Pipenv Lock (Or Install) Does Not Respect Index Specified For A Package #4637
Description
Issue description
Index argument for a package is not respected
Expected result
Pipenv only installs (locks) versions from specified package index.
Actual result
Pipenv installs (locks) the package with greatest version from a package index not specified in the Pipfile.
Steps to replicate
Run the following script:
#! /usr/bin/env bash
set -euxo pipefail
function finish {
set +e
kill -9 ${PYPI_SERVER1_PID} || true
kill -9 ${PYPI_SERVER2_PID} || true
}
trap finish EXIT
cat > example.py <<EOF
import pkg_resources
def main():
print(pkg_resources.get_distribution('example'))
EOF
cat > setup.py <<EOF
import os
import setuptools
setuptools.setup(
name='example',
version=os.environ['EXAMPLE_VERSION'],
description='Example package',
py_modules=['example'],
python_requires='>=3.6',
entry_points={
'console_scripts': [
'show-installed-package = example:main',
],
},
)
EOF
EXAMPLE_VERSION=1 python setup.py bdist_wheel
EXAMPLE_VERSION=2 python setup.py bdist_wheel
python -m venv venv
venv/bin/pip install pypiserver
mkdir -p server1 server2
cp dist/example-1-py3-none-any.whl server1/
cp dist/example-2-py3-none-any.whl server2/
function run_pypi_server() {
venv/bin/pypi-server \
-p 808${1} \
-i 127.0.0.1 \
server${1}/ 2> pypi-server${1}.log &
}
run_pypi_server 1
PYPI_SERVER1_PID=$!
run_pypi_server 2
PYPI_SERVER2_PID=$!
rm -f Pipfile.lock
cat > Pipfile <<EOF
[[source]]
url = "http://127.0.0.1:8081"
name = "server1"
[[source]]
url = "http://127.0.0.1:8082"
name = "server2"
[packages]
example = {version="*", index="server1"}
[dev-packages]
[requires]
python_version = "$(python -c 'import sys; print(f"{sys.version_info.major}.{sys.version_info.minor}")')"
EOF
pipenv lock
pipenv sync
pipenv run show-installed-package
The script creates two versions of example Python packge (version 1 and 2). Then it starts pypi server; server 1 contains example version 1 and server 2 contains example version 2.
The Pipfile states that example package of any version should be installed from index server1 (that contains only version 1 of example package).
The result is that version 2 of example package is installed (from server 2)
Documentation (https://pipenv.pypa.io/en/latest/advanced/#specifying-package-indexes) states:
If you’d like a specific package to be installed with a specific package index, you can do the following:
$ pipenv --support
Pipenv version: '2020.11.15'
Pipenv location: '/usr/lib/python3.9/site-packages/pipenv'
Python location: '/usr/bin/python'
Python installations found:
3.9.2:/usr/bin/python3.93.9.2:/usr/bin/python33.7.9:/usr/bin/pypy32.7.18:/usr/bin/python2.72.7.18:/usr/bin/python2
PEP 508 Information:
{'implementation_name': 'cpython',
'implementation_version': '3.9.2',
'os_name': 'posix',
'platform_machine': 'x86_64',
'platform_python_implementation': 'CPython',
'platform_release': '5.11.1-arch1-1',
'platform_system': 'Linux',
'platform_version': '#1 SMP PREEMPT Tue, 23 Feb 2021 14:05:30 +0000',
'python_full_version': '3.9.2',
'python_version': '3.9',
'sys_platform': 'linux'}
System environment variables:
SHELLSESSION_MANAGERWINDOWIDQT_SCREEN_SCALE_FACTORSCOLORTERMXDG_SESSION_PATHHISTCONTROLTMUXHISTSIZELANGUAGELC_ADDRESSLC_NAMESSH_AUTH_SOCKHISTTIMEFORMATSHELL_SESSION_IDDESKTOP_SESSIONLC_MONETARYSSH_AGENT_PIDGTK_RC_FILESXCURSOR_SIZECLOUDSDK_PYTHON_ARGSEDITORGTK_MODULESXDG_SEATPWDXDG_SESSION_DESKTOPLOGNAMEXDG_SESSION_TYPEXAUTHORITYMOTD_SHOWNGTK2_RC_FILESHOMELC_PAPERLANGHISTFILEXDG_CURRENT_DESKTOPKONSOLE_DBUS_SERVICECLOUDSDK_ROOT_DIRKONSOLE_DBUS_SESSIONPROFILEHOMEXDG_SEAT_PATHKONSOLE_VERSIONKDE_SESSION_UIDCLOUDSDK_PYTHONXDG_SESSION_CLASSTERMLC_IDENTIFICATIONGOOGLE_CLOUD_SDK_HOMEUSERTMUX_PANECOLORFGBGKDE_SESSION_VERSIONPAM_KWALLET5_LOGINVISUALDISPLAYSHLVLLC_TELEPHONELC_MESSAGESLC_MEASUREMENTXDG_VTNRXDG_SESSION_IDMOZ_PLUGIN_PATHLC_CTYPEXDG_RUNTIME_DIRLC_TIMEQT_AUTO_SCREEN_SCALE_FACTORLC_COLLATEXCURSOR_THEMEKDE_FULL_SESSIONPATHHISTFILESIZEDBUS_SESSION_BUS_ADDRESSKDE_APPLICATIONS_AS_SCOPEHGMAILLC_NUMERICOLDPWD_PIP_DISABLE_PIP_VERSION_CHECKPYTHONDONTWRITEBYTECODEPIP_SHIMS_BASE_MODULEPIP_PYTHON_PATHPYTHONFINDER_IGNORE_UNSUPPORTED
Pipenv–specific environment variables:
Debug–specific environment variables:
PATH:/home/janne/bin:/usr/lib/colorgcc/bin:/opt/google-cloud-sdk/bin:/home/janne/bin:/usr/lib/colorgcc/bin:/home/janne/bin:/usr/lib/colorgcc/bin:/opt/google-cloud-sdk/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/lib/jvm/default/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl:/usr/lib/jvm/default/binSHELL:/bin/bashEDITOR:vimLANG:en_US.UTF-8PWD:/home/janne/tmp/pipenvbug
Contents of Pipfile ('/home/janne/tmp/pipenvbug/Pipfile'):
[[source]]
url = "http://127.0.0.1:8081"
name = "server1"
[[source]]
url = "http://127.0.0.1:8082"
name = "server2"
[packages]
example = {version="*", index="server1"}
[dev-packages]
[requires]
python_version = "3.9"
Contents of Pipfile.lock ('/home/janne/tmp/pipenvbug/Pipfile.lock'):
{
"_meta": {
"hash": {
"sha256": "78e9f526b9a5f7eda8ccc51a8927df178ce4b229e58f42dfa0c4de8ad2b9b07e"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3.9"
},
"sources": [
{
"name": "server1",
"url": "http://127.0.0.1:8081"
},
{
"name": "server2",
"url": "http://127.0.0.1:8082"
}
]
},
"default": {
"example": {
"hashes": [
"sha256:77b20dfead4f4754da288294f2be8730c70c6835c4e654f0bf4c27905c462cfa"
],
"index": "server1",
"version": "==2"
}
},
"develop": {}
}