ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE.

Question

ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE.

habullock opened this issue 2 months ago · 4 comments

C:>pip install cx_freeze --upgrade --trusted-host files.pythonhosted.org --trusted-host pypi.org
Collecting cx_freeze
Downloading cx_Freeze-7.0.0-cp311-cp311-win_amd64.whl.metadata (6.7 kB)
Requirement already satisfied: setuptools<70,>=62.6 in c:\users\hbullock\appdata\local\programs\python\python311\lib\site-packages (from cx_freeze) (65.5.0)
Collecting wheel<=0.43.0,>=0.42.0 (from cx_freeze)
Downloading wheel-0.43.0-py3-none-any.whl.metadata (2.2 kB)
Collecting cx-Logging>=3.1 (from cx_freeze)
Downloading cx_Logging-3.2.0-cp311-cp311-win_amd64.whl.metadata (1.4 kB)
Collecting lief<0.15.0,>=0.12.0 (from cx_freeze)
Downloading lief-0.14.1-cp311-cp311-win_amd64.whl.metadata (4.0 kB)
Downloading cx_Freeze-7.0.0-cp311-cp311-win_amd64.whl (2.1 MB)
--------------------------------------- 2.1/2.1 MB 2.4 MB/s eta 0:00:01
Downloading cx_Logging-3.2.0-cp311-cp311-win_amd64.whl (26 kB)
Downloading lief-0.14.1-cp311-cp311-win_amd64.whl (2.2 MB)
---------------------------------------- 2.2/2.2 MB 1.9 MB/s eta 0:00:00
Downloading wheel-0.43.0-py3-none-any.whl (65 kB)
---------------------------------------- 65.8/65.8 kB 3.7 MB/s eta 0:00:00
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
unknown package:
Expected sha256 8fb71d23dba27dc40393a8b460bbf64759899246cd595860f66493cee64f27a5
Got 7ccd260320b5ab1397f27735680050f748ca256f6ffffa7efdf506d0b919fc54

Answer 1 · 2024-05-09T14:37:34.000Z

It is not from cx_Freeze, check with:
pip install cx_freeze --upgrade --trusted-host files.pythonhosted.org --trusted-host pypi.org --no-deps
But you can try to not use cache, like:
pip install cx_freeze --upgrade --trusted-host files.pythonhosted.org --trusted-host pypi.org --no-cache --force

Answer 2 · 2024-05-09T19:31:43.000Z

Interesting... Both proposed solutions fail for me. Trying to understand from where the bad information/file is being delivered.

C:>pip install cx_freeze --upgrade --trusted-host files.pythonhosted.org --trusted-host pypi.org --no-cache --force
Collecting cx_freeze
Downloading cx_Freeze-7.0.0-cp311-cp311-win_amd64.whl.metadata (6.7 kB)
Collecting setuptools<70,>=62.6 (from cx_freeze)
Downloading setuptools-69.5.1-py3-none-any.whl.metadata (6.2 kB)
Collecting wheel<=0.43.0,>=0.42.0 (from cx_freeze)
Downloading wheel-0.43.0-py3-none-any.whl.metadata (2.2 kB)
Collecting cx-Logging>=3.1 (from cx_freeze)
Downloading cx_Logging-3.2.0-cp311-cp311-win_amd64.whl.metadata (1.4 kB)
Collecting lief<0.15.0,>=0.12.0 (from cx_freeze)
Downloading lief-0.14.1-cp311-cp311-win_amd64.whl.metadata (4.0 kB)
Downloading cx_Freeze-7.0.0-cp311-cp311-win_amd64.whl (2.1 MB)
--------------------------------------- 2.1/2.1 MB 2.2 MB/s eta 0:00:01
Downloading cx_Logging-3.2.0-cp311-cp311-win_amd64.whl (26 kB)
Downloading lief-0.14.1-cp311-cp311-win_amd64.whl (2.2 MB)
---------------------------------------- 2.2/2.2 MB 3.4 MB/s eta 0:00:00
Downloading setuptools-69.5.1-py3-none-any.whl (894 kB)
---------------------------------------- 894.6/894.6 kB 1.1 MB/s eta 0:00:00
Downloading wheel-0.43.0-py3-none-any.whl (65 kB)
---------------------------------------- 65.8/65.8 kB ? eta 0:00:00
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
unknown package:
Expected sha256 8fb71d23dba27dc40393a8b460bbf64759899246cd595860f66493cee64f27a5
Got 7ccd260320b5ab1397f27735680050f748ca256f6ffffa7efdf506d0b919fc54

==========================================================================

I have also purge cache previously.

C:>pip cache purge
WARNING: No matching packages
Files removed: 0

C:>pip install cx_freeze --upgrade --trusted-host files.pythonhosted.org --trusted-host pypi.org --no-deps
Collecting cx_freeze
Downloading cx_Freeze-7.0.0-cp311-cp311-win_amd64.whl.metadata (6.7 kB)
Downloading cx_Freeze-7.0.0-cp311-cp311-win_amd64.whl (2.1 MB)
--------------------------------------- 2.1/2.1 MB 1.7 MB/s eta 0:00:01
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
unknown package:
Expected sha256 8fb71d23dba27dc40393a8b460bbf64759899246cd595860f66493cee64f27a5
Got 7ccd260320b5ab1397f27735680050f748ca256f6ffffa7efdf506d0b919fc54

Answer 3 · 2024-05-09T19:42:18.000Z

If you check at PyPI hashes the correct hash is 8fb71d23dba27dc40393a8b460bbf64759899246cd595860f66493cee64f27a5
I downloaded it and checked, and the hash is correct:
sha256sum cx_Freeze-7.0.0-cp311-cp311-win_amd64.whl
8fb71d23dba27dc40393a8b460bbf64759899246cd595860f66493cee64f27a5 cx_Freeze-7.0.0-cp311-cp311-win_amd64.whl
So I suppose you have an intruder, a virus...

Answer 4 · 2024-05-09T21:41:14.000Z

We use Cisco Umbrella at work. After stopping the Cisco Umbrella (https://umbrella.cisco.com/) services on my laptop, the package installed successfully. It appears that Umbrella was tinkering with the files.

Thank you for your time and suggestions.

C:>pip cache purge WARNING: No matching packages Files removed: 0

C:>pip cache purge
WARNING: No matching packages
Files removed: 0