Closed Bug 1450971 Opened 8 years ago Closed 8 years ago

pip hash mismatch errors after PyPI API change

Categories

(Tree Management :: Treeherder, defect, P1)

Product:
Tree Management
Component:
Treeherder
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: emorley, Assigned: emorley)

Details

Attachments

(1 file)

Link to GitHub pull-request: https://github.com/mozilla/treeherder/pull/3386
47 bytes, text/x-github-pull-request
Details | Review
After destroying and recreating my local Vagrant development environment, I get package hash mismatch errors from pip: """ THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them. functools32==3.2.3-2 from https://pypi.python.org/packages/c5/60/6ac26ad05857c601308d8fb9e87fa36d0ebf889423f47c3502ef034365db/functools32-3.2.3-2.tar.gz#md5=09f24ffd9af9f6cd0f63cb9f4e23d4b2 (from -r requirements/common.txt (line 121)): Expected sha256 89d824aa6c358c421a234d7f9ee0bd75933a67c29588ce50aaa3acdf4d403fa0 Got f6253dfbe0538ad2e387bd8fdfd9293c925d63553f5813c4e587745416501e6d uritemplate==3.0.0 from https://pypi.python.org/packages/f6/25/66a49231b44409d7f07cfcf2506a8b070ce3c99fc47cc256bea833f24791/uritemplate-3.0.0-py2-none-any.whl#md5=b420ae8183a8af42481b1c655f528dfa (from -r requirements/common.txt (line 139)): Expected sha256 1b9c467a940ce9fb9f50df819e8ddd14696f89b9a8cc87ac77952ba416e0a8fd Got 01c69f4fe8ed503b2951bef85d996a9d22434d2431584b5b107b2981ff416fbd """ Tracking this down it appears to be due to an API change on PyPI that means the package URL returned has changed for some packages where there are multiple possible candidates (eg both .tar.gz and .zip sdist), for which I've filed an upstream issue: https://github.com/pypa/pypi-legacy/issues/790 However in the meantime we can just add the additional hashes to resolve the issue.
Commit pushed to master at https://github.com/mozilla/treeherder https://github.com/mozilla/treeherder/commit/559d8560c16486d45b3da7f2f2aca0e9ccc0b475 Bug 1450971 - Fix package hash errors after PyPI API change (#3386) The PyPI API now returns package download URLs in a different order than before, causing errors in cases where not all hashes were listed and there were multiple matching candidates (such as both `.zip` and `.tar.gz` versions of the sdist archives). See: https://github.com/pypa/pypi-legacy/issues/790 This adds the hashes for the alternate package variants to fix the errors when pip installing from a clean environment.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Component: Treeherder: Docs & Development → TreeHerder
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: