dbus-fast package: Wrong hashes!

[jedie]

Package name

dbus-fast

Package version

2.24.2

PyPI URL

https://pypi.org/project/dbus-fast/

piwheels URL

https://www.piwheels.org/project/dbus-fast/

Python version

• [ ] Python 3.9
• [X] Python 3.11

I am aware this is the issue tracker for a Python package index specifically for Raspberry Pi

• [ ] Yes

I have checked for duplicate issues

• [X] Yes

I am the maintainer

• [ ] Yes

More information

Collecting dbus-fast==2.24.2 (from -r /tmp/tmpwg62_p3i (line 16))
  Downloading https://www.piwheels.org/simple/dbus-fast/dbus_fast-2.24.2-cp311-cp311-manylinux_2_36_armv7l.whl (3.6 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.6/3.6 MB 829.6 kB/s eta 0:00:00
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    dbus-fast==2.24.2 from https://www.piwheels.org/simple/dbus-fast/dbus_fast-2.24.2-cp311-cp311-manylinux_2_36_armv7l.whl#sha256=aa146befd0a161ebc0f4d4a1641b5e789cf066cbcca733e7723e2d1b170df49d (from -r /tmp/tmpwg62_p3i (line 16)):
        Expected sha256 05fe312ea313fdd8affcd362e24bf8aca280f5724099f27b0d48e699aa83f6f6
        Expected     or 0642e4165361bfbe13878a65c9a5580bb086073300614243f81e8ca3f204e14e
        Expected     or 20c517dc70dbc940b8bf2e0f079abf3dfe821fdda3013641a17e3d8f18e131ae
        Expected     or 292d6334c8267f424d4f7dded170e2e9b79596485ef93ce60aa5ef972406860b
        Expected     or 3c629360152618585a4e1ffeacc88e3ea92b64ee76de180d67d9f4e9bdf85a7e
        Expected     or 459dca547117baf7383e63f2a7d7da651e21f3bad0ac2ba4bcdc71a13a071f18
        Expected     or 4785df473961432e208cd8b96ae58a8e9bf7cbd3f9ced29eb0ecc16dfc1af6f1
        Expected     or 522c00aa19411e8abb7934fcb4066b05bcf8c313e9215376ed6fef7137307183
        Expected     or 5bc6816dc3a53b90aa2d465f44f06f636eb094db8c0b69aca62c11ca8d9a5c26
        Expected     or 5bec804cde188c445520fc988295cc8cc74044d7cf3b661825cd36fb52a45d45
        Expected     or 5c8eff87f24f8b58f439a716a7fb655eaacfa37dd72c11c98bbff7e391ef8550
        Expected     or 5efd4472b6008f99fe0751cc660f4de72f3267aea719b334940e7086824231ed
        Expected     or 70f230ee387a44ff2fa485eb47412d3bf0eefee62ad1c0ef58bdb332560386ce
        Expected     or 72d9b28592dbe65774889cd3fc365e70e25862af79f5807a0bb375c1f7668dac
        Expected     or 789089a6489418dc3d26c5eb1c92144cece6dd93ae1b31aee12d5be164832ca2
        Expected     or 7f3438da463b69f81cbe5f163f2489bfe215d5d96c7fbfca30a744f58fc3d85b
        Expected     or 871696881a5ca703998f73d5c944f430f7937eb86de8736ca41a44fc1d21b8ba
        Expected     or 8b92b110c7d6ceb53d673281a490fcdccd552beee1c0b6a8f234579f845bd87c
        Expected     or 8bcc7e733a2b4f3d27184cb273da7de01c8a2f20b496bf73b8e0954e590ffbba
        Expected     or 8f8c72bce6e574bf855f2d843ea660a0e997cc29a05a17ee2da0134b2381fe03
        Expected     or 920a4f303127d25cfbb36c2c62dadf3a9e01b7512c091a1e8f9d6f0496934d54
        Expected     or 9879cee2a2e13ce9047a6f012d16d90b2a38fc40784ab4a233d4ddd80c9e803a
        Expected     or a9d76b33e8927e87261f5ddb919f5339b49046745508f3bc383e5b10d5f8a750
        Expected     or b3ed265d4285a2aab12935ad143bf6e08933f136ff74dc864b3642c85e646128
        Expected     or b884a221c73731920182599690538d23abc38490742d4beda9e52ee3576ab849
        Expected     or bf3a971c41d53f4f4ceb29ca3b6b6ffcd9fb92f1d7c7d464292ad000974113f1
        Expected     or cc5c340970c7b6acaf6ee0cccfaad701d20954c08234f8428c550ae090ee1247
        Expected     or d20cf9cd64a0dfb5d7efd7d52a6fd927becabdff234082c7819582f74e81dc59
        Expected     or dfdb015a56b98b6e6c935b4b7e66e26a7d13a46a826320776418ec557a954347
        Expected     or f1a1d8f5efbb026626a2a3b755c09d3b8134700a03daaf34db22736045503ba4
        Expected     or f5ff65eb4a42c3416423d65ed66f81798724047e23d3d034702ca3c3cf59f93d
        Expected     or fbfe0e2ee611e22f13c0e30f5f65b9264dd4f88c5581499dfd7f8c1578d81a27
             Got        aa146befd0a161ebc0f4d4a1641b5e789cf066cbcca733e7723e2d1b170df49d

