md5 validation error

Issue #163 resolved
Christophe Combelles
created an issue

{{{ virtualenv --no-site-packages --distribute sandbox sandbox/bin/easy_install Products.ClockServer (...) error: MD5 validation failed ... }}}

There is a MD5 error, however the MD5 on the PyPI page is correct. The first link in the simple index is correct as well. However, Distribute insists on using a download link from another page : On this other page, the md5 is not correct.

Expected behaviour : Distribute should use the main link from PyPI, and not an external (possibly old) link.

I've investigated a bit and I've found two problems:

1) in setuptools.package_index.process_url : self.process_index is run first. This causes external links to be selected first.

To fix this problem, I've tried to move the self.process_url recursion before self.process_index, so that PyPI links are selected first. But it has no effect because of 2) (see below).

2) in pkg_resources.Environment.getitem, the self._cache is sorted with _sort_dists. I believe there should not be any sorting there, so that the initial link order is respected. There is another _sort_dists in Environment.add, I'm not sure it is useful.

Actually, the link with the wrong MD5 should not be added to the Environment, since it already exists. The full link is not the same but comparison should be done without the MD5 part.

Comments (8)

  1. Log in to comment