Always try to generate a hash for packages in Pipfile.lock

Even for custom package indexes!
2026-06-05 22:50:18 +00:00 · 2018-02-26 23:11:08 -08:00
parent 00567830d7
commit fd5d7dd0fa
2 changed files with 9 additions and 4 deletions
@@ -1,5 +1,6 @@
 next:
 - Assume `PIPENV_VENV_IN_PROJECT` if `./.venv/` already exists.
+ - Use and generate hashes for PyPI mirrors and custom indexes.
 10.1.0:
 - Default dependencies now take precidence over Develop dependencies when
   creating a Pipfile.lock.
@@ -391,17 +391,21 @@ def resolve_deps(deps, which, which_pip, project, sources=None, verbose=False, p

                    for release in cleaned_releases[version]:
                        collected_hashes.append(release['digests']['sha256'])
-
                    collected_hashes = ['sha256:' + s for s in collected_hashes]

-                    # Collect un-collectable hashes.
-                    if not collected_hashes:
-                        collected_hashes = list(list(resolver.resolve_hashes([result]).items())[0][1])

                except (ValueError, KeyError, ConnectionError):
                    if verbose:
                        print('Error fetching {}'.format(name))

+            # Collect un-collectable hashes (should work with devpi).
+            if not collected_hashes:
+                try:
+                    collected_hashes = list(list(resolver.resolve_hashes([result]).items())[0][1])
+                except (ValueError, KeyError, ConnectionError, IndexError):
+                    if verbose:
+                        print('Error generating hash for {}'.format(name))
+
            d = {'name': name, 'version': version, 'hashes': collected_hashes}

            if index: