feel like it's valuable to have validation live outside of WheelSource, keeping the the actual "details" of how to perform the validation outside of the wheel itself. But, let's check whether that's valid. The motivation for that was to let the tool that holds the wheel to not rely on installer. get_contents already requires the ability to figure out the relevant RECORD for a file entry, so WheelSource already needs that. wheel even has a function meant for this implemented on their end, so... ok... this makes sense as a method in WheelSource. It still shouldn't raise an error defined within from installer tho -- at best, this should be WheelSource.validation_error (like PEP 517's UnsupportedOperation).
BlueGlassBlock
This PR adds
validate_recordmethod toWheelSourceand a boolean parametervalidate_recordtoinstallfunction.Currently,
validate_recordimplementation ofWheelFilechecks the presence ofRECORD, entries of files in the wheel, and whether there's a corresponding hash for the entry. (RECORD.p7sandRECORD.jwtare ignored from here)validate_recordparameter ofinstallindicates whetherWheelSource.validate_recordwill be called during installation.I've already modified the
fancy_wheelbuilder fromconftest.pyto include hashes (and sizes) of files.The names and places are quite different from #100 and #105, please inform me about what I need to change.
Please review and request changes so that I can push this PR forward 😄
The line ending seems messed up, so please squash when it's ready for merge