Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

pipenv-generated requirements.txt makes pip complain about require-hashes mode

See original GitHub issue

The requirements.txt generated by pipenv lock -r, makes pip install -r requirements.txt -t . to generate the following error:

In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    setuptools>=0.6b1 from https://pypi.python.org/packages/43/41/033a273f9a25cb63050a390ee8397acbc7eae2159195d85f06f17e7be45a/setuptools-38.5.1-py2.py3-none-any.whl#md5=908b8b5e50bf429e520b2b5fa1b350e5 (from injector==0.13.4->-r requirements.txt (line 5))

Describe the issue briefly here.

Describe your environment
  1. OS Type: MacOS X 10.12.6 with macports
  2. Python version: 3.6.4
  3. Pipenv version: 10.1.0
Expected result

Dependencies being installed in current directory.

Actual result
Collecting certifi==2018.1.18 (from -r requirements.txt (line 1))
  Using cached certifi-2018.1.18-py2.py3-none-any.whl
Collecting chardet==3.0.4 (from -r requirements.txt (line 2))
  Using cached chardet-3.0.4-py2.py3-none-any.whl
Collecting click==6.7 (from -r requirements.txt (line 3))
  Using cached click-6.7-py2.py3-none-any.whl
Collecting idna==2.6 (from -r requirements.txt (line 4))
  Using cached idna-2.6-py2.py3-none-any.whl
Collecting injector==0.13.4 (from -r requirements.txt (line 5))
  Using cached injector-0.13.4-py2.py3-none-any.whl
Collecting purl==1.3.1 (from -r requirements.txt (line 6))
  Using cached purl-1.3.1-py2.py3-none-any.whl
Collecting python-dotenv==0.7.1 (from -r requirements.txt (line 7))
  Using cached python_dotenv-0.7.1-py2.py3-none-any.whl
Collecting requests==2.18.4 (from -r requirements.txt (line 8))
  Using cached requests-2.18.4-py2.py3-none-any.whl
Collecting six==1.11.0 (from -r requirements.txt (line 9))
  Using cached six-1.11.0-py2.py3-none-any.whl
Collecting typing==3.6.4 (from -r requirements.txt (line 10))
  Using cached typing-3.6.4-py3-none-any.whl
Collecting urllib3==1.22 (from -r requirements.txt (line 11))
  Using cached urllib3-1.22-py2.py3-none-any.whl
Collecting voluptuous==0.11.1 (from -r requirements.txt (line 12))
  Using cached voluptuous-0.11.1-py2.py3-none-any.whl
Collecting setuptools>=0.6b1 (from injector==0.13.4->-r requirements.txt (line 5))
In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    setuptools>=0.6b1 from https://pypi.python.org/packages/43/41/033a273f9a25cb63050a390ee8397acbc7eae2159195d85f06f17e7be45a/setuptools-38.5.1-py2.py3-none-any.whl#md5=908b8b5e50bf429e520b2b5fa1b350e5 (from injector==0.13.4->-r requirements.txt (line 5))
Steps to replicate

With this Pipfile

[[source]]

url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"


[packages]

purl = "*"
requests = "*"
python-dotenv = "*"
injector = "*"
voluptuous = "*"


[dev-packages]

"boto3" = "*"
pytest = "*"
pytest-mock = "*"
selenium = "*"
bpython = "*"
awscli = "*"

Execute

mkdir target
pipenv lock -r > target/requirements.txt
cd target && pip install -r requirements.txt -t .

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:2
  • Comments:5 (4 by maintainers)

github_iconTop GitHub Comments

3reactions
kennethreitzcommented, Feb 28, 2018

fixed in master

0reactions
kennethreitzcommented, Feb 28, 2018

only in requirements output.

Read more comments on GitHub >

github_iconTop Results From Across the Web

python 3.6 - I get "ERROR: In --require-hashes mode, all ...
Working fine after changing pip version from 21 to 20.2.4.
Read more >
Constraints files with hashes - Discussions on Python.org
txt I then get an error when I do pip install : ERROR: In --require-hashes mode, all requirements must have their versions pinned...
Read more >
Setuptools version not pinned in certbot - bug? - Client dev
However, adding certbot causes the following exception from pip . ERROR: In --require-hashes mode, all requirements must have their versions ...
Read more >
pip install — pip 8.1.1 documentation
pip install --require-hashes -r requirements.txt ... Hashes are required in --require-hashes mode (implicitly on when a hash is specified ...
Read more >
Python requirements.txt Explained - Backend Python 5
Get the course here! - https://www.codebreakthrough.com/backend-pythonCourse notes - https://calcur.tech/backend-notesBackend Playlist ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Support passing through find_links option to pip

Next page

Document the "upgrade my dependancies" workflow