Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Poetry not passing through SHAs for certain package versions. #5967

Closed
3 tasks done
TNonet opened this issue Jul 7, 2022 · 7 comments · Fixed by #5972
Closed
3 tasks done

Poetry not passing through SHAs for certain package versions. #5967

TNonet opened this issue Jul 7, 2022 · 7 comments · Fixed by #5972
Labels
kind/bug Something isn't working as expected

Comments

@TNonet
Copy link

TNonet commented Jul 7, 2022
edited
Loading

  • I am on the latest Poetry version.
  • I have searched the issues of this repo and believe that this is not a duplicate.
  • If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

Issue

Poetry is not passing through SHA values of packages in the poetry.lock file.

MWE:

poetry new test-sha
cd test-sha
poetry add requests==2.27.1
Updating dependencies
Resolving dependencies... (0.1s)

Writing lock file

Package operations: 5 installs, 0 updates, 0 removals

  • Installing certifi (2022.6.15)
  • Installing charset-normalizer (2.0.12)
  • Installing idna (3.3)
  • Installing urllib3 (1.26.10)
  • Installing requests (2.27.1)

Results in a poetry.lock file that is missing hashes.

...
packaging = []
pluggy = [
    {file = "pluggy-0.13.1-py2.py3-none-any.whl", hash = "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"},
    {file = "pluggy-0.13.1.tar.gz", hash = "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0"},
]
py = []
pyparsing = [
    {file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"},
    {file = "pyparsing-3.0.9.tar.gz", hash = "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"},
]
pytest = [
    {file = "pytest-5.4.3-py3-none-any.whl", hash = "sha256:5c0db86b698e8f170ba4582a492248919255fcd4c79b1ee64ace34301fb589a1"},
    {file = "pytest-5.4.3.tar.gz", hash = "sha256:7979331bfcba207414f5e1263b5a0f8f521d0f457318836a7355531ed1a4c7d8"},
]
requests = []
urllib3 = []
wcwidth = [
    {file = "wcwidth-0.2.5-py2.py3-none-any.whl", hash = "sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784"},
    {file = "wcwidth-0.2.5.tar.gz", hash = "sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83"},
]
@TNonet TNonet added kind/bug Something isn't working as expected status/triage This issue needs to be triaged labels Jul 7, 2022
@TNonet TNonet changed the title Poetry not passing through signed SHAs for certain package versions. Poetry not passing through SHAs for certain package versions. Jul 7, 2022
@TNonet
Copy link
Author

TNonet commented Jul 7, 2022

When requests is set to version 2.28.1 we now see the hash but it still is missing for several packages.

...
]
requests = [
    {file = "requests-2.28.1-py3-none-any.whl", hash = "sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349"},
    {file = "requests-2.28.1.tar.gz", hash = "sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983"},
]
urllib3 = []
...

@mkniewallner
Copy link
Member

Can't reproduce on Linux amd64, so I'm wondering if it could not be specific to arm64.
Could you try with version 1.2.0b2 and see if you notice the same issue?

@mkniewallner mkniewallner added status/waiting-on-response Waiting on response from author and removed status/triage This issue needs to be triaged labels Jul 7, 2022
@TNonet
Copy link
Author

TNonet commented Jul 7, 2022
edited
Loading

I am still seeing this issue with Poetry (version 1.2.0b2).

Running the MWE on a different computer:
OS version and name: 'macOS-10.16-x86_64-i386-64bit'
Poetry version: 1.1.13

I see similar issues but on different packages:

more-itertools = []
packaging = [
    {file = "packaging-21.3-py3-none-any.whl", hash = "sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522"},
    {file = "packaging-21.3.tar.gz", hash = "sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb"},
]
pluggy = [
    {file = "pluggy-0.13.1-py2.py3-none-any.whl", hash = "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"},
    {file = "pluggy-0.13.1.tar.gz", hash = "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0"},
]
py = [
    {file = "py-1.11.0-py2.py3-none-any.whl", hash = "sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378"},
    {file = "py-1.11.0.tar.gz", hash = "sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719"},
]
pyparsing = [
    {file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"},
    {file = "pyparsing-3.0.9.tar.gz", hash = "sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb"},
]
pytest = [
    {file = "pytest-5.4.3-py3-none-any.whl", hash = "sha256:5c0db86b698e8f170ba4582a492248919255fcd4c79b1ee64ace34301fb589a1"},
    {file = "pytest-5.4.3.tar.gz", hash = "sha256:7979331bfcba207414f5e1263b5a0f8f521d0f457318836a7355531ed1a4c7d8"},
]
requests = [
    {file = "requests-2.27.1-py2.py3-none-any.whl", hash = "sha256:f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d"},
    {file = "requests-2.27.1.tar.gz", hash = "sha256:68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61"},
]
urllib3 = []
wcwidth = [
    {file = "wcwidth-0.2.5-py2.py3-none-any.whl", hash = "sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784"},
    {file = "wcwidth-0.2.5.tar.gz", hash = "sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83"},
]

@dpp23 dpp23 mentioned this issue Jul 8, 2022
Merged
@dpp23
Copy link

dpp23 commented Jul 8, 2022
edited
Loading

This reproduces reliably on Ubuntu for me:

poetry cache clear pypi --all
poetry lock --no-update

then a lot of packages lose their hashes. It wasn't reproducing until I cleared the cache. This makes me think that it is an issue with pulling the data from PyPi.

@mkniewallner
Copy link
Member

It looks like pypi/warehouse#11775 is most likely the cause, per #5967.

@mkniewallner mkniewallner removed the status/waiting-on-response Waiting on response from author label Jul 8, 2022
@jonapich
Copy link
Contributor

jonapich commented Jul 8, 2022

I started using poetry export and ran into this issue as well with the boto3-stubs package. I wrote a bug over there thinking they packaged it in a weird way, but I guess I will link it back here and close it.

@jonapich jonapich mentioned this issue Jul 8, 2022
Closed
@mkniewallner mkniewallner mentioned this issue Jul 8, 2022
Merged
2 tasks
@dpp23 dpp23 mentioned this issue Jul 8, 2022
Merged
@KamilaBorowska KamilaBorowska mentioned this issue Jul 12, 2022
Closed
2 tasks
@TNonet TNonet mentioned this issue Aug 9, 2022
Closed
3 tasks
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 1, 2024

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Something isn't working as expected
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(repositories): use urls for versioned JSON API instead of releases
4 participants
@dpp23 @jonapich @mkniewallner @TNonet