New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pip
sometimes includes debug messages on stdout
#122
Comments
Another instance of this in #155 seems to indicate that it depends on what directory |
@woodruffw and @di, I am able to reliably reproduce this using the following Dockerfile: FROM python:3.8.11-slim
RUN pip install \
CacheControl==0.12.10 \
certifi==2021.10.8 \
charset-normalizer==2.0.9 \
cyclonedx-python-lib==0.11.1 \
html5lib==1.1 \
idna==3.3 \
lockfile==0.12.2 \
msgpack==1.0.3 \
packageurl-python==0.9.6 \
packaging==21.3 \
pip-api==0.0.25 \
pip-audit==1.1.0 \
progress==1.6 \
pyparsing==3.0.6 \
rapid-client==0.0.0 \
requests==2.26.0 \
requirements-parser==0.2.0 \
resolvelib==0.8.1 \
six==1.16.0 \
toml==0.10.2 \
types-setuptools==57.4.4 \
types-toml==0.10.1 \
urllib3==1.26.7 \
webencodings==0.5.1 \
pip==21.1.1 \
setuptools==50.3.2 \
--disable-pip-version-check
CMD ["pip-audit"] docker run --rm -it <test-image-name> Produces:
and docker run --rm -it <test-image-name> pip list --format=json Produces:
I have observed that doing |
Perhaps you could make use of |
@westonsteimel thanks a ton for the in-depth debugging! I'll look into that workaround. |
Yeah, so here's the message in question: It's using |
Okay, I'm also able to reliably reproduce the bug. If I do this: docker run --rm -it pip-audit-bug pip list --format=json 2>/dev/null | less I can see both the errant log and some terminal escapes are present on I haven't fully dug through |
Upstream ( |
Confirmed that the fix in di/pip-api#114 works! Modified Dockerfile: FROM python:3.8.11-slim
RUN apt update && apt install -y git
RUN pip install \
CacheControl==0.12.10 \
certifi==2021.10.8 \
charset-normalizer==2.0.9 \
cyclonedx-python-lib==0.11.1 \
html5lib==1.1 \
idna==3.3 \
lockfile==0.12.2 \
msgpack==1.0.3 \
packageurl-python==0.9.6 \
packaging==21.3 \
git+git://github.com/woodruffw-forks/pip-api.git@ccdc0af0c9660d052756060992c8e539d7becedf \
pip-audit==1.1.0 \
progress==1.6 \
pyparsing==3.0.6 \
rapid-client==0.0.0 \
requests==2.26.0 \
requirements-parser==0.2.0 \
resolvelib==0.8.1 \
six==1.16.0 \
toml==0.10.2 \
types-setuptools==57.4.4 \
types-toml==0.10.1 \
urllib3==1.26.7 \
webencodings==0.5.1 \
pip==21.1.1 \
setuptools==50.3.2 \
--disable-pip-version-check
CMD ["pip-audit"] Then: docker build -t pip-audit-bug -f pip-audit-bug.dockerfile
docker run --rm -it pip-audit-bug Produces: |
pip
sometimes includes debug messages on stdout
pip
sometimes includes debug messages on stdout
Will cut a release for this once there's a new |
Fixed with #196! |
I can confirm that this fixes the problem for me. Thank you! |
Fantastic, thanks for confirming! |
This is an abbreviated copy of #115 and #116, since those have been filled up with additional debugging.
Summary: In rare cases (currently N=1), we fail to collect environmental dependencies from
PipSource
.PipSource
usespip-api
internally, which boils down topip list --format=json
.What seems to happen is that the
pip list --format=json
command doesn't emit just JSON. Instead, it also emits a trailing log message that looks like this:According to
pip
's source code, that message is produced by a call tolog.debug
, which should be going tostderr
instead ofstdout
.pip-api
only usesstdout
frompip
subprocesses, so this is a strong indicator that the two streams are being mixed and/or confused somewhere, potentially with a logging override. The original reporter also traced the process and confirmed that the log was produced onstdout
.The original reporter found this on Python 3.9,
pip
version20.3.3
. I was unable to reproduce it locally, and they were also unable to reliably reproduce it locally.The text was updated successfully, but these errors were encountered: