This is a problem that the https://pywheels.org/ maintainers need to fix.
https://www.piwheels.org/simple/opencv-contrib-python-headless/
contains a link to opencv_contrib_python_headless-3.4.3.18-cp35-cp35m-linux_armv6l.whl
with a SHA256 of ff894c0cc7c98b05b7b260a1dc462e7ad0a4220b042072fc0134a2b7a92bc4a5
embedded in the URL.
However, downloading the file, its actual SHA256 is 4119d8c56d19ef044c1faca317dd10f2bb3b50cbee77426a22feca9b641c5637
(I get this myself, so it's not an attacker monkeying-in-the-middle with your network connection only to substitute malicious packages).
This could mean that malicious tampering has gone on (presumably by someone who's directly compromised PyWheels infrastructure), if an attacker has injected malware into the packages but not updated the checksums. The safe thing to do is to contact the site owners and ask that they investigate the issue.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…