-
-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mirroring fails for packages with hashes other than sha256 #996
Comments
To clarify, you mirror something which isn't pypi.org and it doesn't provide sha256 sums? Could you provide a raw html example (with anonymized package name if needed)? |
It's a Nexus mirror which currently provides SHA256 sums. Problem was observed for an old package that was already synced with MD5. Not sure if Nexus is still serving only MD5 for it. I'll see if I can retrieve the Nexus response. Although line linked should just be fixed anyway: >>> x = {"foo": "bar"}
>>> next(x.items())
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: 'dict_items' object is not an iterator
>>> next(iter(x.items()))
('foo', 'bar') |
Here is the Nexus response - still using md5 for this package. <html lang="en">
<head><title>Links for avro-python3</title>
<meta name="api-version" value="2"/>
</head>
<body><h1>Links for avro-python3</h1>
<a href="../../packages/avro-python3/1.9.0-snapshot-20190725/avro-python3-1.9.0-snapshot-20190725.tar.gz#md5=07f58693cc10857e520084588394337d" rel="internal" data-requires-python=">=3.4" >avro-python3-1.9.0-snapshot-20190725.tar.gz</a><br/>
</body>
</html> |
…pi.simple.v1+json responses.
Ah, I only now realized that this is for an |
While I'm pretty sure a bug is still there, for some reason I don't see it any more after migrating the stack to the one without replicas. |
I also have to check whether ETag handling conflicts with the You didn't mention replicas before. |
I didn't mention them before because I had no reasons to believe they're related. But now - after switching to a replica-free deployment I no longer see stacktraces in logs. |
…pi.simple.v1+json responses.
…pi.simple.v1+json responses.
…pi.simple.v1+json responses.
…pi.simple.v1+json responses.
…pi.simple.v1+json responses.
…pi.simple.v1+json responses.
…pi.simple.v1+json responses.
Environment
Devpi version: 6.9.1 (looking at code, 6.9.2 should also be affected)
Packages list
OS: Alpine 3.18.2 (Docker)
Issue
Mirroring sometimes fails for packages without sha256 checksum with the following stacktrace snippet (I currently don't have the full stacktrace):
If we check the mentioned line, we'll see the following fragment:
Hashes are loaded from a parsed JSON object which means it's a pure dict. For packages with other hashes than SHA256 it's using the second block.
But
next
requires an iterator as an argument. Which means this line is raising. It probably should be:(although ideally it would use the strongest hash available, not the first one)
But there is a problem:
Sometimes it fails consistently for a specific package we have which is mirrored from a Nexus repo. And at other times (like right now) I'm failing to hit this error - I cannot find what's triggering this particular function, tried:
Is it possible only the automatic background refresh (on GET request) hits this line?
The text was updated successfully, but these errors were encountered: