Pipenv lock uses the wrong hash for packages with alternative source

[gnu-lorien]

Issue description

Starting with 2023.8.19 all of the hash values for packages that are installed from one of my extra sources are all the same. This results in hash mismatch errors errors during the sync step because the lock generated an incorrect Pipfile.lock

Expected result

The expected result is that for each of my package dependencies the list of hashes is unique to the package and the correct hash provided by the repository.

Actual result

The result was that every package had the exact same hash value as each other, so most of them were completely incorrect.

Steps to replicate

Create a Pipfile with more than one source. Provide multiple packages from that source. In my case, none of those packages also have dependencies that come from the extra source.

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[[source]]
url="https://pypi.example.com"
verify_ssl=true
name="example"

[packages]
mycoolpackage = {version = "*", index = "example" }
anothercoolpackage = { version = "*", index = "example" }
pytest = "*"

In my situation in the Pipfile.lock both mycoolpackage and anothercoolpackage will have the same hash values when they should be different.

Debugging steps

The reason why I know it was introduced is because this has worked fine in prior recent releases. I set up different virtual environments with different recent releases to try to track down when it broke. It has worked for years before this recent change.

2023.8.20 broken
2023.8.19 broken <--
2023.7.23 works
2023.7.3 works

---

$ pipenv --support

Pipenv version: '2023.8.19'

Pipenv location: 'redacted/venv/lib/python3.10/site-packages/pipenv'

Python location: 'redacted/venv/bin/python3'

OS Name: 'posix'

User pip version: '23.2.1'

user Python installations found:

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.10.12',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '5.19.0-46-generic',
 'platform_system': 'Linux',
 'platform_version': '#47~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Jun 21 '
                     '15:35:31 UTC 2',
 'python_full_version': '3.10.12',
 'python_version': '3.10',
 'sys_platform': 'linux'}

System environment variables:

• SHELL
• SESSION_MANAGER
• QT_ACCESSIBILITY
• SNAP_REVISION
• GTK_IM_MODULE
• SNAP_REAL_HOME
• TERMINAL_EMULATOR
• SNAP_USER_COMMON
• SSH_AUTH_SOCK
• TERM_SESSION_ID
• SNAP_INSTANCE_KEY
• XMODIFIERS
• SSH_AGENT_PID
• BAMF_DESKTOP_FILE_HINT
• GTK_MODULES
• PWD
• VCPKG_ROOT
• LOGNAME
• XDG_SESSION_TYPE
• PANEL_GDK_CORE_DEVICE_EVENTS
• VCPKG_BINARY_SOURCES
• DESKTOP_STARTUP_ID
• SNAP_CONTEXT
• PULSE_SCRIPT
• HOME
• LANG
• LS_COLORS
• VIRTUAL_ENV
• PLATFORM_FRAME_DIR
• XRDP_SOCKET_PATH
• SNAP_ARCH
• XRDP_PULSE_SOURCE_SOCKET
• SNAP_INSTANCE_NAME
• SNAP_USER_DATA
• SNAP_REEXEC
• CLUTTER_IM_MODULE
• LESSCLOSE
• XDG_SESSION_CLASS
• TERM
• LESSOPEN
• LIBVIRT_DEFAULT_URI
• USER
• SNAP
• XRDP_SESSION
• SNAP_COMMON
• SNAP_VERSION
• DISPLAY
• XRDP_PULSE_SINK_SOCKET
• SHLVL
• SNAP_LIBRARY_PATH
• SNAP_COOKIE
• QT_IM_MODULE
• XDG_SESSION_ID
• VIRTUAL_ENV_PROMPT
• SNAP_DATA
• XDG_RUNTIME_DIR
• PS1
• FIG_JETBRAINS_SHELL_INTEGRATION
• SNAP_NAME
• XDG_DATA_DIRS
• PATH
• DBUS_SESSION_BUS_ADDRESS
• UID
• OLDPWD
• _
• PIP_DISABLE_PIP_VERSION_CHECK
• PYTHONDONTWRITEBYTECODE
• PYTHONFINDER_IGNORE_UNSUPPORTED

Pipenv–specific environment variables:

Debug–specific environment variables:

• PATH: redacted
  • SHELL: /bin/bash
• LANG: en_US.UTF-8
• PWD: redacted
• VIRTUAL_ENV: redacted

---

Contents of Pipfile redacted

Contents of Pipfile.lock redacted

</details>

[matteius]

I believe related to: #5848 (comment)