New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pipenv does not lock dependencies when installing from URL #3145

Closed
haizaar opened this Issue Nov 2, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@haizaar

haizaar commented Nov 2, 2018

Be sure to check the existing issues (both open and closed!), and make sure you are running the latest version of Pipenv.

Check the diagnose documentation for common issues before posting! We may close your issue if it is very similar to one of them. Please be considerate, or be on your way.

Make sure to mention your debugging experience if the documented solution failed.

Issue description

Pipenv does not lock dependencies when installing from URL:

mkdir /tmp/repro; cd /tmp/repro
$ pipenv install https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging
Installing https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging…
Collecting uberlogging from https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging
  Downloading https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz
Collecting coloredlogs (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/08/0f/7877fc42fff0b9d70b6442df62d53b3868d3a6ad1b876bdb54335b30ff23/coloredlogs-10.0-py2.py3-none-any.whl
Collecting structlog (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/f0/00/0fd0ca13fa19361bec0418e4c3b6b7509048cb1fb2fa8b7cd6b3dffe13d8/structlog-18.2.0-py2.py3-none-any.whl
Collecting humanfriendly (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/79/1e/13d96248e3fcaa7777b61fa889feab44865c85e524bbd667acfa0d8b66e3/humanfriendly-4.17-py2.py3-none-any.whl
Collecting python-json-logger (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/3a/ed/2ba5a2dfce45fa67e0588dd6457b59ffdef7f1fdcd2c1152e085e3c9a726/python_json_logger-0.1.9-py2.py3-none-any.whl
Collecting six (from structlog->uberlogging)
  Using cached https://files.pythonhosted.org/packages/67/4b/141a581104b1f6397bfa78ac9d43d8ad29a7ca43ea90a2d863fe3056e86a/six-1.11.0-py2.py3-none-any.whl
Requirement already satisfied, skipping upgrade: setuptools in /home/haizaar/dev/venvs/repro-2muHjEV7/lib/python3.6/site-packages (from python-json-logger->uberlogging) (40.5.0)
Building wheels for collected packages: uberlogging
  Running setup.py bdist_wheel for uberlogging: started
  Running setup.py bdist_wheel for uberlogging: finished with status 'done'
  Stored in directory: /tmp/pip-ephem-wheel-cache-nu1_rfr7/wheels/36/90/05/3401129e52691bdd63e46f78b4761dca1ff6a0c3abcb57575d
Successfully built uberlogging
Installing collected packages: humanfriendly, coloredlogs, six, structlog, python-json-logger, uberlogging
Successfully installed coloredlogs-10.0 humanfriendly-4.17 python-json-logger-0.1.9 six-1.11.0 structlog-18.2.0 uberlogging-0.0.1

Adding uberlogging to Pipfile's [packages]…
Pipfile.lock not found, creating…
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Updated Pipfile.lock (e3fb42)!
Installing dependencies from Pipfile.lock (e3fb42)…
  🐍   ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 1/1 — 00:00:03

Only one dependency is locked, which is already suspicious, and indeed Pipfile.lock only contains:

{
    "_meta": {
        "hash": {
            "sha256": "c244596befb340cb024baad8aee4ee9c2d66d19ef39c1c07dcc43024a8e3fb42"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "uberlogging": {
            "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
        }
    },
    "develop": {}
}

However pipenv graph show the dependencies properly:

$ pipenv graph
uberlogging==0.0.1
  - coloredlogs [required: Any, installed: 10.0]
    - humanfriendly [required: >=4.7, installed: 4.17]
  - humanfriendly [required: Any, installed: 4.17]
  - python-json-logger [required: Any, installed: 0.1.9]
    - setuptools [required: Any, installed: 40.5.0]
  - structlog [required: Any, installed: 18.2.0]
    - six [required: Any, installed: 1.11.0]

Expected result

Dependencies should have appeared in the Pipfile.lock.

Actual result

$ pipenv lock --verbose
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Updated Pipfile.lock (e3fb42)!
$ cat Pipfile.lock | jq .default
{
  "uberlogging": {
    "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
  }
}

$ pipenv --support

Pipenv version: '2018.10.13'

Pipenv location: '/home/haizaar/.local/lib/python3.6/site-packages/pipenv'

Python location: '/usr/bin/python3.6'

Python installations found:

  • 3.7.0: /usr/bin/python3.7
  • 3.7.0: /usr/bin/python3.7m
  • 3.6.6: /home/haizaar/dev/venvs/repro-2muHjEV7/bin/python3.6
  • 3.6.6: /usr/bin/python3.6
  • 3.6.6: /usr/bin/python3.6m
  • 3.5.2: /usr/bin/python3.5
  • 3.5.2: /usr/bin/python3.5m
  • 2.7.12: /usr/bin/python2.7

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.6.6',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '4.15.0-36-generic',
 'platform_system': 'Linux',
 'platform_version': '#39~16.04.1-Ubuntu SMP Tue Sep 25 08:59:23 UTC 2018',
 'python_full_version': '3.6.6',
 'python_version': '3.6',
 'sys_platform': 'linux'}

System environment variables:

  • LC_PAPER
  • XDG_VTNR
  • XDG_SESSION_ID
  • LC_ADDRESS
  • CLUTTER_IM_MODULE
  • LC_MONETARY
  • XDG_GREETER_DATA_DIR
  • VIRTUALENVWRAPPER_SCRIPT
  • VIRTUALENVWRAPPER_PROJECT_FILENAME
  • SESSION
  • GPG_AGENT_INFO
  • PIP_PYTHON_PATH
  • SHELL
  • INFINALITY_FT_AUTOHINT_VERTICAL_STEM_DARKEN_STRENGTH
  • VTE_VERSION
  • TERM
  • QT_LINUX_ACCESSIBILITY_ALWAYS_ON
  • LC_NUMERIC
  • WINDOWID
  • GNOME_KEYRING_CONTROL
  • UPSTART_SESSION
  • GTK_MODULES
  • INFINALITY_FT_CONTRAST
  • USER
  • QT_ACCESSIBILITY
  • LC_TELEPHONE
  • LS_COLORS
  • UNITY_HAS_3D_SUPPORT
  • XDG_SESSION_PATH
  • XDG_SEAT_PATH
  • SSH_AUTH_SOCK
  • DEFAULTS_PATH
  • VIRTUAL_ENV
  • WORKON_HOME
  • UNITY_DEFAULT_PROFILE
  • XDG_CONFIG_DIRS
  • PIPENV_ACTIVE
  • PATH
  • DESKTOP_SESSION
  • QT_QPA_PLATFORMTHEME
  • QT_IM_MODULE
  • VIRTUALENVWRAPPER_HOOK_DIR
  • LC_IDENTIFICATION
  • JOB
  • PWD
  • XDG_SESSION_TYPE
  • XMODIFIERS
  • LANG
  • GNOME_KEYRING_PID
  • MANDATORY_PATH
  • GDM_LANG
  • LC_MEASUREMENT
  • NODE_PATH
  • IM_CONFIG_PHASE
  • COMPIZ_CONFIG_PROFILE
  • PS1
  • PYTHONDONTWRITEBYTECODE
  • PAPERSIZE
  • GDMSESSION
  • GTK2_MODULES
  • SESSIONTYPE
  • GITAWAREPROMPT
  • XDG_SEAT
  • HOME
  • SHLVL
  • LANGUAGE
  • _VIRTUALENVWRAPPER_API
  • GNOME_DESKTOP_SESSION_ID
  • UPSTART_INSTANCE
  • PIP_SHIMS_BASE_MODULE
  • LOGNAME
  • UPSTART_EVENTS
  • XDG_SESSION_DESKTOP
  • COMPIZ_BIN_PATH
  • QT4_IM_MODULE
  • XDG_DATA_DIRS
  • DBUS_SESSION_BUS_ADDRESS
  • LESSOPEN
  • UPSTART_JOB
  • INSTANCE
  • DISPLAY
  • XDG_RUNTIME_DIR
  • INFINALITY_FT_GLOBAL_EMBOLDEN_X_VALUE
  • GTK_IM_MODULE
  • XDG_CURRENT_DESKTOP
  • LC_TIME
  • LESSCLOSE
  • XAUTHORITY
  • LC_NAME
  • _

Pipenv–specific environment variables:

  • PIPENV_ACTIVE: 1

Debug–specific environment variables:

  • PATH: /home/haizaar/dev/venvs/repro-2muHjEV7/bin:/home/haizaar/.local/bin:/home/haizaar/.npm-packages/bin:/home/haizaar/bin:/home/haizaar/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
  • SHELL: /bin/bash
  • LANG: en_US.UTF-8
  • PWD: /tmp/repro
  • VIRTUAL_ENV: /home/haizaar/dev/venvs/repro-2muHjEV7

Contents of Pipfile ('/tmp/repro/Pipfile'):

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
uberlogging = {file = "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"}

[dev-packages]

[requires]
python_version = "3.6"

Contents of Pipfile.lock ('/tmp/repro/Pipfile.lock'):

{
    "_meta": {
        "hash": {
            "sha256": "c244596befb340cb024baad8aee4ee9c2d66d19ef39c1c07dcc43024a8e3fb42"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "uberlogging": {
            "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
        }
    },
    "develop": {}
}
@techalchemy

This comment has been minimized.

Member

techalchemy commented Nov 2, 2018

Ah good thing you said this! let me update my fix

thanks for the report!

techalchemy added a commit that referenced this issue Nov 2, 2018

Also prioritize remote non-pypi hashes if given
- Fixes #3145

Signed-off-by: Dan Ryan <dan@danryan.co>

@techalchemy techalchemy added the bug 🐛 label Nov 2, 2018

@haizaar

This comment has been minimized.

haizaar commented Nov 2, 2018

Thanks for quick response!
Do you know when the next release is expected that fixes this?

@haizaar

This comment has been minimized.

haizaar commented Dec 3, 2018

I'm testing this with pipenv 2018.11.26, and the issue is still here, exactly as reported.

So I'm afraid your fix didn't work, at least for my case :(

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment