Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Pip always upgrades VCS packages

See original GitHub issue

Description

If we’ll use pip to install a package which resides in VCS, it will try to upgrade the dependency every time we perform pip install (even if we’ll not use the -U flag). Note that it includes cloning the repository every time.

Important note: While using the deprecated resolver this bug doesn’t reproduce(I am currently using the deprecated legacy resolver in order to avoid re-cloning every time).

Expected behavior

The expected behavior is that when using pip install without the -U flag i want to avoid upgrading already-existing packages. In addition I wouldn’t like to clone them all over again to save time.

pip version

21.3.1

Python version

3.8.10

OS

Ubuntu 20.04

How to Reproduce

Use this setup.py

from setuptools import setup

setup(
    name="testing-git",
    install_requires=[
        "requests @ git+ssh://git@github.com/psf/requests.git"
    ]
)

go into the setup.py directory.
execute pip install .
execute pip install . again.

Output

Output for 3:

(venv) ohadberenstein@EU-99SB6J3:~/Dev/tmp$ pip install .
Processing /home/ohadberenstein/Dev/tmp
  Preparing metadata (setup.py) ... done
Collecting requests@ git+ssh://git@github.com/psf/requests.git
  Cloning ssh://****@github.com/psf/requests.git to /tmp/pip-install-6ab39s_e/requests_2e3aa7f4f37e4e3996ab901e0e39e26f
  Running command git clone --filter=blob:none -q 'ssh://****@github.com/psf/requests.git' /tmp/pip-install-6ab39s_e/requests_2e3aa7f4f37e4e3996ab901e0e39e26f
  Resolved ssh://****@github.com/psf/requests.git to commit 24dfbfde552bb8ce48eec415714cbe793cfa95bd
  Preparing metadata (setup.py) ... done
Collecting certifi>=2017.4.17
  Using cached certifi-2021.10.8-py2.py3-none-any.whl (149 kB)
Collecting urllib3<1.27,>=1.21.1
  Using cached urllib3-1.26.8-py2.py3-none-any.whl (138 kB)
Collecting charset_normalizer~=2.0.0
  Using cached charset_normalizer-2.0.10-py3-none-any.whl (39 kB)
Collecting idna<4,>=2.5
  Using cached idna-3.3-py3-none-any.whl (61 kB)
Using legacy 'setup.py install' for testing-git, since package 'wheel' is not installed.
Using legacy 'setup.py install' for requests, since package 'wheel' is not installed.
Installing collected packages: urllib3, idna, charset-normalizer, certifi, requests, testing-git
    Running setup.py install for requests ... done
    Running setup.py install for testing-git ... done
Successfully installed certifi-2021.10.8 charset-normalizer-2.0.10 idna-3.3 requests-2.27.1 testing-git-0.0.0 urllib3-1.26.8```

Output for 4:

(venv) ohadberenstein@EU-99SB6J3:~/Dev/tmp$ pip install .
Processing /home/ohadberenstein/Dev/tmp
  Preparing metadata (setup.py) ... done
Collecting requests@ git+ssh://git@github.com/psf/requests.git
  Cloning ssh://****@github.com/psf/requests.git to /tmp/pip-install-r2yqeb7x/requests_87f963b69ea64e72aab2d593f44da0e7
  Running command git clone --filter=blob:none -q 'ssh://****@github.com/psf/requests.git' /tmp/pip-install-r2yqeb7x/requests_87f963b69ea64e72aab2d593f44da0e7
  Resolved ssh://****@github.com/psf/requests.git to commit 24dfbfde552bb8ce48eec415714cbe793cfa95bd
  Preparing metadata (setup.py) ... done
Requirement already satisfied: certifi>=2017.4.17 in ./venv/lib/python3.8/site-packages (from requests@ git+ssh://git@github.com/psf/requests.git->testing-git==0.0.0) (2021.10.8)
Requirement already satisfied: urllib3<1.27,>=1.21.1 in ./venv/lib/python3.8/site-packages (from requests@ git+ssh://git@github.com/psf/requests.git->testing-git==0.0.0) (1.26.8)
Requirement already satisfied: charset_normalizer~=2.0.0 in ./venv/lib/python3.8/site-packages (from requests@ git+ssh://git@github.com/psf/requests.git->testing-git==0.0.0) (2.0.10)
Requirement already satisfied: idna<4,>=2.5 in ./venv/lib/python3.8/site-packages (from requests@ git+ssh://git@github.com/psf/requests.git->testing-git==0.0.0) (3.3)
Using legacy 'setup.py install' for testing-git, since package 'wheel' is not installed.
Installing collected packages: testing-git
  Attempting uninstall: testing-git
    Found existing installation: testing-git 0.0.0
    Uninstalling testing-git-0.0.0:
      Successfully uninstalled testing-git-0.0.0
    Running setup.py install for testing-git ... done
Successfully installed testing-git-0.0.0

Code of Conduct

I agree to follow the PSF Code of Conduct.

Issue Analytics

State:
Created 2 years ago
Comments:6 (4 by maintainers)

Top GitHub Comments

1reaction

webknjazcommented, Jan 27, 2022

Thinking about it more, since VCS packages get built from the source, this means that you may get a different result depending on your environment even if the commit hash does not change. Maybe pip could add an explanatory note to the output mentioning why the rebuild is required.

0reactions

pradyunsgcommented, Jan 27, 2022

Duplicate of https://github.com/pypa/pip/issues/5780, in the sense that the discussion there covers this topic.

Please search the issue tracker for duplicates before filing issues.