diff --git a/news/5777.bugfix.rst b/news/5777.bugfix.rst new file mode 100644 index 0000000000..8ad522f389 --- /dev/null +++ b/news/5777.bugfix.rst @@ -0,0 +1 @@ +Ensure hashes included in a generated requirements file are after any markers. diff --git a/pipenv/routines/requirements.py b/pipenv/routines/requirements.py index de48db446d..0e4c6102d5 100644 --- a/pipenv/routines/requirements.py +++ b/pipenv/routines/requirements.py @@ -32,7 +32,7 @@ def requirements_from_deps(deps, include_hashes=True, include_markers=True): if include_markers and "markers" in package_info else "" ) - pip_package = f"{package_name}=={version}{hashes}{markers}" + pip_package = f"{package_name}=={version}{markers}{hashes}" # Append to the list pip_packages.append(pip_package) diff --git a/tests/integration/test_requirements.py b/tests/integration/test_requirements.py index 00fe63437e..ed957e892a 100644 --- a/tests/integration/test_requirements.py +++ b/tests/integration/test_requirements.py @@ -192,6 +192,33 @@ def test_requirements_markers_get_excluded(pipenv_instance_pypi): assert c.returncode == 0 assert markers not in c.stdout +@pytest.mark.requirements +def test_requirements_hashes_get_included(pipenv_instance_pypi): + package, version, markers = "werkzeug", "==2.1.2", "python_version >= '3.7'" + first_hash = "sha256:1ce08e8093ed67d638d63879fd1ba3735817f7a80de3674d293f5984f25fb6e6" + second_hash = "sha256:72a4b735692dd3135217911cbeaa1be5fa3f62bffb8745c5215420a03dc55255" + lockfile = { + "_meta": {"sources": []}, + "default": { + package: { + "hashes": [ + first_hash, + second_hash + ], + "markers": markers, + "version": version + } + }, + "develop": {} + } + + with pipenv_instance_pypi(chdir=True) as p: + with open(p.lockfile_path, 'w') as f: + json.dump(lockfile, f) + + c = p.pipenv('requirements --hash') + assert c.returncode == 0 + assert f'{package}{version}; {markers} --hash={first_hash} --hash={second_hash}' in c.stdout def test_requirements_generates_requirements_from_lockfile_without_env_var_expansion( pipenv_instance_pypi,