search

pyodide / micropip

A lightweight Python package installer for Pyodide
https://micropip.pyodide.org
Mozilla Public License 2.0
68 stars 16 forks source link

micropip integrity check failed in pyodide #92

Open yu0A opened 6 months ago

yu0A commented 6 months ago

Failed to find a valid digest in the 'integrity' attribute for resource 'http://localhost:9000/node_modules/pyodide/micropip-0.5.0-py3-none-any.whl' with computed SHA-256 integrity 'KFZn0rkbV86HyQAlSLlknsu+HplrTX9Miq+rebxMs8A='. The resource has been blocked.

ryanking13 commented 6 months ago

Could you share a little more detail and a code that we can reproduce the error?

yu0A commented 6 months ago

OK Run this in a Vue template project. `

`

yu0A commented 6 months ago

My further request is skipping the whl integrity check of micropip.xxx.whl

yu0A commented 6 months ago

I just uploaded a Quasar CLI Vite project so that you can reproduce this bug. vue_quasar_admin

How to reproduce?

  1. Deploy this project
  2. Go to http://localhost:9000/#/pythonWangLuoDaoRu
  3. The await pyodide.loadPackage("micropip"); in this page actually loadsmicropip-0.5.0-py3-none-any.whl from src/js/pyodide.
  4. If you change the file to https://files.pythonhosted.org/packages/2a/2b/fb867ed1e62954e8b9d9211f9c6ce028d4f630cab779815279adde9e3fdd/micropip-0.5.0-py3-none-any.whl, you can reproduce this error.
ryanking13 commented 6 months ago

If you change the file to https://files.pythonhosted.org/packages/2a/2b/fb867ed1e62954e8b9d9211f9c6ce028d4f630cab779815279adde9e3fdd/micropip-0.5.0-py3-none-any.whl, you can reproduce this error.

Oh, yes. It is expected error, as the sha256 checksum will change if you change the file. So you need to either,

  1. Disable the behavior of checking the checksum by settings checkIntegrity options to false, or
  2. Update the sha256 checksum inside the pyodide-lock.json
yu0A commented 6 months ago

I did not search out the word checkIntegrity. Could you provide a settings.js with default settings for me?

ryanking13 commented 6 months ago 
pyodide.loadPackage(<pkg_name>, { checkIntegrity: false })
yu0A commented 6 months ago

I get it. Another question is, can I use a global setting config file to config the default settings of pyodide.loadPackage()? E.g. in Electron(Node) apps, developers hope that they can set { checkIntegrity: false } by default so that they can focus on front-end code development but keep whls unchanged.

ryanking13 commented 6 months ago

No, currently, there is no global setting for it. Probably you can re-define pyodide.loadPackage such as:

const origLoadPackage = pyodide.loadPackage
pyodide.loadPackage = (...) => orignLoadPackage(..., {checkIntegrity: false})

?

hoodmane commented 5 months ago

you can re-define pyodide.loadPackage

This is the solution I would recommend as well.