ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. when updating Django

Question

I have Django 2.2.7 and now I want to install Django 3.0.2. I read that I need to run the command pip install -U Django to update it, but when I try it shows this error message

ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    Django from https://files.pythonhosted.org/packages/55/d1/8ade70e65fa157e1903fe4078305ca53b6819ab212d9fbbe5755afc8ea2e/Django-3.0.2-py3-none-any.whl#sha256=4f2c913303be4f874015993420bf0bd8fd2097a9c88e6b49c6a92f9bdd3fb13a:
        Expected sha256 4f2c913303be4f874015993420bf0bd8fd2097a9c88e6b49c6a92f9bdd3fb13a
             Got        f97dfd0d593c3c78e81ca2f4fd095a21cd0a30752e7b8754294bf1d42541a218

What should I do?

this is my requeriments.txt

argon2-cffi==19.2.0
asgiref==3.2.3
cffi==1.13.2
Django==3.0.2
django-environ==0.4.5
djangorestframework==3.11.0
Pillow==7.0.0
psycopg2-binary==2.8.4
pycparser==2.19
pytz==2019.3
six==1.14.0
sqlparse==0.3.0

score 4 · Answer 1 · answered Oct 21 '21 at 21:20

4

There are a couple different fixes:

Option 1: Delete the PIP Cache Directory

Unix ~/.cache/pip and it respects the XDG_CACHE_HOME directory.

macOS ~/Library/Caches/pip

Windows <CSIDL_LOCAL_APPDATA>\pip\Cache

Option 2: Install and specify no cache directory:

pip install your-package --no-cache-dir

answered Oct 21 '21 at 21:20

Greg Finzer

6,714
21
80
125

6

pip cache purge – ChuckZ Jan 12 '22 at 15:31
1

This worked: go to your pip cache dir and delete all: del C:\Users\Your.Name\AppData\Local\pip\cache\* – dave Apr 28 '22 at 20:48
running the `pip cache purge` worked for me when using pip-compile in a makefile – Bebop_ Jul 12 '22 at 17:56

score 3 · Answer 2 · answered Jan 20 '20 at 14:45

This is pips integrated checking mechanism that is automatically checking the integrity of the downloaded package.

You can check yourself (by clicking view in the has column) that the sha256 of the whl file loaded from pypi should be

4f2c913303be4f874015993420bf0bd8fd2097a9c88e6b49c6a92f9bdd3fb13a

Your error suggests that you got

f97dfd0d593c3c78e81ca2f4fd095a21cd0a30752e7b8754294bf1d42541a218

So pip is (for security reasons) not installing the package for you. I would suggest to

Check if pip is taking the whl from some tmp directory on your system with an incorrectly downloaded whl file sitting there - If so, try deleting it
Check if you can install other packages without issues
Try to manually download the whl file and then check the output of pip hash <whl file> (if it matches the 4f2c91330... sha) and if you can do pip install <whl file>

score 0 · Answer 3 · answered Feb 12 '23 at 11:43

0

This issue fixed by change a network stable pypi mirror for me.

For example: pip config set global.index-url https://mirrors.ustc.edu.cn/pypi/web/simple

answered Feb 12 '23 at 11:43

suiwenfeng

1,865
1
25
32

score -1 · Answer 4 · answered Feb 11 '21 at 19:07

-1

In addition to @FlyingTeller's answer, if it reads from a requirements.txt in tmp directory, instead of deleting it, you can try add your sha256 at the end. eg:

--hash=sha256:f97dfd0d593c3c78e81ca2f4fd095a21cd0a30752e7b8754294bf1d42541a218

answered Feb 11 '21 at 19:07

Harriet.O

419
1
5
8

1

Got the following error: no such option: --hash pip install pandas --hash=sha256:5c54ea4ef3823108cd4ec7fb27ccba4c3a775e0f83e39c5e17f5094cb17748bc no such option: --hash – dave Apr 28 '22 at 20:38

ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. when updating Django

4 Answers4

Linked