python - 清洁 Docker pip 安装导致错误 : THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE

我的 Dockerfile 看起来像

FROM python:3.7-slim

# System setup
ENV USER app
ENV APP_DIR /home/app

RUN useradd -ms /bin/bash ${USER}

# System dependencies
RUN apt-get -y update
RUN apt-get install -y --no-install-recommends \
  build-essential \
  libffi-dev \
  libpq-dev

# Update pip
RUN pip3 install --upgrade pip setuptools --user --no-cache-dir
RUN pip3 install wheel --user --no-cache-dir

WORKDIR ${APP_DIR}

# App dependencies
COPY setup.py ${APP_DIR}/
RUN pip3 install --extra-index-url {url} -e ${APP_DIR}/.[test] --user

使用以下 docker-compose:

version: '3'
services:
  application-api:
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "8000:8000"
    volumes:
      - ~/.config/appsecrets/secrets.yaml:/var/lib/appsecrets/app.yaml:ro
    environment:
      APP_LOG_LEVEL: INFO

和以下 setup.py

from setuptools import setup

setup(
    name="context_manager",
    install_requires=[
        "gunicorn[gevent]==20.0.4",
        "nltk==3.4.5",
        "psycopg2==2.7.3.2",
        "pyyaml==5.1.2",
        "pyparsing==2.4.6",
        "sentry-sdk==0.14.0",
        "tldextract==2.2.2",
    ],
    extras_require={"test": ["pytest", "pytest-cov", "mock"]},
)

这导致以下错误

ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.

    nltk==3.4.5 from https://files.pythonhosted.org/packages/f6/1d/d925cfb4f324ede997f6d47bea4d9babba51b49e87a767c170b77005889d/nltk-3.4.5.zip#sha256=bed45551259aa2101381bbdd5df37d44ca2669c5c3dad72439fa459b29137d94 (from context-manager==0.0.0):
        Expected sha256 bed45551259aa2101381bbdd5df37d44ca2669c5c3dad72439fa459b29137d94
             Got        ce4ae7079a05635aa5a2e7f464593524d4b047982c06c012c53d1658175043b6

    gevent>=0.13; extra == "gevent" from https://files.pythonhosted.org/packages/0b/55/85c758c389a3c84f999b445e423b6b148227f03104fa7957e84179d9a97b/gevent-20.5.0-cp37-cp37m-manylinux2010_x86_64.whl#sha256=31dc5d4ab8172cc00c4ff17cb18edee633babd961f64bf54214244d769bc3a74 (from gunicorn[gevent]==20.0.4->context-manager==0.0.0):
        Expected sha256 31dc5d4ab8172cc00c4ff17cb18edee633babd961f64bf54214244d769bc3a74
             Got        02444a3dbde12419a14ad40ac2dff92466f5fbfb1c566c94b44ce01497bdbdb2

    urllib3>=1.10.0 from https://files.pythonhosted.org/packages/e1/e5/df302e8017440f111c11cc41a6b432838672f5a70aa29227bf58149dc72f/urllib3-1.25.9-py2.py3-none-any.whl#sha256=88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 (from sentry-sdk==0.14.0->context-manager==0.0.0):
        Expected sha256 88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115
             Got        d00015c954667a679b32f8d1892cd6264f725e44df87e1ca775678c409f1faef

这刚刚开始，并且不会影响任何其他人尝试构建相同的图像。

我试过有和没有 --user和 --no-cache-dir在没有运气的所有 pip3 install 命令上。 docker 容器在没有任何缓存步骤的情况下运行。我在 Windows (Home) 上使用 Docker 版本 19.03.1。

关于可能是什么原因的任何想法？

最佳答案

这很可能是 pip 20.1.0 的一个问题，它最近发布并加入了 python:3.7-slim。图片:https://github.com/docker-library/python/commit/b818e9441c088295165edf79a791503f1fe7f6f7

如果您更换您的 # Update pip部分与 pip install pip==20.0.2这些应该消失。

至于为什么，我认为这个变化可能是负责任的:https://github.com/pypa/pip/issues/609

关于python - 清洁 Docker pip 安装导致错误 : THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/61551480/

python - 清洁 Docker pip 安装导致错误 : THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE

上一篇：image - OpenCV:缩放并转换IplImage数据

下一篇：docker - 构建时如何调试 docker-compose 缓存未命中