pipenv-generated requirements.txt makes pip complain about require-hashes mode
See original GitHub issueThe requirements.txt
generated by pipenv lock -r
, makes pip install -r requirements.txt -t .
to generate the following error:
In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
setuptools>=0.6b1 from https://pypi.python.org/packages/43/41/033a273f9a25cb63050a390ee8397acbc7eae2159195d85f06f17e7be45a/setuptools-38.5.1-py2.py3-none-any.whl#md5=908b8b5e50bf429e520b2b5fa1b350e5 (from injector==0.13.4->-r requirements.txt (line 5))
Describe the issue briefly here.
Describe your environment
- OS Type: MacOS X 10.12.6 with macports
- Python version:
3.6.4
- Pipenv version:
10.1.0
Expected result
Dependencies being installed in current directory.
Actual result
Collecting certifi==2018.1.18 (from -r requirements.txt (line 1))
Using cached certifi-2018.1.18-py2.py3-none-any.whl
Collecting chardet==3.0.4 (from -r requirements.txt (line 2))
Using cached chardet-3.0.4-py2.py3-none-any.whl
Collecting click==6.7 (from -r requirements.txt (line 3))
Using cached click-6.7-py2.py3-none-any.whl
Collecting idna==2.6 (from -r requirements.txt (line 4))
Using cached idna-2.6-py2.py3-none-any.whl
Collecting injector==0.13.4 (from -r requirements.txt (line 5))
Using cached injector-0.13.4-py2.py3-none-any.whl
Collecting purl==1.3.1 (from -r requirements.txt (line 6))
Using cached purl-1.3.1-py2.py3-none-any.whl
Collecting python-dotenv==0.7.1 (from -r requirements.txt (line 7))
Using cached python_dotenv-0.7.1-py2.py3-none-any.whl
Collecting requests==2.18.4 (from -r requirements.txt (line 8))
Using cached requests-2.18.4-py2.py3-none-any.whl
Collecting six==1.11.0 (from -r requirements.txt (line 9))
Using cached six-1.11.0-py2.py3-none-any.whl
Collecting typing==3.6.4 (from -r requirements.txt (line 10))
Using cached typing-3.6.4-py3-none-any.whl
Collecting urllib3==1.22 (from -r requirements.txt (line 11))
Using cached urllib3-1.22-py2.py3-none-any.whl
Collecting voluptuous==0.11.1 (from -r requirements.txt (line 12))
Using cached voluptuous-0.11.1-py2.py3-none-any.whl
Collecting setuptools>=0.6b1 (from injector==0.13.4->-r requirements.txt (line 5))
In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
setuptools>=0.6b1 from https://pypi.python.org/packages/43/41/033a273f9a25cb63050a390ee8397acbc7eae2159195d85f06f17e7be45a/setuptools-38.5.1-py2.py3-none-any.whl#md5=908b8b5e50bf429e520b2b5fa1b350e5 (from injector==0.13.4->-r requirements.txt (line 5))
Steps to replicate
With this Pipfile
[[source]]
url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"
[packages]
purl = "*"
requests = "*"
python-dotenv = "*"
injector = "*"
voluptuous = "*"
[dev-packages]
"boto3" = "*"
pytest = "*"
pytest-mock = "*"
selenium = "*"
bpython = "*"
awscli = "*"
Execute
mkdir target
pipenv lock -r > target/requirements.txt
cd target && pip install -r requirements.txt -t .
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:5 (4 by maintainers)
Top Results From Across the Web
python 3.6 - I get "ERROR: In --require-hashes mode, all ...
Working fine after changing pip version from 21 to 20.2.4.
Read more >Constraints files with hashes - Discussions on Python.org
txt I then get an error when I do pip install : ERROR: In --require-hashes mode, all requirements must have their versions pinned...
Read more >Setuptools version not pinned in certbot - bug? - Client dev
However, adding certbot causes the following exception from pip . ERROR: In --require-hashes mode, all requirements must have their versions ...
Read more >pip install — pip 8.1.1 documentation
pip install --require-hashes -r requirements.txt ... Hashes are required in --require-hashes mode (implicitly on when a hash is specified ...
Read more >Python requirements.txt Explained - Backend Python 5
Get the course here! - https://www.codebreakthrough.com/backend-pythonCourse notes - https://calcur.tech/backend-notesBackend Playlist ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
fixed in master
only in requirements output.