Description of problem: Several of our programs require the use of `pip` to install or upgrade python modules. When using the `pip` in SCL's python27-python-pip package on FIPS-enabled systems, the repo that `pip` is configured to talk to does not work due to that repo's use of MD5-based hashes Version-Release number of selected component (if applicable): - OS: 7.3.1611 - python27-python-pip-7.1.0-2.el7.noarch /opt/rh/python27/root/usr/bin/pip -V pip 7.1.0 from /opt/rh/python27/root/usr/lib/python2.7/site-packages (python 2.7) How reproducible: Always Steps to Reproduce: 1. Install generic RHEL 7.3.1611 OS 2. Do a `yum --enablerepo="*server-rhscl" install python27-python-pip` 3. Attempt to install/upgrade a pytong module via pip (e.g., `/opt/rh/python27/root/usr/bin/pip install --upgrade boto3`) Actual results: Errors as follows: > # /opt/rh/python27/root/usr/bin/pip install --upgrade boto3 > You are using pip version 7.1.0, however version 9.0.1 is available. > You should consider upgrading via the 'pip install --upgrade pip' command. > Collecting boto3 > Unsupported hash name md5 for package https://pypi.python.org/packages/91/60 > /649da03299624f524c8d0cd4c6c73c194023e85dd4938f1e7712ab6888bf/boto3-1.4.4- > py2.py3-none-any.whl#md5=b4a41e52db33e9cacef3b3fa8796acd4 (from > https://pypi.python.org/simple/boto3/) > Using cached boto3-1.4.4-py2.py3-none-any.whl > Exception: > Traceback (most recent call last): > File "/opt/rh/python27/root/usr/lib/python2.7/site-packages > /pip/basecommand.py", line 223, in main > status = self.run(options, args) > File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/pip/commands > /install.py", line 290, in run > requirement_set.prepare_files(finder) > File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/pip/req > /req_set.py", line 334, in prepare_files > functools.partial(self._prepare_file, finder)) > File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/pip/req > /req_set.py", line 321, in _walk_req_to_install > more_reqs = handler(req_to_install) > File "/opt/rh/python27/root/usr/lib/python2.7/site-packages/pip/req > /req_set.py", line 491, in _prepare_file > session=self.session) > File "/opt/rh/python27/root/usr/lib/python2.7/site-packages > /pip/download.py", line 825, in unpack_url > session, > File "/opt/rh/python27/root/usr/lib/python2.7/site-packages > /pip/download.py", line 673, in unpack_http_url > from_path, content_type = _download_http_url(link, session, temp_dir) > File "/opt/rh/python27/root/usr/lib/python2.7/site-packages > /pip/download.py", line 886, in _download_http_url > _download_url(resp, link, content_file) > File "/opt/rh/python27/root/usr/lib/python2.7/site-packages > /pip/download.py", line 626, in _download_url > _check_hash(download_hash, link) > File "/opt/rh/python27/root/usr/lib/python2.7/site-packages > /pip/download.py", line 489, in _check_hash > if download_hash.digest_size != hashlib.new(link.hash_name).digest_size: > AttributeError: 'NoneType' object has no attribute 'digest_size' Expected results: If manually upgrade pip from bootstrap.pypa.io, somthing like: > # pip install --upgrade boto3 > Collecting boto3 > Downloading https://files.pythonhosted.org/packages/91/60 > /649da03299624f524c8d0cd4c6c73c194023e85dd4938f1e7712ab6888bf/boto3-1.4.4- > py2.py3-none-any.whl (127kB) > 100% |████████████████████████████████| 133kB 4.2MB/s > Collecting botocore<1.6.0,>=1.5.0 (from boto3) > Downloading https://files.pythonhosted.org/packages/67/fb > /8035552a6a5b4e9e3186ad2a6a528852bb609f08d661cb12c5b24b57f075/botocore-1.5.22- > py2.py3-none-any.whl (3.4MB) > 100% |████████████████████████████████| 3.4MB 363kB/s > Collecting jmespath<1.0.0,>=0.7.1 (from boto3) > Downloading https://files.pythonhosted.org/packages/b3/42 > /2a0a1c6cfbf23717d3a92c50108049d4ed989a9acace0599623996bd682b/jmespath-0.9.1- > py2.py3-none-any.whl > Collecting s3transfer<0.2.0,>=0.1.10 (from boto3) > Downloading https://files.pythonhosted.org/packages/c0/b5 > /f759ba12ebcbe2f9e2f70b0803a1619e51fc343e9aeabc7c883dabd95405/s3transfer- > 0.1.10-py2.py3-none-any.whl (54kB) > 100% |████████████████████████████████| 61kB 9.9MB/s > Collecting python-dateutil<3.0.0,>=2.1 (from botocore<1.6.0,>=1.5.0->boto3) > Downloading https://files.pythonhosted.org/packages/40/8b > /275015d7a9ec293cf1bbf55433258fbc9d0711890a7f6dc538bac7b86bce/python_dateutil- > 2.6.0-py2.py3-none-any.whl (194kB) > 100% |████████████████████████████████| 194kB 5.6MB/s > Collecting docutils>=0.10 (from botocore<1.6.0,>=1.5.0->boto3) > Downloading https://files.pythonhosted.org/packages/5f/6d > /e864b3c61b81eec57386ac62082fccfe694c7c3046d8723258a37da6d5fc/docutils-0.13.1- > py2-none-any.whl (537kB) > 100% |████████████████████████████████| 542kB 2.2MB/s > Collecting futures<4.0.0,>=2.2.0; python_version == "2.6" or python_version == > "2.7" (from s3transfer<0.2.0,>=0.1.10->boto3) > Downloading https://files.pythonhosted.org/packages/9c/3f > /1d818ea03fb2956a2bdfa8f8a3b1319590f0f151a5584a8a3ae45085066c/futures-3.0.5- > py2-none-any.whl > Requirement already up-to-date: six>=1.5 in /usr/lib/python2.7/site-packages > (from python-dateutil<3.0.0,>=2.1->botocore<1.6.0,>=1.5.0->boto3) > Installing collected packages: python-dateutil, jmespath, docutils, botocore, > futures, s3transfer, boto3 > Found existing installation: python-dateutil 1.5 > Uninstalling python-dateutil-1.5: > Successfully uninstalled python-dateutil-1.5 > Successfully installed boto3-1.4.4 botocore-1.5.22 docutils-0.13.1 > futures-3.0.5 jmespath-0.9.1 python-dateutil-2.6.0 s3transfer-0.1.10 Additional info:
Reassigning to the proper component. Note that the same bug was filed also for EPEL: Bug #1430774. And a similar issue with easy_install was already resolved in Bug #1425141.
Reproduced on python27-python-pip-8.1.2-1.el7: # pip install pudb -t /tmp/pip Collecting pudb Using cached pudb-2017.1.2.tar.gz Unknown hash name: md5 You are using pip version 8.1.2, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command. Verified on python27-python-pip-8.1.2-2.el7: # pip install pudb -t /tmp/pip Collecting pudb Using cached pudb-2017.1.2.tar.gz Collecting urwid>=1.1.1 (from pudb) Downloading urwid-1.3.1.tar.gz (588kB) 100% |████████████████████████████████| 593kB 773kB/s Collecting pygments>=1.0 (from pudb) Downloading Pygments-2.2.0-py2.py3-none-any.whl (841kB) 100% |████████████████████████████████| 849kB 1.2MB/s Building wheels for collected packages: pudb, urwid Running setup.py bdist_wheel for pudb ... done Stored in directory: /root/.cache/pip/wheels/97/72/ab/e609e3090fac6d8d500927555392963bdddb35008edb0a8869 Running setup.py bdist_wheel for urwid ... done Stored in directory: /root/.cache/pip/wheels/e7/bb/9d/d7f7fcc9b3aeae20cf4685667635002415629e6395ff2dda7d Successfully built pudb urwid Installing collected packages: urwid, pygments, pudb Successfully installed pudb pygments-1.5 urwid You are using pip version 8.1.2, however version 9.0.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:1162