upload command fails due to a bad Blake2 digest

[psam44]

>py -3 -V
Python 3.9.0

> py -3 setup.py sdist upload
...
    running upload
    Submitting dist\django-postman-4.1.tar.gz to https://upload.pypi.org/legacy/
    Upload failed (400): Invalid value for blake2_256_digest. Error: Use a valid, hex-encoded, BLAKE2 message digest.
    error: Upload failed (400): Invalid value for blake2_256_digest. Error: Use a valid, hex-encoded, BLAKE2 message digest.

My custom traces:

'md5_digest': '24f460de5c29d2b11fda3f1b6caafbe7',
'sha256_digest': 'c5054809de8a008ad324c51ccabd1fe360a158061707be274f83984a03fd6046',
'blake2_256_digest': 'c03fdd4d3fd87212d6ee4e4ad427328ca1d712312658684f84c394f98731447290139754a23e05f3c05171513e869f294d3b36233b14e0f828f2a5059cf5648a'

The Blake digest is 128 char hex, i.e. 64 bytes, where only 32 bytes (256 bits) are expected. This is because upload uses the blake2b variant, without specifying a size, but the py doc says:

    hashlib.blake2b(data=b'', *, digest_size=64,
    hashlib.blake2s(data=b'', *, digest_size=32,

It seems that the blake2s variant should be used instead, or the digest_size should be specified to be 32.

It does work with py37 (because only md5_digest is used): > py -3.7 setup.py sdist upload

[lucyking]

👍 good job. I also meet such issue.

[stef]

indeed this seems to be a problem with py3.9.

i tried to change distutils/command/upload.py

if digest_name == "blake2_256_digest":
    data[digest_name] = digest_cons(content, digest_size=32).hexdigest()
else:
    data[digest_name] = digest_cons(content).hexdigest()

and also to use blake2s instead, but neither worked...

[tiran]

You should no longer use distutils directly or even invoke setup.py manually. @pganssle's blog post covers the recommend ways to build and upload software to PyPI.

[jaraco]

Thanks tiran. That's right. setup.py upload is not supported and should be avoided.