Implicit post release requirements are stripped which causes errors if there is no corresponding non-post-release pypi package
See original GitHub issueWhen I install a package with the intent to upgrade in the future (>=), if the package has a dash in its version, Pipenv strips the dash when generating the lockfile which results in failed installation.
~/git $ mkdir tmp
~/git $ cd tmp
~/g/tmp $ pipenv install --python=python3.6 "ibm-db-sa-py3>=0.3.1-1"
Creating a Pipfile for this project...
Creating a virtualenv for this project...
Using python3.6 to create virtualenv...
⠋Already using interpreter /usr/bin/python3.6
Using base prefix '/usr'
New python executable in /home/hawk/.local/share/virtualenvs/tmp-f_tdiakk/bin/python3.6
Also creating executable in /home/hawk/.local/share/virtualenvs/tmp-f_tdiakk/bin/python
Installing setuptools, pip, wheel...done.
Virtualenv location: /home/hawk/.local/share/virtualenvs/tmp-f_tdiakk
Installing ibm-db-sa-py3>=0.3.1-1...
Collecting ibm-db-sa-py3>=0.3.1-1
Collecting sqlalchemy>=0.7.3 (from ibm-db-sa-py3>=0.3.1-1)
Installing collected packages: sqlalchemy, ibm-db-sa-py3
Successfully installed ibm-db-sa-py3-0.3.1.post1 sqlalchemy-1.1.13
Adding ibm-db-sa-py3>=0.3.1-1 to Pipfile's [packages]...
~/g/tmp $ pipenv lock
Locking [dev-packages] dependencies...
⠹Locking [packages] dependencies...
⠦Updated Pipfile.lock!
~/g/tmp $ grep ibm Pipfile
ibm-db-sa-py3 = ">=0.3.1-1"
~/g/tmp $ grep -a1 ibm Pipfile.lock
"ibm-db-sa-py3": {
"version": "==0.3.1"
~/g/tmp $ pipenv uninstall --all
Un-installing all packages from virtualenv...
Found 2 installed package(s), purging...
Uninstalling ibm-db-sa-py3-0.3.1.post1:
Successfully uninstalled ibm-db-sa-py3-0.3.1.post1
Uninstalling SQLAlchemy-1.1.13:
Successfully uninstalled SQLAlchemy-1.1.13
Environment now purged and fresh!
~/g/tmp $ pipenv install
No package provided, installing all dependencies.
Pipfile found at /home/hawk/git/tmp/Pipfile. Considering this to be the project home.
Installing dependencies from Pipfile.lock...
An error occured while installing! 0/2 - 00:00:00
Collecting ibm-db-sa-py3==0.3.1
Could not find a version that satisfies the requirement ibm-db-sa-py3==0.3.1 (from versions: 0.3.0, 0.3.0.post1, 0.3.1.post1)
No matching distribution found for ibm-db-sa-py3==0.3.1
[================================] 0/2 - 00:00:00
Issue Analytics
- State:
- Created 6 years ago
- Comments:12 (12 by maintainers)
Top Results From Across the Web
strip-hints - PyPI
This package provides a command-line command and a corresponding importable function that strips type hints from Python code files.
Read more >pipenv Documentation - Read the Docs
Generates and checks file hashes for locked dependencies when installing from Pipfile.lock. • Automatically install required Python version when pyenv is ...
Read more >Building Your Own Package — Py300 3.0 documentation
... and a way to build and install it... Python packaging tools:¶. The distutils : from distutils.core ...
Read more >Advanced Usage of Pipenv - Read the Docs
If you'd like a specific package to be installed with a specific package index, ... when you install from the lock file -...
Read more >pip install — pip 8.1.1 documentation
This option is implied when any package in a requirements file has a --hash option. -i, --index-url <url>¶. Base URL of Python Package...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I think there’s more we can do here. I’m thinking #314 was a mistake or at the very least it’s incomplete. I think we can do better than we currently are so I’d like to keep this open while we look at alternatives.
I think it is and it isnt, but I think we can test-resolve the package with pip-tools – it has functionality to determine the correct version to ‘pin’ given a requirement. So to solve the issue I originally posted I think it’s as simple as asking pypi for the correct pin or at least checking whether a version can be resolved before pinning it in the lockfile
As a sidenote, I wonder if its really correct to drop explicit post release references in requirements files or pipfiles when they are not pinned… in my case above, we are explicitly looking for the post release or newer.