-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pipfile.lock contains md5 hashes on my docker build #4516
Comments
Does this have something to do with #4513, I wonder? |
Can you paste all the links(with full URL) listed in https://highway.porsche.com/artifactory/api/pypi/pypi-all/simple/coloredlogs ?
Nope, they are irrelevant |
Thanks for your information, I have submitted a fix for this |
Thanks |
@frostming fyi even when installing I'm also using Artifactory internally for both hosting internal packages and as a simple caching proxy to PyPI. a simple ripgrep search on the installed
edit 1so I did a little more testing by undoing all of my lockfile changes in that particular commit and re-running so I take that to mean there's some behavior there that's not working quite right, but now I'm very unclear on what or how. sorry that's probably super unhelpful |
yes old hashes will remain in the lockfile unless you delete it and relock |
right, I guess was saying that in my case a lockfile without |
I observed Ultimately, the source was a number of md5 hashes cached in the
|
@jvstein thank you so much this has been driving me crazy since yesterday. Any idea where those md5s in the cache came from? |
@byoungb I'm honestly not sure. I wasn't able to reproduce the creation of those cached md5 hashes. I do suspect it's related to RTFACT-18495 because it was only affecting our custom packages, nothing from PyPI. |
This has been driving me nuts as well, and clearing the cache fixed it. As far as I can tell my previous attempts (older version of |
I've also just hit this bug in Artifactory %(( I can't install a just-released package and after clearing the Anyone has found a workaround? |
You can get around it with --skip-lock |
@frostming None of the above fixed the issue for me. For our internal packages hosted on gemfury, the lock file still has md5 hashes. I am using an ubuntu 18.05 docker image with python3.7.5. My temporary fix was to go back to an older commit and manually copy the sha256 hashes into the current lock file. Re-locking the lock file would break this again though. |
To clear the caches:
|
@frostming I'm on OSX and followed your steps without success, and then again after deleting the whole cache folder, reinstalling pipenv, and deleting the lock file again. It still puts the md5 hashes in the lock file. Edit: I solved it by copying in an old sha256 hash from a previous commit into the lock file. |
It might depend on what version of OSX you're on, I'm on Catalina, and for me, this allowed me to run pipenv lock and get the sha256 hash from an artifactory PyPi (although the md5 hash was also there...), similar to @jvstein 's answer. I also had to delete my Pipenv.lock file, otherwise it simply appended to the md5 one
Note the path was |
Thanks @frostming, Clearing the cache was required but with the older version of pipenv, I still was not able to generate only the SHA hashes. I was on version 2020.5.28. |
Issue description
I have a problem with pipfile.lock and I can't find out what is causing it.
On my local machine, which is a Windows 10 if I remove Pipfile.lock and issue a
pipenv install
I get sha256 hashes in Pipfile.lock, as seen here:However, on my build machine, which is a Linux server building a docker container with Python 3.8.6 I get the following error when running
pipenv install
Expected result
Hashes should be created in sha256 format on the Linux Docker Python image, similar to the way they're created on Windows.
Actual result
It looks like the Pipfile.lock uses md5 hashes in my docker container.
Steps to replicate
Use a docker container with Python 3.8.6
Install latest pip (already up to date for now)
Install latest pipenv
$ pipenv --support
Pipenv version:
'2020.11.4'
Pipenv location:
'/usr/local/lib/python3.8/site-packages/pipenv'
Python location:
'/usr/local/bin/python'
Python installations found:
3.8.6
:/usr/local/bin/python3
3.8.6
:/usr/local/bin/python3.8
3.7.3
:/usr/bin/python3
3.7.3
:/usr/bin/python3.7
3.7.3
:/usr/bin/python3.7m
2.7.16
:/usr/bin/python2
2.7.16
:/usr/bin/python2.7
PEP 508 Information:
System environment variables:
HTTPS_PROXY
HOSTNAME
PYTHON_PIP_VERSION
PETP_ENVIRONMENT
HOME
GPG_KEY
PYTHON_GET_PIP_URL
PATH
LANG
PYTHON_VERSION
PWD
PYTHON_GET_PIP_SHA256
HTTP_PROXY
PIP_DISABLE_PIP_VERSION_CHECK
PYTHONDONTWRITEBYTECODE
PIP_SHIMS_BASE_MODULE
PIP_PYTHON_PATH
PYTHONFINDER_IGNORE_UNSUPPORTED
Pipenv–specific environment variables:
Debug–specific environment variables:
PATH
:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
LANG
:C.UTF-8
PWD
:/usr/src/app
Contents of
Pipfile
('/usr/src/app/Pipfile'):The text was updated successfully, but these errors were encountered: