-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
regression: --no-build-isolation
validation causes failure with setup deps installed from custom commit
#11123
Comments
duplicate #11116 |
This is another case broken by the change, but it's different, as you can deduce from the error message. I don't think this issue is a duplicate of it. I like the general idea behind validating dependencies with |
Its the same issue with another case: conflicting reqs. The fix is already merged #11117 |
This case is claimed to be a conflicting requirement, but it's erroneous: |
Srry, yes, its another issue. |
This is because pip/src/pip/_internal/build_env.py Line 190 in 30af807
... should be: if not req.specifier.contains(dist.version, prereleases=True): |
Thanks! |
Bumps [pip](https://github.com/pypa/pip) from 22.1 to 22.1.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>22.1.1 (2022-05-20)</h1> <h2>Bug Fixes</h2> <ul> <li>Properly filter out optional dependencies (i.e. extras) when checking build environment distributions. (<code>[#11112](pypa/pip#11112) <https://github.com/pypa/pip/issues/11112></code>_)</li> <li>Change the build environment dependency checking to be opt-in. (<code>[#11116](pypa/pip#11116) <https://github.com/pypa/pip/issues/11116></code>_)</li> <li>Allow using a pre-release version to satisfy a build requirement. This helps manually populated build environments to more accurately detect build-time requirement conflicts. (<code>[#11123](pypa/pip#11123) <https://github.com/pypa/pip/issues/11123></code>_)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/ca2d9f41931a449b8c1b27d02031199d91af93e7"><code>ca2d9f4</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/f20ab575b930b44ea524b0dbdb162f3cecfdf890"><code>f20ab57</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11124">#11124</a> from uranusjr/use-contain-for-checking</li> <li><a href="https://github.com/pypa/pip/commit/f7c05a51241e3ea656f94f2d79d0afdcf2b0165f"><code>f7c05a5</code></a> Allow pre-release to satisfy build requirements</li> <li><a href="https://github.com/pypa/pip/commit/30af8074bf83d41a9dacdcd13fb6ca982856032d"><code>30af807</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11117">#11117</a> from q0w/opt-check</li> <li><a href="https://github.com/pypa/pip/commit/923cb5a197a742bf83797c2190118bdb0e276753"><code>923cb5a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11119">#11119</a> from pradyunsg/move-add_requirement-to-legacy-resolver</li> <li><a href="https://github.com/pypa/pip/commit/d673aa14284788ea12a789b34846353b7cb3d46f"><code>d673aa1</code></a> Move <code>RequirementSet.add_requirement</code> into <code>LegacyResolver</code></li> <li><a href="https://github.com/pypa/pip/commit/3166157e406eeaa3e4a6e4db586b04122b411fe9"><code>3166157</code></a> Opt to check build dependencies</li> <li><a href="https://github.com/pypa/pip/commit/0a982f6444a4e08f601d4b0744b25dd19697306a"><code>0a982f6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11112">#11112</a> from pradyunsg/filter-out-build-env-extras</li> <li><a href="https://github.com/pypa/pip/commit/bf090d37d18f27a60839063d02f607185a8d1164"><code>bf090d3</code></a> 📰</li> <li><a href="https://github.com/pypa/pip/commit/d0c89a151c82a91161477cc9b385833efc18289a"><code>d0c89a1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10865">#10865</a> from pypa/pradyunsg-patch-1</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.1...22.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.1&new-version=22.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Bumps [pip](https://github.com/pypa/pip) from 22.1 to 22.1.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>22.1.1 (2022-05-20)</h1> <h2>Bug Fixes</h2> <ul> <li>Properly filter out optional dependencies (i.e. extras) when checking build environment distributions. (<code>[#11112](pypa/pip#11112) <https://github.com/pypa/pip/issues/11112></code>_)</li> <li>Change the build environment dependency checking to be opt-in. (<code>[#11116](pypa/pip#11116) <https://github.com/pypa/pip/issues/11116></code>_)</li> <li>Allow using a pre-release version to satisfy a build requirement. This helps manually populated build environments to more accurately detect build-time requirement conflicts. (<code>[#11123](pypa/pip#11123) <https://github.com/pypa/pip/issues/11123></code>_)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/ca2d9f41931a449b8c1b27d02031199d91af93e7"><code>ca2d9f4</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/f20ab575b930b44ea524b0dbdb162f3cecfdf890"><code>f20ab57</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11124">#11124</a> from uranusjr/use-contain-for-checking</li> <li><a href="https://github.com/pypa/pip/commit/f7c05a51241e3ea656f94f2d79d0afdcf2b0165f"><code>f7c05a5</code></a> Allow pre-release to satisfy build requirements</li> <li><a href="https://github.com/pypa/pip/commit/30af8074bf83d41a9dacdcd13fb6ca982856032d"><code>30af807</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11117">#11117</a> from q0w/opt-check</li> <li><a href="https://github.com/pypa/pip/commit/923cb5a197a742bf83797c2190118bdb0e276753"><code>923cb5a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11119">#11119</a> from pradyunsg/move-add_requirement-to-legacy-resolver</li> <li><a href="https://github.com/pypa/pip/commit/d673aa14284788ea12a789b34846353b7cb3d46f"><code>d673aa1</code></a> Move <code>RequirementSet.add_requirement</code> into <code>LegacyResolver</code></li> <li><a href="https://github.com/pypa/pip/commit/3166157e406eeaa3e4a6e4db586b04122b411fe9"><code>3166157</code></a> Opt to check build dependencies</li> <li><a href="https://github.com/pypa/pip/commit/0a982f6444a4e08f601d4b0744b25dd19697306a"><code>0a982f6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/11112">#11112</a> from pradyunsg/filter-out-build-env-extras</li> <li><a href="https://github.com/pypa/pip/commit/bf090d37d18f27a60839063d02f607185a8d1164"><code>bf090d3</code></a> 📰</li> <li><a href="https://github.com/pypa/pip/commit/d0c89a151c82a91161477cc9b385833efc18289a"><code>d0c89a1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pypa/pip/issues/10865">#10865</a> from pypa/pradyunsg-patch-1</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/22.1...22.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=22.1&new-version=22.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Description
After updating from pip
22.0
to22.1
,--no-build-isolation
is incompatible with packages installed from a custom commit.We have setup code that depends on ctypesgen, which did not get a PyPI update for 3 years, while git main is improved regularly and considered stable. Therefore, we install ctypesgen from the latest sources, and then pass
--no-build-isolation
so that the newer ctypesgen is used, not a PyPI release downloaded into a venv. Since pip22.1
, this fails with the following error:This makes it impossible to install a package via
pip3 install
while using an unreleased version of a setup dependency.I am aware that dependency validation was added on purpose, but this particular behaviour is neither justified nor desirable.
Expected behavior
ctypesgen==1.0.3.dev98+g2120dbf
fulfils the requirementctypesgen
defined inpyproject.toml:build-system:requires
. It should thus not cause an error.Commit in question: 0c6d20f
pip version
22.1
Python version
3.8.10
OS
Ubuntu 20.04 (Linux)
How to Reproduce
Output
Code of Conduct
The text was updated successfully, but these errors were encountered: