search

pytoolz / toolz

A functional standard library for Python.
http://toolz.readthedocs.org/
Other
4.71k stars 263 forks source link

0.10.0 Package Hashes #498

Closed maciejgliwinski closed 4 years ago

maciejgliwinski commented 4 years ago

It seems that there was a version update of the binary files without proper version update and hash stayed the same. We are getting an error during package update: `-----> Installing dependencies with Pipenv 2018.5.18… Installing dependencies from Pipfile.lock (7ec39d)… An error occurred while installing toolz==0.10.0! Will try again. Installing initially–failed dependencies… Collecting toolz==0.10.0 Using cached https://files.pythonhosted.org/packages/b5/73/977bae1550ff5f6aa4050680339523b045e991e92fa58c4709253332a870/toolz-0.10.0-py3-none-any.whl

   THESE PACKAGES DO NOT MATCH THE HASHES FROM Pipfile.lock!. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
       toolz==0.10.0 from https://files.pythonhosted.org/packages/b5/73/977bae1550ff5f6aa4050680339523b045e991e92fa58c4709253332a870/toolz-0.10.0-py3-none-any.whl#sha256=e71d8d91c8902fb7659c23e10e9698a8c5cbea985683b8a378c6fd67b52f2fc4 (from -r /tmp/pipenv-dwq6gfue-requirements/pipenv-da4fseri-requirement.txt (line 1)):
           Expected sha256 08fdd5ef7c96480ad11c12d472de21acd32359996f69a5259299b540feba4560
                Got        e71d8d91c8902fb7659c23e10e9698a8c5cbea985683b8a378c6fd67b52f2fc4

   You are using pip version 9.0.2, however version 20.2.3 is available.
   You should consider upgrading via the 'pip install --upgrade pip' command.`

Site suggest that file has change a couple days ago: https://pypi.org/project/toolz/0.10.0/?fbclid=IwAR3t8Yf1tdzdKdXHWpLDxemmJ8wzIETBwL7H-bcRl-mia0Qb43ewGAk0zs8#files

Can you fix the version on pypi so there would be no hash difference?

eriknw commented 4 years ago

Ah, sorry this is causing issues. I recently uploaded wheels for 0.10.0, so I bet the hashes mismatch b/c the old hash is from source and the new hash is from the wheel. So, it seems that pipenv should be able to handle this situation (source vs wheel), so maybe worth raising an issue there as well? I didn't expect this to cause problems--my bad.

How would you like me to handle this? Delete the wheel, and upload wheels for the next release of toolz? We're due for a release anyway.

eriknw commented 4 years ago

Okay, I deleted the wheel for 0.10.0 and release 0.11.0 with source and wheel.

I apologize again for the inconvenience. If the problem persists, please re-open.

Thanks for bringing this to my attention @maciejgliwinski