Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Poetry 1.4.1 fails with _WheelFileValidationError #376

Closed
apyrgio opened this issue Mar 27, 2023 · 2 comments · Fixed by #377
Closed

Poetry 1.4.1 fails with _WheelFileValidationError #376

apyrgio opened this issue Mar 27, 2023 · 2 comments · Fixed by #377
Assignees
Labels
bug Something isn't working
Milestone

Comments

@apyrgio
Copy link
Contributor

apyrgio commented Mar 27, 2023

It seems that Poetry 1.4.1 accidentally started making more strict validation checks on the wheels it downloads (see python-poetry/poetry#7694). The strict checks are actually a welcoming addition, but the surprising fact was that they happened on a bugfix release.

At the same time, it seems that several Python wheels, even from large projects, are not structurally valid. For example, Poetry has left this issue open in their issue tracker for Microsoft's debugpy package: python-poetry/poetry#7686

In our case, we see that Poetry 1.4.1 fails to validate Black's Python wheels for x86_64 MacOS. Doing poetry install on an x86_64 MacOS environment returns the following:

   _WheelFileValidationError

  ["In /Users/runner/Library/Caches/pypoetry/artifacts/59/74/28/0da99c4265a039049b4cccc0a54b5103991e1d78c7d85b899291d627c5/black-22.10.0-1fixedarch-cp310-cp310-macosx_11_0_x86_64.whl, hash / size of black-22.10.0.dist-info/WHEEL didn't match RECORD"]

  at ~/hostedtoolcache/Python/3.10.10/x64/lib/python3.10/site-packages/installer/sources.py:289 in validate_record
      285f"In {self._zipfile.filename}, hash / size of {item.filename} didn't match RECORD"
      286│                     )
      287288if issues:
    → 289raise _WheelFileValidationError(issues)
      290291def get_contents(self) -> Iterator[WheelContentElement]:
      292│         """Sequential access to all contents of the wheel (including dist-info files).
      293│ 

Ultimately, it's the responsibility of the upstream maintainers to update their wheels. I checked and this seems to be the case with Black. If we update our Poetry lock file, we get Black 23.1.0, and Poetry can install it properly.

@apyrgio apyrgio self-assigned this Mar 27, 2023
@apyrgio apyrgio added the bug Something isn't working label Mar 27, 2023
@apyrgio apyrgio added this to the 0.4.1 milestone Mar 27, 2023
@apyrgio
Copy link
Contributor Author

apyrgio commented Mar 27, 2023

Updating the Poetry lock file for Dangerzone means that we fetch the latest versions of all of our dependencies, which is a good thing to do before the release. However, it seems that our lint checks now fail on our project. More specifically, Black now detects some format errors, while Mypy detects some insufficient typing hints.

apyrgio added a commit that referenced this issue Mar 27, 2023
Run `poetry lock` and allow updating the existing dependencies. This
fixes a CI regression that was introduced by Poetry 1.4.1, which added
stricter Python wheels validation

Fixes #376
@apyrgio
Copy link
Contributor Author

apyrgio commented Apr 3, 2023

Closed by b102b2b in release-0.4.1.

@apyrgio apyrgio closed this as completed Apr 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant