Bad hash: OctoPrint - Githubissues

piwheels / packages

Issue tracker for piwheels package issues

https://github.com/piwheels/packages/issues

20 stars 5 forks source link

Bad hash: OctoPrint #422

Closed paukstelis closed 5 months ago

paukstelis commented 5 months ago

Package name

octoprint

Package version

1.9.3

PyPI URL

https://pypi.org/project/octoprint/

piwheels URL

https://www.piwheels.org/project/octoprint/

Python version

[ ] Python 3.7
[ ] Python 3.9
[X] Python 3.11

I am aware this is the issue tracker for a Python package index specifically for Raspberry Pi

[X] Yes

I have checked for duplicate issues

[X] Yes

I am the maintainer

[ ] Yes

More information

There have been multiple reports of a bad hash with the octoprint package. Here is the output:


    OctoPrint from https://www.piwheels.org/simple/octoprint/OctoPrint-1.9.3-py2.py3-none-any.whl#sha256=a86973e23edad4c61c2fc78ec3342                 2dd7c879c70c6aef69e7ca41c9965c5b916:
        Expected sha256 a86973e23edad4c61c2fc78ec33422dd7c879c70c6aef69e7ca41c9965c5b916
             Got        722432de8b46538301c45ead529f3c8895d0b5e3ff2193ac1eaa5e00db54d6b3```

The same wrong hash is consistent between two different users, so it suggests a real problem.

bennuttall commented 5 months ago

I've checked the hash of the file on disk and it's correct.

Try downloading it:

wget https://www.piwheels.org/simple/octoprint/OctoPrint-1.9.3-py2.py3-none-any.whl

And get its hash:

sha256sum OctoPrint-1.9.3-py2.py3-none-any.whl

Should be:

a86973e23edad4c61c2fc78ec33422dd7c879c70c6aef69e7ca41c9965c5b916

Then you can install it with pip:

pip3 install OctoPrint-1.9.3-py2.py3-none-any.whl

paukstelis commented 5 months ago

I did the same test and got the correct hash. It seems to be a consistent network connectivity issue with piwheels. Even trying to upgrade pip or wheel fails. Download speeds are amazingly slow, and it seems to terminate before EOF.


Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
Requirement already satisfied: pip in ./OctoPrint/lib/python3.11/site-packages (23.0.1)
Collecting pip
  Downloading https://www.piwheels.org/simple/pip/pip-23.3.2-py3-none-any.whl (2.1 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╸━━ 2.0/2.1 MB 25.5 kB/s eta 0:00:05
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    pip from https://www.piwheels.org/simple/pip/pip-23.3.2-py3-none-any.whl#sha256=f3bb4a2fa5a9b196a1aeb0af8ba9117c4c4c86830afc7ecf9657395e4fee5f71:
        Expected sha256 f3bb4a2fa5a9b196a1aeb0af8ba9117c4c4c86830afc7ecf9657395e4fee5f71
             Got        238d4c66e4e7822cd37bcc00d686846026f14ea3a7b0948eda56aa237f462284```

bennuttall commented 5 months ago

I think I've seen people say that upgrading pip helps with this, as it's got better at handling downloads. Try downloading the latest pip wheel (using the method above).

paukstelis commented 5 months ago

This is coming from a scripted environment to automate OctoPrint installations (octoprint_deploy). It isn't really a feasible thing to do. Is there a reason piwheels downloads are only 25.5 kB/s? If this was a generic pip issue, one would expect similar things to happen with any index, though afaik this is only happening with piwheels.

paukstelis commented 5 months ago

It seems that as of now it is working for users again.