pypi/conveyor

unable to download certain versions of a package

zoranbosnjak opened this issue · 2 comments

Describe the bug

I am not 100% sure it's a PyPI problem, but the issue is that some versions of a package are available to download:

  • over the web via the link packages/some-long-hash/package-name-version.tar.gz (where the pypi download link is pointing to, if using the web browser)
  • and over direct link url in the form packages/source/.../package-name-version.tar.gz (without hash)

On the other hand, some other versions are only available in the former form. A problem arises with nix package manager, where the package source is (obviously) expected to be in the latter form, so sometimes the package upgrade would fail (depending on the exact package version). Again, I am not sure about the details, but the nix is reporting problem that a certain version of a package is not found, even though the package version is actually published. The latter form of the URL is reported together with an error.

Expected behavior

It is expected that each published package version is consistantly available to download.

To Reproduce

Simple test from the terminal (bash) to simulate what nix package manager is trying to do:

# works as expected
wget https://pypi.io/packages/source/S/Sphinx/Sphinx-7.0.0.tar.gz
wget https://pypi.io/packages/source/S/Sphinx/Sphinx-7.0.1.tar.gz

# does not work (ERROR 404: Not Found.)
wget https://pypi.io/packages/source/S/Sphinx/Sphinx-7.1.0.tar.gz
# ... there is a problem with other releases, including the last one
wget https://pypi.io/packages/source/S/Sphinx/Sphinx-7.2.6.tar.gz

If trying to download manually via
https://pypi.org/project/Sphinx/#files
or
https://pypi.org/project/Sphinx/#history, then I can download any version.

My Platform

ubuntu-22.04

Additional context

di commented

(This isn't an issue with PyPI itself, but a sub-service we have called "conveyor", I've transferred the issue)

If you look at https://pypi.org/project/Sphinx/7.2.6/#files for example, you'll note that the filename has changed from Sphinx-{version}.tar.gz to sphinx-{version}.tar.gz, so the file for the latest release will be available at https://pypi.io/packages/source/S/Sphinx/sphinx-7.2.6.tar.gz.

This is a duplicate of #19 which in turn is probably a duplicate of #6 and #4.

@di thanks for filename change clarification and a reference to duplicated issues. Is there a plan to fix this back to the original filename? If so, when?