Hash mismatch susceptibilityΒ #3317
Description
π bug report
Affected Rule
The issue is caused by the rule: whl_library
Is this a regression?
Not sure
Description
- While using
experimental_index_url, some wheels are unexpectedly being downloaded through pip - This increases susceptibility to interrupted download reports as hash failureΒ pypa/pip#11153
π¬ Minimal Reproduction
(don't have one right now, sorry)
π₯ Exception or Error
ERROR: .../external/rules_python+/python/private/repo_utils.bzl:83:16: An error occurred during the fetch of repository 'rules_python++pip+hub_311_nvidia_cublas_cu12':
Traceback (most recent call last):
File ".../external/rules_python+/python/private/pypi/whl_library.bzl", line 335, column 40, in _whl_library_impl
pypi_repo_utils.execute_checked(
File ".../external/rules_python+/python/private/pypi/pypi_repo_utils.bzl", line 140, column 38, in _execute_checked
return repo_utils.execute_checked(
File ".../external/rules_python+/python/private/repo_utils.bzl", line 228, column 29, in _execute_checked
return _execute_internal(fail_on_error = True, *args, **kwargs)
File ".../external/rules_python+/python/private/repo_utils.bzl", line 157, column 27, in _execute_internal
return logger.fail((
File ".../external/rules_python+/python/private/repo_utils.bzl", line 93, column 39, in lambda
fail = lambda message_cb: _log(-1, "FAIL", message_cb, fail),
File ".../external/rules_python+/python/private/repo_utils.bzl", line 83, column 16, in _log
printer("\nrules_python:{} {}:".format(
...
===== stdout start =====
Collecting nvidia-cublas-cu12==12.9.1.4 (from -r /tmp/tmp19w52b0x (line 1))
Downloading nvidia_cublas_cu12-12.9.1.4-py3-none-manylinux_2_27_x86_64.whl (581.2 MB)
βββββββββββββββββββββββββββββ 449.2/581.2 MB 63.5 MB/s eta 0:00:03
===== stdout end =====
===== stderr start =====
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
nvidia-cublas-cu12==12.9.1.4 from https://files.pythonhosted.org/packages/77/3c/aa88abe01f3be3d1f8f787d1d33dc83e76fec05945f9a28fbb41cfb99cd5/nvidia_cublas_cu12-12.9.1.4-py3-none-manylinux_2_27_x86_64.whl (from -r /tmp/tmp19w52b0x (line 1)):
Expected sha256 453611eb21a7c1f2c2156ed9f3a45b691deda0440ec550860290dc901af5b4c2
Got f9ad1f4b4d020539fdf7b7a57c7758b6a5a71f28253a9f5bcfeb54d29c8ce236
Traceback (most recent call last):
File "", line 198, in _run_module_as_main
File "", line 88, in _run_code
File ".../external/rules_python+/python/private/pypi/whl_installer/wheel_installer.py", line 183, in
main()
File ".../external/rules_python+/python/private/pypi/whl_installer/wheel_installer.py", line 168, in main
subprocess.run(pip_args, check=True, env=env)
File ".../external/rules_python++python+python_3_11_x86_64-unknown-linux-gnu/lib/python3.11/subprocess.py", line 571, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['.../external/rules_python++python+python_3_11_host/python', '-m', 'pip', '--isolated', 'wheel', '--no-deps', '-r', '/tmp/tmp19w52b0x']' returned non-zero exit status 1.
===== stderr end =====
π Your Environment
Operating System:
Linux
Output of bazel version:
8.3.1
Rules_python version:
1.6.1
Anything else relevant?
This is happening with a couple packages with unusual versions, which feels likely to be related to the root cause of the issue:
nvidia-cublas-cu12==12.9.1.4
xformers==0.0.32.post1
Also, if rules_python pip were upgraded to 25.1+ with --resume-retries, that would mitigate this issue and significantly help in general for cases where pip is being used to download rather than the bazel download manager