Hashes generated during locking do not match install

[randName]

Issue description

Packages failed to install from Pipfile (pipenv install) but managed to install after specifying their name

Expected result

The packages install.

Actual result

An error is thrown about hashes not matching. If a package name is specified, it installs and says "Since it is already installed, we are trusting this package without checking its hash."

Steps to replicate

Non-verbose

Verbose output:

>  pipenv install numpy --verbose
Creating a virtualenv for this project...
Pipfile: /home/pi/testing_dir/Pipfile
Using /usr/bin/python3.5m (3.5.3) to create virtualenv...
⠋Running virtualenv with interpreter /usr/bin/python3.5m
Using base prefix '/usr'
New python executable in /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/python3.5m
Also creating executable in /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/python
Installing setuptools, pip, wheel...done.
Setting project for testing_dir-WDGBnYYm to /home/pi/testing_dir

Virtualenv location: /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm
Installing numpy...
⠙Installing 'numpy'
$ "/home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/pip" install   --verbose    "numpy" -i https://pypi.org/simple --exists-action w
[ snip ]
Installing collected packages: numpy

Successfully installed numpy-1.14.5
Cleaning up...

Adding numpy to Pipfile's [packages]...
Pipfile.lock not found, creating...
Locking [dev-packages] dependencies...
Locking [packages] dependencies...
using sources: [{'name': 'pypi', 'url': 'https://pypi.org/simple', 'verify_ssl': True}]
Using pip: -i https://pypi.org/simple

                          ROUND 1                           
Current constraints:
  numpy (from -r /tmp/pipenv-fw9u0ln7-requirements/pipenv-c8uwffst-constraints.txt (line 2))

Finding the best candidates:
  found candidate numpy==1.14.5 (constraint was <any>)
Finding secondary dependencies:
  numpy==1.14.5             requires numpy==1.14.5; python_version != "3.1.*" and python_version != "3.0.*" and python_version != "3.3.*" and python_version != "3.2.*" and python_version >= "2.7"

New dependencies found in this round:
  adding ['numpy', '==1.14.5', '[]']
Removed dependencies in this round:
Unsafe dependencies in this round:
------------------------------------------------------------
Result of round 1: not stable

                          ROUND 2                           
Current constraints:
  numpy==1.14.5 (from -r /tmp/pipenv-fw9u0ln7-requirements/pipenv-c8uwffst-constraints.txt (line 2))

Finding the best candidates:
  found candidate numpy==1.14.5 (constraint was ==1.14.5)

Finding secondary dependencies:
  numpy==1.14.5             requires numpy==1.14.5; python_version != "3.1.*" and python_version != "3.0.*" and python_version != "3.3.*" and python_version != "3.2.*" and python_version >= "2.7"
------------------------------------------------------------
Result of round 2: stable, done

Updated Pipfile.lock (5a67c1)!
Installing dependencies from Pipfile.lock (5a67c1)...
Installing 'numpy==1.14.5 --hash=sha256:07379fe0b450f6fd6e5934a9bc015025bb4ce1c8fbed3ca8bef29328b1bc9570 [long list of hashes]'
$ "/home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/bin/pip" install   --verbose  --no-deps  -r "/tmp/pipenv-m7n5vxhw-requirements/pipenv-s6f0at97-requirement.txt" --require-hashes -i https://pypi.org/simple --exists-action w
Created temporary directory: /tmp/pip-ephem-wheel-cache-ntah_q6a
Created temporary directory: /tmp/pip-install-75w412mp
Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
Requirement already satisfied: numpy==1.14.5 in /home/pi/.local/share/virtualenvs/testing_dir-WDGBnYYm/lib/python3.5/site-packages (from -r /tmp/pipenv-m7n5vxhw-requirements/pipenv-s6f0at97-requirement.txt (line 1)) (1.14.5)
  Since it is already installed, we are trusting this package without checking its hash. To ensure a completely repeatable environment, install into an empty virtualenv.
Cleaning up...

[techalchemy]

You’re using a raspberry pi which means you can’t use the lockfile off of an x86 machine. How did you build your lockfile?

In your case you need to add an additional source to your pipfile:

[[source]]
url = "https://pypi.org/simple"
name = "pypi"
verify_ssl = true

[[source]]
url = "https://www.piwheels.org/simole"
name = "piwheels"
verify_ssl = true

[packages]
numpy = {version = "*", index = "piwheels"}

[dev-packages]

[requires]
python_version = "3.5"

If you continue to have issues please fill out the issue template. It’s there to streamline our ability to spot things that are going wrong. Thanks for the report and hope this helps

[randName]

I didn't have a lockfile in the folder. But adding the piwheels source works, thank you!

[charliesneath]

@techalchemy Adding the pinwheels source also solved the same problem I was having. Is there documentation about why the additional sources are needed? I'm wondering why it's not automatically included when initially running pipenv lock.