Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`pipenv lock --requirements` does not include hashes

See original GitHub issue

Running pipenv lock --requirements does not include hashes:

$ pipenv lock --requirements
-i https://pypi.org/simple
certifi==2018.4.16
chardet==3.0.4
idna==2.6
requests==2.18.4
urllib3==1.22
$ python -m pipenv.help output

Pipenv version: '2018.05.18'

Pipenv location: '/usr/local/Cellar/pipenv/2018.5.18/libexec/lib/python3.6/site-packages/pipenv'

Python location: '/usr/local/Cellar/pipenv/2018.5.18/libexec/bin/python3.6'

Other Python installations in PATH:

  • 2.7: /Users/dhunt/.pyenv/shims/python2.7

  • 2.7: /Users/dhunt/.pyenv/shims/python2.7

  • 2.7: /usr/local/bin/python2.7

  • 2.7: /usr/bin/python2.7

  • 3.4: /Users/dhunt/.pyenv/shims/python3.4m

  • 3.4: /Users/dhunt/.pyenv/shims/python3.4

  • 3.5: /Users/dhunt/.pyenv/shims/python3.5m

  • 3.5: /Users/dhunt/.pyenv/shims/python3.5

  • 3.6: /Users/dhunt/.pyenv/shims/python3.6m

  • 3.6: /Users/dhunt/.pyenv/shims/python3.6

  • 3.6: /usr/local/bin/python3.6

  • 3.6.4: /Users/dhunt/.pyenv/shims/python

  • 2.7.15: /usr/local/bin/python

  • 2.7.10: /usr/bin/python

  • 2.7.13: /Users/dhunt/.pyenv/shims/python2

  • 2.7.15: /usr/local/bin/python2

  • 3.6.4: /Users/dhunt/.pyenv/shims/python3

  • 3.6.5: /usr/local/bin/python3

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.6.5',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '17.5.0',
 'platform_system': 'Darwin',
 'platform_version': 'Darwin Kernel Version 17.5.0: Fri Apr 13 19:32:32 PDT '
                     '2018; root:xnu-4570.51.2~1/RELEASE_X86_64',
 'python_full_version': '3.6.5',
 'python_version': '3.6',
 'sys_platform': 'darwin'}

System environment variables:

  • TERM_SESSION_ID
  • SSH_AUTH_SOCK
  • Apple_PubSub_Socket_Render
  • COLORFGBG
  • ITERM_PROFILE
  • XPC_FLAGS
  • LANG
  • PWD
  • SHELL
  • TERM_PROGRAM_VERSION
  • TERM_PROGRAM
  • PATH
  • COLORTERM
  • TERM
  • HOME
  • TMPDIR
  • USER
  • XPC_SERVICE_NAME
  • LOGNAME
  • __CF_USER_TEXT_ENCODING
  • ITERM_SESSION_ID
  • SHLVL
  • OLDPWD
  • PAGER
  • LESS
  • LC_CTYPE
  • LSCOLORS
  • SPACESHIP_VERSION
  • SPACESHIP_ROOT
  • PYENV_SHELL
  • PYENV_VIRTUALENV_INIT
  • NVM_DIR
  • NVM_CD_FLAGS
  • NVM_BIN
  • _
  • PYTHONDONTWRITEBYTECODE
  • PIP_PYTHON_PATH

Pipenv–specific environment variables:

Debug–specific environment variables:

  • PATH: /Users/dhunt/.nvm/versions/node/v6.11.1/bin:/Users/dhunt/.local/bin:/Users/dhunt/.cargo/bin:/usr/local/Cellar/pyenv-virtualenv/1.1.1/shims:/Users/dhunt/.pyenv/shims:/Users/dhunt/.cargo/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/MacGPG2/bin::/Users/dhunt/workspace/arcanist/bin/
  • SHELL: /usr/local/bin/zsh
  • LANG: en_GB.UTF-8
  • PWD: /Users/dhunt/workspace/tmp

Contents of Pipfile (‘/Users/dhunt/workspace/tmp/Pipfile’):

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
requests = "*"

[dev-packages]

[requires]
python_version = "3.6"

Contents of Pipfile.lock (‘/Users/dhunt/workspace/tmp/Pipfile.lock’):

{
    "_meta": {
        "hash": {
            "sha256": "8739d581819011fea34feca8cc077062d6bdfee39c7b37a8ed48c5e0a8b14837"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "certifi": {
            "hashes": [
                "sha256:13e698f54293db9f89122b0581843a782ad0934a4fe0172d2a980ba77fc61bb7",
                "sha256:9fa520c1bacfb634fa7af20a76bcbd3d5fb390481724c597da32c719a7dca4b0"
            ],
            "version": "==2018.4.16"
        },
        "chardet": {
            "hashes": [
                "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae",
                "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691"
            ],
            "version": "==3.0.4"
        },
        "idna": {
            "hashes": [
                "sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f",
                "sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4"
            ],
            "version": "==2.6"
        },
        "requests": {
            "hashes": [
                "sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b",
                "sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e"
            ],
            "index": "pypi",
            "version": "==2.18.4"
        },
        "urllib3": {
            "hashes": [
                "sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b",
                "sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f"
            ],
            "version": "==1.22"
        }
    },
    "develop": {}
}
Expected result

The requirements.txt formatted output includes hashes.

Actual result

No hashes included in requirements.txt formatted output.

Steps to replicate
$ pipenv install requests
$ pipenv lock --requirements

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:5
  • Comments:8 (3 by maintainers)

github_iconTop GitHub Comments

8reactions
ahalcommented, May 24, 2018

Could hashes be opt-in? In our use case the generated requirements.txt is only ever going to be used with pip install --require-hashes anyway. Trying to install a package without a hash is something we want to be an error.

3reactions
kojiromikecommented, Jul 12, 2018

Just in case anyone wants a quick workaround for this:

jq -r '.default|to_entries|map("\(.key)\(.value.version) --hash=\(.value.hashes[0])")[]' Pipfile.lock > requirements.txt
jq -r '.develop|to_entries|map("\(.key)\(.value.version) --hash=\(.value.hashes[0])")[]' Pipfile.lock > dev-requirements.txt

May work. YMMV. Part of the trick would be determining which hash in Pipfile.lock to use.

Read more comments on GitHub >

github_iconTop Results From Across the Web

python - pipenv: packages do not match the hashes from the ...
One way to simply fix the error would be to regenerate your Pipfile.lock : % pipenv lock. And then reinstall all packages specified...
Read more >
Basic Usage of Pipenv - Read the Docs
txt output of the lockfile, run $ pipenv lock -r . This will include all hashes, however (which is great!). To get a...
Read more >
Advanced Usage of Pipenv — pipenv 7.7.9 documentation
You can convert a Pipfile and Pipenv.lock into a requirements.txt file very easily, and get all the benefits of hashes, extras, and other...
Read more >
pipenv Documentation
Generates and checks file hashes for locked dependencies when ... If you do not have Python, please install the latest 3.x version from ......
Read more >
pipenv Changelog - PyUp.io
and also fix regression where lock phase did not update the hash value. ... Revise pip import patch to include only ``pipenv`` from...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

pipenv install --system --deploy is creating a virtualenv

Next page

pip9/baseparser.py line 149 in __init__ assert self.name AssertionError