Enforces sha512 in the cache #7591

arcanis · 2019-10-02T11:49:21Z

Summary

When installing a package through a "low integrity" registry, the sha512 isn't stored. This cause problems when using the same packages with a higher integrity later on, because we won't be able to check the sha512 hash and thus will throw an error.

As a workaround until the v2, we'll simply always compute the sha512 and store it in the cache. It's not the prettiest fix ever, but I don't want to lose days on this.

Test plan

Tested some cases manually. CI will have to do.

* Always store sha512 in the cache * Bumps the cache * Fixes error reporting

arcanis added 3 commits October 2, 2019 13:45

Always store sha512 in the cache

4204a62

Bumps the cache

70525c1

Fixes error reporting

8d910a2

arcanis mentioned this pull request Oct 2, 2019

"Incorrect integrity when fetching from the cache" #7584

Closed

arcanis merged commit e7cc86b into master Oct 2, 2019

arcanis added a commit that referenced this pull request Oct 8, 2019

Enforces sha512 in the cache (#7591)

1ff9acc

* Always store sha512 in the cache * Bumps the cache * Fixes error reporting

VincentBailly pushed a commit to VincentBailly/yarn that referenced this pull request Jun 10, 2020

Enforces sha512 in the cache (yarnpkg#7591)

10b1bb6

* Always store sha512 in the cache * Bumps the cache * Fixes error reporting

VincentBailly pushed a commit to VincentBailly/yarn that referenced this pull request Jun 10, 2020

Enforces sha512 in the cache (yarnpkg#7591)

5055e4d

* Always store sha512 in the cache * Bumps the cache * Fixes error reporting

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enforces sha512 in the cache #7591

Enforces sha512 in the cache #7591

arcanis commented Oct 2, 2019

Navigation Menu

Enforces sha512 in the cache #7591

Enforces sha512 in the cache #7591

Conversation

arcanis commented Oct 2, 2019