-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add --no-binary flag to pip for packages without wheels #3576
Comments
@erikrose, I'd like your opinion on this. Do you think this is something we should spend time doing? Do you have a better solution? How common is it for a package to add new distribution mechanisms without bumping the version number? |
Is there a chance that |
Good question. |
I've never seen that happen before, but adding |
I just ran into this issue and had to add |
@reubano, really? What OS are you on? What version of Python are you using? EDIT: What were the errors without --no-binary? |
Mac OSX 10.9.5 the errors I got were about mismatched hashes, basically the same errors I got for pycparsing. |
pip 8.0.3 also brought this error. |
I followed the recommendations in this issue and still have no solution. Any ideas? Here's the output of |
@individual8 It looks like you have a separate problem, some kind of C compilation error in your openssl headers. I'd try upgrading the headers and see if that helps. (Of course, if you can use a binary, pre-built version of |
@erikrose Thx for pointing into the direction. I'm still perplex though, why is this issue? And why has everyone one of their own? |
@erikrose Upgraded...
Still not working, do I need to update the letsencrypt-auto script for sth. to take effect? |
After adding a swap file (what some suggested) on my 2GB VM, still no luck. Instead I tried to install certbot via Glad, still without words why though. |
@individual8, the problem you are having is different from the one described in this issue. In general, OS packages should be preferred over |
Thx @bmw. Are you saying I'm fine or are you not? I was using letsencrypt, installed manually as far as I recall, now I use certbot, installed as described above. |
Using |
still hasn't worked for me and installing with apt isn't working. |
working on this |
We did a simple version of this in #6023. I think it's OK if we don't maintain these |
certbot-auto
/letsencrypt-auto
require specific versions of all our Python dependencies and verifies the hashes of all downloaded packages. Doing this increases both the security and the stability of the scripts. To do this, however, we need to include a hash of each installation mechanism uploaded to PyPI (sdists, wheels, etc.).Over the weekend,
pycparsing
uploaded a new installation mechanism to PyPI. Previously, they only had a sdist available, but over the weekend they uploaded a wheel. When usingpip
to install packages from PyPI, it prefers wheels over sdists. The result of all of this is when usingcertbot-auto
to installpycparsing
,pip
would download the wheel, check it against the hash(es) we have forpycparsing
, and exit with a message about an invalid hash.pycparsing
has since removed this wheel due to other problems with it resolving our issue. In general, I think it is uncommon to add a distribution mechanism for an already released version of a package. In my experience, things like this are usually added when a new version of the package is released.With that said, there's nothing stopping us from having this problem in the future. To try and help mitigate this problem, perhaps we should add
--no-binary
to our usage ofpip
for packages that currently do not have a wheel available. Using this approach, if a wheel is added to one of our dependencies without bumping the package version,certbot-auto
users are unaffected.The text was updated successfully, but these errors were encountered: