Install Python packages uploaded to PyPi Repository with same version results in hash error
Summary
If I upload a package to a project's PyPi Repository, and then subsequently upload another package with the same version number, a hash error occurs when I try to install the package.
Steps to reproduce
- Create a Python module and upload it to a project's PyPi Repository as described in GitLab PyPi Repository.
- Make a change to the module and upload it to the PyPi Repository with the same version number.
- Attempt to install the module from the PyPi Repository.
Example Project
N/A. Project is on a private instance.
What is the current bug behavior?
When I try to install the module, pip reports a hash error.
/# pip install dagster-dask-ext --index-url https://__token__:XXXXXXXXX@gitlab.transzap.com/api/v4/projects/898/packages/pypi/simple
Looking in indexes: https://__token__:****@gitlab.transzap.com/api/v4/projects/898/packages/pypi/simple
Collecting dagster-dask-ext
Downloading https://gitlab.transzap.com/api/v4/projects/898/packages/pypi/files/3b2de0193a7d54183dee15ac4523fd6b3db4d390b568e676f8fffcee95f6354c/dagster_dask_ext-0.0.0.dev0-py3-none-any.whl (4.7 kB)
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
dagster-dask-ext from https://gitlab.transzap.com/api/v4/projects/898/packages/pypi/files/3b2de0193a7d54183dee15ac4523fd6b3db4d390b568e676f8fffcee95f6354c/dagster_dask_ext-0.0.0.dev0-py3-none-any.whl#sha256=3b2de0193a7d54183dee15ac4523fd6b3db4d390b568e676f8fffcee95f6354c:
Expected sha256 3b2de0193a7d54183dee15ac4523fd6b3db4d390b568e676f8fffcee95f6354c
Got 61e5fc07d37c75c0909abb14440049d5ffcf093d9b7b372e3fd6d393ab8aa451
What is the expected correct behavior?
I should be able to install the module using pip
.
The documentation for Uploading Packages says that GitLab will serve the most recent file if the same version is uploaded multiple times.
If you upload the same package with the same version multiple times, each consecutive upload is saved as a separate file. When installing a package, GitLab will serve the most recent file.
Relevant logs and/or screenshots
I originally published the package on July 1. I then published some changes today (July 3) using the same version number (0.0.0.dev0
). Both sets of files are shown in the PyPi Repository.
Output of checks
(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)
Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: Proxy: no Current User: git Using RVM: no Ruby Version: 2.6.6p146 Gem Version: 2.7.10 Bundler Version:1.17.3 Rake Version: 12.3.3 Redis Version: 5.0.9 Git Version: 2.27.0 Sidekiq Version:5.2.7 Go Version: unknown GitLab information Version: 13.1.1-ee Revision: a604fffd4ba Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 11.7 URL: https://gitlab.transzap.com HTTP Clone URL: https://gitlab.transzap.com/some-group/some-project.git SSH Clone URL: ssh://git@gitlab.transzap.com:2222/some-group/some-project.git Elasticsearch: no Geo: no Using LDAP: yes Using Omniauth: yes Omniauth Providers: GitLab Shell Version: 13.3.0 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Checking GitLab subtasks ...
Checking GitLab Shell ...
GitLab Shell: ... GitLab Shell version >= 13.3.0 ? ... OK (13.3.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Gitaly ...
Gitaly: ... default ... OK
Checking Gitaly ... Finished
Checking Sidekiq ...
Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Incoming Email ...
Incoming Email: ... Reply by email is disabled in config/gitlab.yml
Checking Incoming Email ... Finished
Checking LDAP ...
LDAP: ... Server: ldapmain LDAP authentication... Success LDAP users with access to your GitLab server (only showing the first 100 results) User output sanitized. Found 100 users of 100 limit.
Checking LDAP ... Finished
Checking GitLab App ...
Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 2/2 ... yes 5/5 ... yes 179/6 ... yes 179/9 ... yes 16/10 ... yes 5/16 ... yes 5/17 ... yes 20/20 ... yes 20/21 ... yes 21/22 ... yes 21/23 ... yes 24/25 ... yes 24/26 ... yes 24/28 ... yes 20/29 ... yes 16/30 ... yes 27/31 ... yes 27/32 ... yes 28/33 ... yes 28/35 ... yes 21/36 ... yes 3/38 ... yes 28/39 ... yes 58/40 ... yes 16/42 ... yes 46/45 ... yes 38/48 ... yes 38/50 ... yes 20/51 ... yes 85/52 ... yes 85/53 ... yes 85/54 ... yes 85/55 ... yes 85/56 ... yes 39/57 ... yes 38/58 ... yes 179/59 ... yes 179/61 ... yes 68/66 ... yes 58/72 ... yes 68/103 ... yes 57/104 ... yes 68/111 ... yes 14/114 ... yes 38/115 ... yes 38/120 ... yes 85/122 ... yes 85/123 ... yes 28/124 ... yes 28/125 ... yes 85/131 ... yes 142/132 ... yes 85/136 ... yes 38/139 ... yes 24/141 ... yes 85/142 ... yes 179/144 ... yes 54/147 ... yes 85/148 ... yes 24/155 ... yes 35/157 ... yes 5/160 ... yes 5/161 ... yes 179/162 ... yes 65/164 ... yes 23/166 ... yes 24/170 ... yes 60/172 ... yes 35/176 ... yes 24/177 ... yes 24/179 ... yes 24/180 ... yes 65/185 ... yes 57/187 ... yes 23/189 ... yes 38/190 ... yes 71/196 ... yes 85/198 ... yes 58/204 ... yes 83/205 ... yes 23/206 ... yes 23/208 ... yes 23/209 ... yes 65/213 ... yes 35/216 ... yes 65/217 ... yes 139/218 ... yes 69/219 ... yes 65/220 ... yes 65/223 ... yes 24/224 ... yes 58/225 ... yes 85/226 ... yes 23/227 ... yes 65/228 ... yes 85/230 ... yes 23/232 ... yes 85/240 ... yes 65/247 ... yes 75/267 ... yes 75/268 ... yes 76/270 ... yes 76/272 ... yes 76/273 ... yes 179/276 ... yes 179/277 ... yes 24/278 ... yes 5/281 ... yes 5/282 ... yes 5/283 ... yes 77/291 ... yes 24/292 ... yes 81/294 ... yes 170/295 ... yes 24/305 ... yes 61/310 ... yes 68/316 ... yes 58/317 ... yes 139/318 ... yes 23/319 ... yes 16/320 ... yes 58/322 ... yes 83/329 ... yes 61/334 ... yes 170/335 ... yes 23/336 ... yes 83/337 ... yes 225/340 ... yes 23/341 ... yes 226/345 ... yes 171/346 ... yes 61/351 ... yes 23/356 ... yes 23/357 ... yes 38/359 ... yes 53/369 ... yes 53/370 ... yes 53/371 ... yes 170/376 ... yes 226/378 ... yes 78/379 ... yes 38/382 ... yes 94/383 ... yes 89/384 ... yes 142/385 ... yes 102/386 ... yes 6/387 ... yes 104/389 ... yes 104/390 ... yes 104/391 ... yes 104/392 ... yes 127/398 ... yes 105/399 ... yes 23/409 ... yes 94/410 ... yes 58/411 ... yes 104/413 ... yes 131/414 ... yes 106/415 ... yes 107/416 ... yes 107/417 ... yes 6/418 ... yes 107/419 ... yes 107/420 ... yes 105/423 ... yes 24/424 ... yes 94/426 ... yes 127/429 ... yes 105/430 ... yes 94/432 ... yes 94/433 ... yes 35/434 ... yes 142/435 ... yes 35/436 ... yes 35/437 ... yes 23/441 ... yes 131/450 ... yes 225/451 ... yes 116/453 ... yes 23/455 ... yes 116/456 ... yes 116/457 ... yes 77/459 ... yes 161/460 ... yes 94/463 ... yes 77/464 ... yes 120/466 ... yes 120/467 ... yes 116/469 ... yes 38/470 ... yes 118/471 ... yes 111/472 ... yes 111/473 ... yes 94/474 ... yes 77/475 ... yes 116/478 ... yes 116/480 ... yes 116/481 ... yes 107/482 ... yes 121/484 ... yes 52/485 ... yes 120/486 ... yes 111/487 ... yes 225/489 ... yes 120/490 ... yes 107/491 ... yes 61/492 ... yes 120/493 ... yes 120/497 ... yes 131/501 ... yes 118/503 ... yes 118/504 ... yes 118/508 ... yes 131/509 ... yes 139/511 ... yes 139/512 ... yes 6/517 ... yes 138/518 ... yes 141/519 ... yes 141/520 ... yes 138/521 ... yes 134/523 ... yes 124/526 ... yes 140/528 ... yes 140/529 ... yes 141/532 ... yes 141/533 ... yes 140/535 ... yes 141/536 ... yes 164/538 ... yes 38/541 ... yes 145/544 ... yes 81/545 ... yes 81/546 ... yes 142/547 ... yes 38/548 ... yes 3/551 ... yes 226/552 ... yes 105/553 ... yes 124/554 ... yes 107/558 ... yes 226/559 ... yes 61/560 ... yes 140/561 ... yes 141/569 ... yes 141/570 ... yes 140/571 ... yes 131/572 ... yes 141/573 ... yes 140/574 ... yes 151/581 ... yes 131/583 ... yes 131/584 ... yes 131/585 ... yes 131/586 ... yes 131/587 ... yes 131/588 ... yes 154/590 ... yes 154/592 ... yes 154/593 ... yes 154/594 ... yes 140/604 ... yes 135/608 ... yes 157/611 ... yes 131/612 ... yes 206/613 ... yes 141/614 ... yes 140/615 ... yes 139/617 ... yes 139/618 ... yes 139/619 ... yes 139/621 ... yes 131/623 ... yes 154/625 ... yes 154/626 ... yes 154/628 ... yes 131/629 ... yes 131/630 ... yes 142/631 ... yes 131/633 ... yes 161/634 ... yes 161/637 ... yes 131/638 ... yes 163/641 ... yes 141/642 ... yes 131/643 ... yes 164/645 ... yes 131/646 ... yes 164/647 ... yes 131/650 ... yes 161/653 ... yes 161/654 ... yes 161/655 ... yes 161/656 ... yes 131/657 ... yes 154/658 ... yes 163/660 ... yes 164/661 ... yes 131/662 ... yes 131/663 ... yes 154/664 ... yes 161/670 ... yes 161/671 ... yes 164/672 ... yes 131/673 ... yes 161/674 ... yes 131/675 ... yes 161/676 ... yes 161/677 ... yes 131/678 ... yes 131/679 ... yes 167/680 ... yes 131/681 ... yes 160/682 ... yes 131/683 ... yes 131/684 ... yes 131/685 ... yes 172/686 ... yes 172/687 ... yes 173/688 ... yes 167/689 ... yes 206/690 ... yes 173/691 ... yes 131/692 ... yes 167/698 ... yes 206/699 ... yes 173/702 ... yes 186/703 ... yes 176/704 ... yes 182/706 ... yes 173/707 ... yes 182/708 ... yes 167/709 ... yes 182/710 ... yes 173/711 ... yes 182/712 ... yes 61/713 ... yes 6/714 ... yes 142/715 ... yes 131/717 ... yes 216/719 ... yes 198/720 ... yes 139/721 ... yes 161/722 ... yes 131/723 ... yes 187/727 ... yes 16/728 ... yes 116/729 ... yes 131/730 ... yes 167/731 ... yes 131/732 ... yes 192/733 ... yes 191/734 ... yes 104/735 ... yes 131/736 ... yes 227/737 ... yes 95/740 ... yes 190/741 ... yes 95/742 ... yes 196/743 ... yes 196/744 ... yes 198/745 ... yes 199/746 ... yes 199/747 ... yes 176/748 ... yes 191/749 ... yes 190/750 ... yes 131/751 ... yes 241/752 ... yes 190/753 ... yes 189/754 ... yes 191/755 ... yes 196/757 ... yes 37/758 ... yes 104/760 ... yes 131/765 ... yes 210/768 ... yes 210/769 ... yes 131/770 ... yes 131/771 ... yes 104/772 ... yes 131/773 ... yes 222/774 ... yes 203/775 ... yes 176/776 ... yes 191/777 ... yes 191/778 ... yes 191/779 ... yes 188/780 ... yes 161/781 ... yes 212/783 ... yes 212/784 ... yes 188/785 ... yes 131/786 ... yes 105/787 ... yes 131/788 ... yes 212/789 ... yes 192/790 ... yes 241/791 ... yes 241/792 ... yes 213/793 ... yes 214/794 ... yes 135/795 ... yes 198/796 ... yes 224/797 ... yes 131/799 ... yes 43/801 ... yes 139/802 ... yes 139/803 ... yes 131/804 ... yes 161/805 ... yes 161/806 ... yes 220/807 ... yes 220/808 ... yes 216/809 ... yes 213/810 ... yes 214/811 ... yes 188/812 ... yes 131/813 ... yes 131/814 ... yes 139/815 ... yes 142/816 ... yes 164/817 ... yes 131/818 ... yes 229/819 ... yes 3/820 ... yes 135/821 ... yes 154/822 ... yes 135/824 ... yes 231/825 ... yes 213/826 ... yes 214/827 ... yes 222/828 ... yes 179/829 ... yes 222/830 ... yes 191/831 ... yes 235/833 ... yes 235/834 ... yes 191/835 ... yes 235/837 ... yes 203/841 ... yes 203/842 ... yes 131/843 ... yes 131/844 ... yes 244/845 ... yes 179/846 ... yes 245/847 ... yes 245/848 ... yes 155/850 ... yes 248/851 ... yes 250/852 ... yes 179/855 ... yes 164/856 ... yes 227/857 ... yes 252/858 ... yes 12/859 ... yes 135/860 ... yes 248/861 ... yes 235/862 ... yes 245/864 ... yes 235/866 ... yes 252/868 ... yes 252/869 ... yes 248/870 ... yes 248/871 ... yes 177/874 ... yes 235/875 ... yes 131/876 ... yes 164/877 ... yes 254/878 ... yes 161/879 ... yes 254/880 ... yes 252/881 ... yes 255/882 ... yes 254/883 ... yes 176/884 ... yes 257/886 ... yes 257/887 ... yes 257/888 ... yes 224/889 ... yes 258/890 ... yes 257/892 ... yes 257/893 ... yes 131/894 ... yes 191/895 ... yes 244/896 ... yes 259/897 ... yes 259/898 ... yes 131/899 ... yes 215/900 ... yes 213/901 ... yes 131/902 ... yes 241/905 ... yes 217/906 ... yes 217/907 ... yes 134/908 ... yes 131/909 ... yes 131/910 ... yes Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.6) Git version >= 2.22.0 ? ... yes (2.27.0) Git user has default SSH configuration? ... yes Active users: ... 69 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... no Try fixing it: Please migrate all projects to hashed storage as legacy storage is deprecated in 13.0 and support will be removed in 14.0. For more information see: doc/administration/repository_storage_types.md Elasticsearch version 5.6 - 6.x? ... skipped (elasticsearch is disabled)
Checking GitLab App ... Finished
Checking GitLab subtasks ... Finished
Possible fixes
Unknown.