Add test for combination of invalid link hash and good --hash

sbidoul · sbidoul · commit 453a5a7e0738 · 2023-04-10T13:21:00.000+02:00
diff --git a/tests/functional/test_install.py b/tests/functional/test_install.py
@@ -634,13 +634,29 @@ def test_link_hash_pass_require_hashes(
 def test_bad_link_hash_install_failure(
     script: PipTestEnvironment, shared_data: TestData
 ) -> None:
-    """Test that wrong hash in direct URL stop installation."""
+    """Test that wrong hash in direct URL stops installation."""
     url = path_to_url(str(shared_data.packages.joinpath("simple-1.0.tar.gz")))
     url = f"{url}#sha256=invalidhash"
     result = script.pip_install_local("--no-deps", url, expect_error=True)
     assert "THESE PACKAGES DO NOT MATCH THE HASHES" in result.stderr
 
 
+def test_bad_link_hash_good_user_hash_install_success(
+    script: PipTestEnvironment, shared_data: TestData, tmp_path: Path
+) -> None:
+    """Test that wrong hash in direct URL ignored when good --hash provided.
+
+    This behaviour may be accidental?
+    """
+    url = path_to_url(str(shared_data.packages.joinpath("simple-1.0.tar.gz")))
+    url = f"{url}#sha256=invalidhash"
+    digest = "393043e672415891885c9a2a0929b1af95fb866d6ca016b42d2e6ce53619b653"
+    with requirements_file(
+        f"simple @ {url} --hash sha256:{digest}", tmp_path
+    ) as reqs_file:
+        script.pip_install_local("--no-deps", "--require-hashes", "-r", reqs_file)
+
+
 def test_link_hash_in_dep_fails_require_hashes(
     script: PipTestEnvironment, tmp_path: Path, shared_data: TestData
 ) -> None:
