[PyQt] invalid PyQt5 wheel metadata
Benoit Pierre
benoit.pierre at gmail.com
Tue Nov 21 12:41:29 GMT 2017
The RECORD metadata for the wheels available on PyPI is invalid: it looks
like the checksums are the result of `hashlib.sha256(data).hexdigest()`,
but a valid PEP 427 implementation expects
`base64.b64encode(hashlib.sha256(data).digest()).rstrip(b"=")`. Reference:
https://www.python.org/dev/peps/pep-0427/#signed-wheel-files
This is not an issue when installing with pip because those are not
checked, but can be problematic when using other tools, e.g. with distlib:
python -c 'import distlib.wheel, sys;
distlib.wheel.Wheel(sys.argv[1]).verify()' WHEEL
Cheers,
--
A: Because it destroys the flow of conversation.
Q: Why is top posting dumb?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.riverbankcomputing.com/pipermail/pyqt/attachments/20171121/78ee5967/attachment.html>
More information about the PyQt
mailing list