Fix #512 - Isolate directories for generating hashes

[mete0r]

Some distributions have incompatible type of files with same name on the root directory. For example, matplotlib-2.0.2.tar.gz has a directory named "LICENSE" on the root, which may conflict with many other distributions, causing errors like:

IOError: [Errno 20] Not a directory: u'/tmp/tmpz/LICENSE/LICENSE_STIX'

So we need to isolate unpacking directory of each distributions.

Contributor checklist

• Provided the tests for the changes
• Added the changes to CHANGELOG.md
• Requested (or received) a review from another contributor

[suutari]

So this makes it possible to unpack distribution packages with conflicting files inside them.

I'm just thinking that why the code unpacks the downloaded packages in the first place, since it only needs to hash the byte contents of the package. I think the code should be simplified to not do any unpacking, but rather just hash the file contents. This should fix the bug and also make it faster and smarter since unnecessary unpacking is avoided.

I already tested this with Prequ. I'll create a PR for this to pip-tools too.

[suutari]

I have now created the PR for doing the hashing without unpacking as mentioned. See PR #557.

@mete0r: I also included your test case for this. Thanks! And it seems to pass too. :)

[mete0r]

@suutari yeah, you are right and I considered that too, but just wanted a quick patch to have minimal impact on the status quo, i.e. depending on pip's internal API.

For pip >= 10.0.0 (pypa/pip@95bcf8c), the whole implementation of piptools.repository.pypi should be rewritten from scratch anyway, along with appropriate tests.

[suutari-ai]

This should probably be closed now that #557 is merged. Right?

[vphilippon]

Indeed, thanks for the reminder.