-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make it possible to forward --allow-unsafe to pip-compile #157
Conversation
Thanks, Ben, I appreciate your clear PR. Did you verify that the new feature works as expected? |
On the second thought, since requirements file with hashes and without unsafe packages is uninstallable, doesn't it make sense to just fix the root cause in pip-tools? |
(Don't worry about travis failure, it's a known issue fixed in another branch) |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
I pushed updated dependencies to your branch. Note how new hash files contain commented unsafe packages:
But when I run
It succeeds having a note about setuptools:
twine itself has hash:
My question is, how to reproduce the issue with uninstallable hashed requirements file? |
Ah, I see, when I downgraded setuptools to 0.6rc11, installation failed with:
|
I confirmed that --allow-unsafe works as expected and actually started using it in |
Sorry for my lack of response, I pushed this and ran away for the day :). It looks like everything is all clear now, but just to be 100% clear: the problem this is fixing only shows up with I don't think it can be fixed in |
This seems to be a common issue for projects that use
--generate-hashes
and use packages that includesetuptools
in their requirements file (such aspytest
andMarkdown
). Those in situation end up with unusable requirements files due to missing hashes on `setuptools. See jazzband/pip-tools#806 and jazzband/pip-tools#814 for more on this.This PR simply permits
--allow-unsafe
to be forwarded topip-compile
to ensure it's included in the resulting requirement file(s).I think this will fix #152, although it doesn't add the globbing support which that issue talks about (I'm not really sure I understand the purpose of that idea, to be honest).