Improve files metadata in lock files (#1460)

Co-authored-by: adisbladis <adisbladis@gmail.com>

poetry.lock

@@ -1070,7 +1070,7 @@ description = "Style preserving TOML library"
 name = "tomlkit"
 optional = false
 python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"
-version = "0.5.7"
+version = "0.5.8"
 
 [package.dependencies]
 [package.dependencies.enum34]
@@ -1206,7 +1206,7 @@ docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"]
 testing = ["pathlib2", "contextlib2", "unittest2"]
 
 [metadata]
-content-hash = "010014d81c1697e02aefdb5f2bc011f2ae7daeaa245335eb46ea37826ee17e8f"
+content-hash = "5b26d9cb46a5e825534c15d22ae1be3579d51be03653a474b17054b9f2485734"
 python-versions = "~2.7 || ^3.4"
 
 [metadata.hashes]
@@ -1289,7 +1289,7 @@ six = ["3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c", "d16a
 subprocess32 = ["88e37c1aac5388df41cc8a8456bb49ebffd321a3ad4d70358e3518176de3a56b", "eb2937c80497978d181efa1b839ec2d9622cf9600a039a79d0e108d1f9aec79d"]
 termcolor = ["1d6d69ce66211143803fbc56652b41d73b4a400a2891d7bf7a1cdf4c02de613b"]
 toml = ["229f81c57791a41d65e399fc06bf0848bab550a9dfd5ed66df18ce5f05e73d5c", "235682dd292d5899d361a811df37e04a8828a5b1da3115886b73cf81ebc9100e", "f1db651f9657708513243e61e6cc67d101a39bad662eaa9b5546f789338e07a3"]
-tomlkit = ["6c1c8af5d98468e9d2b07db2060ae2bc6fe204bda7f32f46a6255b50fe78a71c", "c4e657ec7a92aedc05202c068099ca530100aacb7dfadd100f2e8e5fd40302a1"]
+tomlkit = ["32c10cc16ded7e4101c79f269910658cc2a0be5913f1252121c3cd603051c269", "96e6369288571799a3052c1ef93b9de440e1ab751aa045f435b55e9d3bcd0690"]
 tornado = ["0662d28b1ca9f67108c7e3b77afabfb9c7e87bde174fbda78186ecedc2499a9d", "4e5158d97583502a7e2739951553cbd88a72076f152b4b11b64b9a10c4c49409", "732e836008c708de2e89a31cb2fa6c0e5a70cb60492bee6f1ea1047500feaf7f", "8154ec22c450df4e06b35f131adc4f2f3a12ec85981a203301d310abf580500f", "8e9d728c4579682e837c92fdd98036bd5cdefa1da2aaf6acf26947e6dd0c01c5", "d4b3e5329f572f055b587efc57d29bd051589fb5a43ec8898c77a47ec2fa2bbb", "e5f2585afccbff22390cddac29849df463b252b711aa2ce7c5f3f342a5b3b444", "349884248c36801afa19e342a77cc4458caca694b0eda633f5878e458a44cb2c", "398e0d35e086ba38a0427c3b37f4337327231942e731edaa6e9fd1865bbd6f60", "4e73ef678b1a859f0cb29e1d895526a20ea64b5ffd510a2307b5998c7df24281", "559bce3d31484b665259f50cd94c5c28b961b09315ccd838f284687245f416e5", "abbe53a39734ef4aba061fca54e30c6b4639d3e1f59653f0da37a0003de148c7", "c845db36ba616912074c5b1ee897f8e0124df269468f25e4fe21fe72f6edd7a9", "c9399267c926a4e7c418baa5cbe91c7d1cf362d505a1ef898fde44a07c9dd8a5"]
 tox = ["0bc216b6a2e6afe764476b4a07edf2c1dab99ed82bb146a1130b2e828f5bff5e", "c4f6b319c20ba4913dbfe71ebfd14ff95d1853c4231493608182f66e566ecfe1"]
 typing = ["91dfe6f3f706ee8cc32d38edbbf304e9b7583fb37108fef38229617f8b3eba23", "c8cabb5ab8945cd2f54917be357d134db9cc1eb039e59d1606dc1e60cb1d9d36", "f38d83c5a7a7086543a0f649564d661859c5146a85775ab90c0d2f93ffaa9714"]

poetry/installation/pip_installer.py

@@ -65,7 +65,7 @@ class PipInstaller(BaseInstaller):
         if update:
             args.append("-U")
 
-        if package.hashes and not package.source_type:
+        if package.files and not package.source_type:
             # Format as a requirements.txt
             # We need to create a requirements.txt file
             # for each package in order to check hashes.
@@ -112,8 +112,9 @@ class PipInstaller(BaseInstaller):
     def requirement(self, package, formatted=False):
         if formatted and not package.source_type:
             req = "{}=={}".format(package.name, package.version)
-            for h in package.hashes:
+            for f in package.files:
                 hash_type = "sha256"
+                h = f["hash"]
                 if ":" in h:
                     hash_type, h = h.split(":")
 

poetry/packages/locker.py

@@ -6,6 +6,9 @@ import poetry.repositories
 
 from hashlib import sha256
 from tomlkit import document
+from tomlkit import inline_table
+from tomlkit import item
+from tomlkit import table
 from typing import List
 
 from poetry.utils._compat import Path
@@ -84,7 +87,15 @@ class Locker(object):
             package.description = info.get("description", "")
             package.category = info["category"]
             package.optional = info["optional"]
-            package.hashes = lock_data["metadata"]["hashes"][info["name"]]
+            if "hashes" in lock_data["metadata"]:
+                # Old lock so we create dummy files from the hashes
+                package.files = [
+                    {"name": h, "hash": h}
+                    for h in lock_data["metadata"]["hashes"][info["name"]]
+                ]
+            else:
+                package.files = lock_data["metadata"]["files"][info["name"]]
+
             package.python_versions = info["python-versions"]
             extras = info.get("extras", {})
             if extras:
@@ -135,15 +146,24 @@ class Locker(object):
         return packages
 
     def set_lock_data(self, root, packages):  # type: (...) -> bool
-        hashes = {}
+        files = table()
         packages = self._lock_packages(packages)
         # Retrieving hashes
         for package in packages:
-            if package["name"] not in hashes:
-                hashes[package["name"]] = []
+            if package["name"] not in files:
+                files[package["name"]] = []
+
+            for f in package["files"]:
+                file_metadata = inline_table()
+                for k, v in sorted(f.items()):
+                    file_metadata[k] = v
+
+                files[package["name"]].append(file_metadata)
+
+            if files[package["name"]]:
+                files[package["name"]] = item(files[package["name"]]).multiline(True)
 
-            hashes[package["name"]] += package["hashes"]
-            del package["hashes"]
+            del package["files"]
 
         lock = document()
         lock["package"] = packages
@@ -157,7 +177,7 @@ class Locker(object):
         lock["metadata"] = {
             "python-versions": root.python_versions,
             "content-hash": self._content_hash,
-            "hashes": hashes,
+            "files": files,
         }
 
         if not self.is_locked() or lock != self.lock_data:
@@ -247,7 +267,7 @@ class Locker(object):
             "category": package.category,
             "optional": package.optional,
             "python-versions": package.python_versions,
-            "hashes": sorted(package.hashes),
+            "files": sorted(package.files, key=lambda x: x["file"]),
         }
         if not package.marker.is_any():
             data["marker"] = str(package.marker)

poetry/packages/package.py

@@ -66,7 +66,7 @@ class Package(object):
         self.requires_extras = []
 
         self.category = "main"
-        self.hashes = []
+        self.files = []
         self.optional = False
 
         self.classifiers = []

poetry/puzzle/provider.py

@@ -226,7 +226,9 @@ class Provider:
             )
 
         package.source_url = dependency.path.as_posix()
-        package.hashes = [dependency.hash()]
+        package.files = [
+            {"file": dependency.path.name, "hash": "sha256:" + dependency.hash()}
+        ]
 
         for extra in dependency.extras:
             if extra in package.extras:

poetry/repositories/legacy_repository.py

@@ -333,7 +333,7 @@ class LegacyRepository(PyPiRepository):
             package.description = release_info.get("summary", "")
 
             # Adding hashes information
-            package.hashes = release_info["digests"]
+            package.files = release_info["files"]
 
             # Activate extra dependencies
             for extra in extras:
@@ -358,7 +358,7 @@ class LegacyRepository(PyPiRepository):
             "summary": "",
             "requires_dist": [],
             "requires_python": None,
-            "digests": [],
+            "files": [],
             "_cache_version": str(self.CACHE_VERSION),
         }
 
@@ -370,7 +370,7 @@ class LegacyRepository(PyPiRepository):
                 )
             )
         urls = defaultdict(list)
-        hashes = []
+        files = []
         for link in links:
             if link.is_wheel:
                 urls["bdist_wheel"].append(link.url)
@@ -379,13 +379,12 @@ class LegacyRepository(PyPiRepository):
             ):
                 urls["sdist"].append(link.url)
 
-            hash = link.hash
-            if link.hash_name == "sha256":
-                hashes.append(hash)
-            elif hash:
-                hashes.append(link.hash_name + ":" + hash)
+            h = link.hash
+            if h:
+                h = link.hash_name + ":" + link.hash
+                files.append({"file": link.filename, "hash": h})
 
-        data["digests"] = hashes
+        data["files"] = files
 
         info = self._get_info_from_urls(urls)
 

poetry/repositories/pypi_repository.py

@@ -50,7 +50,7 @@ logger = logging.getLogger(__name__)
 
 class PyPiRepository(Repository):
 
-    CACHE_VERSION = parse_constraint("0.12.0")
+    CACHE_VERSION = parse_constraint("1.0.0b2")
 
     def __init__(self, url="https://pypi.org/", disable_cache=False, fallback=True):
         self._url = url
@@ -210,7 +210,7 @@ class PyPiRepository(Repository):
             package.platform = release_info["platform"]
 
         # Adding hashes information
-        package.hashes = release_info["digests"]
+        package.files = release_info["files"]
 
         # Activate extra dependencies
         for extra in extras:
@@ -311,7 +311,7 @@ class PyPiRepository(Repository):
             "platform": info["platform"],
             "requires_dist": info["requires_dist"],
             "requires_python": info["requires_python"],
-            "digests": [],
+            "files": [],
             "_cache_version": str(self.CACHE_VERSION),
         }
 
@@ -321,7 +321,12 @@ class PyPiRepository(Repository):
             version_info = []
 
         for file_info in version_info:
-            data["digests"].append(file_info["digests"]["sha256"])
+            data["files"].append(
+                {
+                    "file": file_info["filename"],
+                    "hash": "sha256:" + file_info["digests"]["sha256"],
+                }
+            )
 
         if self._fallback and data["requires_dist"] is None:
             self._log("No dependencies found, downloading archives", level="debug")

poetry/utils/exporter.py

@@ -110,9 +110,10 @@ class Exporter(object):
             if package.source_type == "legacy" and package.source_url:
                 indexes.append(package.source_url)
 
-            if package.hashes and with_hashes:
+            if package.files and with_hashes:
                 hashes = []
-                for h in package.hashes:
+                for f in package.files:
+                    h = f["hash"]
                     algorithm = "sha256"
                     if ":" in h:
                         algorithm, h = h.split(":")
@@ -126,7 +127,7 @@ class Exporter(object):
                     line += " \\\n"
                     for i, h in enumerate(hashes):
                         line += "    --hash={}{}".format(
-                            h, " \\\n" if i < len(package.hashes) - 1 else ""
+                            h, " \\\n" if i < len(hashes) - 1 else ""
                         )
 
             line += "\n"

pyproject.toml

@@ -34,7 +34,7 @@ cachecontrol = { version = "^0.12.4", extras = ["filecache"] }
 pkginfo = "^1.4"
 html5lib = "^1.0"
 shellingham = "^1.1"
-tomlkit = "^0.5.7"
+tomlkit = "^0.5.8"
 pexpect = "^4.7.0"
 
 # The typing module is not in the stdlib in Python 2.7 and 3.4

tests/installation/fixtures/extras-with-dependencies.test

@@ -40,7 +40,7 @@ foo = ["C"]
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 B = []
 C = []

tests/installation/fixtures/extras.test

@@ -37,7 +37,7 @@ foo = ["D"]
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 B = []
 C = []

tests/installation/fixtures/install-no-dev.test

@@ -26,7 +26,7 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 "A" = []
 "B" = []
 "C" = []

tests/installation/fixtures/no-dependencies.test

@@ -4,4 +4,4 @@ package = []
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]

tests/installation/fixtures/remove.test

@@ -10,5 +10,5 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 "A" = []

tests/installation/fixtures/update-with-lock.test

@@ -10,5 +10,5 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 "A" = []

tests/installation/fixtures/update-with-locked-extras.test

@@ -42,7 +42,7 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 "A" = []
 "B" = []
 "C" = []

tests/installation/fixtures/with-category-change.test

@@ -21,6 +21,6 @@ A = "^1.0"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 "A" = []
 "B" = []

tests/installation/fixtures/with-conditional-dependency.test

@@ -24,5 +24,5 @@ python = ">=3.6,<4.0"
 python-versions = "~2.7 || ^3.4"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 A = []

tests/installation/fixtures/with-dependencies-extras.test

@@ -32,7 +32,7 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 "A" = []
 "B" = []
 "C" = []

tests/installation/fixtures/with-dependencies.test

@@ -18,6 +18,6 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 "A" = []
 "B" = []

tests/installation/fixtures/with-directory-dependency-poetry-transitive.test

@@ -35,6 +35,6 @@ url = "tests/fixtures/directory/project_with_transitive_directory_dependencies"
 content-hash = "123456789"
 python-versions = "*"
 
-[metadata.hashes]
+[metadata.files]
 project-with-extras = []
 project-with-transitive-directory-dependencies = []

tests/installation/fixtures/with-directory-dependency-poetry.test

@@ -30,6 +30,6 @@ url = "tests/fixtures/project_with_extras"
 content-hash = "123456789"
 python-versions = "*"
 
-[metadata.hashes]
+[metadata.files]
 project-with-extras = []
 pendulum = []

tests/installation/fixtures/with-directory-dependency-setuptools.test

@@ -35,7 +35,7 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 cachy = []
 my-package = []
 pendulum = []

tests/installation/fixtures/with-duplicate-dependencies-update.test

@@ -32,7 +32,7 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 B = []
 C = []

tests/installation/fixtures/with-duplicate-dependencies.test

@@ -58,7 +58,7 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 B = []
 C = []

tests/installation/fixtures/with-file-dependency-transitive.test

@@ -46,7 +46,9 @@ url = "tests/fixtures/directory/project_with_transitive_file_dependencies"
 content-hash = "123456789"
 python-versions = "*"
 
-[metadata.hashes]
-demo = ["70e704135718fffbcbf61ed1fc45933cfd86951a744b681000eaaa75da31f17a"]
+[metadata.files]
+demo = [
+    {file = "demo-0.1.0-py2.py3-none-any.whl", hash = "sha256:70e704135718fffbcbf61ed1fc45933cfd86951a744b681000eaaa75da31f17a"},
+]
 pendulum = []
 project-with-transitive-file-dependencies = []

tests/installation/fixtures/with-file-dependency.test

@@ -30,6 +30,8 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
-demo = ["70e704135718fffbcbf61ed1fc45933cfd86951a744b681000eaaa75da31f17a"]
+[metadata.files]
+demo = [
+    {file = "demo-0.1.0-py2.py3-none-any.whl", hash = "sha256:70e704135718fffbcbf61ed1fc45933cfd86951a744b681000eaaa75da31f17a"},
+]
 pendulum = []

tests/installation/fixtures/with-multiple-updates.test

@@ -51,7 +51,7 @@ python-versions = "*"
 python-versions = "~2.7 || ^3.4"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 B = []
 C = []

tests/installation/fixtures/with-optional-dependencies.test

@@ -34,7 +34,7 @@ foo = ["A"]
 python-versions = "~2.7 || ^3.4"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 C = []
 D = []

tests/installation/fixtures/with-platform-dependencies.test

@@ -43,7 +43,7 @@ foo = ["A"]
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 B = []
 C = []

tests/installation/fixtures/with-prereleases.test

@@ -18,6 +18,6 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 "A" = []
 "B" = []

tests/installation/fixtures/with-pypi-repository.test

@@ -86,12 +86,36 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
-attrs = ["1c7960ccfd6a005cd9f7ba884e6316b5e430a3f1a6c37c5f87d8b43f83b54ec9", "a17a9573a6f475c99b551c0e0a812707ddda1ec9653bed04c13841404ed6f450"]
-colorama = ["463f8483208e921368c9f306094eb6f725c6ca42b0f97e313cb5d5512459feda", "48eb22f4f8461b1df5734a074b57042430fb06e1d61bd1e11b078c0fe6d7a1f1"]
-funcsigs = ["330cc27ccbf7f1e992e69fef78261dc7c6569012cf397db8d3de0234e6c937ca", "a7bb0f2cf3a3fd1ab2732cb49eba4252c2af4240442415b4abce3b87022a8f50"]
-more-itertools = ["0dd8f72eeab0d2c3bd489025bb2f6a1b8342f9b198f6fc37b52d15cfa4531fea", "11a625025954c20145b37ff6309cd54e39ca94f72f6bb9576d1195db6fa2442e", "c9ce7eccdcb901a2c75d326ea134e0886abfbea5f93e91cc95de9507c0816c44"]
-pluggy = ["7f8ae7f5bdf75671a718d2daf0a64b7885f74510bcd98b1a0bb420eb9a9d0cff"]
-py = ["29c9fab495d7528e80ba1e343b958684f4ace687327e6f789a94bf3d1915f881", "983f77f3331356039fdd792e9220b7b8ee1aa6bd2b25f567a963ff1de5a64f6a"]
-pytest = ["6266f87ab64692112e5477eba395cfedda53b1933ccd29478e671e73b420c19c", "fae491d1874f199537fd5872b5e1f0e74a009b979df9d53d1553fd03da1703e1"]
-six = ["70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9", "832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"]
+[metadata.files]
+attrs = [
+    {file = "attrs-17.4.0-py2.py3-none-any.whl", hash = "sha256:a17a9573a6f475c99b551c0e0a812707ddda1ec9653bed04c13841404ed6f450"},
+    {file = "attrs-17.4.0.tar.gz", hash = "sha256:1c7960ccfd6a005cd9f7ba884e6316b5e430a3f1a6c37c5f87d8b43f83b54ec9"},
+]
+colorama = [
+    {file = "colorama-0.3.9-py2.py3-none-any.whl", hash = "sha256:463f8483208e921368c9f306094eb6f725c6ca42b0f97e313cb5d5512459feda"},
+    {file = "colorama-0.3.9.tar.gz", hash = "sha256:48eb22f4f8461b1df5734a074b57042430fb06e1d61bd1e11b078c0fe6d7a1f1"},
+]
+funcsigs = [
+    {file = "funcsigs-1.0.2-py2.py3-none-any.whl", hash = "sha256:330cc27ccbf7f1e992e69fef78261dc7c6569012cf397db8d3de0234e6c937ca"},
+    {file = "funcsigs-1.0.2.tar.gz", hash = "sha256:a7bb0f2cf3a3fd1ab2732cb49eba4252c2af4240442415b4abce3b87022a8f50"},
+]
+more-itertools = [
+    {file = "more-itertools-4.1.0.tar.gz", hash = "sha256:c9ce7eccdcb901a2c75d326ea134e0886abfbea5f93e91cc95de9507c0816c44"},
+    {file = "more_itertools-4.1.0-py2-none-any.whl", hash = "sha256:11a625025954c20145b37ff6309cd54e39ca94f72f6bb9576d1195db6fa2442e"},
+    {file = "more_itertools-4.1.0-py3-none-any.whl", hash = "sha256:0dd8f72eeab0d2c3bd489025bb2f6a1b8342f9b198f6fc37b52d15cfa4531fea"},
+]
+pluggy = [
+    {file = "pluggy-0.6.0.tar.gz", hash = "sha256:7f8ae7f5bdf75671a718d2daf0a64b7885f74510bcd98b1a0bb420eb9a9d0cff"},
+]
+py = [
+    {file = "py-1.5.3-py2.py3-none-any.whl", hash = "sha256:983f77f3331356039fdd792e9220b7b8ee1aa6bd2b25f567a963ff1de5a64f6a"},
+    {file = "py-1.5.3.tar.gz", hash = "sha256:29c9fab495d7528e80ba1e343b958684f4ace687327e6f789a94bf3d1915f881"},
+]
+pytest = [
+    {file = "pytest-3.5.0-py2.py3-none-any.whl", hash = "sha256:6266f87ab64692112e5477eba395cfedda53b1933ccd29478e671e73b420c19c"},
+    {file = "pytest-3.5.0.tar.gz", hash = "sha256:fae491d1874f199537fd5872b5e1f0e74a009b979df9d53d1553fd03da1703e1"},
+]
+six = [
+    {file = "six-1.11.0-py2.py3-none-any.whl", hash = "sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb"},
+    {file = "six-1.11.0.tar.gz", hash = "sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9"},
+]

tests/installation/fixtures/with-python-versions.test

@@ -26,7 +26,7 @@ python-versions = "~2.7 || ^3.3"
 python-versions = "~2.7 || ^3.4"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 B = []
 C = []

tests/installation/fixtures/with-sub-dependencies.test

@@ -40,7 +40,7 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 B = []
 C = []

tests/installation/fixtures/with-url-dependency.test

@@ -30,6 +30,6 @@ python-versions = "*"
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
+[metadata.files]
 demo = []
 pendulum = []

tests/installation/fixtures/with-wheel-dependency-no-requires-dist.test

@@ -15,5 +15,7 @@ url = "tests/fixtures/wheel_with_no_requires_dist/demo-0.1.0-py2.py3-none-any.wh
 python-versions = "*"
 content-hash = "123456789"
 
