-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
index restricted package cannot find sub-dependency when its index is non-default #5042
Comments
@gitpushdashf Can you provide more details such as the Pipfile? It has long been true that you need to use --pre in order to resolve and install pre-releases. I cannot think of what would have changed related to this between 2022.3.28 and 2022.4.8 based solely on what you've provided for details so far. |
I'll try to come up with a minimal test case here. Thank you! Edit: Here's a black example. This is working for me with 2022.3.28 and 2022.4.8, though.
|
@gitpushdashf Ok thanks, I didn't know that it wasn't required to specify --pre when the version is pinned specifically to a pre-release. That being said, your example worked fine on |
Thanks for testing it! I'm trying to reproduce this in a smaller repository and am not having a lot of luck. It seems to be related to using a private pypi, possibly with pre-release packages. I'll let you know if I come up with something. |
@gitpushdashf there are recent changes around private indexes, but they didn't first take effect in 2022.4.8. Likely you need to pin your private non-default package by index name in order for it to continue working for you. See this other thread for more details: #4672 (comment) |
I am using a pinned index for private packages. Will keep trying to reproduce. Actually... Let me check something. |
My main internal package looks like this: Pipfile that does an editable install of ., with a setup.cfg with dependencies (some internal, some not).
setup.cfg:
This has actually been working, even with 2022.3.8. I just replaced
Where I install this private package in other repositories, I've been doing |
@gitpushdashf you shouldn't have to specify any index for a locally installed editable package since its referencing to install something locally. Are you saying if you use --pre though that it does work, since a pre-release is involved in the dependency chain? |
I just tried Are you saying that editable installs resolve through whatever index pip is configured to use? |
@gitpushdashf No, I am not saying that. All of the editable installs shouldn't resolve through any index because they are locally available packages that are being installed. Don't read too much into that though, because the index restrictions work was all done in prior march releases which you say are working. In some ways there are not so many changes in the 2022.4.8 release, but in other ways the diff is massive because I split the utils.py into a utils module so I am unfortunately not able to pin point the source of your problem at this time. You can take a look at the diff on github between those two tags and see if anything stands out to you, but I ultimately tried to keep parity and just move the utils around. I'll give it some more thought and get back to you if I think of something. |
Thank you! I did manage to reduce this down into a smaller test case.
|
Just found out that it works for me if I remove the pypi index. For me, this is an acceptable solution. Thank you for your help! |
@gitpushdashf hmmm I think that I may have introduced this regression with my changes here: https://github.com/pypa/pipenv/pull/5024/files I will think more about it, please leave this issue opened. |
It's how I refactored that messy method, because it detects pypi is in your sources and I moved the link hash generation to after the pypi checking for some reason, had to do with private hash index collection for torch which also exists in pypi -- but now I need to revisit it based on your example. One problem is I may have with testing your example case is actually running the private pypi server. But I am sure that whats happening is your package isn't in pypi and the hash collection is failing on that because one of your sources is pypi. |
Though I am not 100% sure because in your stack trace its happening in the resolver and not actually when its collecting the hashes. |
@gitpushdashf Are you 100% sure that your latest example worked in |
Yes, as soon as I switch to 2022.3.28, it works fine as-is. With 2022.4.8: If I reorder the sources and put pypi before myindex, it works fine. If I remove the pypi index, it works fine. If I add back in the pypi index at the top, it fails. |
@gitpushdashf Do you mean if you put pypi after myindex it works fine?
Because later you say:
I think this all makes sense to me other than how it would have worked in 2022.3.28. Is it the resolution/lock phase that fails for you, or the sync/install phase or both? Note: |
Yes, that's right. It's defintely the locking phase, re-generating the lockfile. I usually induce that via |
@gitpushdashf I thought more about it and I think what happened is the index restrictions were extended in I can imagine a case where someone has two private package servers and both package servers have a package that is dependent on another package that is only in that private package server. It would be an edge case of index restrictions today that this would not work as both sub-dependencies would try to resolve to the parent index, but perhaps it would work if the user explicitly called out the sub-dependency and its required non-default index in the Pipfile. Either way I think that particular edge case would be a hard one to account for, despite that on some level it makes sense that the sub-dependency should use the same index the parent dependency is pinned too, in reality the resolver code I think looses this level of insight and it would be hard to make that mapping connection in the code. |
Though my logging doesn't seem to indicate that its using |
Work around for pipenv issue pypa/pipenv#5042
Ok, I am going to treat this as a question/request for support on the current behavior. If we want to improve the sub-dependency resolution of index restricted packages, then we need someone to write up an enhancement request/proposal that talks through a logical way to do that, or at least captures what the intended requirements are. Thanks! |
When upgrading from 2022.3.28 to 2022.4.8, a pre-release package identified with
==x.y.z.alpha
is no longer installing. I'm not using--pre
or anything like that. Going back to 2022.3.28, it installs fine. Or rather,pipenv update --dev
works fine.The text was updated successfully, but these errors were encountered: