search

pypa / packaging-problems

An issue tracker for the problems in packaging
151 stars 34 forks source link

400 The digest supplied does not match a digest calculated from the uploaded file. #586

Open ItsCubeTime opened 2 years ago

ItsCubeTime commented 2 years ago

OS Win 11 [Version 10.0.22000.493]

Python Version 3.10.2

I installed twine via pip install twine

twine version 4.0.0 (importlib-metadata: 4.11.3, keyring: 23.5.0, pkginfo: 1.8.2, requests: 2.27.1, requests-toolbelt: 0.9.1, urllib3: 1.26.8)

Im having issues uploading the following package: pyKrita.zip

The Issue

INFO     dist\Fake PyKrita for Krita v 5.1.0-prealpha build date 15 April 2022 01 30 33-0.1.tar.gz (24.7 KB)
INFO     Querying keyring for username
Enter your username: officernickwilde
INFO     Querying keyring for password
Enter your password:
INFO     username: officernickwilde
INFO     password: <hidden>
Uploading Fake PyKrita for Krita v 5.1.0-prealpha build date 15 April 2022 01 30 33-0.1.tar.gz
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 28.2/28.2 kB • 00:00 • ?
INFO     Response from https://upload.pypi.org/legacy/:
         400 The digest supplied does not match a digest calculated from the uploaded file.
INFO     <html>
          <head>
           <title>400 The digest supplied does not match a digest calculated from the uploaded file.</title>
          </head>
          <body>
           <h1>400 The digest supplied does not match a digest calculated from the uploaded file.</h1>
           The server could not comply with the request since it is either malformed or otherwise incorrect.<br/><br/>
         The digest supplied does not match a digest calculated from the uploaded file.

          </body>
         </html>
ERROR    HTTPError: 400 Bad Request from https://upload.pypi.org/legacy/
         The digest supplied does not match a digest calculated from the uploaded file.

I keep receiving this error when attempting to upload the attached package (see the zip file). To upload it, I run:

import os
os.chdir(packageDestinationPath)
os.system(f'Python setup.py sdist')
import time
os.system(f'pip install twine')
os.system(f'start /d "{packageDestinationPath}" cmd /c "Python setup.py sdist" ')
os.system(f'cd "{packageDestinationPath}" & twine upload --verbose -r pypi "dist/*"')

Where packageDestinationPath is the pyKrita folder.

I have a generally very stable internet connection, so I would highly doubt packages being lost between me and pypi being the cause here. I was also able to successfully upload a previous version of this package without issues about 2 hours ago.

Steps to Reproduce

Download the attached zip, extract it so that the setup.py is in a folder named "pyKrita". Copy the file path to this directory (eg C:\Users\olliv\Desktop\pyKritaOuter\pyKrita ).

Now create a new .py file outside of this directory and paste in the above codesnippet. Insert a new variable "packageDestinationPath" at the top of the file and set it to the file path you copied previously - the file path ending with pyKrita.

Run the script, twine will prompt you for your pypi credentials.

bhrutledge commented 2 years ago

I don't think this is an issue with Twine; the distribution file is generated by another tool (setuptools, in this case), and the error is coming from PyPI.org. As such, I'm going to move this to the packaging-problems repo.

One hunch is that the long distribution name (Fake PyKrita for Krita v 5.1.0-prealpha build date 15 April 2022 01 30 33-0.1.tar.gz) could be an issue. I think a more appropriate name would be fake-pykrita, resulting in a file like fake-pypkrita-0.1.tar.gz

Have you worked through the packaging tutorial? That would tell you if you're able to upload packages at all, and give you a foundation for creating a well-formed package. In short, that means: