Poetry exports incorrect requirements for transitive dependencies, breaks installation with hashes

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Ubuntu 20.04, CPython 3.8.5
• Poetry version: 1.1.11
• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/mathrick/ad6b1be5be5e124b3ce1bddbeef24bac

Issue

This seems related to #3363, but I don’t believe it’s a duplicate, and I haven’t seen this mentioned elsewhere.

When exporting requirements.txt, poetry will add incorrect implementation markers to the output, which in some cases can result in invalid requirement files when used with hashes:

Collecting cffi>=1.0.0
ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    cffi>=1.0.0 from https://devpi.cerebras.aws/root/pypi/%2Bf/57e/9ac9ccc3101fa/cffi-1.15.0-cp38-cp38-manylinux_2_12_x86_64.manylinux2010_x86_64.whl#sha256=57e9ac9ccc3101fac9d6014fba037473e4358ef4e89f8e181f8951a2c0162024 (from argon2-cffi==21.1.0->-r /tmp/reqs.txt (line 16))

This happens because in the generated requirements.txt, the section for cffi is as follows:

cffi==1.15.0; implementation_name == "pypy" and python_version >= "3.6" \
    --hash=sha256:c2502a1a03b6312837279c8c1bd3ebedf6c12c4228ddbad40912d671ccc8a962 \
    --hash=sha256:23cfe892bd5dd8941608f93348c0737e369e51c100d03718f108bf1add7bd6d0 \
[...]
    --hash=sha256:920f0d66a896c2d99f0adbb391f990a84091179542c205fa53ce5787aff87954

Notice the implementation_name == "pypy" marker, even though the implementation used is CPython.