-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attempting to install pytest under Python 2.7.15 and pipenv==2018.11.14 fails to complete with a claimed hash mismatch #3289
Comments
Is the build running on windows? If the posix style paths are anything to go by, the resolver is correct to skip the That would be |
Negative, the build is running on Docker with the For clarity, the only reason I even brought up the As per your request, I reran the CI build, substituting for Output from $ pipenv --supportPipenv version: Pipenv location: Python location: Python installations found:
PEP 508 Information:
System environment variables:
Pipenv–specific environment variables:
Debug–specific environment variables:
Contents of [[source]]
verify_ssl = true
url = "https://pypi.python.org/simple"
name = "pypi"
[packages]
pytest = "*"
[dev-packages]
The failure mode looks to be the same, with pipenv expecting the
|
Wow. This one is a head scratcher. Thanks for the build logs, that saved a lot of pointless back and forth. I’ll just make an alpine container and see what I can do |
- Clean up more unused code - Fixes #3289 Signed-off-by: Dan Ryan <[email protected]>
That was a fun one! I think i got it sorted out, sorry for the trouble! |
Issue description
Attempting to install
pytest
under Python 2.7.15 andpipenv==2018.11.14
fails to complete with a claimed hash mismatch.Expected result
pytest
should successfully install, as it did underpipenv==2018.10.13
(build log: https://gitlab.com/kfkitsune/pyHIBP/-/jobs/124421196 ).Actual result
Full verbose output of a minimized test scenario can be found in the following build log, testing only the issue at hand: https://gitlab.com/kfkitsune/pyHIBP/-/jobs/124421197
Steps to replicate
pipenv==2018.11.14
.Pipfile
with the following:pipenv --verbose install --dev
$ pipenv --support
Pipenv version:
'2018.11.14'
Pipenv location:
'/usr/lib/python2.7/site-packages/pipenv'
Python location:
'/usr/bin/python2'
Python installations found:
2.7.15
:/usr/bin/python2.7
PEP 508 Information:
System environment variables:
CI_COMMIT_BEFORE_SHA
CI_CONFIG_PATH
CI_PROJECT_NAMESPACE
CI_BUILD_REF_SLUG
CI_SERVER_VERSION_PATCH
CI_SERVER_NAME
CI_PIPELINE_URL
CI_PROJECT_PATH_SLUG
CI_COMMIT_MESSAGE
CI_COMMIT_REF_SLUG
CI_PROJECT_VISIBILITY
CI_REGISTRY_IMAGE
CI_COMMIT_REF_NAME
CI_COMMIT_SHA
PATH
HOME
CI_REGISTRY_PASSWORD
CI_REPOSITORY_URL
GITLAB_USER_EMAIL
CI_DISPOSABLE_ENVIRONMENT
CI_RUNNER_ID
CI_COMMIT_TITLE
GITLAB_CI
CI_SERVER_TLS_CA_FILE
CI_RUNNER_EXECUTABLE_ARCH
CI_RUNNER_REVISION
SHLVL
CI_BUILD_BEFORE_SHA
CI_BUILD_REF_NAME
GITLAB_USER_NAME
CI_BUILD_ID
PYTHONFINDER_IGNORE_UNSUPPORTED
CI_RUNNER_VERSION
GITLAB_USER_LOGIN
CI_PROJECT_PATH
DOCKER_DRIVER
CI_PROJECT_URL
CI_JOB_STAGE
CI_PROJECT_DIR
CI_BUILD_STAGE
CI
GITLAB_USER_ID
CI_BUILD_REF
CI_REGISTRY_USER
CI_SERVER_VERSION
CI_JOB_NAME
CI_BUILD_TOKEN
CI_PROJECT_NAME
CI_RUNNER_TAGS
CI_COMMIT_DESCRIPTION
PYTHONDONTWRITEBYTECODE
CI_REGISTRY
PIP_PYTHON_PATH
CI_JOB_TOKEN
CI_PROJECT_ID
CI_PIPELINE_SOURCE
CI_SERVER_VERSION_MAJOR
CI_PIPELINE_ID
CI_SERVER_VERSION_MINOR
CI_SERVER_REVISION
PIP_DISABLE_PIP_VERSION_CHECK
OLDPWD
HOSTNAME
CI_JOB_URL
CI_NODE_TOTAL
PIPENV_CACHE_DIR
CI_BUILD_NAME
PIP_CACHE_DIR
PWD
CI_JOB_ID
PIP_SHIMS_BASE_MODULE
CI_SERVER
CI_PIPELINE_IID
CI_RUNNER_DESCRIPTION
GITLAB_FEATURES
FF_K8S_USE_ENTRYPOINT_OVER_COMMAND
Pipenv–specific environment variables:
PIPENV_CACHE_DIR
:/builds/kfkitsune/pyHIBP/.cache
Debug–specific environment variables:
PATH
:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD
:/builds/kfkitsune/pyHIBP
Contents of
Pipfile
('/builds/kfkitsune/pyHIBP/Pipfile'):Observation
I did take the initiative to compare the SHA-256 value of scandir==1.9.0 as it is on PyPI, and the SHA-256 hash of the file downloaded locally matches that provided by the SHA-256 link on the download page. So I believe it is reasonable to state that the file itself is not corrupt.
However, I did notice that pipenv is claiming that it is expecting
f5c71e29b4e2af7ccdc03a020c626ede51da471173b4a6ad1e904f2b2e04b4bd
as the SHA-256 hash. Looking at the verbose scan log, I do see the following:So from the above, we can see that the source tarball is selected for download, and that the claimed SHA-256 hash for the tarball is
44975e209c4827fc18a3486f257154d34ec6eaec0f90fef0cca1caa482db7064
, which is what pipenv calculated. However, it was expectingf5c71e29b4e2af7ccdc03a020c626ede51da471173b4a6ad1e904f2b2e04b4bd
, which corresponds to the filescandir-1.9.0-cp27-cp27m-win32.whl
. As such, while I cannot speak definitively as I have not dug into the source, what I believe is happening is that pipenv incorrectly selected the hash to compare, while using the correct file for calculation (such as, select the firstscandir==1.9.0
file link, and use that SHA hash as the expected hash). Again, I don't know if this is actually what is happening, but based on the way the error presents itself, that is my best speculation.The text was updated successfully, but these errors were encountered: