Pipenv: 锁定期间生成的哈希与安装不匹配

问题描述

软件包无法从 Pipfile ( pipenv install ) 安装，但在指定其名称后设法安装

预期结果

软件包安装。

实际结果

抛出关于哈希不匹配的错误。 如果指定了包名称，它会安装并说“由于它已经安装，我们信任这个包而不检查它的哈希值。”

复制步骤

非冗长

详细输出：

>  pipenv install numpy --verbose
Creating a virtualenv for this project...
Pipfile: /home/pi/testing_dir/Pipfile
Using /usr/bin/python3.5m (3.5.3) to create virtualenv...
⠋Running virtualenv with interpreter /usr/bin/python3.5m
Using base prefix '/usr'
New python executable in /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/python3.5m
Also creating executable in /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/python
Installing setuptools, pip, wheel...done.
Setting project for testing_dir-WDGBnYYm to /home/pi/testing_dir

Virtualenv location: /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm
Installing numpy...
⠙Installing 'numpy'
$ "/home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/pip" install   --verbose    "numpy" -i https://pypi.org/simple --exists-action w
[ snip ]
Installing collected packages: numpy

Successfully installed numpy-1.14.5
Cleaning up...

Adding numpy to Pipfile's [packages]...
Pipfile.lock not found, creating...
Locking [dev-packages] dependencies...
Locking [packages] dependencies...
using sources: [{'name': 'pypi', 'url': 'https://pypi.org/simple', 'verify_ssl': True}]
Using pip: -i https://pypi.org/simple

                          ROUND 1                           
Current constraints:
  numpy (from -r /tmp/pipenv-fw9u0ln7-requirements/pipenv-c8uwffst-constraints.txt (line 2))

Finding the best candidates:
  found candidate numpy==1.14.5 (constraint was <any>)
Finding secondary dependencies:
  numpy==1.14.5             requires numpy==1.14.5; python_version != "3.1.*" and python_version != "3.0.*" and python_version != "3.3.*" and python_version != "3.2.*" and python_version >= "2.7"

New dependencies found in this round:
  adding ['numpy', '==1.14.5', '[]']
Removed dependencies in this round:
Unsafe dependencies in this round:
------------------------------------------------------------
Result of round 1: not stable

                          ROUND 2                           
Current constraints:
  numpy==1.14.5 (from -r /tmp/pipenv-fw9u0ln7-requirements/pipenv-c8uwffst-constraints.txt (line 2))

Finding the best candidates:
  found candidate numpy==1.14.5 (constraint was ==1.14.5)

Finding secondary dependencies:
  numpy==1.14.5             requires numpy==1.14.5; python_version != "3.1.*" and python_version != "3.0.*" and python_version != "3.3.*" and python_version != "3.2.*" and python_version >= "2.7"
------------------------------------------------------------
Result of round 2: stable, done

Updated Pipfile.lock (5a67c1)!
Installing dependencies from Pipfile.lock (5a67c1)...
Installing 'numpy==1.14.5 --hash=sha256:07379fe0b450f6fd6e5934a9bc015025bb4ce1c8fbed3ca8bef29328b1bc9570 [long list of hashes]'
$ "/home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/pip" install   --verbose  --no-deps  -r "/tmp/pipenv-m7n5vxhw-requirements/pipenv-s6f0at97-requirement.txt" --require-hashes -i https://pypi.org/simple --exists-action w
Created temporary directory: /tmp/pip-ephem-wheel-cache-ntah_q6a
Created temporary directory: /tmp/pip-install-75w412mp
Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
Requirement already satisfied: numpy==1.14.5 in /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/lib/python3.5/site-packages (from -r /tmp/pipenv-m7n5vxhw-requirements/pipenv-s6f0at97-requirement.txt (line 1)) (1.14.5)
  Since it is already installed, we are trusting this package without checking its hash. To ensure a completely repeatable environment, install into an empty virtualenv.
Cleaning up...