Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Generated requirements.txt complains about unpinned versions

See original GitHub issue

Pipenv is creating requirements.txt files that fail installation complaining about unpinned versions in hashes mode. This may be related to #491 or #357, but as those are closed and this is reproduceable in 9.0.3, I thought I should post it.

Describe your environment

Arch Linux
Python version: 3.6.4
Pipenv version: 9.0.3

Expected result

Unless I’m not understanding the feature correctly, one should be able to setup a virtualenv and use the generated requirements.txt file to populate it without need of a Pipfile or pipenv, but the file being generated isn’t working.

Actual result

The output of lock -r is insufficient for use as requirements.txt. I think there may be a problem with a dependency of a dependency not being locked to a specific version.

Steps to replicate

$ pipenv --version
pipenv, version 9.0.3

$ python --version
Python 3.6.4

$ cat Pipfile
[[source]]
url = "https://pypi.python.org/simple"
verify_ssl = true

[packages]
django-two-factor-auth = "==1.7.0"

$ pipenv install
Creating a virtualenv for this project…
⠋Using base prefix '/usr'
New python executable in /home/daniel/.local/share/virtualenvs/scratch-kl-E6MqG/bin/python
Installing setuptools, pip, wheel...done.

Virtualenv location: /home/daniel/.local/share/virtualenvs/scratch-kl-E6MqG
Installing dependencies from Pipfile.lock (beb093)…
  🐍   ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 9/9 — 00:00:02
To activate this project's virtualenv, run the following:
 $ pipenv shell

$ pipenv lock -r > requirements.txt

$ cat requirements.txt
babel==2.5.3 --hash=sha256:ad209a68d7162c4cff4b29cdebe3dec4cef75492df501b0049a9433c96ce6f80  --hash=sha256:8ce4cb6fdd4393edd323227cba3a077bceb2a6ce5201c902c65e730046f41f14
django==2.0.1 --hash=sha256:52475f607c92035d4ac8fee284f56213065a4a6b25ed43f7e39df0e576e69e9f  --hash=sha256:d96b804be412a5125a594023ec524a2010a6ffa4d408e5482ab6ff3cb97ec12f
django-formtools==2.1 --hash=sha256:cb2bd7c29c2104278e5a0e76f7ff256b9570acf11485d547ee0c1b35347359fb  --hash=sha256:7703793f1675aa6e871f9fed147e8563816d7a5b9affdc5e3459899596217f7c
django-otp==0.4.2 --hash=sha256:06047e6f20e1527363ced31e4e8ea090f531cb33f4acd1bcaa6358a2efc05dbe  --hash=sha256:b1b0166717e35363e8b8fba7d23e5a3e4f175b4893b2e1b68ac8bd3e1908c6a9
django-phonenumber-field==1.3.0 --hash=sha256:8db9d2dc833678b163adabd593cda7ad1dede81a1c18f67c895701fc44dc44f1
django-two-factor-auth==1.7.0 --hash=sha256:ae60423decd63aad85dff68d47784d9bf64cf45d7d6cd37e0664d9e6d5d5b37e  --hash=sha256:21ee5a97a2e354973680a4d21f48fdc59d4660f01b4c645e9e19269813733543
pytz==2017.3 --hash=sha256:80af0f3008046b9975242012a985f04c5df1f01eed4ec1633d56cc47a75a6a48  --hash=sha256:feb2365914948b8620347784b6b6da356f31c9d03560259070b2f30cff3d469d  --hash=sha256:59707844a9825589878236ff2f4e0dc9958511b7ffaae94dc615da07d4a68d33  --hash=sha256:d0ef5ef55ed3d37854320d4926b04a4cb42a2e88f71da9ddfdacfde8e364f027  --hash=sha256:c41c62827ce9cafacd6f2f7018e4f83a6f1986e87bfd000b8cfbd4ab5da95f1a  --hash=sha256:8cc90340159b5d7ced6f2ba77694d946fc975b09f1a51d93f3ce3bb399396f94  --hash=sha256:dd2e4ca6ce3785c8dd342d1853dd9052b19290d5bf66060846e5dc6b8d6667f7  --hash=sha256:699d18a2a56f19ee5698ab1123bbcc1d269d061996aeb1eda6d89248d3542b82  --hash=sha256:fae4cffc040921b8a2d60c6cf0b5d662c1190fe54d718271db4eb17d44a185b7
qrcode==4.0.4 --hash=sha256:f3993aea9e3af2ca92b64128a81f36ed978a44d115a214293bfcd2cae7de8f6e
six==1.11.0 --hash=sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb  --hash=sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9

