--selective-upgrade does not update hashes in Pipfile.lock
See original GitHub issueIssue description
If I update a package with --selective-upgrade, I can not install the update with sync.
Steps to replicate
pipenv install βdjango==2.2.18β pipenv install --selective-upgrade βdjango==2.2.19β pipenv --rm pipenv sync
Expected result
pipenv sync should install all packages from Pipfile.lock.
Actual result
$ pipenv sync
Creating a virtualenv for this project...
Pipfile: /home/mogoh/temp/Pipfile
Using /usr/bin/python3.8 (3.8.6) to create virtualenv...
β Ή Creating virtual environment...created virtual environment CPython3.8.6.final.0-64 in 114ms
creator CPython3Posix(dest=/home/mogoh/.local/share/virtualenvs/temp-O2KvBR8F, clear=False, global=False)
seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/home/mogoh/.local/share/virtualenv)
added seed packages: pip==20.2.4, pkg_resources==0.0.0, setuptools==50.3.2, wheel==0.35.1
activators BashActivator,CShellActivator,FishActivator,PowerShellActivator,PythonActivator,XonshActivator
β Successfully created virtual environment!
Virtualenv location: /home/mogoh/.virtualenvs/temp-O2KvBR8F
Installing dependencies from Pipfile.lock (d1ee3e)...
An error occurred while installing django==2.2.19 --hash=sha256:c9c994f5e0a032cbd45089798b52e4080f4dea7241c58e3e0636c54146480bb4 --hash=sha256:0eaca08f236bf502a9773e53623f766cc3ceee6453cc41e6de1c8b80f07d2364! Will try again.
π ββββββββββββββββββββββββββββββββ 3/3 β 00:00:00
Installing initially failed dependencies...
[InstallError]: File "/home/mogoh/.local/lib/python3.8/site-packages/pipenv/cli/command.py", line 684, in sync
[InstallError]: retcode = do_sync(
[InstallError]: File "/home/mogoh/.local/lib/python3.8/site-packages/pipenv/core.py", line 2884, in do_sync
[InstallError]: do_init(
[InstallError]: File "/home/mogoh/.local/lib/python3.8/site-packages/pipenv/core.py", line 1304, in do_init
[InstallError]: do_install_dependencies(
[InstallError]: File "/home/mogoh/.local/lib/python3.8/site-packages/pipenv/core.py", line 899, in do_install_dependencies
[InstallError]: batch_install(
[InstallError]: File "/home/mogoh/.local/lib/python3.8/site-packages/pipenv/core.py", line 796, in batch_install
[InstallError]: _cleanup_procs(procs, failed_deps_queue, retry=retry)
[InstallError]: File "/home/mogoh/.local/lib/python3.8/site-packages/pipenv/core.py", line 703, in _cleanup_procs
[InstallError]: raise exceptions.InstallError(c.dep.name, extra=err_lines)
[pipenv.exceptions.InstallError]: Collecting django==2.2.19
[pipenv.exceptions.InstallError]: Using cached Django-2.2.19-py3-none-any.whl (7.5 MB)
[pipenv.exceptions.InstallError]: ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
[pipenv.exceptions.InstallError]: django==2.2.19 from https://files.pythonhosted.org/packages/1a/ce/846a9dbf536991be0004f5ae414520c3a64eaa167d09e51d75ab410c45e8/Django-2.2.19-py3-none-any.whl#sha256=e319a7164d6d30cb177b3fd74d02c52f1185c37304057bb76d74047889c605d9 (from -r /tmp/pipenv-bdmyjhfi-requirements/pipenv-rkmf8g46-requirement.txt (line 1)):
[pipenv.exceptions.InstallError]: Expected sha256 0eaca08f236bf502a9773e53623f766cc3ceee6453cc41e6de1c8b80f07d2364
[pipenv.exceptions.InstallError]: Expected or c9c994f5e0a032cbd45089798b52e4080f4dea7241c58e3e0636c54146480bb4
[pipenv.exceptions.InstallError]: Got e319a7164d6d30cb177b3fd74d02c52f1185c37304057bb76d74047889c605d9
ERROR: Couldn't install package: django
Package installation failed...
