Open fti-sfuke opened 10 months ago
Are you saying that pip3
on Debian Buster installs wheels by default from www.piwheels.org/simple
?
I tried this with Docker and couldn't reproduce the problem. What requirements file is that error referring to?
You are missing a lot of information necessary to reproduce this issue. As @agronholm says, something (possibly a config file or an environment variable) is directing pip to look at www.piwheels.org/simple. You need to tell us what that is. Also, the error refers to a requirements file but your command doesn't include one. Why is pip looking at a requirements file?
Please reduce this issue to a reproducible example, with all of the necessary setup included in the instructions.
I'm also having this issue, actually. I'll follow up if I learn anything poking around
Perhaps you would like to give some details then?
Hey, thank you for opening this issue @fti-sfuke, it helped me track down the problem:
Raspberry Pi OS ships with an /etc/pip.conf
that includes piwheels.org by default, so hashes won't match wheels published from pypi.org:
[global]
extra-index-url=https://www.piwheels.org/simple
I commented out the line and solved this. This is a bad default, in my opinion, especially for the ARM64 raspberry Pis. I'm more sympathetic for the case for this on 32-bit OSes. I'm going to see if I can ask the Rasberry Pi people to remove this for 64-bit.
Description
The following requirements package fails to install
pip3 install boto3
With package fails hash check error ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE.
Expected behavior
boto3 packages must be installed with pip.
pip version
23.1.2
Python version
3.7
OS
Debian GNU/Linux 10 (buster)
How to Reproduce
Install boto3 package
root@buildhost:/mnt# pip3 install boto3
package fails, a hash check error occurred.
root@buildhost:/mnt# pip3 install boto3 Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple Collecting boto3 Using cached https://www.piwheels.org/simple/boto3/boto3-1.33.7-py3-none-any.whl (136 kB) Collecting botocore<1.34.0,>=1.33.7 (from boto3) Downloading https://www.piwheels.org/simple/botocore/botocore-1.33.7-py3-none-any.whl (11.8 MB) ━━━━━━━━━━╸━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.1/11.8 MB 66.4 kB/s eta 0:02:11 ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them. botocore<1.34.0,>=1.33.7 from https://www.piwheels.org/simple/botocore/botocore-1.33.7-py3-none-any.whl#sha256=afd25654101b8d13a01309fe7163009626a8e85ebcb0c6cabf4001bbfbb1c642 (from boto3): Expected sha256 afd25654101b8d13a01309fe7163009626a8e85ebcb0c6cabf4001bbfbb1c642 Got 7985da9ee5f298d54d551add307b34b22a26a8f43847bb6141fc61ca3b5af3c5