Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Filter available distributions using hash declarations from constraints files #10962

Merged
merged 3 commits into from
Mar 16, 2022

Conversation

q0w
Copy link
Contributor

@q0w q0w commented Mar 14, 2022

Closes #9243

is_pinned implementation is fixed according to #10625 (comment).

Copy link
Member

@uranusjr uranusjr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thanks a lot !

@q0w

This comment was marked as outdated.

@uranusjr
Copy link
Member

uranusjr commented Mar 14, 2022

Hmm, tests are failing. Does this break existing code…? It seems like the current hash (and specifier) forwarding logic is not good enough. Maybe we need to somehow merge the values, instead of simply replacing?

@uranusjr uranusjr self-requested a review March 14, 2022 09:03
@q0w
Copy link
Contributor Author

q0w commented Mar 14, 2022

I tested this against examples from #9243 and #8792

@q0w
Copy link
Contributor Author

q0w commented Mar 14, 2022

Yes, it should somehow merge values or check if they are not None.

@q0w
Copy link
Contributor Author

q0w commented Mar 14, 2022

@uranusjr fixed. What about #10625 (comment)

In provider.py, there’s a pinned = any(op[:2] == "==" for op in operators) that can be tightened up. This one just offers a “hint” to the resolver so the current logic is not very careful with the definition of “pinned”, but since we have a proper implementation now it’s a good idea to reuse it.

@uranusjr
Copy link
Member

You can also fix that in this PR if you want to (just use your is_pinn for that), but this looks for me as-is.

@pradyunsg pradyunsg changed the title Pick up constraints for template Filter available distributions using hash declarations from constraints files Mar 16, 2022
news/9243.bugfix.rst Outdated Show resolved Hide resolved
@pradyunsg pradyunsg merged commit 0c28452 into pypa:main Mar 16, 2022
@pradyunsg
Copy link
Member

Thanks @q0w! ^>^

@graingert
Copy link
Contributor

when running with pip 0c28452 I still get:

pip install -c requirements.txt black
Collecting black
ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    black from [files.pythonhosted.org/packages/a5/59/bd6d44da2b364fd2bd7a0b2ce2edfe200b79faad1cde14ce5ef13d504393/black-22.1.0-py3-none-any.whl#sha256=3524739d76b6b3ed1132422bf9d82123cd1705086723bc3e235ca39fd21c667d](https://files.pythonhosted.org/packages/a5/59/bd6d44da2b364fd2bd7a0b2ce2edfe200b79faad1cde14ce5ef13d504393/black-22.1.0-py3-none-any.whl#sha256=3524739d76b6b3ed1132422bf9d82123cd1705086723bc3e235ca39fd21c667d)

even though I have 3524739d76b6b3ed1132422bf9d82123cd1705086723bc3e235ca39fd21c667d in my requirements.txt

see https://github.com/graingert/constraints-demo/runs/5568222864?check_suite_focus=true#step:5:8

@q0w
Copy link
Contributor Author

q0w commented Mar 16, 2022

@graingert I tried your setup project with pip install git+https://github.com/pypa/pip.git@main and its all OK

pip install git+https://github.com/pypa/pip.git@main
pip install -c requirements.txt black

@graingert
Copy link
Contributor

graingert commented Mar 16, 2022

@graingert I tried your setup project with pip install git+https://github.com/pypa/pip.git@main and its all OK

pip install git+https://github.com/pypa/pip.git@main
pip install -c requirements.txt black

thanks for looking into this, I'm sorry for the noise on this PR as looking into this further it seems to happen on both the legacy and regular resolver and so unrelated to this PR - I just happened to be using an alpha build of python to try out your new fix!

when I run with the legacy resolver I get:

$ pip install --use-deprecated=legacy-resolver -c requirements.txt black                               
Ignoring black: markers 'python_full_version >= "3.6.2"' don't match your environment
Ignoring click: markers 'python_version >= "3.6" and python_full_version >= "3.6.2"' don't match your environment
Ignoring colorama: markers 'python_version >= "3.6" and python_full_version >= "3.6.2" and platform_system == "Windows"' don't match your environment
Ignoring mypy-extensions: markers 'python_full_version >= "3.6.2"' don't match your environment
Ignoring pathspec: markers 'python_full_version >= "3.6.2"' don't match your environment
Ignoring platformdirs: markers 'python_version >= "3.7" and python_full_version >= "3.6.2"' don't match your environment
Ignoring tomli: markers 'python_version >= "3.7" and python_full_version >= "3.6.2"' don't match your environment
Collecting black
ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    black from https://files.pythonhosted.org/packages/a5/59/bd6d44da2b364fd2bd7a0b2ce2edfe200b79faad1cde14ce5ef13d504393/black-22.1.0-py3-none-any.whl#sha256=3524739d76b6b3ed1132422bf9d82123cd1705086723bc3e235ca39fd21c667d

which is related to how the markers are evaluated:

Python 3.11.0a5 (main, Feb 12 2022, 17:11:59) [GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from packaging.markers import Marker
>>> Marker("python_full_version > '3.6.2'")
<Marker('python_full_version > "3.6.2"')>
>>> Marker("python_full_version > '3.6.2'").evaluate({"python_full_version": "3.11.0a5"})
False
>>> Marker("python_full_version > '3.6.2'").evaluate({"python_full_version": "3.11"})
True
>>> 

@pradyunsg
Copy link
Member

As far as I understand, this introduced a regression, see #11019.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[regression] resolvelib-based dependency processing of constraints with hashes fails to "see" the exact pins
4 participants