Download source regression in 10.25 #5444
Labels
triage
Type: Bug 🐛
This issue is a bug.
Type: Regression
This issue is a regression of a previous behavior.
Issue description
When installing packages from the same lock file, 10.25 will fail with hash check error, while 10.12 will succeed.
Expected result
Both should install the packages.
Actual result
Based on what I can tell, the lockfile includes the SHAs for the .whl and the .tar.gz from PyPi. However, it actually downloads the wheel from PiWheels instead, which has a different SHA, not listed in the lock file.
So it's kind these steps happening
pypi
(ref)Steps to replicate
I threw together a basic repo here: https://github.com/stumpylog/pipenv-issue-repro
Please run
$ pipenv --support
, and paste the results here. Don't put backticks (`
) around it! The output already contains Markdown formatting.If you're on macOS, run the following:
If you're on Windows, run the following:
If you're on Linux, run the following:
The text was updated successfully, but these errors were encountered: