THESE PACKAGES DO NOT MATCH THE HASHES FROM Pipfile.lock

[leileigong]

I Download an whl package, but when i install pycrypto-2.6.1-cp36-cp36m-win_amd64.whl, i got an error."THESE PACKAGES DO NOT MATCH THE HASHES FROM Pipfile.lock".
How could i fix it?

Here is pipfile content:
pycrypto = {path = "./tools/pycrypto-2.6.1-cp36-cp36m-win_amd64.whl"}

Here is pipfile.lock content:

        "pycrypto": {
            "hashes": [
                "sha256:f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c"
            ],
            "path": "./tools/pycrypto-2.6.1-cp36-cp36m-win_amd64.whl",
            "version": "==2.6.1"
        },

GLL-PC /E/PycharmProjects/FNTools/tools (master)
penv install
ile.lock (e7bca1) out of date, updating to (79451c)...
ing [dev-packages] dependencies...
ing [packages] dependencies...
ted Pipfile.lock (79451c)!
alling dependencies from Pipfile.lock (79451c)...
rror occurred while installing ./tools/pycrypto-2.6.1-cp36-cp36m-win_amd64.whl! Will try again.
============================== 5/5 - 00:00:39
alling initially failed dependencies...
essing e:\pycharmprojects\fntools\tools\pycrypto-2.6.1-cp36-cp36m-win_amd64.whl

E PACKAGES DO NOT MATCH THE HASHES FROM Pipfile.lock!. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; so
e may have tampered with them.
pycrypto==2.6.1 from file:///E:/PycharmProjects/FNTools/tools/pycrypto-2.6.1-cp36-cp36m-win_amd64.whl (from -r C:\Windows\TEMP\pipenv-gp99w756-requirements\pipenv-qyvtpjcs-
irement.txt (line 1)):
Expected sha256 f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c
Got a41a5bd1189567879233e56057b637cb3b266b74fadf2300e29d437e2d55367b

================================ 0/1 - 00:00:00

[psarka]

I get the same when trying to install pytorch:

mkdir failing-install && cd failing-install
pipenv install http://download.pytorch.org/whl/cpu/torch-0.4.1-cp36-cp36m-linux_x86_64.whl

gives:

pipenv install http://download.pytorch.org/whl/cpu/torch-0.4.1-cp36-cp36m-linux_x86_64.whl
Creating a virtualenv for this project…
Pipfile: /home/besarkap/Documents/failing-torch/Pipfile
Using /usr/bin/python3 (3.6.6) to create virtualenv…
⠸Already using interpreter /usr/bin/python3
Using base prefix '/usr'
New python executable in /home/besarkap/.local/share/virtualenvs/failing-torch-dnIUgSxD/bin/python3
Also creating executable in /home/besarkap/.local/share/virtualenvs/failing-torch-dnIUgSxD/bin/python
Installing setuptools, pip, wheel...done.

Virtualenv location: /home/besarkap/.local/share/virtualenvs/failing-torch-dnIUgSxD
Creating a Pipfile for this project…
Installing http://download.pytorch.org/whl/cpu/torch-0.4.1-cp36-cp36m-linux_x86_64.whl…
Collecting torch==0.4.1 from http://download.pytorch.org/whl/cpu/torch-0.4.1-cp36-cp36m-linux_x86_64.whl#egg=torch
  Downloading http://download.pytorch.org/whl/cpu/torch-0.4.1-cp36-cp36m-linux_x86_64.whl (91.1MB)
Installing collected packages: torch
Successfully installed torch-0.4.1

Adding torch to Pipfile's [packages]…
Pipfile.lock not found, creating…
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Updated Pipfile.lock (8d9400)!
Installing dependencies from Pipfile.lock (8d9400)…
An error occurred while installing http://download.pytorch.org/whl/cpu/torch-0.4.1-cp36-cp36m-linux_x86_64.whl#egg=torch --hash=sha256:108aef4c2744724d19d76c2344108db6abb60e86cfc9e06eb3d46386ea3b6097 --hash=sha256:2acd73723a0f0bd0b8114531e78b7ad3c753a2f2c0047623043cba4dae08ae90 --hash=sha256:400f50a9551c5ed2fbea9bd199e14e2ec79964dd792053802b51269eec96320b --hash=sha256:4bf7ffe72bf1af8305b6a3acbe246351f4e09a1c4d4de2364066064da56c869b --hash=sha256:725ae85be70a569583863c263e281938b21e5e92d9a8f480094555b59a82936d --hash=sha256:762eeb0ef4c6de1d9bf12616f362d979cabf1c2b988d5a90bb074adcdc30a079 --hash=sha256:7e3bac584473688720e26323bf209b97c015fc4e9a12a34962df3ff7ad0ce597 --hash=sha256:db668180b11144579d503041339025cc76a70bc0da877f2f91f386fe9229e292 --hash=sha256:e740fb4442ab0cf6a5e5c5279b6ad3cebdeb8f30ce1dabb293cf437178f12a78! Will try again.
  🐍   ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 1/1 — 00:00:11
Installing initially failed dependencies…
Collecting torch==0.4.1 from http://download.pytorch.org/whl/cpu/torch-0.4.1-cp36-cp36m-linux_x86_64.whl#egg=torch 
  Downloading http://download.pytorch.org/whl/cpu/torch-0.4.1-cp36-cp36m-linux_x86_64.whl (91.1MB)

THESE PACKAGES DO NOT MATCH THE HASHES FROM Pipfile.lock!. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    torch==0.4.1 from http://download.pytorch.org/whl/cpu/torch-0.4.1-cp36-cp36m-linux_x86_64.whl#egg=torch (from -r /tmp/pipenv-hu8or6yw-requirements/pipenv-0dhgyp12-requirement.txt (line 1)):
        Expected sha256 108aef4c2744724d19d76c2344108db6abb60e86cfc9e06eb3d46386ea3b6097
        Expected     or 2acd73723a0f0bd0b8114531e78b7ad3c753a2f2c0047623043cba4dae08ae90
        Expected     or 400f50a9551c5ed2fbea9bd199e14e2ec79964dd792053802b51269eec96320b
        Expected     or 4bf7ffe72bf1af8305b6a3acbe246351f4e09a1c4d4de2364066064da56c869b
        Expected     or 725ae85be70a569583863c263e281938b21e5e92d9a8f480094555b59a82936d
        Expected     or 762eeb0ef4c6de1d9bf12616f362d979cabf1c2b988d5a90bb074adcdc30a079
        Expected     or 7e3bac584473688720e26323bf209b97c015fc4e9a12a34962df3ff7ad0ce597
        Expected     or db668180b11144579d503041339025cc76a70bc0da877f2f91f386fe9229e292
        Expected     or e740fb4442ab0cf6a5e5c5279b6ad3cebdeb8f30ce1dabb293cf437178f12a78
             Got        60bbd3198dacfc8812f3e447ae4f30bb23bb0390bbf7af922c165a8731942055


  ☤  ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 0/1 — 00:00:11

[techalchemy]

Given that the wheel is from PyTorch it very well might be that they simply changed the wheel and now the hash is different. This is completely outside of our control and exactly what pipenv is designed to catch. If you don't mind, just re-lock with pipenv lock.

[HTL2018]

i get the same question

proxychains pip3 install torch torchvision
ProxyChains-3.1 (http://proxychains.sf.net)
Collecting torch
|DNS-request| pypi.org
|S-chain|-<>-127.0.0.1:1080-<><>-4.2.2.2:53-<><>-OK
|DNS-response| pypi.org is 151.101.0.223
|S-chain|-<>-127.0.0.1:1080-<><>-151.101.0.223:443-<><>-OK
Using cached https://files.pythonhosted.org/packages/59/d2/4e806f73b4b72daab9064c99394fc22ea6ef1fb052154546405057cd192d/torch-1.0.1.post2-cp35-cp35m-manylinux1_x86_64.whl
Collecting torchvision
Using cached https://files.pythonhosted.org/packages/fb/01/03fd7e503c16b3dc262483e5555ad40974ab5da8b9879e164b56c1f4ef6f/torchvision-0.2.2.post3-py2.py3-none-any.whl
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from torchvision) (1.10.0)
Requirement already satisfied: numpy in /usr/lib/python3/dist-packages (from torchvision) (1.11.0)
Collecting pillow>=4.1.1 (from torchvision)
Using cached https://files.pythonhosted.org/packages/8b/e9/5c47710fe383f0582da668302a80a6355fe15c2ce2dde89b50fe34acefa6/Pillow-5.4.1-cp35-cp35m-manylinux1_x86_64.whl
THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
torch from https://files.pythonhosted.org/packages/59/d2/4e806f73b4b72daab9064c99394fc22ea6ef1fb052154546405057cd192d/torch-1.0.1.post2-cp35-cp35m-manylinux1_x86_64.whl#sha256=c8dd2478d3e8c0da293c618be60432bb166fe36c50663e26b1fe9e7123365fe5:
Expected sha256 c8dd2478d3e8c0da293c618be60432bb166fe36c50663e26b1fe9e7123365fe5
Got 18001b8684a215a92a5d9ec475311b7d572af86f243e7ea613b963b27750fa86

[AmeeraMilibari]

same here
tried to install tensorflow and got: Locking failed

Expected sha256 e631f55cf30054fee3230c89a7f998fd08748aa3045651a5a760cec2c5b9f9d6
             Got        bf5720bacf6eec16b3145f7c50e3c53e8112de5398fe3547e3337c32f315bbf4

[jgieringer]

Running pipenv --clear worked for me