Skip to content

Pipenv use the sha1 hash #4517

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#4519
Closed
Pipenv use the sha1 hash#4517
#4519
Labels
Category: Dependency ResolutionIssue relates to dependency resolution.Type: RegressionThis issue is a regression of a previous behavior.
@erdnaxeli

Description

@erdnaxeli
erdnaxeli
opened on Nov 4, 2020

Issue description

Pipenv call pip with a sha1 hash, but pip does not support sha1 anymore.

We are using a private repository on packagecloud.io, and this repository provides the following hashes: MD5, SHA1, SHA256, SHA512. It seems that pipenv try to use the SHA1 hash, but it should select the SHA256 or SHA512 ones.

I can confirm tha in the Pipfile.lock the stored hashes for the two problematics packages are using sha1.

An error occurred while installing ma-apiclients==8.10.3 --hash=sha1:8e4277fbba32eba69defbb36018812b02f1154cf! Will try again.
…
[pipenv.exceptions.InstallError]: pip: error: Allowed hash algorithms for --hash are sha256, sha384, sha512.

Expected result

It use another hash than the sha1 one.

Actual result

> > pipenv install
Installing dependencies from Pipfile.lock (ead1b2)...
  🐍   ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 2/2 — 00:00:00
An error occurred while installing ma-apiclients==8.10.3 --hash=sha1:8e4277fbba32eba69defbb36018812b02f1154cf! Will try again.
An error occurred while installing ma-flask-common[ab_dispatcher,analytics,cache,celery,errors,external_celery,logger,minifier,profiler,protection,signer,sms,thresholds]==13.1.2 --hash=sha1:906f756989577ba7406a4f007055692758f438d6! Will try again.
Installing initially failed dependencies...
[InstallError]:   File "/home/amorignot/opt/pyenv/versions/3.6.5/lib/python3.6/site-packages/pipenv/cli/command.py", line 252, in install
[InstallError]:       site_packages=state.site_packages
[InstallError]:   File "/home/amorignot/opt/pyenv/versions/3.6.5/lib/python3.6/site-packages/pipenv/core.py", line 2062, in do_install
[InstallError]:       keep_outdated=keep_outdated
[InstallError]:   File "/home/amorignot/opt/pyenv/versions/3.6.5/lib/python3.6/site-packages/pipenv/core.py", line 1312, in do_init
[InstallError]:       pypi_mirror=pypi_mirror,
[InstallError]:   File "/home/amorignot/opt/pyenv/versions/3.6.5/lib/python3.6/site-packages/pipenv/core.py", line 900, in do_install_dependencies
[InstallError]:       retry_list, procs, failed_deps_queue, requirements_dir, **install_kwargs
[InstallError]:   File "/home/amorignot/opt/pyenv/versions/3.6.5/lib/python3.6/site-packages/pipenv/core.py", line 796, in batch_install
[InstallError]:       _cleanup_procs(procs, failed_deps_queue, retry=retry)
[InstallError]:   File "/home/amorignot/opt/pyenv/versions/3.6.5/lib/python3.6/site-packages/pipenv/core.py", line 703, in _cleanup_procs
[InstallError]:       raise exceptions.InstallError(c.dep.name, extra=err_lines)
[pipenv.exceptions.InstallError]: Usage: pip [options]
[pipenv.exceptions.InstallError]: 
[pipenv.exceptions.InstallError]: ERROR: Invalid requirement: ma-apiclients==8.10.3 --hash=sha1:8e4277fbba32eba69defbb36018812b02f1154cf
[pipenv.exceptions.InstallError]: pip: error: Allowed hash algorithms for --hash are sha256, sha384, sha512.
ERROR: Couldn't install package: ma-apiclients
 Package installation failed...
  ☤  ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 1/2 — 00:00:02

Steps to replicate

I am not sure

$ pipenv --support

Pipenv version: '2020.11.4'

Pipenv location: '/home/amorignot/opt/pyenv/versions/3.6.5/lib/python3.6/site-packages/pipenv'

Python location: '/home/amorignot/opt/pyenv/versions/3.6.5/bin/python'

Python installations found:

  • 3.8.1: /home/amorignot/opt/pyenv/versions/3.8.1/bin/python3
  • 3.7.5: /home/amorignot/opt/pyenv/versions/3.7.5/bin/python3.7m
  • 3.6.10: /home/amorignot/opt/pyenv/versions/3.6.10/bin/python3
  • 3.6.5: /home/amorignot/opt/pyenv/versions/3.6.5/bin/python3
  • 3.6.5: /home/amorignot/opt/pyenv/versions/3.6.5/bin/python3.6
  • 3.6.5: /home/amorignot/opt/pyenv/versions/3.6.5/bin/python3.6m
  • 3.6.5: /home/amorignot/opt/pyenv/versions/3.6.5/bin/python3
  • 3.5.3: /home/amorignot/opt/pyenv/versions/3.5.3/bin/python3.5
  • 3.5.3: /usr/bin/python3.5
  • 3.5.3: /usr/bin/python3
  • 3.5.3: /usr/bin/python3.5m
  • 3.4.2: /home/amorignot/opt/pyenv/versions/3.4.2/bin/python3.4m
  • 2.7.17: /home/amorignot/opt/pyenv/versions/2.7.17/bin/python2
  • 2.7.13: /usr/bin/python2
  • 2.7.13: /usr/bin/python2.7
  • 2.7.9: /home/amorignot/opt/pyenv/versions/2.7.9/bin/python2

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.6.5',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '4.9.0-14-amd64',
 'platform_system': 'Linux',
 'platform_version': '#1 SMP Debian 4.9.240-2 (2020-10-30)',
 'python_full_version': '3.6.5',
 'python_version': '3.6',
 'sys_platform': 'linux'}

Pipenv–specific environment variables:

  • PIPENV_VENV_IN_PROJECT: 1
</details>

Metadata

Assignees

No one assigned

    Labels

    Category: Dependency ResolutionIssue relates to dependency resolution.Type: RegressionThis issue is a regression of a previous behavior.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions