Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generating hashes from files for incompatible wheels isn't working #1532

Closed
RazerM opened this issue Nov 10, 2021 · 1 comment · Fixed by #1540
Closed

Generating hashes from files for incompatible wheels isn't working #1532

RazerM opened this issue Nov 10, 2021 · 1 comment · Fixed by #1540
Labels
bug Something is not working hashes Related to hashes generated via --generate-hashes

Comments

@RazerM
Copy link
Member

RazerM commented Nov 10, 2021

Environment Versions

  1. OS Type: macOS
  2. Python version: 3.9.6
  3. pip version: 21.3.1
  4. pip-tools version: 6.4.0

Steps to replicate

(These replication steps require that you run this on a machine not compatible with the manylinux wheels provided in the demo repository used in the following commands)

  1. Create a requirements file using the project I prepared

    echo regex > requirements.in
pip-compile --index-url https://gitlab.com/api/v4/projects/31206336/packages/pypi/simple --no-header --generate-hashes -o normal.txt

  2. Patch the installed pip to remove this line.

  3. Generate a new requirements file:

    pip-compile --index-url https://gitlab.com/api/v4/projects/31206336/packages/pypi/simple --no-header --generate-hashes -o patched.txt

  4. Compare the files

    git diff --no-index normal.txt patched.txt

Expected result

Both files should include all hashes

Actual result

diff --git a/normal.txt b/patched.txt
index da086ab..23bc894 100644
--- a/normal.txt
+++ b/patched.txt
@@ -1,5 +1,10 @@
 --index-url https://gitlab.com/api/v4/projects/31206336/packages/pypi/simple

 regex==2021.11.10 \
+    --hash=sha256:05b7d6d7e64efe309972adab77fc2af8907bb93217ec60aa9fe12a0dad35874f \
+    --hash=sha256:30ab804ea73972049b7a2a5c62d97687d69b5a60a67adca07eb73a0ddbc9e29f \
+    --hash=sha256:85bfa6a5413be0ee6c5c4a663668a2cad2cbecdee367630d097d7823041bdeec \
+    --hash=sha256:962b9a917dd7ceacbe5cd424556914cb0d636001e393b43dc886ba31d2a1e449 \
+    --hash=sha256:ca5f18a75e1256ce07494e245cdb146f5a9267d3c702ebf9b65c7f8bd843431e \
     --hash=sha256:f341ee2df0999bfdf7a95e448075effe0db212a59387de1a70690e4acb03d4c6
     # via -r requirements.in

Only hashes compatible with my system are generated.

The easy solution I see would be to call self.finder.find_all_candidates.cache_clear() in PyPIRepository.allow_all_wheels, but as maintainers of the library you'll probably have more insight. Maybe even creating a new finder instance rather than rely on this implementation detail?
@RazerM RazerM mentioned this issue Dec 4, 2021
Merged
4 tasks
@RazerM
Copy link
Member Author

RazerM commented Apr 1, 2022

This is still an issue on pip-tools 6.5.1 with pip 22.0.4

RazerM pushed a commit to RazerM/pip-tools that referenced this issue Apr 4, 2022
@RazerM
Clear pip's candidates cache in allow_all_wheels
1ccdea5 
Fixes jazzband#1532

This issue only shows up for PyPI servers where we can't get hashes from
a JSON API. When pip-compile runs, `find_all_candidates` first gets
called outside of an `allow_all_wheels()` context, and pip caches the
list of candidates. Later, while pip-compile computes hashes from the
files, the effects of `allow_all_wheels()` are not seen because the
cached candidates are returned.

In order for the test to pass I've added a blank sdist for
small-fake-multi-arch so that there's always at least one candidate
when pypi_repository.get_hashes is called outside of allow_all_wheels
RazerM added a commit that referenced this issue Apr 4, 2022
@RazerM @atugushev
Clear pip's candidates cache in allow_all_wheels (#1540)
24ebb83 
Fixes #1532

This issue only shows up for PyPI servers where we can't get hashes from
a JSON API. When pip-compile runs, `find_all_candidates` first gets
called outside of an `allow_all_wheels()` context, and pip caches the
list of candidates. Later, while pip-compile computes hashes from the
files, the effects of `allow_all_wheels()` are not seen because the
cached candidates are returned.

In order for the test to pass I've added a blank sdist for
small-fake-multi-arch so that there's always at least one candidate
when pypi_repository.get_hashes is called outside of allow_all_wheels

Co-authored-by: Frazer McLean <[email protected]>
Co-authored-by: Albert Tugushev <[email protected]>
@atugushev atugushev added bug Something is not working hashes Related to hashes generated via --generate-hashes labels Apr 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working hashes Related to hashes generated via --generate-hashes
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix --generate-hashes when hashes are computed from files RazerM/pip-tools
2 participants
@RazerM @atugushev