[jedie]

Same with dbus-fast==2.24.1

Collecting dbus-fast==2.24.1 (from -r /tmp/tmpgdam9q05 (line 16))
  Downloading https://www.piwheels.org/simple/dbus-fast/dbus_fast-2.24.1-cp311-cp311-manylinux_2_36_armv7l.whl (3.6 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.6/3.6 MB 974.5 kB/s eta 0:00:00
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    dbus-fast==2.24.1 from https://www.piwheels.org/simple/dbus-fast/dbus_fast-2.24.1-cp311-cp311-manylinux_2_36_armv7l.whl#sha256=ef1092ed5445da96e85eb7a81e007539ec95eca0ad3d08a9ed19e60563ffafb5 (from -r /tmp/tmpgdam9q05 (line 16)):
        Expected sha256 010fa4060af16d3bc9b2f71e7c8ba36ed46bbb654ef250522a5fd76fbfd66169
        Expected     or 1d8166d4bae3d9dfe8f5fd2c2a3df622e98a4ae6202f4f84326885b5fc4a6f9a
        Expected     or 1f97f74a346994c9f4f2822e932b5e3e0ed10f1e4aaf50985d49a89c39b26a8a
        Expected     or 1fe31df13d837923bed5a2cd3dae0561f434cabb110cce73d06c49bae9d41fd5
        Expected     or 26f517f43645f8425a0268b4163c596664531543d24167dfdf9a3b8b308373f1
        Expected     or 2851806801ee5e5f8640e4c5f211ffdee0115c7905087017f4c1d7d0aecb9cfb
        Expected     or 2dfffed25bc4a36c609708bdac46a704c18f25855261ffa8099a917ab86bb95b
        Expected     or 38ae1506d16d5b86c1c66525faf1e5c69b5fd01dd5ef9a5d95b7efc40bdc1dc6
        Expected     or 3d19e1bf4c275a608d62487bee9aa7293fb6c901ff503267b96526d028195c1d
        Expected     or 434ac440c5325f027d260e08c62358016cfa97d26d3ea3ae6bf8d14bd68add64
        Expected     or 4da081fa932b57fa4d643d3a9907d261b01d6179f44dedcbab8954f24cfb66e6
        Expected     or 5e46c2402c577b3ae052ee53f8ccdb9e19f4074211336814245ccec8d2258257
        Expected     or 60b72d1cba15312d221704acd0a52568e2d3c498764f1f17279cebb17301e5e2
        Expected     or 6c75a76d45abe3d3225f348ee43c10069c54cbf9daed751d8e96ae59f4a9c7c3
        Expected     or 6e25ea903f2bbd84ac2870a05039990300ddf9a6c07ae2ca1da86d3633fc0c03
        Expected     or 71b26067087694b8763bb932b0f14f3d5f1b4d9d0dad24c9f7f8f2980b1333ff
        Expected     or 79df41119c68f8f4c00362822b0e3ee8de0fb0c1e68d2ae5294401e8163ad418
        Expected     or 7a7b8c5a5576414286d2a7431a5a592bef33fa04d90a8bf4f3b8cc440f7de1ed
        Expected     or 816cd1f929b4f58796307a6342c1155166beeafd1c5f22bdc4a78d671233e973
        Expected     or 8421f999c0daa2ea172fe7130cd9aa5219b7b5f27e8329808d10d8a5b2af6941
        Expected     or 887f9fb44fdc2dc06d6dba8e0b8741f782b274a4420140f67d683b26b1824bb9
        Expected     or 8b6a78aa3453e089f37d70e35f5b529bf7d2b8bf1fa285948b48d8c34df75005
        Expected     or 912630ed67d0fc37588ed4f1c483cc3519e9059ea578e3a5ed34ab7cec90c089
        Expected     or 92f96a5fda6b55279739f7a8263b38975bb60e36cbb68e15015606760e4c3016
        Expected     or b43f1a0cf800380fc0ade9696f6204fab35bebf082d9d48edebafe4793c7c5a9
        Expected     or ce0811f973b51f0a5bc65caaa037a1f180044c8b2efec6545cd2e73331476692
        Expected     or d1c1f9de3a96d4ac46b5a8cd12a9cd518409876b640171b33cbc1e4fe668ccd2
        Expected     or d8ef03cd00438ca97373b3b5262e95b6116ee5863fe23eec1a00bc5d3e66d22d
        Expected     or ddd195b3e8525479c9e4f0a67f21b159177953e1c5f0d476dde7ae9813b96140
        Expected     or e9231f4d8b8ae05b8a6dbc1e3297d67d5391b177a9ef6f7c86b7516c86002481
        Expected     or e98b603a6387aa3ef23830427767813be09002456b996f83402e140e2f4b9227
        Expected     or f3023506b90192d7abfbd2700ca09d3f62e6874c772fa605bc4bfc5d791fe50b
             Got        ef1092ed5445da96e85eb7a81e007539ec95eca0ad3d08a9ed19e60563ffafb5

[jedie]

Ah! The real problem is: https://github.com/jazzband/pip-tools/issues/1536