poetry can't install packages from private pypi servers supporting only MD5 hashes

[user799595]

• Poetry version: 1.6.0.dev0 (master)
• Python version: 3.11.4
• OS version and name: MacOS 13.5
• pyproject.toml:

[[tool.poetry.source]]
name = "PyPI"
priority = "primary"

[[tool.poetry.source]]
name = "internal"
url = "https://internal/artifactory/api/pypi/internal-python-releases/simple/"
priority = "supplemental"

[tool.poetry]
name = "test project"
version = "0.0.1"
description = "Test"
authors = ["user799595"]

[tool.poetry.dependencies]
python = ">=3.10,<3.11"
internal_dependency = { version = "^1.0.0" }

• I am on the latest stable Poetry version, installed using a recommended method.
• I have searched the issues of this repo and believe that this is not a duplicate.
• I have consulted the FAQ and blog for any relevant entries or release notes.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option) and have included the output below.

Issue

Hello, I'm trying to work around md5 hashes being produced by an internal package source: #6301.

With 1.5.1, I get the following behaviour:

$ poetry install
Installing dependencies from lock file

Package operations: 2 installs, 0 updates, 0 removals

  • Installing internal_dependency (1.0.0): Failed

  RuntimeError

  Retrieved digest for link internal_dependency-1.0.0-py3-none-any.whl(md5:<hash>) not in poetry.lock metadata {'sha256:<hash>'}

  at poetry/1.5.1/venv/lib/python3.10/site-packages/poetry/installation/chooser.py:117 in _get_links
      113│ 
      114│             selected_links.append(link)
      115│ 
      116│         if links and not selected_links:
    → 117│             raise RuntimeError(
      118│                 f"Retrieved digest for link {link.filename}({h}) not in poetry.lock"
      119│                 f" metadata {hashes}"
      120│             )
      121│ 

It looks like a fix #8118 has been merged, so I tried using HEAD.

It just hangs and I don't understand what's going on:

$ poetry install -vvvv
Loading configuration file Library/Application Support/pypoetry/config.toml
Adding repository PyPI (https://pypi.org/simple/) and setting it as primary
Adding repository internal (https://internal/artifactory/api/pypi/python-releases/simple) and setting it as supplemental
Using virtualenv: test/.venv
Installing dependencies from lock file

Finding the necessary packages for the current system

Package operations: 2 installs, 0 updates, 0 removals

  • Installing internal_dependency (1.0.0): Pending...
[keyring.backend] Loading KWallet
[keyring.backend] Loading SecretService
[keyring.backend] Loading Windows
[keyring.backend] Loading chainer
[keyring.backend] Loading libsecret
[keyring.backend] Loading macOS
Creating new session for internal
[urllib3.connectionpool] Starting new HTTPS connection (1): internal:443
[urllib3.connectionpool] https://internal:443 "GET /artifactory/api/pypi/python-releases/simple/internal_dependency/ HTTP/1.1" 200 None
Source (internal): Downloading: https://internal/artifactory/api/pypi/python-releases/internal_dependency/1.0.0/internal_dependency-1.0.0-py3-none-any.whl#md5=<hash>
[urllib3.connectionpool] https://internal:443 "GET /artifactory/api/pypi/python-releases/internal_dependency/1.0.0/internal_dependency-1.0.0-py3-none-any.whl HTTP/1.1" 200 100003

Is there a way to further debug why it's hanging?

[dimbleby]

maybe keyring stuff per #1917

[user799595]

Thanks @dimbleby.

I tried the following:

$ export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring
$ poetry install -vvvv
Loading configuration fileLibrary/Application Support/pypoetry/config.toml
Adding repository PyPI (https://pypi.org/simple/) and setting it as primary
Adding repository internal (https://internal/artifactory/api/pypi/python-releases/simple) and setting it as supplemental
Using virtualenv: test/.venv
Installing dependencies from lock file

Finding the necessary packages for the current system

Package operations: 2 installs, 0 updates, 0 removals

  • Installing internal_dependency (1.0.0): Pending...

No suitable keyring backend found
No suitable keyring backends were found
Keyring is not available, credentials will be stored and retrieved from configuration files as plaintext.
Creating new session for internal
<rest of output identical>

[user799595]

Interestingly, it works if I disable the cache

poetry install --no-cache

This issue happened only with my homebrew installed poetry, wasn't able to reproduce with git cloned version.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.