Okay, let's see about an inventory of the packages I'll need.
- A package that can be referred to by URL. It should be well-formed, and I need to be able to check whether it is installed.
- A package with multiple versions, which can be referred to by URLs.
- A package with a version in the index, and a different version that can be referred to by URL.
That covers most of the tests, and can be accomplished with a single package that has one indexed version and two URL versions.
In case I want more elaborate tests, I could have stuff like, a package that depends explicitly on one of the URL packages. Then, constraining to the other version should fail.
And, for something more elaborate, having two versions of a package that each depend on different URLs. That raises a few questions that probably apply more generally. Suppose the latest version of the dependent is installed (no constraints), and either the dependent, or an unrelated package, is installed unqualified, but constraining the URL dependency.
So, the minimal kind of set for that is:
- Package with no relations
- Package with one version in index, and two versions that need URLs to locate
- Package with one version in index (depends on one URL version), and one version in another index (depends on the other URL version)
As long as usable hashes can be generated for any of these packages, I think that should be enough for a start.
Okay, that's some solid planning. I'm going to unwind by coding some abominations.