Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Pipfile.lock contains md5 hashes on my docker build

See original GitHub issue

Issue description

I have a problem with pipfile.lock and I can’t find out what is causing it. On my local machine, which is a Windows 10 if I remove Pipfile.lock and issue a pipenv install I get sha256 hashes in Pipfile.lock, as seen here:

        "coloredlogs": {
            "hashes": [
                "sha256:14525820de1f749f836763a6631a48d4854f59160c42d4e81a3ecb625514615c"
            ],
            "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'",
            "version": "==14.101"
        },

However, on my build machine, which is a Linux server building a docker container with Python 3.8.6 I get the following error when running pipenv install

Updated Pipfile.lock (6c5e70)!
Installing dependencies from Pipfile.lock (6c5e70)...
An error occurred while installing coloredlogs==14.101; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' --hash=md5:74c9ee3424df05e34f093b130e0fea9f! Will try again.
An error occurred while installing petpcomms==0.1.12 --hash=md5:04d97ee07edaaacab3cd72268b0aebae! Will try again.
An error occurred while installing petpmvcs==0.1.50 --hash=md5:5e111dbd663627bf0586c76024362d65! Will try again.
Installing initially failed dependencies...
[InstallError]:   File "/usr/local/lib/python3.8/site-packages/pipenv/cli/command.py", line 232, in install
[InstallError]:       retcode = do_install(
[InstallError]:   File "/usr/local/lib/python3.8/site-packages/pipenv/core.py", line 2051, in do_install
[InstallError]:       do_init(
[InstallError]:   File "/usr/local/lib/python3.8/site-packages/pipenv/core.py", line 1304, in do_init
[InstallError]:       do_install_dependencies(
[InstallError]:   File "/usr/local/lib/python3.8/site-packages/pipenv/core.py", line 899, in do_install_dependencies
[InstallError]:       batch_install(
[InstallError]:   File "/usr/local/lib/python3.8/site-packages/pipenv/core.py", line 796, in batch_install
[InstallError]:       _cleanup_procs(procs, failed_deps_queue, retry=retry)
[InstallError]:   File "/usr/local/lib/python3.8/site-packages/pipenv/core.py", line 703, in _cleanup_procs
[InstallError]:       raise exceptions.InstallError(c.dep.name, extra=err_lines)
[pipenv.exceptions.InstallError]: Usage: pip [options]
[pipenv.exceptions.InstallError]: 
[pipenv.exceptions.InstallError]: ERROR: Invalid requirement: coloredlogs==14.101; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' --hash=md5:74c9ee3424df05e34f093b130e0fea9f
[pipenv.exceptions.InstallError]: pip: error: Allowed hash algorithms for --hash are sha256, sha384, sha512.
ERROR: Couldn't install package: coloredlogs

Expected result

Hashes should be created in sha256 format on the Linux Docker Python image, similar to the way they’re created on Windows.

Actual result

It looks like the Pipfile.lock uses md5 hashes in my docker container.

Steps to replicate

Use a docker container with Python 3.8.6 Install latest pip (already up to date for now) Install latest pipenv

$ pipenv --support

Pipenv version: '2020.11.4' Pipenv location: '/usr/local/lib/python3.8/site-packages/pipenv' Python location: '/usr/local/bin/python' Python installations found:

  • 3.8.6: /usr/local/bin/python3
  • 3.8.6: /usr/local/bin/python3.8
  • 3.7.3: /usr/bin/python3
  • 3.7.3: /usr/bin/python3.7
  • 3.7.3: /usr/bin/python3.7m
  • 2.7.16: /usr/bin/python2
  • 2.7.16: /usr/bin/python2.7 PEP 508 Information:
{'implementation_name': 'cpython',
 'implementation_version': '3.8.6',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '4.12.14-122.32-default',
 'platform_system': 'Linux',
 'platform_version': '#1 SMP Wed Aug 5 12:59:08 UTC 2020 (477c426)',
 'python_full_version': '3.8.6',
 'python_version': '3.8',
 'sys_platform': 'linux'}

System environment variables:

  • HTTPS_PROXY
  • HOSTNAME
  • PYTHON_PIP_VERSION
  • PETP_ENVIRONMENT
  • HOME
  • GPG_KEY
  • PYTHON_GET_PIP_URL
  • PATH
  • LANG
  • PYTHON_VERSION
  • PWD
  • PYTHON_GET_PIP_SHA256
  • HTTP_PROXY
  • PIP_DISABLE_PIP_VERSION_CHECK
  • PYTHONDONTWRITEBYTECODE
  • PIP_SHIMS_BASE_MODULE
  • PIP_PYTHON_PATH
  • PYTHONFINDER_IGNORE_UNSUPPORTED Pipenv–specific environment variables: Debug–specific environment variables:
  • PATH: /usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  • LANG: C.UTF-8
  • PWD: /usr/src/app

Contents of Pipfile (‘/usr/src/app/Pipfile’):

[[source]]
name = "Artifactory"
url = "https://highway.porsche.com/artifactory/api/pypi/pypi-all/simple"
verify_ssl = true
[dev-packages]
pytest = "*"
pytest-bdd = "*"
pytest-mock = "*"
prospector = ">=1.3.0.dev4"
pytest-cov = "*"
[packages]
alembic = "*"
cachetools = "*"
coverage = "*"
dataclasses-json = "*"
ldap3 = "*"
petpcomms = "*"
petpmvcs = "*"
pinject = "*"
pyaml = "*"
python-dateutil = "*"
pymongo = "*"
argon2-cffi = "*"
[requires]
python_version = "3.8"

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:3
  • Comments:19 (4 by maintainers)

github_iconTop GitHub Comments

19reactions
jvsteincommented, Nov 12, 2020

I observed md5 hashes getting into my Pipfile.lock files on a number of packages coming from an Artifactory source, even after deleting the lock file. The behavior was consistent using older versions of pipenv, pipenv==2020-11-4, and the master branch, which included #4519.

Ultimately, the source was a number of md5 hashes cached in the ~/.cache/pipenv/hash-cache/ folder. Deleting them solved my problem and I’m now getting sha256 hashes in my Pipfile.lock.

grep -lr md5 ~/.cache/pipenv/hash-cache | xargs rm
15reactions
frostmingcommented, Nov 17, 2020

To clear the caches:

  1. Update to the latest release, which is 2020.11.15 currently
  2. Remove hash caches located at:
    • ~/.cache/pipenv/hash-cache for Linux
    • ~/Library/Cache/pipenv/hash-cache for macOS
    • %USERPROFILE%\AppData\Local\pipenv\pipenv\Cache\hash-cache for Windows
  3. And regenerate the lock file
Read more comments on GitHub >

github_iconTop Results From Across the Web

Pipfile Hash Creation - python - Stack Overflow
Upon running this command, Pipenv generates an MD5 hash for a certain dependency. The error is saying that MD5 is not supported yet...
Read more >
Pipenv Lock Files With Docker - YouTube
In this tutorial I'll show you how to use pipenv and Pipfile. lock file in your docker containers.You can see the source code...
Read more >
inveniosoftware/invenio - Gitter
@ntarocco In my application using Invenio v3.3, I am trying to add/change styles. In which file should i add the changes in virtualenv...
Read more >
aws-cdk.aws-lambda-python-alpha - PyPI
lock exists at the entry path, the construct will handle installing all required modules in a Lambda compatible Docker container according to the...
Read more >
cyclonedx-bom: Versions | Openbase
Add Conda MD5 hash to Component.hashes, if available - thanks ... Revert to previous process for building Docker image as PyPi index update...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Support force resolving dependency versions a la yarn's "resolutions" support.

Next page

Pytorch and torchvision CPU version install fails