Poetry fails with "Retrieved digest for package not in poetry.lock metadata"
Question:
We’re trying to merge and old branch in a project and when trying to build a docker image, poetry seems to fail for some reason that I don’t understand.
I’m not very familiar with poetry, as I’ve only used requirements.txt for dependencies up to now, so I’m fumbling a bit on what’s going on.
The error that I’m getting (part of the playbook that builds the image on the server) is this:
"Installing dependencies from lock file",
"",
"Package operations: 16 installs, 14 updates, 0 removals",
"",
" • Updating importlib-metadata (4.8.3 -> 2.0.0)",
" • Updating pyparsing (3.0.6 -> 2.4.7)",
" • Updating six (1.16.0 -> 1.15.0)",
"",
" RuntimeError",
"",
" Retrieved digest for link six-1.15.0.tar.gz(sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259) not in poetry.lock metadata ['30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259', '8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced']",
"",
" at /usr/local/lib/python3.7/dist-packages/poetry/installation/chooser.py:115 in _get_links",
" 111│ ",
" 112│ if links and not selected_links:",
" 113│ raise RuntimeError(",
" 114│ "Retrieved digest for link {}({}) not in poetry.lock metadata {}".format(",
" → 115│ link.filename, h, hashes",
" 116│ )",
" 117│ )",
" 118│ ",
" 119│ return selected_links",
"",
"",
" RuntimeError",
"",
" Retrieved digest for link pyparsing-2.4.7.tar.gz(sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1) not in poetry.lock metadata ['c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1', 'ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b']",
"",
" at /usr/local/lib/python3.7/dist-packages/poetry/installation/chooser.py:115 in _get_links",
" 111│ ",
" 112│ if links and not selected_links:",
" 113│ raise RuntimeError(",
" 114│ "Retrieved digest for link {}({}) not in poetry.lock metadata {}".format(",
" → 115│ link.filename, h, hashes",
" 116│ )",
" 117│ )",
" 118│ ",
" 119│ return selected_links",
"",
"",
" RuntimeError",
"",
" Retrieved digest for link importlib_metadata-2.0.0.tar.gz(sha256:77a540690e24b0305878c37ffd421785a6f7e53c8b5720d211b211de8d0e95da) not in poetry.lock metadata ['77a540690e24b0305878c37ffd421785a6f7e53c8b5720d211b211de8d0e95da', 'cefa1a2f919b866c5beb7c9f7b0ebb4061f30a8a9bf16d609b000e2dfaceb9c3']",
"",
" at /usr/local/lib/python3.7/dist-packages/poetry/installation/chooser.py:115 in _get_links",
" 111│ ",
" 112│ if links and not selected_links:",
" 113│ raise RuntimeError(",
" 114│ "Retrieved digest for link {}({}) not in poetry.lock metadata {}".format(",
" → 115│ link.filename, h, hashes",
" 116│ )",
" 117│ )",
" 118│ ",
" 119│ return selected_links"
]
}
If you notice, for all 3 packages, the retrieved digest is actually in the list of digests of the metadata section of the poetry lock file.
Our guess is that maybe this lock file was generated by an older version of poetry and is no longer valid. Maybe a hashing method should be mentioned (for example the retrieved digest is sha256, but no method is specified on the ones that are compared with it)?
Another curious thing is that poetry is not installed inside the dockerfile, but seems to reach that point, nevetheless, and I’m really curious how this can happen.
Any insight would be greatly appreciated (and any link with more information, even)!
Thanks a lot for your time! (Feel free to ask for more information if this seems inadequate to you!)
Cheers!
Answers:
When I’ve had this issue myself it has been fixed by recreating the lock file using a newer version of poetry. If you are able to view the .toml file I suggest deleting this lock file and then running poetry install to create a new lock file.
In my case, I use pypi-server.
It uses the digest method md5 by default.
You can change it by the CMD parameter.
For example, I use the docker image, and my Dockerfile is like:
FROM pypiserver/pypiserver:latest
ENTRYPOINT ["/entrypoint.sh", "run", "--hash-algo", "sha256"]
Hope to help others who searched for this problem.
I had the same issue trying to replace a personal package-xxx with another source of the same package without changing the version. The sha256 is different.
with poetry 1.2.2, you can use poetry cache list to check whether or not the package is cached in poetry.
if yes, use poetry cache package-xxx clear --all and try to install package-xxx with poetry add package=xxx
I was using poetry v1.2.2 and the fix was changing the config to not using the new experimental installer like so
poetry config experimental.new-installer false
and then
poetry install
from the TOML file to recreate a new lock.
While my issue was not exactly the same, it was the exact same RunTime error, and there was potential for md5-sha256 mismatch.
We’re trying to merge and old branch in a project and when trying to build a docker image, poetry seems to fail for some reason that I don’t understand.
I’m not very familiar with poetry, as I’ve only used requirements.txt for dependencies up to now, so I’m fumbling a bit on what’s going on.
The error that I’m getting (part of the playbook that builds the image on the server) is this:
"Installing dependencies from lock file",
"",
"Package operations: 16 installs, 14 updates, 0 removals",
"",
" • Updating importlib-metadata (4.8.3 -> 2.0.0)",
" • Updating pyparsing (3.0.6 -> 2.4.7)",
" • Updating six (1.16.0 -> 1.15.0)",
"",
" RuntimeError",
"",
" Retrieved digest for link six-1.15.0.tar.gz(sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259) not in poetry.lock metadata ['30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259', '8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced']",
"",
" at /usr/local/lib/python3.7/dist-packages/poetry/installation/chooser.py:115 in _get_links",
" 111│ ",
" 112│ if links and not selected_links:",
" 113│ raise RuntimeError(",
" 114│ "Retrieved digest for link {}({}) not in poetry.lock metadata {}".format(",
" → 115│ link.filename, h, hashes",
" 116│ )",
" 117│ )",
" 118│ ",
" 119│ return selected_links",
"",
"",
" RuntimeError",
"",
" Retrieved digest for link pyparsing-2.4.7.tar.gz(sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1) not in poetry.lock metadata ['c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1', 'ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b']",
"",
" at /usr/local/lib/python3.7/dist-packages/poetry/installation/chooser.py:115 in _get_links",
" 111│ ",
" 112│ if links and not selected_links:",
" 113│ raise RuntimeError(",
" 114│ "Retrieved digest for link {}({}) not in poetry.lock metadata {}".format(",
" → 115│ link.filename, h, hashes",
" 116│ )",
" 117│ )",
" 118│ ",
" 119│ return selected_links",
"",
"",
" RuntimeError",
"",
" Retrieved digest for link importlib_metadata-2.0.0.tar.gz(sha256:77a540690e24b0305878c37ffd421785a6f7e53c8b5720d211b211de8d0e95da) not in poetry.lock metadata ['77a540690e24b0305878c37ffd421785a6f7e53c8b5720d211b211de8d0e95da', 'cefa1a2f919b866c5beb7c9f7b0ebb4061f30a8a9bf16d609b000e2dfaceb9c3']",
"",
" at /usr/local/lib/python3.7/dist-packages/poetry/installation/chooser.py:115 in _get_links",
" 111│ ",
" 112│ if links and not selected_links:",
" 113│ raise RuntimeError(",
" 114│ "Retrieved digest for link {}({}) not in poetry.lock metadata {}".format(",
" → 115│ link.filename, h, hashes",
" 116│ )",
" 117│ )",
" 118│ ",
" 119│ return selected_links"
]
}
If you notice, for all 3 packages, the retrieved digest is actually in the list of digests of the metadata section of the poetry lock file.
Our guess is that maybe this lock file was generated by an older version of poetry and is no longer valid. Maybe a hashing method should be mentioned (for example the retrieved digest is sha256, but no method is specified on the ones that are compared with it)?
Another curious thing is that poetry is not installed inside the dockerfile, but seems to reach that point, nevetheless, and I’m really curious how this can happen.
Any insight would be greatly appreciated (and any link with more information, even)!
Thanks a lot for your time! (Feel free to ask for more information if this seems inadequate to you!)
Cheers!
When I’ve had this issue myself it has been fixed by recreating the lock file using a newer version of poetry. If you are able to view the .toml file I suggest deleting this lock file and then running poetry install to create a new lock file.
In my case, I use pypi-server.
It uses the digest method md5 by default.
You can change it by the CMD parameter.
For example, I use the docker image, and my Dockerfile is like:
FROM pypiserver/pypiserver:latest
ENTRYPOINT ["/entrypoint.sh", "run", "--hash-algo", "sha256"]
Hope to help others who searched for this problem.
I had the same issue trying to replace a personal package-xxx with another source of the same package without changing the version. The sha256 is different.
with poetry 1.2.2, you can use poetry cache list to check whether or not the package is cached in poetry.
if yes, use poetry cache package-xxx clear --all and try to install package-xxx with poetry add package=xxx
I was using poetry v1.2.2 and the fix was changing the config to not using the new experimental installer like so
poetry config experimental.new-installer false
and then
poetry install
from the TOML file to recreate a new lock.
While my issue was not exactly the same, it was the exact same RunTime error, and there was potential for md5-sha256 mismatch.