Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

regression: --no-build-isolation validation causes failure with setup deps installed from custom commit #11123

Closed
1 task done
mara004 opened this issue May 15, 2022 · 7 comments · Fixed by #11124
Closed
1 task done
Labels
type: bug A confirmed bug or unintended behavior

Comments

@mara004
Copy link

mara004 commented May 15, 2022

Description

After updating from pip 22.0 to 22.1, --no-build-isolation is incompatible with packages installed from a custom commit.
We have setup code that depends on ctypesgen, which did not get a PyPI update for 3 years, while git main is improved regularly and considered stable. Therefore, we install ctypesgen from the latest sources, and then pass --no-build-isolation so that the newer ctypesgen is used, not a PyPI release downloaded into a venv. Since pip 22.1, this fails with the following error:

ERROR: Some build dependencies for file:///home/mara/projects/pypdfium2 conflict with the backend dependencies: ctypesgen==1.0.3.dev98+g2120dbf is incompatible with ctypesgen.

This makes it impossible to install a package via pip3 install while using an unreleased version of a setup dependency.
I am aware that dependency validation was added on purpose, but this particular behaviour is neither justified nor desirable.

Expected behavior

ctypesgen==1.0.3.dev98+g2120dbf fulfils the requirement ctypesgen defined in pyproject.toml:build-system:requires. It should thus not cause an error.

Commit in question: 0c6d20f

pip version

22.1

Python version

3.8.10

OS

Ubuntu 20.04 (Linux)

How to Reproduce

git clone "https://github.com/ctypesgen/ctypesgen.git"
cd ctypesgen
pip3 install .
cd ..
python3 -m pip install pip==22.1
git clone "https://github.com/pypdfium2-team/pypdfium2.git"
cd pypdfium2
pip3 install . -v --no-build-isolation
cd ..
rm -rf ctypesgen pypdfium2

Output

mara@ub2020:/tmp$ git clone "https://github.com/ctypesgen/ctypesgen.git"
Klone nach 'ctypesgen' …
remote: Enumerating objects: 2014, done.
remote: Counting objects: 100% (199/199), done.
remote: Compressing objects: 100% (54/54), done.
remote: Total 2014 (delta 157), reused 145 (delta 145), pack-reused 1815
Empfange Objekte: 100% (2014/2014), 1.11 MiB | 6.06 MiB/s, fertig.
Löse Unterschiede auf: 100% (1295/1295), fertig.
mara@ub2020:/tmp$ cd ctypesgen
mara@ub2020:/tmp/ctypesgen$ pip3 install .
Defaulting to user installation because normal site-packages is not writeable
Processing /tmp/ctypesgen
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Installing backend dependencies ... done
  Preparing metadata (pyproject.toml) ... done
Building wheels for collected packages: ctypesgen
  Building wheel for ctypesgen (pyproject.toml) ... done
  Created wheel for ctypesgen: filename=ctypesgen-1.0.3.dev98+g2120dbf-py3-none-any.whl size=124318 sha256=b456fcde59ffd9a4b32308b9f9edd79d44dba1a0951b2423b28a66a7b6c8d15f
  Stored in directory: /tmp/pip-ephem-wheel-cache-bahnw45i/wheels/ea/0e/da/227e0ec876339d2ee5e1ec3bf0476fd4eb2076109ca8d08ee0
Successfully built ctypesgen
Installing collected packages: ctypesgen
  Attempting uninstall: ctypesgen
    Found existing installation: ctypesgen 1.0.3.dev98+g2120dbf
    Uninstalling ctypesgen-1.0.3.dev98+g2120dbf:
      Successfully uninstalled ctypesgen-1.0.3.dev98+g2120dbf
Successfully installed ctypesgen-1.0.3.dev98+g2120dbf
mara@ub2020:/tmp/ctypesgen$ cd ..
mara@ub2020:/tmp$ python3 -m pip install pip==22.1
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: pip==22.1 in /home/mara/.local/lib/python3.8/site-packages (22.1)
mara@ub2020:/tmp$ git clone "https://github.com/pypdfium2-team/pypdfium2.git"
Klone nach 'pypdfium2' …
remote: Enumerating objects: 5138, done.
remote: Counting objects: 100% (2084/2084), done.
remote: Compressing objects: 100% (589/589), done.
remote: Total 5138 (delta 1542), reused 1824 (delta 1390), pack-reused 3054
Empfange Objekte: 100% (5138/5138), 1.19 MiB | 2.95 MiB/s, fertig.
Löse Unterschiede auf: 100% (3415/3415), fertig.
mara@ub2020:/tmp$ cd pypdfium2
mara@ub2020:/tmp/pypdfium2$ pip3 install . -v --no-build-isolation
Using pip 22.1 from /home/mara/.local/lib/python3.8/site-packages/pip (python 3.8)
Defaulting to user installation because normal site-packages is not writeable
Processing /tmp/pypdfium2
ERROR: Some build dependencies for file:///tmp/pypdfium2 conflict with the backend dependencies: ctypesgen==1.0.3.dev98+g2120dbf is incompatible with ctypesgen.
mara@ub2020:/tmp/pypdfium2$ cd ..
mara@ub2020:/tmp$ rm -rf ctypesgen pypdfium2
mara@ub2020:/tmp$

