Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Pipenv does not lock dependencies when installing from URL

See original GitHub issue

Be sure to check the existing issues (both open and closed!), and make sure you are running the latest version of Pipenv.

Check the diagnose documentation for common issues before posting! We may close your issue if it is very similar to one of them. Please be considerate, or be on your way.

Make sure to mention your debugging experience if the documented solution failed.

Issue description

Pipenv does not lock dependencies when installing from URL:

mkdir /tmp/repro; cd /tmp/repro
$ pipenv install https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging
Installing https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging…
Collecting uberlogging from https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging
  Downloading https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz
Collecting coloredlogs (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/08/0f/7877fc42fff0b9d70b6442df62d53b3868d3a6ad1b876bdb54335b30ff23/coloredlogs-10.0-py2.py3-none-any.whl
Collecting structlog (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/f0/00/0fd0ca13fa19361bec0418e4c3b6b7509048cb1fb2fa8b7cd6b3dffe13d8/structlog-18.2.0-py2.py3-none-any.whl
Collecting humanfriendly (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/79/1e/13d96248e3fcaa7777b61fa889feab44865c85e524bbd667acfa0d8b66e3/humanfriendly-4.17-py2.py3-none-any.whl
Collecting python-json-logger (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/3a/ed/2ba5a2dfce45fa67e0588dd6457b59ffdef7f1fdcd2c1152e085e3c9a726/python_json_logger-0.1.9-py2.py3-none-any.whl
Collecting six (from structlog->uberlogging)
  Using cached https://files.pythonhosted.org/packages/67/4b/141a581104b1f6397bfa78ac9d43d8ad29a7ca43ea90a2d863fe3056e86a/six-1.11.0-py2.py3-none-any.whl
Requirement already satisfied, skipping upgrade: setuptools in /home/haizaar/dev/venvs/repro-2muHjEV7/lib/python3.6/site-packages (from python-json-logger->uberlogging) (40.5.0)
Building wheels for collected packages: uberlogging
  Running setup.py bdist_wheel for uberlogging: started
  Running setup.py bdist_wheel for uberlogging: finished with status 'done'
  Stored in directory: /tmp/pip-ephem-wheel-cache-nu1_rfr7/wheels/36/90/05/3401129e52691bdd63e46f78b4761dca1ff6a0c3abcb57575d
Successfully built uberlogging
Installing collected packages: humanfriendly, coloredlogs, six, structlog, python-json-logger, uberlogging
Successfully installed coloredlogs-10.0 humanfriendly-4.17 python-json-logger-0.1.9 six-1.11.0 structlog-18.2.0 uberlogging-0.0.1

Adding uberlogging to Pipfile's [packages]…
Pipfile.lock not found, creating…
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Updated Pipfile.lock (e3fb42)!
Installing dependencies from Pipfile.lock (e3fb42)…
  🐍   ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 1/1 — 00:00:03

Only one dependency is locked, which is already suspicious, and indeed Pipfile.lock only contains:

{
    "_meta": {
        "hash": {
            "sha256": "c244596befb340cb024baad8aee4ee9c2d66d19ef39c1c07dcc43024a8e3fb42"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "uberlogging": {
            "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
        }
    },
    "develop": {}
}

However pipenv graph show the dependencies properly:

$ pipenv graph
uberlogging==0.0.1
  - coloredlogs [required: Any, installed: 10.0]
    - humanfriendly [required: >=4.7, installed: 4.17]
  - humanfriendly [required: Any, installed: 4.17]
  - python-json-logger [required: Any, installed: 0.1.9]
    - setuptools [required: Any, installed: 40.5.0]
  - structlog [required: Any, installed: 18.2.0]
    - six [required: Any, installed: 1.11.0]

Expected result

Dependencies should have appeared in the Pipfile.lock.

Actual result

$ pipenv lock --verbose
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Updated Pipfile.lock (e3fb42)!
$ cat Pipfile.lock | jq .default
{
  "uberlogging": {
    "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
  }
}

$ pipenv --support

Pipenv version: '2018.10.13'

Pipenv location: '/home/haizaar/.local/lib/python3.6/site-packages/pipenv'

Python location: '/usr/bin/python3.6'

Python installations found:

3.7.0: /usr/bin/python3.7
3.7.0: /usr/bin/python3.7m
3.6.6: /home/haizaar/dev/venvs/repro-2muHjEV7/bin/python3.6
3.6.6: /usr/bin/python3.6
3.6.6: /usr/bin/python3.6m
3.5.2: /usr/bin/python3.5
3.5.2: /usr/bin/python3.5m
2.7.12: /usr/bin/python2.7

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.6.6',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '4.15.0-36-generic',
 'platform_system': 'Linux',
 'platform_version': '#39~16.04.1-Ubuntu SMP Tue Sep 25 08:59:23 UTC 2018',
 'python_full_version': '3.6.6',
 'python_version': '3.6',
 'sys_platform': 'linux'}

System environment variables:

LC_PAPER
XDG_VTNR
XDG_SESSION_ID
LC_ADDRESS
CLUTTER_IM_MODULE
LC_MONETARY
XDG_GREETER_DATA_DIR
VIRTUALENVWRAPPER_SCRIPT
VIRTUALENVWRAPPER_PROJECT_FILENAME
SESSION
GPG_AGENT_INFO
PIP_PYTHON_PATH
SHELL
INFINALITY_FT_AUTOHINT_VERTICAL_STEM_DARKEN_STRENGTH
VTE_VERSION
TERM
QT_LINUX_ACCESSIBILITY_ALWAYS_ON
LC_NUMERIC
WINDOWID
GNOME_KEYRING_CONTROL
UPSTART_SESSION
GTK_MODULES
INFINALITY_FT_CONTRAST
USER
QT_ACCESSIBILITY
LC_TELEPHONE
LS_COLORS
UNITY_HAS_3D_SUPPORT
XDG_SESSION_PATH
XDG_SEAT_PATH
SSH_AUTH_SOCK
DEFAULTS_PATH
VIRTUAL_ENV
WORKON_HOME
UNITY_DEFAULT_PROFILE
XDG_CONFIG_DIRS
PIPENV_ACTIVE
PATH
DESKTOP_SESSION
QT_QPA_PLATFORMTHEME
QT_IM_MODULE
VIRTUALENVWRAPPER_HOOK_DIR
LC_IDENTIFICATION
JOB
PWD
XDG_SESSION_TYPE
XMODIFIERS
LANG
GNOME_KEYRING_PID
MANDATORY_PATH
GDM_LANG
LC_MEASUREMENT
NODE_PATH
IM_CONFIG_PHASE
COMPIZ_CONFIG_PROFILE
PS1
PYTHONDONTWRITEBYTECODE
PAPERSIZE
GDMSESSION
GTK2_MODULES
SESSIONTYPE
GITAWAREPROMPT
XDG_SEAT
HOME
SHLVL
LANGUAGE
_VIRTUALENVWRAPPER_API
GNOME_DESKTOP_SESSION_ID
UPSTART_INSTANCE
PIP_SHIMS_BASE_MODULE
LOGNAME
UPSTART_EVENTS
XDG_SESSION_DESKTOP
COMPIZ_BIN_PATH
QT4_IM_MODULE
XDG_DATA_DIRS
DBUS_SESSION_BUS_ADDRESS
LESSOPEN
UPSTART_JOB
INSTANCE
DISPLAY
XDG_RUNTIME_DIR
INFINALITY_FT_GLOBAL_EMBOLDEN_X_VALUE
GTK_IM_MODULE
XDG_CURRENT_DESKTOP
LC_TIME
LESSCLOSE
XAUTHORITY
LC_NAME
_

Pipenv–specific environment variables:

PIPENV_ACTIVE: 1

Debug–specific environment variables:

PATH: /home/haizaar/dev/venvs/repro-2muHjEV7/bin:/home/haizaar/.local/bin:/home/haizaar/.npm-packages/bin:/home/haizaar/bin:/home/haizaar/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
SHELL: /bin/bash
LANG: en_US.UTF-8
PWD: /tmp/repro
VIRTUAL_ENV: /home/haizaar/dev/venvs/repro-2muHjEV7

Contents of Pipfile (‘/tmp/repro/Pipfile’):

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
uberlogging = {file = "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"}

[dev-packages]

[requires]
python_version = "3.6"

Contents of Pipfile.lock (‘/tmp/repro/Pipfile.lock’):

{
    "_meta": {
        "hash": {
            "sha256": "c244596befb340cb024baad8aee4ee9c2d66d19ef39c1c07dcc43024a8e3fb42"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "uberlogging": {
            "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
        }
    },
    "develop": {}
}

Issue Analytics

State:
Created 5 years ago
Comments:6 (2 by maintainers)

Top GitHub Comments

2reactions

haizaarcommented, Oct 25, 2019

Ping reopen?

0reactions

odscommented, Feb 11, 2020

The problem was reintroduced in https://github.com/pypa/pipenv/commit/f0e3bbaa79cc479e5e215cd3d8ff803405b70330

The fix: https://github.com/ods/pipenv/commit/9ca7543a3255e7f5c4adb1178670fa7a7ddfffc9

Top Results From Across the Web

Advanced Usage of Pipenv - Read the Docs

Dependencies of wheels provided in a Pipfile will not be captured by $ pipenv lock . There are some known issues with using...

How to resolve Python package dependencies with pipenv?

First try clearing your dependency cache with $ pipenv lock --clear, then try the original command again. Alternatively, you can use $ pipenv...

pipenv Documentation

lock - Regenerate Pipfile.lock and updates the dependencies inside it. ... If you do not have Python, please install the latest 3.x version ......

Advanced Usage of Pipenv — pipenv 7.7.9 documentation

[[source]] url = "https://pypi.python.org/simple" verify_ssl = true name ... Note that all sub-dependencies will get added to the Pipfile.lock as well.

pipenv install [package] - Fig.io

Options ; --no-site-packages, Enable site-packages for the virtualenv [env var: PIPENV_SITE_PACKAGES] ; --skip-lock, Skip locking mechanisms and use the Pipfile ...