Avoid URL requirement name collisions

[geokala]

Fixes #1145.

This avoids cache collisions when using URLs which both end with the same filename where a later dependency depends on an earlier one, e.g.
file:///tmp/mydep1/master.zip
file:///tmp/mydep2/master.zip
(where mydep2 depends on mydep1)

Changelog-friendly one-liner: Avoid name collisions with URL based requirements.

Contributor checklist

• Provided the tests for the changes.
• Gave a clear one-line description in the PR (that the maintainers can add to CHANGELOG.md on release).
• Assign the PR to an existing or new milestone for the target version (following Semantic Versioning).

[atugushev]

Hello @geokala,

Thanks for the PR! I've skimmed the patch and noticed that it could break the cache when hashing files. Could you check this out?
https://github.com/jazzband/pip-tools/blob/65f2ebea007ade0dd723cec6f417df1131164eb1/piptools/repositories/pypi.py#L318

[codecov]

Codecov Report

Merging #1149 into master will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #1149   +/-   ##
=======================================
  Coverage   99.49%   99.49%           
=======================================
  Files          36       36           
  Lines        2752     2773   +21     
  Branches      326      328    +2     
=======================================
+ Hits         2738     2759   +21     
  Misses          8        8           
  Partials        6        6           

Impacted Files	Coverage Δ
piptools/repositories/pypi.py	95.52% <100.00%> (+0.11%)	⬆️
tests/conftest.py	100.00% <100.00%> (ø)
tests/test_repository_pypi.py	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0ce999b...7bb1002. Read the comment docs.

[geokala]

Re: Cache directory, good point. I've factored out the logic to a _get_download_path function and used it in both places it appears to be needed.
I've not introduced a specific test for this as I believe it constitutes internal implementation detail rather than external behaviour that should be asserted upon, but let me know if a test is required.

[atugushev]

I've researched pip codebase and have found this function. It probably makes sense to do the same for caching files. What do you think?

[geokala]

Sure, that looks like it'd work nicely. Only issue would be that it's depending on another pip internal function, so increases the risk of breakage every time they update.
If you're comfortable with that then I can switch it to use that this evening.

Otherwise, I can grab the nesting part of it to give the same behaviour and avoid that dependency.

What's your preference?

[atugushev]

I would grab the nesting part.

[geokala]

OK, that'll be in the next push. Just looking at the test now.

[atugushev]

Could you update _get_download_path in accordance with this function?

[geokala]

Can do- but what's the objective?
I can do a straight copy of that function, which will not break on changes to that function's name, but will break if there are changes to the vendored packages that pip uses. Otherwise, what's currently in this PR is a partial copy which should address the concerns but may cause slight cache bloat.
Is the preference here to reduce cache bloat but at the possible expense of stability? If so, I could change it to call that function directly?

[atugushev]

The intention is to kill two birds with one stone. But, I don't want to block this improvement due to mysterious bugs and rather approve this as is. Thanks for your contribution!

[AndydeCleyre]

Can we get a nice explanation of the problem being solved, as the docstring for the test?

[geokala]

@AndydeCleyre Sure, I've just added that- hopefully it's not too verbose?

[geokala]

Not sure why CI is failing at the moment, will take a look when it deigns to give me logs.

[atugushev]

@geokala

Not sure why CI is failing at the moment, will take a look when it deigns to give me logs.

I've fixed it in geokala#1. You could merge this if it works.

[atugushev]

@geokala

FYI, also fixed test test_name_collision due to changes in geokala@2c4c571.

[geokala]

@atugushev Awesome, thanks for that- makes sense, so I've merged it into my PR.

[geokala]

Looks like CI is failing on 2.7 pip latest (I think?):
File "/tmp/easy_install-P_Otzu/jaraco.windows-5.0.0/temp/easy_install-B_XSyo/path.py-12.4.0/temp/easy_install-kjgCqJ/more-itertools-8.3.0/more_itertools/init.py", line 1, in
File "/tmp/easy_install-P_Otzu/jaraco.windows-5.0.0/temp/easy_install-B_XSyo/path.py-12.4.0/temp/easy_install-kjgCqJ/more-itertools-8.3.0/more_itertools/more.py", line 482
yield from iterable
^
SyntaxError: invalid syntax

=================================== log end ====================================
ERROR: FAIL could not package project - v = InvocationError(u'/opt/hostedtoolcache/Python/2.7.18/x64/bin/python setup.py sdist --formats=zip --dist-dir /home/runner/work/pip-tools/pip-tools/.tox/dist', 1)

Has pip already stopped supporting 2.7 for make_sdist or something?

[geokala]

A local run of tox --notest -p auto --parallel-live doesn't give me that error, though of course my environment doesn't match travis.

[geokala]

So yeah, looks like more-itertools is being used by easy_install but doesn't support python2.7 any more- I'm guessing I already had an older version of easy_install installed so didn't run into this problem.
Presumably this means that something needs pinning- easy_install or more-itertools- and presumably it wants pinning in tox?

[atugushev]

Unfortunately, recent setuptools-scm-4.0.0 broke our CI. Working on a fix in #1151.

[atugushev]

@geokala

Please rebase onto master it should be fixed now.

[geokala]

Rebased. Fingers crossed.

[atugushev]

LGTM 👍

[atugushev]

@geokala

Great first-time contribution 🚀 Thanks!

[geokala]

No worries, and thanks for your help!