Merge pull request #12044 from chriskuehl/fix-pep658-name-normalization

pfmoore · web-flow · commit 2966a3e3958a · 2023-05-21T11:29:43.000+01:00
Canonicalize package names before comparison for PEP658 metadata
diff --git a/news/12038.bugfix.rst b/news/12038.bugfix.rst
@@ -0,0 +1 @@
+Fix installation of packages with PEP658 metadata using non-canonicalized names
diff --git a/src/pip/_internal/operations/prepare.py b/src/pip/_internal/operations/prepare.py
@@ -410,7 +410,7 @@ def _fetch_metadata_using_link_data_attr(
         #     NB: raw_name will fall back to the name from the install requirement if
         #     the Name: field is not present, but it's noted in the raw_name docstring
         #     that that should NEVER happen anyway.
-        if metadata_dist.raw_name != req.req.name:
+        if canonicalize_name(metadata_dist.raw_name) != canonicalize_name(req.req.name):
             raise MetadataInconsistent(
                 req, "Name", req.req.name, metadata_dist.raw_name
             )
diff --git a/tests/functional/test_download.py b/tests/functional/test_download.py
@@ -8,7 +8,7 @@
 from hashlib import sha256
 from pathlib import Path
 from textwrap import dedent
-from typing import Callable, Dict, List, Tuple
+from typing import Callable, Dict, List, Optional, Tuple
 
 import pytest
 
@@ -1266,6 +1266,8 @@ class Package:
     metadata: MetadataKind
     # This will override any dependencies specified in the actual dist's METADATA.
     requires_dist: Tuple[str, ...] = ()
+    # This will override the Name specified in the actual dist's METADATA.
+    metadata_name: Optional[str] = None
 
     def metadata_filename(self) -> str:
         """This is specified by PEP 658."""
@@ -1296,7 +1298,7 @@ def generate_metadata(self) -> bytes:
         return dedent(
             f"""\
         Metadata-Version: 2.1
-        Name: {self.name}
+        Name: {self.metadata_name or self.name}
         Version: {self.version}
         {self.requires_str()}
         """
@@ -1452,6 +1454,14 @@ def run_for_generated_index(
         ),
         # This will raise an error when pip attempts to fetch the metadata file.
         Package("simple2", "2.0", "simple2-2.0.tar.gz", MetadataKind.NoFile),
+        # This has a METADATA file with a mismatched name.
+        Package(
+            "simple2",
+            "3.0",
+            "simple2-3.0.tar.gz",
+            MetadataKind.Sha256,
+            metadata_name="not-simple2",
+        ),
     ],
     "colander": [
         # Ensure we can read the dependencies from a metadata file within a wheel
@@ -1491,6 +1501,16 @@ def run_for_generated_index(
             "priority", "1.0", "priority-1.0-py2.py3-none-any.whl", MetadataKind.NoFile
         ),
     ],
+    "requires-simple-extra": [
+        # Metadata name is not canonicalized.
+        Package(
+            "requires-simple-extra",
+            "0.1",
+            "requires_simple_extra-0.1-py2.py3-none-any.whl",
+            MetadataKind.Sha256,
+            metadata_name="Requires_Simple.Extra",
+        ),
+    ],
 }
 
 
@@ -1581,3 +1601,47 @@ def test_metadata_not_found(
         f"ERROR: 404 Client Error: FileNotFoundError for url:.*{expected_re}"
     )
     assert pattern.search(result.stderr), (pattern, result.stderr)
+
+
+def test_produces_error_for_mismatched_package_name_in_metadata(
+    download_generated_html_index: Callable[..., Tuple[TestPipResult, Path]],
+) -> None:
+    """Verify that the package name from the metadata matches the requested package."""
+    result, _ = download_generated_html_index(
+        _simple_packages,
+        ["simple2==3.0"],
+        allow_error=True,
+    )
+    assert result.returncode != 0
+    assert (
+        "simple2-3.0.tar.gz has inconsistent Name: expected 'simple2', but metadata "
+        "has 'not-simple2'"
+    ) in result.stdout
+
+
+@pytest.mark.parametrize(
+    "requirement",
+    (
+        "requires-simple-extra==0.1",
+        "REQUIRES_SIMPLE-EXTRA==0.1",
+        "REQUIRES....simple-_-EXTRA==0.1",
+    ),
+)
+def test_canonicalizes_package_name_before_verifying_metadata(
+    download_generated_html_index: Callable[..., Tuple[TestPipResult, Path]],
+    requirement: str,
+) -> None:
+    """Verify that the package name from the command line and the package's
+    METADATA are both canonicalized before comparison.
+
+    Regression test for https://github.com/pypa/pip/issues/12038
+    """
+    result, download_dir = download_generated_html_index(
+        _simple_packages,
+        [requirement],
+        allow_error=True,
+    )
+    assert result.returncode == 0
+    assert os.listdir(download_dir) == [
+        "requires_simple_extra-0.1-py2.py3-none-any.whl",
+    ]

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Fix installation of packages with PEP658 metadata using non-canonicalized names`
Original file line number	Diff line number	Diff line change
`@@ -410,7 +410,7 @@ def _fetch_metadata_using_link_data_attr(`
`410`	`410`	`# NB: raw_name will fall back to the name from the install requirement if`
`411`	`411`	`# the Name: field is not present, but it's noted in the raw_name docstring`
`412`	`412`	`# that that should NEVER happen anyway.`
`413`		`- if metadata_dist.raw_name != req.req.name:`
	`413`	`+ if canonicalize_name(metadata_dist.raw_name) != canonicalize_name(req.req.name):`
`414`	`414`	`raise MetadataInconsistent(`
`415`	`415`	`req, "Name", req.req.name, metadata_dist.raw_name`
`416`	`416`	`)`