β€ ββββββββββββββββββββββββββββββββ 0/1 β 00:00:00
$ pipenv --support
Pipenv version: '2020.11.15'
Pipenv location: '/home/mogoh/.local/lib/python3.8/site-packages/pipenv'
Python location: '/usr/bin/python3'
Python installations found:
3.8.6
:/usr/bin/python3.8
3.8.6
:/usr/bin/python3
PEP 508 Information:
{'implementation_name': 'cpython',
'implementation_version': '3.8.6',
'os_name': 'posix',
'platform_machine': 'x86_64',
'platform_python_implementation': 'CPython',
'platform_release': '5.8.0-43-generic',
'platform_system': 'Linux',
'platform_version': '#49-Ubuntu SMP Fri Feb 5 03:01:28 UTC 2021',
'python_full_version': '3.8.6',
'python_version': '3.8',
'sys_platform': 'linux'}
System environment variables:
SHELL
SESSION_MANAGER
WINDOWID
QT_ACCESSIBILITY
KDED_STARTED_BY_KDEINIT
COLORTERM
XDG_CONFIG_DIRS
XDG_SESSION_PATH
NVM_INC
GTK_IM_MODULE
LANGUAGE
QT4_IM_MODULE
MANDATORY_PATH
JAVA_HOME
SSH_AUTH_SOCK
SHELL_SESSION_ID
XMODIFIERS
DESKTOP_SESSION
SSH_AGENT_PID
GTK_RC_FILES
XCURSOR_SIZE
XDG_SEAT
PWD
XDG_SESSION_DESKTOP
LOGNAME
XDG_SESSION_TYPE
GPG_AGENT_INFO
XAUTHORITY
VIRTUALENVWRAPPER_SCRIPT
GTK2_RC_FILES
HOME
LANG
LS_COLORS
XDG_CURRENT_DESKTOP
KONSOLE_DBUS_SERVICE
VIRTUALENVWRAPPER_WORKON_CD
KONSOLE_DBUS_SESSION
DENO_INSTALL
PROFILEHOME
XDG_SEAT_PATH
KONSOLE_VERSION
CLUTTER_IM_MODULE
KDE_SESSION_UID
NVM_DIR
WORKON_HOME
LESSCLOSE
XDG_SESSION_CLASS
PYTHONPATH
TERM
DEFAULTS_PATH
LESSOPEN
USER
COLORFGBG
KDE_SESSION_VERSION
PAM_KWALLET5_LOGIN
VIRTUALENVWRAPPER_PROJECT_FILENAME
DISPLAY
SHLVL
NVM_CD_FLAGS
QT_IM_MODULE
XDG_VTNR
XDG_SESSION_ID
XDG_RUNTIME_DIR
ELECTRON_TRASH
QT_AUTO_SCREEN_SCALE_FACTOR
XCURSOR_THEME
XDG_DATA_DIRS
KDE_FULL_SESSION
PATH
VIRTUALENVWRAPPER_HOOK_DIR
DBUS_SESSION_BUS_ADDRESS
KDE_APPLICATIONS_AS_SCOPE
NVM_BIN
OLDPWD
KONSOLE_DBUS_WINDOW
_
PIP_DISABLE_PIP_VERSION_CHECK
PYTHONDONTWRITEBYTECODE
PIP_SHIMS_BASE_MODULE
PIP_PYTHON_PATH
PYTHONFINDER_IGNORE_UNSUPPORTED
Pipenvβspecific environment variables:
Debugβspecific environment variables:
PATH
:/home/mogoh/.yarn/bin:/home/mogoh/.deno/bin:/home/mogoh/.nvm/versions/node/v15.8.0/bin:/home/mogoh/.gem/ruby/2.5.0/bin:/home/mogoh/.cargo/bin:/home/mogoh/.local/bin:/home/mogoh/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
SHELL
:/bin/bash
LANG
:de_DE.UTF-8
PWD
:/home/mogoh/temp
Contents of Pipfile
(β/home/mogoh/temp/Pipfileβ):
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
django = "==2.2.19"
[dev-packages]
[requires]
python_version = "3.8"
Contents of Pipfile.lock
(β/home/mogoh/temp/Pipfile.lockβ):
{
"_meta": {
"hash": {
"sha256": "931594d6e3f80b678b899b9419026dedb97c8880fe21c17c4297f8ed2ad1ee3e"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3.8"
},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"django": {
"hashes": [
"sha256:0eaca08f236bf502a9773e53623f766cc3ceee6453cc41e6de1c8b80f07d2364",
"sha256:c9c994f5e0a032cbd45089798b52e4080f4dea7241c58e3e0636c54146480bb4"
],
"index": "pypi",
"version": "==2.2.19"
},
"pytz": {
"hashes": [
"sha256:83a4a90894bf38e243cf052c8b58f381bfe9a7a483f6a9cab140bc7f702ac4da",
"sha256:eb10ce3e7736052ed3623d49975ce333bcd712c7bb19a58b9e2089d4057d0798"
],
"version": "==2021.1"
},
"sqlparse": {
"hashes": [
"sha256:017cde379adbd6a1f15a61873f43e8274179378e95ef3fede90b5aa64d304ed0",
"sha256:0f91fd2e829c44362cbcfab3e9ae12e22badaa8a29ad5ff599f9ec109f0454e8"
],
"markers": "python_version >= '3.5'",
"version": "==0.4.1"
}
},
"develop": {}
}
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:11
Top Results From Across the Web
Advanced Usage of Pipenv - Python Packaging Authority
Dependencies of wheels provided in a Pipfile will not be captured by $ pipenv lock . There are some known issues with using...
Read more >pipenv Documentation
Generates and checks file hashes for locked dependencies. ... Do not keep Pipfile.lock in version control if multiple versions of Python areΒ ...
Read more >pipenv Documentation - Read the Docs
Dependencies of wheels provided in a Pipfile will not be captured by $ pipenv lock. β’ There are some known issues with using...
Read more >Pipenv: Python Dev Workflow for Humans β pipenv 2018.7.1 ...
txt file can be problematic, so Pipenv uses Pipfile and Pipfile.lock to separate abstract dependency declarations from the last tested combination. Hashes are...
Read more >pipenv Changelog - PyUp.io
Fix regression where ``path`` is not propagated to the ``Pipfile.lock``. ... and also fix regression where lock phase did not update the hash...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I got still the same problem with pipenv version 2022.1.8.
I see this behavior too, with simply a
--keep-outdated
β it breaks the Pipfile.lock because it does not update the hashes for the package you update.$ pipenv --support
Pipenv version:
'2021.11.23'
Pipenv location:
'/home/jsnow/.local/lib/python3.9/site-packages/pipenv'
Python location:
'/usr/bin/python3'
Python installations found:
3.9.7
:/usr/bin/python3-bpython
3.9.7
:/usr/bin/python3
3.9.7
:/usr/bin/python3.9
3.9.7
:/usr/bin/python
3.8.12
:/usr/bin/python3.8
3.7.12
:/usr/bin/python3.7
3.7.12
:/usr/bin/python3.7m
3.6.15
:/usr/bin/python3.6
3.6.15
:/usr/bin/python3.6m
3.6.9
:/usr/bin/pypy3.6
3.6.9
:/usr/bin/pypy3
3.5.10
:/usr/bin/python3.5
3.5.10
:/usr/bin/python3.5m
2.7.18
:/usr/bin/python2
2.7.18
:/usr/bin/python2.7
2.7.13
:/usr/bin/pypy
2.7.13
:/usr/bin/pypy2.7
2.7.13
:/usr/bin/pypy2
PEP 508 Information: