Skip to content

Pipenv does not lock dependencies when installing from URL #3145

Closed
@haizaar

Description

@haizaar

Be sure to check the existing issues (both open and closed!), and make sure you are running the latest version of Pipenv.

Check the diagnose documentation for common issues before posting! We may close your issue if it is very similar to one of them. Please be considerate, or be on your way.

Make sure to mention your debugging experience if the documented solution failed.

Issue description

Pipenv does not lock dependencies when installing from URL:

mkdir /tmp/repro; cd /tmp/repro
$ pipenv install https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging
Installing https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging…
Collecting uberlogging from https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging
  Downloading https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz
Collecting coloredlogs (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/08/0f/7877fc42fff0b9d70b6442df62d53b3868d3a6ad1b876bdb54335b30ff23/coloredlogs-10.0-py2.py3-none-any.whl
Collecting structlog (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/f0/00/0fd0ca13fa19361bec0418e4c3b6b7509048cb1fb2fa8b7cd6b3dffe13d8/structlog-18.2.0-py2.py3-none-any.whl
Collecting humanfriendly (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/79/1e/13d96248e3fcaa7777b61fa889feab44865c85e524bbd667acfa0d8b66e3/humanfriendly-4.17-py2.py3-none-any.whl
Collecting python-json-logger (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/3a/ed/2ba5a2dfce45fa67e0588dd6457b59ffdef7f1fdcd2c1152e085e3c9a726/python_json_logger-0.1.9-py2.py3-none-any.whl
Collecting six (from structlog->uberlogging)
  Using cached https://files.pythonhosted.org/packages/67/4b/141a581104b1f6397bfa78ac9d43d8ad29a7ca43ea90a2d863fe3056e86a/six-1.11.0-py2.py3-none-any.whl
Requirement already satisfied, skipping upgrade: setuptools in /home/haizaar/dev/venvs/repro-2muHjEV7/lib/python3.6/site-packages (from python-json-logger->uberlogging) (40.5.0)
Building wheels for collected packages: uberlogging
  Running setup.py bdist_wheel for uberlogging: started
  Running setup.py bdist_wheel for uberlogging: finished with status 'done'
  Stored in directory: /tmp/pip-ephem-wheel-cache-nu1_rfr7/wheels/36/90/05/3401129e52691bdd63e46f78b4761dca1ff6a0c3abcb57575d
Successfully built uberlogging
Installing collected packages: humanfriendly, coloredlogs, six, structlog, python-json-logger, uberlogging
Successfully installed coloredlogs-10.0 humanfriendly-4.17 python-json-logger-0.1.9 six-1.11.0 structlog-18.2.0 uberlogging-0.0.1

Adding uberlogging to Pipfile's [packages]…
Pipfile.lock not found, creating…
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Updated Pipfile.lock (e3fb42)!
Installing dependencies from Pipfile.lock (e3fb42)…
  🐍   ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 1/1 — 00:00:03

Only one dependency is locked, which is already suspicious, and indeed Pipfile.lock only contains:

{
    "_meta": {
        "hash": {
            "sha256": "c244596befb340cb024baad8aee4ee9c2d66d19ef39c1c07dcc43024a8e3fb42"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "uberlogging": {
            "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
        }
    },
    "develop": {}
}

However pipenv graph show the dependencies properly:

$ pipenv graph
uberlogging==0.0.1
  - coloredlogs [required: Any, installed: 10.0]
    - humanfriendly [required: >=4.7, installed: 4.17]
  - humanfriendly [required: Any, installed: 4.17]
  - python-json-logger [required: Any, installed: 0.1.9]
    - setuptools [required: Any, installed: 40.5.0]
  - structlog [required: Any, installed: 18.2.0]
    - six [required: Any, installed: 1.11.0]

Expected result

Dependencies should have appeared in the Pipfile.lock.

Actual result

$ pipenv lock --verbose
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Updated Pipfile.lock (e3fb42)!
$ cat Pipfile.lock | jq .default
{
  "uberlogging": {
    "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
  }
}

$ pipenv --support

Pipenv version: '2018.10.13'

Pipenv location: '/home/haizaar/.local/lib/python3.6/site-packages/pipenv'

Python location: '/usr/bin/python3.6'

Python installations found:

  • 3.7.0: /usr/bin/python3.7
  • 3.7.0: /usr/bin/python3.7m
  • 3.6.6: /home/haizaar/dev/venvs/repro-2muHjEV7/bin/python3.6
  • 3.6.6: /usr/bin/python3.6
  • 3.6.6: /usr/bin/python3.6m
  • 3.5.2: /usr/bin/python3.5
  • 3.5.2: /usr/bin/python3.5m
  • 2.7.12: /usr/bin/python2.7

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.6.6',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '4.15.0-36-generic',
 'platform_system': 'Linux',
 'platform_version': '#39~16.04.1-Ubuntu SMP Tue Sep 25 08:59:23 UTC 2018',
 'python_full_version': '3.6.6',
 'python_version': '3.6',
 'sys_platform': 'linux'}

System environment variables:

  • LC_PAPER
  • XDG_VTNR
  • XDG_SESSION_ID
  • LC_ADDRESS
  • CLUTTER_IM_MODULE
  • LC_MONETARY
  • XDG_GREETER_DATA_DIR
  • VIRTUALENVWRAPPER_SCRIPT
  • VIRTUALENVWRAPPER_PROJECT_FILENAME
  • SESSION
  • GPG_AGENT_INFO
  • PIP_PYTHON_PATH
  • SHELL
  • INFINALITY_FT_AUTOHINT_VERTICAL_STEM_DARKEN_STRENGTH
  • VTE_VERSION
  • TERM
  • QT_LINUX_ACCESSIBILITY_ALWAYS_ON
  • LC_NUMERIC
  • WINDOWID
  • GNOME_KEYRING_CONTROL
  • UPSTART_SESSION
  • GTK_MODULES
  • INFINALITY_FT_CONTRAST
  • USER
  • QT_ACCESSIBILITY
  • LC_TELEPHONE
  • LS_COLORS
  • UNITY_HAS_3D_SUPPORT
  • XDG_SESSION_PATH
  • XDG_SEAT_PATH
  • SSH_AUTH_SOCK
  • DEFAULTS_PATH
  • VIRTUAL_ENV
  • WORKON_HOME
  • UNITY_DEFAULT_PROFILE
  • XDG_CONFIG_DIRS
  • PIPENV_ACTIVE
  • PATH
  • DESKTOP_SESSION
  • QT_QPA_PLATFORMTHEME
  • QT_IM_MODULE
  • VIRTUALENVWRAPPER_HOOK_DIR
  • LC_IDENTIFICATION
  • JOB
  • PWD
  • XDG_SESSION_TYPE
  • XMODIFIERS
  • LANG
  • GNOME_KEYRING_PID
  • MANDATORY_PATH
  • GDM_LANG
  • LC_MEASUREMENT
  • NODE_PATH
  • IM_CONFIG_PHASE
  • COMPIZ_CONFIG_PROFILE
  • PS1
  • PYTHONDONTWRITEBYTECODE
  • PAPERSIZE
  • GDMSESSION
  • GTK2_MODULES
  • SESSIONTYPE
  • GITAWAREPROMPT
  • XDG_SEAT
  • HOME
  • SHLVL
  • LANGUAGE
  • _VIRTUALENVWRAPPER_API
  • GNOME_DESKTOP_SESSION_ID
  • UPSTART_INSTANCE
  • PIP_SHIMS_BASE_MODULE
  • LOGNAME
  • UPSTART_EVENTS
  • XDG_SESSION_DESKTOP
  • COMPIZ_BIN_PATH
  • QT4_IM_MODULE
  • XDG_DATA_DIRS
  • DBUS_SESSION_BUS_ADDRESS
  • LESSOPEN
  • UPSTART_JOB
  • INSTANCE
  • DISPLAY
  • XDG_RUNTIME_DIR
  • INFINALITY_FT_GLOBAL_EMBOLDEN_X_VALUE
  • GTK_IM_MODULE
  • XDG_CURRENT_DESKTOP
  • LC_TIME
  • LESSCLOSE
  • XAUTHORITY
  • LC_NAME
  • _

Pipenv–specific environment variables:

  • PIPENV_ACTIVE: 1

Debug–specific environment variables:

  • PATH: /home/haizaar/dev/venvs/repro-2muHjEV7/bin:/home/haizaar/.local/bin:/home/haizaar/.npm-packages/bin:/home/haizaar/bin:/home/haizaar/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
  • SHELL: /bin/bash
  • LANG: en_US.UTF-8
  • PWD: /tmp/repro
  • VIRTUAL_ENV: /home/haizaar/dev/venvs/repro-2muHjEV7

Contents of Pipfile ('/tmp/repro/Pipfile'):

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
uberlogging = {file = "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"}

[dev-packages]

[requires]
python_version = "3.6"

Contents of Pipfile.lock ('/tmp/repro/Pipfile.lock'):

{
    "_meta": {
        "hash": {
            "sha256": "c244596befb340cb024baad8aee4ee9c2d66d19ef39c1c07dcc43024a8e3fb42"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "uberlogging": {
            "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
        }
    },
    "develop": {}
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions