poetry can't install packages from private pypi servers supporting only MD5 hashes

[user799595]

• Poetry version: 1.6.0.dev0 (master)
• Python version: 3.11.4
• OS version and name: MacOS 13.5
• pyproject.toml:

  
  [[tool.poetry.source]]
  name = "PyPI"
  priority = "primary"

[[tool.poetry.source]] name = "internal" url = "https://internal/artifactory/api/pypi/internal-python-releases/simple/" priority = "supplemental"

[tool.poetry] name = "test project" version = "0.0.1" description = "Test" authors = ["user799595"]

[tool.poetry.dependencies] python = ">=3.10,<3.11" internal_dependency = { version = "^1.0.0" }

<!-- All the below steps should be completed before submitting your issue. Checked checkbox should look like this: [x] -->
- [x] I am on the [latest](https://github.com/python-poetry/poetry/releases/latest) stable Poetry version, installed using a recommended method.
- [x] I have searched the [issues](https://github.com/python-poetry/poetry/issues) of this repo and believe that this is not a duplicate.
- [x] I have consulted the [FAQ](https://python-poetry.org/docs/faq/) and [blog](https://python-poetry.org/blog/) for any relevant entries or release notes.
- [x] If an exception occurs when executing a command, I executed it again in debug mode (`-vvv` option) and have included the output below.

## Issue
<!-- Now feel free to write your issue, and please be as descriptive as possible! Make sure to include detailed reproduction steps. -->
<!-- Thanks again 🙌 ❤ -->
Hello, I'm trying to work around md5 hashes being produced by an internal package source: https://github.com/python-poetry/poetry/issues/6301.

With 1.5.1, I get the following behaviour:

$ poetry install Installing dependencies from lock file

Package operations: 2 installs, 0 updates, 0 removals

• Installing internal_dependency (1.0.0): Failed

RuntimeError

Retrieved digest for link internal_dependency-1.0.0-py3-none-any.whl(md5:) not in poetry.lock metadata {'sha256:'}

at poetry/1.5.1/venv/lib/python3.10/site-packages/poetry/installation/chooser.py:117 in _get_links 113│ 114│ selected_links.append(link) 115│ 116│ if links and not selected_links: → 117│ raise RuntimeError( 118│ f"Retrieved digest for link {link.filename}({h}) not in poetry.lock" 119│ f" metadata {hashes}" 120│ ) 121│

It looks like a fix https://github.com/python-poetry/poetry/pull/8118 has been merged, so I tried using HEAD.

It just hangs and I don't understand what's going on:

$ poetry install -vvvv Loading configuration file Library/Application Support/pypoetry/config.toml Adding repository PyPI (https://pypi.org/simple/) and setting it as primary Adding repository internal (https://internal/artifactory/api/pypi/python-releases/simple) and setting it as supplemental Using virtualenv: test/.venv Installing dependencies from lock file

Finding the necessary packages for the current system

Package operations: 2 installs, 0 updates, 0 removals

• Installing internal_dependency (1.0.0): Pending... [keyring.backend] Loading KWallet [keyring.backend] Loading SecretService [keyring.backend] Loading Windows [keyring.backend] Loading chainer [keyring.backend] Loading libsecret [keyring.backend] Loading macOS Creating new session for internal [urllib3.connectionpool] Starting new HTTPS connection (1): internal:443 [urllib3.connectionpool] https://internal:443 "GET /artifactory/api/pypi/python-releases/simple/internal_dependency/ HTTP/1.1" 200 None Source (internal): Downloading: https://internal/artifactory/api/pypi/python-releases/internal_dependency/1.0.0/internal_dependency-1.0.0-py3-none-any.whl#md5= [urllib3.connectionpool] https://internal:443 "GET /artifactory/api/pypi/python-releases/internal_dependency/1.0.0/internal_dependency-1.0.0-py3-none-any.whl HTTP/1.1" 200 100003

Is there a way to further debug why it's hanging?

[dimbleby]

maybe keyring stuff per #1917

[user799595]

Thanks @dimbleby.

I tried the following:

$ export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring
$ poetry install -vvvv
Loading configuration fileLibrary/Application Support/pypoetry/config.toml
Adding repository PyPI (https://pypi.org/simple/) and setting it as primary
Adding repository internal (https://internal/artifactory/api/pypi/python-releases/simple) and setting it as supplemental
Using virtualenv: test/.venv
Installing dependencies from lock file

Finding the necessary packages for the current system

Package operations: 2 installs, 0 updates, 0 removals

  • Installing internal_dependency (1.0.0): Pending...

No suitable keyring backend found
No suitable keyring backends were found
Keyring is not available, credentials will be stored and retrieved from configuration files as plaintext.
Creating new session for internal
<rest of output identical>

[user799595]

Interestingly, it works if I disable the cache

poetry install --no-cache

This issue happened only with my homebrew installed poetry, wasn't able to reproduce with git cloned version.

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.