Binary hash in pypy changed for release 1.19.0 #156
Comments
|
No SHA1 were modified for the .tar.gz. There was no .whl file on PyPI before Jun 17, the update was adding a .whl file packaging for existing 1.19.0 (with no version number change How/why is pip-sync failing? Can you provide a reproducer for that? |
|
Thanks for the quick reply! Yep, this is the error message: [pipenv.exceptions.InstallError]: ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them. I believe to reproduce would be the following requirement in a Pipfile.lock: |
|
An error here is strange because no hash has changed: 9ff82852bcb65d139813e2a5197627a94966245c897796760a3a2a8eb66f020b is the correct sha256 for The first one remains the same as it was when released Jan 2021, and the second one is a new file. I'm not sure why it would compare the sdist hash to the wheel hash, those would always be different - seems like a bug in pipenv? In hindsight, there were some bugfix commits sitting on master for the last 2 years unreleased, so this should have been a new version number anyway. I'll tag/publish a release 1.19.1, and you can update your requirements pins to parse==1.19.1 |
|
I've uploaded 1.19.1 and also created a post-release 1.19.0post0 from this branch for the wheel @ 1.19.0. |
|
We updated to 1.19.1. Thanks again! |
|
oh man, yeah this broke us in production. I guess we need to do an unscheduled upgrade to fix... |
|
This sounds pretty much like pypa/pipenv#3893 |
It looks like the binaries and associated SHA1 hash for version 1.19.0 was updated on pypy on June 17, 2023 though 1.19.0 release was in January 2021. Should there be a different release number for these binaries?
PIP sync is failing with mismatched hashes for 1.19.0
The text was updated successfully, but these errors were encountered: