Optional spkg symengine_py has an invalid upstream url #37558
Comments
|
Note that the "p" in the pypi.io url should be "s". But this seems to make no difference. You get the same file with "p" as with "s". |
|
I'm getting 404 on https://pypi.io/packages/source/p/symengine/symengine-0.11.0.tar.gz after redirects |
|
This has changed since this morning. I am now getting a 301 with curl. In any case, the official pypi url with the big hash value embedded in it works fine. I see no reason why the upstream url specified in the spkg should not be the official pypi url. The bigger question is how many other spkgs have upstream urls which are now broken. The PyPI documentation says not to rely on those pypi.io urls. Maybe they have now broken them. |
Sure, we'll just need to change the |
|
Actually, I don't think it changed since this morning. I think the bad file I was getting was just an html file reporting the 301 error, not a different tarball. Not that it makes much difference as far as Sage is concerned if Sage ever tries to use the upstream url. |
|
Actually the upstream url just has a typo. I'm fixing it in #37762 |
vbraun
pushed a commit
to vbraun/sage
that referenced
this issue
May 12, 2024
<!-- ^ Please provide a concise and informative title. --> <!-- ^ Don't put issue numbers in the title, do this in the PR description below. --> <!-- ^ For example, instead of "Fixes sagemath#12345" use "Introduce new method to calculate 1 + 2". --> <!-- v Describe your changes below in detail. --> <!-- v Why is this change required? What problem does it solve? --> <!-- v If this PR resolves an open issue, please link to it here. For example, "Fixes sagemath#12345". --> Update cryptographic hashes to use sha256 instead of sha1 due to insecurity of sha1. - Fixes sagemath#37691 - Fixes sagemath#37558, see also sagemath#36677 (comment) ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [x] The title is concise and informative. - [x] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation accordingly. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> - sagemath#37570 - sagemath#37249 - sagemath#37914 URL: sagemath#37726 Reported by: Faisal Reviewer(s): Matthias Köppe, roed314
vbraun
pushed a commit
to vbraun/sage
that referenced
this issue
May 15, 2024
<!-- ^ Please provide a concise and informative title. --> <!-- ^ Don't put issue numbers in the title, do this in the PR description below. --> <!-- ^ For example, instead of "Fixes sagemath#12345" use "Introduce new method to calculate 1 + 2". --> <!-- v Describe your changes below in detail. --> <!-- v Why is this change required? What problem does it solve? --> <!-- v If this PR resolves an open issue, please link to it here. For example, "Fixes sagemath#12345". --> Update cryptographic hashes to use sha256 instead of sha1 due to insecurity of sha1. - Fixes sagemath#37691 - Fixes sagemath#37558, see also sagemath#36677 (comment) ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [x] The title is concise and informative. - [x] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation accordingly. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> - sagemath#37570 - sagemath#37249 - sagemath#37914 URL: sagemath#37726 Reported by: Faisal Reviewer(s): Matthias Köppe, roed314
vbraun
pushed a commit
to vbraun/sage
that referenced
this issue
May 15, 2024
<!-- ^ Please provide a concise and informative title. --> <!-- ^ Don't put issue numbers in the title, do this in the PR description below. --> <!-- ^ For example, instead of "Fixes sagemath#12345" use "Introduce new method to calculate 1 + 2". --> <!-- v Describe your changes below in detail. --> <!-- v Why is this change required? What problem does it solve? --> <!-- v If this PR resolves an open issue, please link to it here. For example, "Fixes sagemath#12345". --> Update cryptographic hashes to use sha256 instead of sha1 due to insecurity of sha1. - Fixes sagemath#37691 - Fixes sagemath#37558, see also sagemath#36677 (comment) ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [x] The title is concise and informative. - [x] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation accordingly. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> - sagemath#37570 - sagemath#37249 - sagemath#37914 URL: sagemath#37726 Reported by: Faisal Reviewer(s): Matthias Köppe, roed314
vbraun
pushed a commit
to vbraun/sage
that referenced
this issue
May 18, 2024
<!-- ^ Please provide a concise and informative title. --> <!-- ^ Don't put issue numbers in the title, do this in the PR description below. --> <!-- ^ For example, instead of "Fixes sagemath#12345" use "Introduce new method to calculate 1 + 2". --> <!-- v Describe your changes below in detail. --> <!-- v Why is this change required? What problem does it solve? --> <!-- v If this PR resolves an open issue, please link to it here. For example, "Fixes sagemath#12345". --> Update cryptographic hashes to use sha256 instead of sha1 due to insecurity of sha1. - Fixes sagemath#37691 - Fixes sagemath#37558, see also sagemath#36677 (comment) ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [x] The title is concise and informative. - [x] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation accordingly. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> - sagemath#37570 - sagemath#37249 - sagemath#37914 URL: sagemath#37726 Reported by: Faisal Reviewer(s): Matthias Köppe, roed314
vbraun
pushed a commit
to vbraun/sage
that referenced
this issue
May 18, 2024
<!-- ^ Please provide a concise and informative title. --> <!-- ^ Don't put issue numbers in the title, do this in the PR description below. --> <!-- ^ For example, instead of "Fixes sagemath#12345" use "Introduce new method to calculate 1 + 2". --> <!-- v Describe your changes below in detail. --> <!-- v Why is this change required? What problem does it solve? --> <!-- v If this PR resolves an open issue, please link to it here. For example, "Fixes sagemath#12345". --> Update cryptographic hashes to use sha256 instead of sha1 due to insecurity of sha1. - Fixes sagemath#37691 - Fixes sagemath#37558, see also sagemath#36677 (comment) ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [x] The title is concise and informative. - [x] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation accordingly. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> - sagemath#37570 - sagemath#37249 - sagemath#37914 URL: sagemath#37726 Reported by: Faisal Reviewer(s): Matthias Köppe, roed314
vbraun
pushed a commit
to vbraun/sage
that referenced
this issue
May 18, 2024
<!-- ^ Please provide a concise and informative title. --> <!-- ^ Don't put issue numbers in the title, do this in the PR description below. --> <!-- ^ For example, instead of "Fixes sagemath#12345" use "Introduce new method to calculate 1 + 2". --> <!-- v Describe your changes below in detail. --> <!-- v Why is this change required? What problem does it solve? --> <!-- v If this PR resolves an open issue, please link to it here. For example, "Fixes sagemath#12345". --> Update cryptographic hashes to use sha256 instead of sha1 due to insecurity of sha1. - Fixes sagemath#37691 - Fixes sagemath#37558, see also sagemath#36677 (comment) ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [x] The title is concise and informative. - [x] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation accordingly. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> - sagemath#37570 - sagemath#37249 - sagemath#37914 URL: sagemath#37726 Reported by: Faisal Reviewer(s): Matthias Köppe, roed314
vbraun
pushed a commit
to vbraun/sage
that referenced
this issue
May 18, 2024
<!-- ^ Please provide a concise and informative title. --> <!-- ^ Don't put issue numbers in the title, do this in the PR description below. --> <!-- ^ For example, instead of "Fixes sagemath#12345" use "Introduce new method to calculate 1 + 2". --> <!-- v Describe your changes below in detail. --> <!-- v Why is this change required? What problem does it solve? --> <!-- v If this PR resolves an open issue, please link to it here. For example, "Fixes sagemath#12345". --> Update cryptographic hashes to use sha256 instead of sha1 due to insecurity of sha1. - Fixes sagemath#37691 - Fixes sagemath#37558, see also sagemath#36677 (comment) ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [x] The title is concise and informative. - [x] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation accordingly. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> - sagemath#37570 - sagemath#37249 - sagemath#37914 URL: sagemath#37726 Reported by: Faisal Reviewer(s): Matthias Köppe, roed314
vbraun
pushed a commit
to vbraun/sage
that referenced
this issue
May 24, 2024
<!-- ^ Please provide a concise and informative title. --> <!-- ^ Don't put issue numbers in the title, do this in the PR description below. --> <!-- ^ For example, instead of "Fixes sagemath#12345" use "Introduce new method to calculate 1 + 2". --> <!-- v Describe your changes below in detail. --> <!-- v Why is this change required? What problem does it solve? --> <!-- v If this PR resolves an open issue, please link to it here. For example, "Fixes sagemath#12345". --> Update cryptographic hashes to use sha256 instead of sha1 due to insecurity of sha1. - Fixes sagemath#37691 - Fixes sagemath#37558, see also sagemath#36677 (comment) ### 📝 Checklist <!-- Put an `x` in all the boxes that apply. --> - [x] The title is concise and informative. - [x] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [ ] I have created tests covering the changes. - [ ] I have updated the documentation accordingly. ### ⌛ Dependencies <!-- List all open PRs that this PR logically depends on. For example, --> <!-- - sagemath#12345: short description why this is a dependency --> <!-- - sagemath#34567: ... --> - sagemath#37570 - sagemath#37249 - sagemath#37914 URL: sagemath#37726 Reported by: Faisal Reviewer(s): Matthias Köppe, roed314
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Environment
Steps To Reproduce
Build Sage with the symengine_py optional package enabled
Config log
config.log
Package logs
symengine_py-0.11.0.log
Additional Information
The problem here is that the file downloaded from the upstream url given in the spkg, namely:
https://pypi.io/packages/source/p/symengine/symengine-0.11.0.tar.gz
is not the same as the file downloaded from the url specified on pypi, namely:
https://files.pythonhosted.org/packages/fe/53/6289257bca1b326740460ea31cbc266ae171541b65bbada4b8d31f8ed3e1/symengine-0.11.0.tar.gz
The first file has md5 hash 5a859121a56e81179bef72816fb82ccd while the second has the md5 hash specified both in the checksums.ini file and on PyPI, namely d10f4ba5c27b09ef234fcafddf824ce5.
This is probably the tip of an iceberg. It seems that all of wheel spkgs use upstream urls at pypi.io instead of the pypi urls which include a uuid. Apparently one can no longer trust the pypi.io links.
Checklist
The text was updated successfully, but these errors were encountered: