Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As of Sept 19, 2021 poetry fails to validate packages from third party repos. #4527

Closed
1 of 3 tasks
wcn00 opened this issue Sep 20, 2021 · 6 comments
Closed
1 of 3 tasks

As of Sept 19, 2021 poetry fails to validate packages from third party repos. #4527

wcn00 opened this issue Sep 20, 2021 · 6 comments
Labels
kind/bug Something isn't working as expected status/duplicate Duplicate issues

Comments

@wcn00
Copy link

wcn00 commented Sep 20, 2021
edited
Loading

My poetry installs in circle-ci started failing "all of a sudden" yesterday with the error:

#10 19.73   RuntimeError
#10 19.73 
#10 19.73   Invalid hash for waveapps.avro (1.0.0) using archive waveapps.avro-1.0.0-py3-none-any.whl
#10 19.73 
#10 19.73   at /usr/local/lib/python3.9/site-packages/poetry/installation/executor.py:619 in _download_link
#10 19.80       615│                     Path(archive.path) if isinstance(archive, Link) else archive,
#10 19.81       616│                 ).hash()
#10 19.81       617│             )
#10 19.81       618│             if archive_hash not in {f["hash"] for f in package.files}:
#10 19.81     → 619│                 raise RuntimeError(
#10 19.81       620│                     "Invalid hash for {} using archive {}".format(package, archive.name)
#10 19.81       621│                 )
#10 19.81       622│ 
#10 19.81       623│         return archive
#10 19.81 
#10 19.81

This happens for all poetry 1.1.x versions, but does NOT happen for 1.0.10. I'm reverting to 1.0.10 for now. I'm opening this ticket in hopes that more qualified folks can carry it forward.
Again there were NO chanes in my source, indeed jobs on CircleCi that previously ran failed when I reran them.

  • I am on the latest Poetry version.
  • I have searched the issues of this repo and believe that this is not a duplicate.
  • If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).
  • OS version and name:
  • Poetry version:
  • Link of a Gist with the contents of your pyproject.toml file:

Issue
@wcn00 wcn00 added kind/bug Something isn't working as expected status/triage This issue needs to be triaged labels Sep 20, 2021
@imuerte-fn
Copy link

Want to confirm that we are seeing this with our packagecloud.io based repository

@tiulpin
Copy link

tiulpin commented Sep 20, 2021
edited
Loading

The same with the Artifactory repositories. Reverting to 1.0.10 helps.

@ZacharyJoswick
Copy link

Same issue with nexus repositories as well. Reverting to 1.0.10 also helped in our case.

@taybin
Copy link

taybin commented Sep 20, 2021

Also with Sonatype Nexus. It's a problem with poetry-core assuming all hashes are SHA1. The fix is to downgrade poetry-core to 1.0.4.

@finswimmer
Copy link
Member

Thanks for reporting 👍

I think this is a duplicate of #4523

@finswimmer finswimmer added the status/duplicate Duplicate issues label Sep 20, 2021
@abn abn removed the status/triage This issue needs to be triaged label Mar 3, 2022
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 2, 2024

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Something isn't working as expected status/duplicate Duplicate issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@taybin @abn @finswimmer @wcn00 @ZacharyJoswick @tiulpin @imuerte-fn