Description
Your Environment
Thank you for taking the time to report an issue.
To more efficiently resolve this issue, we'd like to know some basic information about your system and setup.
-
Your operating system: CentOS 7.9
-
Version of python you are running: Python 3.6.8
-
How did you install twine? Did you use your operating system's package manager or pip or something else? Installed via pip in a virtualenv
-
Version of twine you have installed (include complete output of): twine version 3.4.1 (importlib_metadata: 4.6.1, pkginfo: 1.7.1, requests: 2.25.1, requests-toolbelt: 0.9.1, tqdm: 4.61.2)
-
Which package repository are you targeting? Private Nexus PyPi repository
The Issue
Our development workstations were recently "upgraded" to enable FIPS. twine successfully creates the package, however the package fails to upload because a blank md5_digest is being sent in the HTTP payload. When this value is left in, our Nexus repo is responding with something like:
HTTPError: 400 Bad Request from https://internal.server/repository/repo/
Digests do not match, found <md5_hash>, expected:
The part after "expected" is the empty md5_digest from the HTTP payload.
I manually edited package.py, removed md5_digest from the metadata_dictionary return value, and the file uploaded successfully.
Steps to Reproduce
Unfortunately I'm not able to test this using the "test" PyPi server as the workstation I'm using is on a private lab/LAN. However, I have to assume this would function the same when trying to publish to there.
- You'll need a workstation with FIPS enabled
- You'll need a simple "hello world" package
- The command we are running is
twine upload --repository-url=https://internal.server/repository/repo/ dist/*