Code of Conduct

@mara004 mara004 added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels May 15, 2022
mara004 added a commit to pypdfium2-team/pypdfium2 that referenced this issue May 15, 2022
@q0w
Copy link
Contributor

q0w commented May 16, 2022

duplicate #11116

@mara004
Copy link
Author

mara004 commented May 16, 2022

duplicate #11116

This is another case broken by the change, but it's different, as you can deduce from the error message. I don't think this issue is a duplicate of it. I like the general idea behind validating dependencies with --no-build-isolation, but this is just a situation where it misbehaves, which should be fixed. Making validation optional is good, but won't fix the actual problem I reported here.

@q0w
Copy link
Contributor

q0w commented May 16, 2022

Its the same issue with another case: conflicting reqs. The fix is already merged #11117

@mara004
Copy link
Author

mara004 commented May 16, 2022

This case is claimed to be a conflicting requirement, but it's erroneous:
We have the requirement ctypesgen, and ctypesgen==1.0.3.dev98+g2120dbf is supposed to fulfil this, but pip complains. So while #11117 will restore the previous behaviour, it will not fix the actual bug in the validation.

mara004 added a commit to pypdfium2-team/pypdfium2 that referenced this issue May 16, 2022
mara004 added a commit to pypdfium2-team/pypdfium2 that referenced this issue May 16, 2022
@q0w
Copy link
Contributor

q0w commented May 16, 2022

Srry, yes, its another issue.

@layday
Copy link
Member

layday commented May 16, 2022

This is because 1.0.3.dev98+g2120dbf is a pre-release which the packaging library, used to check whether a version exists in a range, discards by default. This:

if dist.version not in req.specifier:

... should be:

                if not req.specifier.contains(dist.version, prereleases=True):

@mara004
Copy link
Author

mara004 commented May 16, 2022

Thanks!

inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue May 23, 2022
Bumps [pip](https://github.com/pypa/pip) from 22.1 to 22.1.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.1.1 (2022-05-20)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Properly filter out optional dependencies (i.e. extras) when checking build environment distributions. (<code>[#11112](pypa/pip#11112) &lt;https://github.com/pypa/pip/issues/11112&gt;</code>_)</li>
<li>Change the build environment dependency checking to be opt-in. (<code>[#11116](pypa/pip#11116) &lt;https://github.com/pypa/pip/issues/11116&gt;</code>_)</li>
<li>Allow using a pre-release version to satisfy a build requirement. This helps
manually populated build environments to more accurately detect build-time
requirement conflicts. (<code>[#11123](pypa/pip#11123) &lt;https://github.com/pypa/pip/issues/11123&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/ca2d9f41931a449b8c1b27d02031199d91af93e7"><code>ca2d9f4</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/f20ab575b930b44ea524b0dbdb162f3cecfdf890"><code>f20ab57</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11124">#11124</a> from uranusjr/use-contain-for-checking</li>
<li><a href="https://github.com/pypa/pip/commit/f7c05a51241e3ea656f94f2d79d0afdcf2b0165f"><code>f7c05a5</code></a> Allow pre-release to satisfy build requirements</li>
<li><a href="https://github.com/pypa/pip/commit/30af8074bf83d41a9dacdcd13fb6ca982856032d"><code>30af807</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11117">#11117</a> from q0w/opt-check</li>
<li><a href="https://github.com/pypa/pip/commit/923cb5a197a742bf83797c2190118bdb0e276753"><code>923cb5a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11119">#11119</a> from pradyunsg/move-add_requirement-to-legacy-resolver</li>
<li><a href="https://github.com/pypa/pip/commit/d673aa14284788ea12a789b34846353b7cb3d46f"><code>d673aa1</code></a> Move <code>RequirementSet.add_requirement</code> into <code>LegacyResolver</code></li>
<li><a href="https://github.com/pypa/pip/commit/3166157e406eeaa3e4a6e4db586b04122b411fe9"><code>3166157</code></a> Opt to check build dependencies</li>
<li><a href="https://github.com/pypa/pip/commit/0a982f6444a4e08f601d4b0744b25dd19697306a"><code>0a982f6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11112">#11112</a> from pradyunsg/filter-out-build-env-extras</li>
<li><a href="https://github.com/pypa/pip/commit/bf090d37d18f27a60839063d02f607185a8d1164"><code>bf090d3</code></a> 📰</li>
<li><a href="https://github.com/pypa/pip/commit/d0c89a151c82a91161477cc9b385833efc18289a"><code>d0c89a1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10865">#10865</a> from pypa/pradyunsg-patch-1</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.1...22.1.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.1&new-version=22.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this issue May 23, 2022
Bumps [pip](https://github.com/pypa/pip) from 22.1 to 22.1.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>22.1.1 (2022-05-20)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>Properly filter out optional dependencies (i.e. extras) when checking build environment distributions. (<code>[#11112](pypa/pip#11112) &lt;https://github.com/pypa/pip/issues/11112&gt;</code>_)</li>
<li>Change the build environment dependency checking to be opt-in. (<code>[#11116](pypa/pip#11116) &lt;https://github.com/pypa/pip/issues/11116&gt;</code>_)</li>
<li>Allow using a pre-release version to satisfy a build requirement. This helps
manually populated build environments to more accurately detect build-time
requirement conflicts. (<code>[#11123](pypa/pip#11123) &lt;https://github.com/pypa/pip/issues/11123&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/ca2d9f41931a449b8c1b27d02031199d91af93e7"><code>ca2d9f4</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/f20ab575b930b44ea524b0dbdb162f3cecfdf890"><code>f20ab57</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11124">#11124</a> from uranusjr/use-contain-for-checking</li>
<li><a href="https://github.com/pypa/pip/commit/f7c05a51241e3ea656f94f2d79d0afdcf2b0165f"><code>f7c05a5</code></a> Allow pre-release to satisfy build requirements</li>
<li><a href="https://github.com/pypa/pip/commit/30af8074bf83d41a9dacdcd13fb6ca982856032d"><code>30af807</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11117">#11117</a> from q0w/opt-check</li>
<li><a href="https://github.com/pypa/pip/commit/923cb5a197a742bf83797c2190118bdb0e276753"><code>923cb5a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11119">#11119</a> from pradyunsg/move-add_requirement-to-legacy-resolver</li>
<li><a href="https://github.com/pypa/pip/commit/d673aa14284788ea12a789b34846353b7cb3d46f"><code>d673aa1</code></a> Move <code>RequirementSet.add_requirement</code> into <code>LegacyResolver</code></li>
<li><a href="https://github.com/pypa/pip/commit/3166157e406eeaa3e4a6e4db586b04122b411fe9"><code>3166157</code></a> Opt to check build dependencies</li>
<li><a href="https://github.com/pypa/pip/commit/0a982f6444a4e08f601d4b0744b25dd19697306a"><code>0a982f6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11112">#11112</a> from pradyunsg/filter-out-build-env-extras</li>
<li><a href="https://github.com/pypa/pip/commit/bf090d37d18f27a60839063d02f607185a8d1164"><code>bf090d3</code></a> 📰</li>
<li><a href="https://github.com/pypa/pip/commit/d0c89a151c82a91161477cc9b385833efc18289a"><code>d0c89a1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10865">#10865</a> from pypa/pradyunsg-patch-1</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.1...22.1.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.1&new-version=22.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 17, 2022
@pradyunsg pradyunsg removed the S: needs triage Issues/PRs that need to be triaged label Mar 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
type: bug A confirmed bug or unintended behavior
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants