Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Python PyPI - A hash in the form of a URL fragment should be included
-
Hello,
Is there any way to configure ProGet to specify a file hash in package URLs for PyPI feed?
PEP 503 says:
URL SHOULD include a hash in the form of a URL fragment with the following syntax: #<hashname>=<hashvalue>, where <hashname> is the lowercase name of the hash function (such as sha256) and <hashvalue> is the hex encoded digest.
Repositories SHOULD choose a hash function from one of the ones guaranteed to be available via the hashlib module in the Python standard library (currently md5, sha1, sha224, sha256, sha384, sha512). The current recommendation is to use sha256.
Having a URL package hash is important for Python package managers to check the hash and write it to a lock file without downloading the entire package and calculating the hash every time.
Without the ability to include the hash in the package URL, ProGet PyPI feed does not meet the PEP 503 specification.
-
Hi @en_1446 ,
Not sure what version of ProGet you're using, but this seems to be on the recent versions I've seen, so I would recommend to upgrade :)
Cheers,
Alana