-[metadata.hashes]
-demo = ["c25eb81459126848a1788eb3520d1a32014eb51ce3d3bae88c56bfdde4ce02db"]
+[metadata.files]
+demo = [
+    {file = "demo-0.1.0-py2.py3-none-any.whl", hash = "sha256:c25eb81459126848a1788eb3520d1a32014eb51ce3d3bae88c56bfdde4ce02db"},
+]

tests/installation/test_pip_installer.py

@@ -29,9 +29,12 @@ def installer(pool):
 
 def test_requirement(installer):
     package = Package("ipython", "7.5.0")
-    package.hashes = [
-        "md5:dbdc53e3918f28fa335a173432402a00",
-        "e840810029224b56cd0d9e7719dc3b39cf84d577f8ac686547c8ba7a06eeab26",
+    package.files = [
+        {"file": "foo-0.1.0.tar.gz", "hash": "md5:dbdc53e3918f28fa335a173432402a00"},
+        {
+            "file": "foo.0.1.0.whl",
+            "hash": "e840810029224b56cd0d9e7719dc3b39cf84d577f8ac686547c8ba7a06eeab26",
+        },
     ]
 
     result = installer.requirement(package, formatted=True)

tests/packages/test_locker.py

@@ -27,7 +27,7 @@ def root():
 def test_lock_file_data_is_ordered(locker, root):
     package_a = get_package("A", "1.0.0")
     package_a.add_dependency("B", "^1.0")
-    package_a.hashes = ["456", "123"]
+    package_a.files = [{"file": "foo", "hash": "456"}, {"file": "bar", "hash": "123"}]
     packages = [package_a, get_package("B", "1.2")]
 
     locker.set_lock_data(root, packages)
@@ -58,8 +58,11 @@ version = "1.2"
 content-hash = "115cf985d932e9bf5f540555bbdd75decbb62cac81e399375fc19f6277f8c1d8"
 python-versions = "*"
 
-[metadata.hashes]
-A = ["123", "456"]
+[metadata.files]
+A = [
+    {file = "bar", hash = "123"},
+    {file = "foo", hash = "456"},
+]
 B = []
 """
 
@@ -92,7 +95,7 @@ redis = ["redis (>=2.10.5)"]
 content-hash = "c3d07fca33fba542ef2b2a4d75bf5b48d892d21a830e2ad9c952ba5123a52f77"
 python-versions = "~2.7 || ^3.4"
 
-[metadata.hashes]
+[metadata.files]
 cachecontrol = []
 """
 
@@ -131,7 +134,7 @@ version = "1.0.0"
 content-hash = "115cf985d932e9bf5f540555bbdd75decbb62cac81e399375fc19f6277f8c1d8"
 python-versions = "*"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 """
 
@@ -170,12 +173,11 @@ foo = ["B (>=1.0.0)"]
 content-hash = "115cf985d932e9bf5f540555bbdd75decbb62cac81e399375fc19f6277f8c1d8"
 python-versions = "*"
 
-[metadata.hashes]
+[metadata.files]
 A = []
 """
 
     with locker.lock.open(encoding="utf-8") as f:
         content = f.read()
 
-    print(content)
     assert expected == content

tests/repositories/test_legacy_repository.py

@@ -243,11 +243,17 @@ def test_get_package_retrieves_non_sha256_hashes():
     package = repo.package("ipython", "7.5.0")
 
     expected = [
-        "md5:dbdc53e3918f28fa335a173432402a00",
-        "e840810029224b56cd0d9e7719dc3b39cf84d577f8ac686547c8ba7a06eeab26",
+        {
+            "file": "ipython-7.5.0-py3-none-any.whl",
+            "hash": "md5:dbdc53e3918f28fa335a173432402a00",
+        },
+        {
+            "file": "ipython-7.5.0.tar.gz",
+            "hash": "sha256:e840810029224b56cd0d9e7719dc3b39cf84d577f8ac686547c8ba7a06eeab26",
+        },
     ]
 
-    assert expected == package.hashes
+    assert expected == package.files
 
 
 def test_get_package_retrieves_packages_with_no_hashes():
@@ -255,7 +261,7 @@ def test_get_package_retrieves_packages_with_no_hashes():
 
     package = repo.package("jupyter", "1.0.0")
 
-    assert [] == package.hashes
+    assert [] == package.files
 
 
 def test_username_password_special_chars():