Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

pypi_provider asks for bogus requirement pkg_resources==0.0.0

See original GitHub issue

Bug description

When running pip-audit with some requirements files, it fails to complete because bogus requirement pkg_resources==0.0.0 is introduced by pypi_provider. E.g. resolvelib.resolvers.ResolutionImpossible: [RequirementInformation(requirement=<Requirement('pkg_resources==0.0.0')>, parent=<django-admin-inline-paginator==0.2.2 wheel=False>)]

If the requirements are installed in a virtualenv and pip-audit is run from the virtualenv without further arguments, it works as expected.

Reproduction steps

  • Test requirements file:
    asgiref==3.4.1
Django==3.2.11
django-admin-inline-paginator==0.2.2
sqlparse==0.4.2
  • Doesn’t work (see detailed log below):
    pip-audit --progress-spinner off -r requirements.txt
  • Works:
    python -m venv pyenv
. ./pyenv/bin/activate
pip install --progress-spinner off -r requirements.txt
pip-audit

Expected behavior

It should work in both cases.

Screenshots and logs

Command output:

root@e6916ccc1c6e:/home/jenkins/requirements/pip-audit# pip-audit --progress-spinner off -r requirements.txt
Processing /tmp/tmps34xwl6x/django-admin-inline-paginator-0.2.2.tar.gz
  Preparing metadata (setup.py) ... done
Collecting django
  Using cached Django-4.0.1-py3-none-any.whl (8.0 MB)
Collecting sqlparse>=0.2.2
  Using cached sqlparse-0.4.2-py3-none-any.whl (42 kB)
Collecting asgiref<4,>=3.4.1
  Using cached asgiref-3.4.1-py3-none-any.whl (25 kB)
Building wheels for collected packages: django-admin-inline-paginator
  Building wheel for django-admin-inline-paginator (setup.py) ... done
  Created wheel for django-admin-inline-paginator: filename=django_admin_inline_paginator-0.2.2-py3-none-any.whl size=8867 sha256=8d31eec5a7c40c2e2e52599e866a0af39a9a3758da17b2783cf4c1cae629f613
  Stored in directory: /root/.cache/pip/wheels/a6/35/82/b063855c1c9dda00d174cf9f7c2152f2bb9690618aa233acf3
Successfully built django-admin-inline-paginator
Installing collected packages: sqlparse, asgiref, django, django-admin-inline-paginator
Successfully installed asgiref-3.4.1 django-4.0.1 django-admin-inline-paginator-0.2.2 sqlparse-0.4.2
Traceback (most recent call last):
  File "/home/jenkins/requirements/pip-audit/pyenv/bin/pip-audit", line 8, in <module>
    sys.exit(audit())
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_cli.py", line 268, in audit
    for (spec, vulns) in auditor.audit(source):
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_audit.py", line 60, in audit
    yield from self._service.query_all(specs)
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_service/interface.py", line 115, in query_all
    for spec in specs:
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_dependency_source/requirement.py", line 63, in collect
    for _, deps in self.resolver.resolve_all(iter(req_values)):
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_dependency_source/interface.py", line 67, in resolve_all
    yield (req, self.resolve(req))
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_dependency_source/resolvelib/resolvelib.py", line 53, in resolve
    result = self.resolver.resolve([req])
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/resolvelib/resolvers.py", line 481, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/resolvelib/resolvers.py", line 385, in resolve
    raise ResolutionImpossible(self.state.backtrack_causes)
resolvelib.resolvers.ResolutionImpossible: [RequirementInformation(requirement=<Requirement('pkg_resources==0.0.0')>, parent=<django-admin-inline-paginator==0.2.2 wheel=False>)]

Verbose output:

root@e6916ccc1c6e:/home/jenkins/requirements/pip-audit# pip-audit --verbose --progress-spinner off -r requirements.txt
DEBUG:pip_audit._cli:parsed arguments: Namespace(local=False, requirements=[<_io.TextIOWrapper name='requirements.txt' mode='r' encoding='UTF-8'>], format=<OutputFormatChoice.Columns: 'columns'>, vulnerability_service=<VulnerabilityServiceChoice.Pypi: 'pypi'>, dry_run=False, strict=False, desc=<VulnerabilityDescriptionChoice.Auto: 'auto'>, cache_dir=None, progress_spinner=<ProgressSpinnerChoice.Off: 'off'>, timeout=15, paths=[], verbose=True)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/asgiref" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/asgiref/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 61
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 61
DEBUG:cachecontrol.controller:Looking up "https://files.pythonhosted.org/packages/fe/66/577f32b54c50dcd8dec38447258e82ed327ecb86820d67ae7b3dea784f13/asgiref-3.4.1-py3-none-any.whl" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 22869
DEBUG:cachecontrol.controller:Ignoring unknown cache-control directive: immutable
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 365000000
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:365000000 > 22869
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/asgiref/3.4.1/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 66
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 66
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/django" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/django/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 62
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 62
DEBUG:cachecontrol.controller:Looking up "https://files.pythonhosted.org/packages/03/40/1ec2b4abb0c91f0c6195692a9f7a3709f1c0fe95258f3e4d8aa7d8dab92b/Django-3.2.11-py3-none-any.whl" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 22364
DEBUG:cachecontrol.controller:Ignoring unknown cache-control directive: immutable
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 365000000
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:365000000 > 22364
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/asgiref" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/asgiref/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 61
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 61
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/pytz" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/pytz/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 195
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/sqlparse" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/sqlparse/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 62
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 62
DEBUG:cachecontrol.controller:Looking up "https://files.pythonhosted.org/packages/fe/66/577f32b54c50dcd8dec38447258e82ed327ecb86820d67ae7b3dea784f13/asgiref-3.4.1-py3-none-any.whl" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 22869
DEBUG:cachecontrol.controller:Ignoring unknown cache-control directive: immutable
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 365000000
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:365000000 > 22869
DEBUG:cachecontrol.controller:Looking up "https://files.pythonhosted.org/packages/05/40/d836d55fb3f467243ee839ab7b814822fda522cd395fa41e282684e71ee5/sqlparse-0.4.2-py3-none-any.whl" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 22866
DEBUG:cachecontrol.controller:Ignoring unknown cache-control directive: immutable
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 365000000
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:365000000 > 22866
DEBUG:cachecontrol.controller:Looking up "https://files.pythonhosted.org/packages/d3/e3/d9f046b5d1c94a3aeab15f1f867aa414f8ee9d196fae6865f1d6a0ee1a0b/pytz-2021.3-py2.py3-none-any.whl" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 22579
DEBUG:cachecontrol.controller:Ignoring unknown cache-control directive: immutable
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 365000000
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:365000000 > 22579
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/django/3.2.11/json" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/Django/3.2.11/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 65
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 65
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/sqlparse/0.4.2/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 65
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 65
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/pypi/pytz/2021.3/json" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 65
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 900
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:900 > 65
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/django-admin-inline-paginator" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/django-admin-inline-paginator/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 195
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 195
DEBUG:cachecontrol.controller:Looking up "https://files.pythonhosted.org/packages/4c/b5/d3abb8682b168cb2d4119879215428ca63b33b524a6f1f4dc6f11ef14dcf/django-admin-inline-paginator-0.2.2.tar.gz" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 22548
DEBUG:cachecontrol.controller:Ignoring unknown cache-control directive: immutable
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 365000000
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:365000000 > 22548
Processing /tmp/tmpecurcpka/django-admin-inline-paginator-0.2.2.tar.gz
  Preparing metadata (setup.py) ... done
Collecting django
  Using cached Django-4.0.1-py3-none-any.whl (8.0 MB)
Collecting sqlparse>=0.2.2
  Using cached sqlparse-0.4.2-py3-none-any.whl (42 kB)
Collecting asgiref<4,>=3.4.1
  Using cached asgiref-3.4.1-py3-none-any.whl (25 kB)
Building wheels for collected packages: django-admin-inline-paginator
  Building wheel for django-admin-inline-paginator (setup.py) ... done
  Created wheel for django-admin-inline-paginator: filename=django_admin_inline_paginator-0.2.2-py3-none-any.whl size=8867 sha256=286b8aeb24e9153695108c12919029209828fd51b701693b272002e833229766
  Stored in directory: /root/.cache/pip/wheels/22/23/ae/274c6b4a0e54de476df4e41550a01f2dabd996a8d114c143e7
Successfully built django-admin-inline-paginator
Installing collected packages: sqlparse, asgiref, django, django-admin-inline-paginator
Successfully installed asgiref-3.4.1 django-4.0.1 django-admin-inline-paginator-0.2.2 sqlparse-0.4.2
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/asgiref" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/asgiref/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 2
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 2
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/django" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/django/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 3
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 3
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/django-admin-inline-paginator" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/django-admin-inline-paginator/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 201
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 201
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/pip" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/pip/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 2
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 2
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/pkg-resources" in the cache
DEBUG:cachecontrol.controller:Returning cached permanent redirect response (ignoring date and etag information)
DEBUG:cachecontrol.controller:Looking up "https://pypi.org/simple/pkg-resources/" in the cache
DEBUG:cachecontrol.controller:Current age based on date: 194
DEBUG:cachecontrol.controller:Freshness lifetime from max-age: 600
DEBUG:cachecontrol.controller:The response is "fresh", returning cached response
DEBUG:cachecontrol.controller:600 > 194
Traceback (most recent call last):
  File "/home/jenkins/requirements/pip-audit/pyenv/bin/pip-audit", line 8, in <module>
    sys.exit(audit())
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_cli.py", line 268, in audit
    for (spec, vulns) in auditor.audit(source):
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_audit.py", line 60, in audit
    yield from self._service.query_all(specs)
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_service/interface.py", line 115, in query_all
    for spec in specs:
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_dependency_source/requirement.py", line 63, in collect
    for _, deps in self.resolver.resolve_all(iter(req_values)):
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_dependency_source/interface.py", line 67, in resolve_all
    yield (req, self.resolve(req))
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/pip_audit/_dependency_source/resolvelib/resolvelib.py", line 53, in resolve
    result = self.resolver.resolve([req])
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/resolvelib/resolvers.py", line 481, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
  File "/home/jenkins/requirements/pip-audit/pyenv/lib/python3.9/site-packages/resolvelib/resolvers.py", line 385, in resolve
    raise ResolutionImpossible(self.state.backtrack_causes)
resolvelib.resolvers.ResolutionImpossible: [RequirementInformation(requirement=<Requirement('pkg_resources==0.0.0')>, parent=<django-admin-inline-paginator==0.2.2 wheel=False>)]

Platform information

  • OS name and version: Debian 11, Docker
  • pip-audit version (pip-audit -V): pip-audit 1.1.1
  • Python version (python -V or python3 -V): Python 3.9.2
  • pip version (pip -V or pip3 -V): pip 21.3.1 from /root/.local/lib/python3.9/site-packages/pip (python 3.9)

Additional context

The exception trace is in resolvelib. But I’ve tracked down where the bogus dependency is generated. It boils down to this function in resolvers.py. Which from what I understand is implemented by pypi_provider.py of pip-audit.

def _get_updated_criteria(self, candidate):
      criteria = self.state.criteria.copy()
      for requirement in self._p.get_dependencies(candidate=candidate):
          self._add_to_criteria(criteria, requirement, parent=candidate)
      return criteria

Issue Analytics

  • State:open
  • Created 2 years ago
  • Comments:12 (8 by maintainers)

github_iconTop GitHub Comments

1reaction
dicommented, Jun 1, 2022

Note that https://peps.python.org/pep-0668/ might eventually help with this, but it’ll probably be a while.

1reaction
woodruffwcommented, Jan 7, 2022

Just for future visiblity: here are the xrefs for the same pkg_resources=0.0.0 pain in pip: https://github.com/pypa/pip/issues/8331 https://github.com/pypa/pip/issues/4022

Read more comments on GitHub >

github_iconTop Results From Across the Web

What is "pkg-resources==0.0.0" in output of pip freeze ...
When deploying on a debian 8.5 running "pip install -r requirements.txt" pip complains that pkg-resources is "not found" but there is a ...
Read more >
No matching distribution found for pkg-resources==0.0.0
When someone used pip freeze > requirements.txt to write the pip freeze's output requirements to a file, a bug of that library leads...
Read more >
Buildout troubleshooting — Plone Documentation v5.2
You see this error when trying to start Plone. This means that buildout did not complete correctly and did not generate configuration files....
Read more >
Can't deploy to PyPI anymore: pkg_resources. ...
Hi! I am having problems deploying new package versions to PyPI: https://travis-ci.com/github/spinlud/py-linkedin-jobs-scraper/jobs/ ...
Read more >
How to upgrade from 1.0.13 to 1.2
Download error on https://pypi.python.org/simple/Trac/: [Errno 101] Network is ... Trac[loader] DEBUG: Adding plugin GroupTicketFields 0.0.1dev-r0 from ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Exempt editable packages

Next page

1.1.0: TypeError: installed_distributions() got an unexpected keyword argument 'paths'