Pipenv: Hashes generated during locking do not match install

Created on 8 Jul 2018  ·  3Comments  ·  Source: pypa/pipenv
Issue description

Packages failed to install from Pipfile (pipenv install) but managed to install after specifying their name

Expected result

The packages install.

Actual result

An error is thrown about hashes not matching. If a package name is specified, it installs and says "Since it is already installed, we are trusting this package without checking its hash."

Steps to replicate

Non-verbose
screenshot 2018-07-09 at 00 46 51
screenshot 2018-07-09 at 00 47 09

Verbose output:

>  pipenv install numpy --verbose
Creating a virtualenv for this project...
Pipfile: /home/pi/testing_dir/Pipfile
Using /usr/bin/python3.5m (3.5.3) to create virtualenv...
⠋Running virtualenv with interpreter /usr/bin/python3.5m
Using base prefix '/usr'
New python executable in /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/python3.5m
Also creating executable in /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/python
Installing setuptools, pip, wheel...done.
Setting project for testing_dir-WDGBnYYm to /home/pi/testing_dir

Virtualenv location: /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm
Installing numpy...
⠙Installing 'numpy'
$ "/home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/pip" install   --verbose    "numpy" -i https://pypi.org/simple --exists-action w
[ snip ]
Installing collected packages: numpy

Successfully installed numpy-1.14.5
Cleaning up...

Adding numpy to Pipfile's [packages]...
Pipfile.lock not found, creating...
Locking [dev-packages] dependencies...
Locking [packages] dependencies...
using sources: [{'name': 'pypi', 'url': 'https://pypi.org/simple', 'verify_ssl': True}]
Using pip: -i https://pypi.org/simple

                          ROUND 1                           
Current constraints:
  numpy (from -r /tmp/pipenv-fw9u0ln7-requirements/pipenv-c8uwffst-constraints.txt (line 2))

Finding the best candidates:
  found candidate numpy==1.14.5 (constraint was <any>)
Finding secondary dependencies:
  numpy==1.14.5             requires numpy==1.14.5; python_version != "3.1.*" and python_version != "3.0.*" and python_version != "3.3.*" and python_version != "3.2.*" and python_version >= "2.7"

New dependencies found in this round:
  adding ['numpy', '==1.14.5', '[]']
Removed dependencies in this round:
Unsafe dependencies in this round:
------------------------------------------------------------
Result of round 1: not stable

                          ROUND 2                           
Current constraints:
  numpy==1.14.5 (from -r /tmp/pipenv-fw9u0ln7-requirements/pipenv-c8uwffst-constraints.txt (line 2))

Finding the best candidates:
  found candidate numpy==1.14.5 (constraint was ==1.14.5)

Finding secondary dependencies:
  numpy==1.14.5             requires numpy==1.14.5; python_version != "3.1.*" and python_version != "3.0.*" and python_version != "3.3.*" and python_version != "3.2.*" and python_version >= "2.7"
------------------------------------------------------------
Result of round 2: stable, done

Updated Pipfile.lock (5a67c1)!
Installing dependencies from Pipfile.lock (5a67c1)...
Installing 'numpy==1.14.5 --hash=sha256:07379fe0b450f6fd6e5934a9bc015025bb4ce1c8fbed3ca8bef29328b1bc9570 [long list of hashes]'
$ "/home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/pip" install   --verbose  --no-deps  -r "/tmp/pipenv-m7n5vxhw-requirements/pipenv-s6f0at97-requirement.txt" --require-hashes -i https://pypi.org/simple --exists-action w
Created temporary directory: /tmp/pip-ephem-wheel-cache-ntah_q6a
Created temporary directory: /tmp/pip-install-75w412mp
Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
Requirement already satisfied: numpy==1.14.5 in /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/lib/python3.5/site-packages (from -r /tmp/pipenv-m7n5vxhw-requirements/pipenv-s6f0at97-requirement.txt (line 1)) (1.14.5)
  Since it is already installed, we are trusting this package without checking its hash. To ensure a completely repeatable environment, install into an empty virtualenv.
Cleaning up...
picture randName

Most helpful comment

@techalchemy Adding the pinwheels source also solved the same problem I was having. Is there documentation about why the additional sources are needed? I'm wondering why it's not automatically included when initially running pipenv lock.

picture charliesneath on 17 Oct 2018
👍3

All 3 comments

You’re using a raspberry pi which means you can’t use the lockfile off of an x86 machine. How did you build your lockfile?

In your case you need to add an additional source to your pipfile:

[[source]]
url = "https://pypi.org/simple"
name = "pypi"
verify_ssl = true

[[source]]
url = "https://www.piwheels.org/simole"
name = "piwheels"
verify_ssl = true

[packages]
numpy = {version = "*", index = "piwheels"}

[dev-packages]

[requires]
python_version = "3.5"

If you continue to have issues please fill out the issue template. It’s there to streamline our ability to spot things that are going wrong. Thanks for the report and hope this helps

techalchemy picture techalchemy on 8 Jul 2018

I didn't have a lockfile in the folder. But adding the piwheels source works, thank you!

randName picture randName on 8 Jul 2018
👍2

@techalchemy Adding the pinwheels source also solved the same problem I was having. Is there documentation about why the additional sources are needed? I'm wondering why it's not automatically included when initially running pipenv lock.

charliesneath picture charliesneath on 17 Oct 2018
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hynek picture hynek  ·  3Comments
marc-fez picture marc-fez  ·  3Comments
jacebrowning picture jacebrowning  ·  3Comments
AkiraSama picture AkiraSama  ·  3Comments
Californian picture Californian  ·  3Comments