pip hash

Usage

pip hash [options] <file> ...

Description

Compute a hash of a local package archive.

These can be used with --hash in a requirements file to do repeatable installs.

Overview

pip hash is a convenient way to get a hash digest for use with Hash-Checking Mode, especially for packages with multiple archives. The error message from pip install --require-hashes ... will give you one hash, but, if there are multiple archives (like source and binary ones), you will need to manually download and compute a hash for the others. Otherwise, a spurious hash mismatch could occur when pip install is passed a different set of options, like --no-binary.

Options

-a, --algorithm <algorithm>

The hash algorithm to use: one of sha256, sha384, sha512

Example

Compute the hash of a downloaded archive:

$ pip download SomePackage
    Collecting SomePackage
      Downloading SomePackage-2.2.tar.gz
      Saved ./pip_downloads/SomePackage-2.2.tar.gz
    Successfully downloaded SomePackage
$ pip hash ./pip_downloads/SomePackage-2.2.tar.gz
    ./pip_downloads/SomePackage-2.2.tar.gz:
    --hash=sha256:93e62e05c7ad3da1a233def6731e8285156701e3419a5fe279017c429ec67ce0