Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Downloads Hashing Command Line and Requirements File
See original GitHub issueIt is my understanding that pip is supposed to check the passed in hash if it is included in either the requirements file or the command line. This appears to not be currently happening.
These all succeed:
pip install -r requirements.txt # With a randomly typed hash
pip install http://..#md5=random
Issue Analytics
- State:
- Created 12 years ago
- Comments:12 (10 by maintainers)
Top Results From Across the Web
How to Hash a File in 60 Seconds or Less - CodeSigningStore
1. Open Windows Command Line. In your Start bar, type CMD and press Enter to open Windows Command Line. · 2. Decide which...
Read more >An introduction to hashing and checksums in Linux - Red Hat
A user downloads the file and applies the same hash method. The hash results, or checksums, are compared. If the checksum of the...
Read more >Determine SHA hash of file on Windows, Linux, and macOS
For the occasional one-off hash needs, though, they get the job done. macOS. shasum --algorithm 256 ~/Downloads/some-file.zip. Windows (cmd.exe).
Read more >pip hash - pip documentation v22.3.1
Compute a hash of a local package archive. These can be used with --hash in a requirements file to do repeatable installs.
Read more >Improving pip-compile --generate-hashes
pip-tools is a “set of command line tools to help you keep your ... -r requirements.txt (line 1)) Downloading https://files.pythonhosted.org ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
it’s reasonable to want
pip install http://..somepackage.tar.gz#md5=HASHto check the hash, but I’m not sure what this means from the descriptionpip install -r requirements.txt # With a randomly typed hashthere’s a url requirement in the requierments file with a random hash tacked onto to it?@jezdez What about non-PyPI packages? I was thinking that this would be a great way to have people who need / want to use packages which aren’t on PyPI (e.g. Github tarballs, internal repos) to have a backup which isn’t insecure