Why does pip fail with bad md5 hash for package?

protonpopsicle picture protonpopsicle · Apr 16, 2013 · Viewed 17.9k times · Source

I'm trying to install Django package in a virtualenv. I'm on a new computer (OSX 10.8.2). I installed virtualenv via easy_install. With the virtualenv activated, I ran:

(pyenv)$ pip install Django
Downloading/unpacking Django
  Downloading Django-1.5.1.tar.gz (8.0MB): 2.0MB downloaded
  Hash of the package https://pypi.python.org/packages/source/D/Django/Django-1.5.1.tar.gz#md5=7465f6383264ba167a9a031d6b058bff (from https://pypi.python.org/simple/Django/) (<md5 HASH object @ 0x108453df0>) doesn't match the expected hash 7465f6383264ba167a9a031d6b058bff!
Bad md5 hash for package https://pypi.python.org/packages/source/D/Django/Django-1.5.1.tar.gz#md5=7465f6383264ba167a9a031d6b058bff (from https://pypi.python.org/simple/Django/)

This happens even if I delete virtualenv and start over. I've tried again repeatedly over the past few hours, it always happens. Any suggestions?

Answer

Bonlenfum picture Bonlenfum · Apr 16, 2013

If it's just this package that you can't get to install, you could download the tarball manually, and then use pip to install it from that file. The Django download site has checksums that you can validate manually as well. I don't use osx, but probably something like this would help:

cd /tmp
wget https://pypi.python.org/packages/source/D/Django/Django-1.5.1.tar.gz
md5sum Django-1.5.1.tar.gz
pip install Django-1.5.1.tar.gz