$ virtualenv --python python3 .virtualenv
Running virtualenv with interpreter /usr/bin/python3
Using base prefix '/usr'
New python executable in /tmp/scratch/.virtualenv/bin/python3
Also creating executable in /tmp/scratch/.virtualenv/bin/python
Installing setuptools, pip, wheel...done.

$ . .virtualenv/bin/activate

$ pip install -r requirements.txt 
Collecting babel==2.5.3 (from -r requirements.txt (line 1))
  Using cached Babel-2.5.3-py2.py3-none-any.whl
Collecting django==2.0.1 (from -r requirements.txt (line 2))
  Using cached Django-2.0.1-py3-none-any.whl
Collecting django-formtools==2.1 (from -r requirements.txt (line 3))
  Using cached django_formtools-2.1-py2.py3-none-any.whl
Collecting django-otp==0.4.2 (from -r requirements.txt (line 4))
  Using cached django_otp-0.4.2-py2.py3-none-any.whl
Collecting django-phonenumber-field==1.3.0 (from -r requirements.txt (line 5))
  Using cached django-phonenumber-field-1.3.0.tar.gz
Collecting django-two-factor-auth==1.7.0 (from -r requirements.txt (line 6))
  Using cached django_two_factor_auth-1.7.0-py2.py3-none-any.whl
Collecting pytz==2017.3 (from -r requirements.txt (line 7))
  Using cached pytz-2017.3-py2.py3-none-any.whl
Collecting qrcode==4.0.4 (from -r requirements.txt (line 8))
  Using cached qrcode-4.0.4.tar.gz
Collecting six==1.11.0 (from -r requirements.txt (line 9))
  Using cached six-1.11.0-py2.py3-none-any.whl
Collecting phonenumberslite>=7.0.2 (from django-phonenumber-field==1.3.0->-r requirements.txt (line 5))
In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    phonenumberslite>=7.0.2 from https://pypi.python.org/packages/3e/30/9ee89bb84755f1bdb12c158a77035ee646484590607f456281254fb5ef65/phonenumberslite-8.8.10-py2.py3-none-any.whl#md5=7cbbd0f87fd0f6caca431555dae751d7 (from django-phonenumber-field==1.3.0->-r requirements.txt (line 5))

Issue Analytics

State:
Created 6 years ago
Comments:8 (6 by maintainers)

Top GitHub Comments

3reactions

kennethreitzcommented, Feb 23, 2018

released

3reactions

kennethreitzcommented, Feb 17, 2018

should be fixed in master

Top Results From Across the Web

Should I pin dev requirements as well, or just the installation ...

I think the right answer here is that there should be two files, one with permissive requirements and one with a pinned, tested...

Ask HN: Why Poetry did not become a mainstream package ...

txt. My pip freeze lock file will still keep me on foo v1 and bar v1, even though foo has unpinned dependency on...

Repeatable Installs - pip documentation v22.3.1

A requirements file, containing pinned package versions can be generated using pip freeze. This would pin not only the top-level packages, but also...

Should You Use Upper Bound Version Constraints?

In this discussion I would like to explain why always providing an upper limit causes far more harm than good even for true...

ModuleNotFoundError despite simple requirements.txt present

unpin the pyairtable version; check spellings and capitalisation; clear the cache; reboot the app. Hopefully one of these should fix it. Let us ......