`pipenv lock --requirements` does not include hashes
See original GitHub issueRunning pipenv lock --requirements
does not include hashes:
$ pipenv lock --requirements
-i https://pypi.org/simple
certifi==2018.4.16
chardet==3.0.4
idna==2.6
requests==2.18.4
urllib3==1.22
$ python -m pipenv.help output
Pipenv version: '2018.05.18'
Pipenv location: '/usr/local/Cellar/pipenv/2018.5.18/libexec/lib/python3.6/site-packages/pipenv'
Python location: '/usr/local/Cellar/pipenv/2018.5.18/libexec/bin/python3.6'
Other Python installations in PATH
:
-
2.7
:/Users/dhunt/.pyenv/shims/python2.7
-
2.7
:/Users/dhunt/.pyenv/shims/python2.7
-
2.7
:/usr/local/bin/python2.7
-
2.7
:/usr/bin/python2.7
-
3.4
:/Users/dhunt/.pyenv/shims/python3.4m
-
3.4
:/Users/dhunt/.pyenv/shims/python3.4
-
3.5
:/Users/dhunt/.pyenv/shims/python3.5m
-
3.5
:/Users/dhunt/.pyenv/shims/python3.5
-
3.6
:/Users/dhunt/.pyenv/shims/python3.6m
-
3.6
:/Users/dhunt/.pyenv/shims/python3.6
-
3.6
:/usr/local/bin/python3.6
-
3.6.4
:/Users/dhunt/.pyenv/shims/python
-
2.7.15
:/usr/local/bin/python
-
2.7.10
:/usr/bin/python
-
2.7.13
:/Users/dhunt/.pyenv/shims/python2
-
2.7.15
:/usr/local/bin/python2
-
3.6.4
:/Users/dhunt/.pyenv/shims/python3
-
3.6.5
:/usr/local/bin/python3
PEP 508 Information:
{'implementation_name': 'cpython',
'implementation_version': '3.6.5',
'os_name': 'posix',
'platform_machine': 'x86_64',
'platform_python_implementation': 'CPython',
'platform_release': '17.5.0',
'platform_system': 'Darwin',
'platform_version': 'Darwin Kernel Version 17.5.0: Fri Apr 13 19:32:32 PDT '
'2018; root:xnu-4570.51.2~1/RELEASE_X86_64',
'python_full_version': '3.6.5',
'python_version': '3.6',
'sys_platform': 'darwin'}
System environment variables:
TERM_SESSION_ID
SSH_AUTH_SOCK
Apple_PubSub_Socket_Render
COLORFGBG
ITERM_PROFILE
XPC_FLAGS
LANG
PWD
SHELL
TERM_PROGRAM_VERSION
TERM_PROGRAM
PATH
COLORTERM
TERM
HOME
TMPDIR
USER
XPC_SERVICE_NAME
LOGNAME
__CF_USER_TEXT_ENCODING
ITERM_SESSION_ID
SHLVL
OLDPWD
PAGER
LESS
LC_CTYPE
LSCOLORS
SPACESHIP_VERSION
SPACESHIP_ROOT
PYENV_SHELL
PYENV_VIRTUALENV_INIT
NVM_DIR
NVM_CD_FLAGS
NVM_BIN
_
PYTHONDONTWRITEBYTECODE
PIP_PYTHON_PATH
Pipenv–specific environment variables:
Debug–specific environment variables:
PATH
:/Users/dhunt/.nvm/versions/node/v6.11.1/bin:/Users/dhunt/.local/bin:/Users/dhunt/.cargo/bin:/usr/local/Cellar/pyenv-virtualenv/1.1.1/shims:/Users/dhunt/.pyenv/shims:/Users/dhunt/.cargo/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/MacGPG2/bin::/Users/dhunt/workspace/arcanist/bin/
SHELL
:/usr/local/bin/zsh
LANG
:en_GB.UTF-8
PWD
:/Users/dhunt/workspace/tmp
Contents of Pipfile
(‘/Users/dhunt/workspace/tmp/Pipfile’):
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
requests = "*"
[dev-packages]
[requires]
python_version = "3.6"
Contents of Pipfile.lock
(‘/Users/dhunt/workspace/tmp/Pipfile.lock’):
{
"_meta": {
"hash": {
"sha256": "8739d581819011fea34feca8cc077062d6bdfee39c7b37a8ed48c5e0a8b14837"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3.6"
},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {
"certifi": {
"hashes": [
"sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7",
"sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0"
],
"version": "==2018.4.16"
},
"chardet": {
"hashes": [
"sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
"sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
],
"version": "==3.0.4"
},
"idna": {
"hashes": [
"sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f",
"sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4"
],
"version": "==2.6"
},
"requests": {
"hashes": [
"sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b",
"sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e"
],
"index": "pypi",
"version": "==2.18.4"
},
"urllib3": {
"hashes": [
"sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b",
"sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f"
],
"version": "==1.22"
}
},
"develop": {}
}
Expected result
The requirements.txt formatted output includes hashes.
Actual result
No hashes included in requirements.txt formatted output.
Steps to replicate
$ pipenv install requests
$ pipenv lock --requirements
Issue Analytics
- State:
- Created 5 years ago
- Reactions:5
- Comments:8 (3 by maintainers)
Could hashes be opt-in? In our use case the generated
requirements.txt
is only ever going to be used withpip install --require-hashes
anyway. Trying to install a package without a hash is something we want to be an error.Just in case anyone wants a quick workaround for this:
May work. YMMV. Part of the trick would be determining which hash in Pipfile.lock to use.