Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release v2023.7.23 not resolving all platform hashes when pulling from a custom index #5827

Closed
jermbop opened this issue Aug 11, 2023 · 21 comments
Labels
Status: Awaiting Update ⏳ This issue requires more information before assistance can be provided. triage Type: Bug 🐛 This issue is a bug.

Comments

@jermbop
Copy link

jermbop commented Aug 11, 2023

Issue description

After upgrading to 2023.7.23 my Pipfile.lock is not populated with all platform hashes when a custom repo is configured. Only the hashes for my OS platform are generated in Pipfile.lock. When I disabled the custom repo, all platform hashes are generated. I have not seen this behavior with earlier versions.

Expected result

I would expect all platform hashes to be generated in Pipfile.lock

{
    "_meta": {
        "hash": {
            "sha256": "90025a8184f3365cfb0e9f07920c49ce086e43ac5335361e1ca7a562e9ab9e30"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.10"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "cffi": {
            "hashes": [
                "sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5",
                "sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef",
                "sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104",
                "sha256:0e2642fe3142e4cc4af0799748233ad6da94c62a8bec3a6648bf8ee68b1c7426",
                "sha256:173379135477dc8cac4bc58f45db08ab45d228b3363adb7af79436135d028405",
                "sha256:198caafb44239b60e252492445da556afafc7d1e3ab7a1fb3f0584ef6d742375",
                "sha256:1e74c6b51a9ed6589199c787bf5f9875612ca4a8a0785fb2d4a84429badaf22a",
                "sha256:2012c72d854c2d03e45d06ae57f40d78e5770d252f195b93f581acf3ba44496e",
                "sha256:21157295583fe8943475029ed5abdcf71eb3911894724e360acff1d61c1d54bc",
                "sha256:2470043b93ff09bf8fb1d46d1cb756ce6132c54826661a32d4e4d132e1977adf",
                "sha256:285d29981935eb726a4399badae8f0ffdff4f5050eaa6d0cfc3f64b857b77185",
                "sha256:30d78fbc8ebf9c92c9b7823ee18eb92f2e6ef79b45ac84db507f52fbe3ec4497",
                "sha256:320dab6e7cb2eacdf0e658569d2575c4dad258c0fcc794f46215e1e39f90f2c3",
                "sha256:33ab79603146aace82c2427da5ca6e58f2b3f2fb5da893ceac0c42218a40be35",
                "sha256:3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c",
                "sha256:3799aecf2e17cf585d977b780ce79ff0dc9b78d799fc694221ce814c2c19db83",
                "sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21",
                "sha256:3b926aa83d1edb5aa5b427b4053dc420ec295a08e40911296b9eb1b6170f6cca",
                "sha256:3bcde07039e586f91b45c88f8583ea7cf7a0770df3a1649627bf598332cb6984",
                "sha256:3d08afd128ddaa624a48cf2b859afef385b720bb4b43df214f85616922e6a5ac",
                "sha256:3eb6971dcff08619f8d91607cfc726518b6fa2a9eba42856be181c6d0d9515fd",
                "sha256:40f4774f5a9d4f5e344f31a32b5096977b5d48560c5592e2f3d2c4374bd543ee",
                "sha256:4289fc34b2f5316fbb762d75362931e351941fa95fa18789191b33fc4cf9504a",
                "sha256:470c103ae716238bbe698d67ad020e1db9d9dba34fa5a899b5e21577e6d52ed2",
                "sha256:4f2c9f67e9821cad2e5f480bc8d83b8742896f1242dba247911072d4fa94c192",
                "sha256:50a74364d85fd319352182ef59c5c790484a336f6db772c1a9231f1c3ed0cbd7",
                "sha256:54a2db7b78338edd780e7ef7f9f6c442500fb0d41a5a4ea24fff1c929d5af585",
                "sha256:5635bd9cb9731e6d4a1132a498dd34f764034a8ce60cef4f5319c0541159392f",
                "sha256:59c0b02d0a6c384d453fece7566d1c7e6b7bae4fc5874ef2ef46d56776d61c9e",
                "sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27",
                "sha256:5df2768244d19ab7f60546d0c7c63ce1581f7af8b5de3eb3004b9b6fc8a9f84b",
                "sha256:5ef34d190326c3b1f822a5b7a45f6c4535e2f47ed06fec77d3d799c450b2651e",
                "sha256:6975a3fac6bc83c4a65c9f9fcab9e47019a11d3d2cf7f3c0d03431bf145a941e",
                "sha256:6c9a799e985904922a4d207a94eae35c78ebae90e128f0c4e521ce339396be9d",
                "sha256:70df4e3b545a17496c9b3f41f5115e69a4f2e77e94e1d2a8e1070bc0c38c8a3c",
                "sha256:7473e861101c9e72452f9bf8acb984947aa1661a7704553a9f6e4baa5ba64415",
                "sha256:8102eaf27e1e448db915d08afa8b41d6c7ca7a04b7d73af6514df10a3e74bd82",
                "sha256:87c450779d0914f2861b8526e035c5e6da0a3199d8f1add1a665e1cbc6fc6d02",
                "sha256:8b7ee99e510d7b66cdb6c593f21c043c248537a32e0bedf02e01e9553a172314",
                "sha256:91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325",
                "sha256:94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c",
                "sha256:98d85c6a2bef81588d9227dde12db8a7f47f639f4a17c9ae08e773aa9c697bf3",
                "sha256:9ad5db27f9cabae298d151c85cf2bad1d359a1b9c686a275df03385758e2f914",
                "sha256:a0b71b1b8fbf2b96e41c4d990244165e2c9be83d54962a9a1d118fd8657d2045",
                "sha256:a0f100c8912c114ff53e1202d0078b425bee3649ae34d7b070e9697f93c5d52d",
                "sha256:a591fe9e525846e4d154205572a029f653ada1a78b93697f3b5a8f1f2bc055b9",
                "sha256:a5c84c68147988265e60416b57fc83425a78058853509c1b0629c180094904a5",
                "sha256:a66d3508133af6e8548451b25058d5812812ec3798c886bf38ed24a98216fab2",
                "sha256:a8c4917bd7ad33e8eb21e9a5bbba979b49d9a97acb3a803092cbc1133e20343c",
                "sha256:b3bbeb01c2b273cca1e1e0c5df57f12dce9a4dd331b4fa1635b8bec26350bde3",
                "sha256:cba9d6b9a7d64d4bd46167096fc9d2f835e25d7e4c121fb2ddfc6528fb0413b2",
                "sha256:cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8",
                "sha256:ce4bcc037df4fc5e3d184794f27bdaab018943698f4ca31630bc7f84a7b69c6d",
                "sha256:cec7d9412a9102bdc577382c3929b337320c4c4c4849f2c5cdd14d7368c5562d",
                "sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9",
                "sha256:d61f4695e6c866a23a21acab0509af1cdfd2c013cf256bbf5b6b5e2695827162",
                "sha256:db0fbb9c62743ce59a9ff687eb5f4afbe77e5e8403d6697f7446e5f609976f76",
                "sha256:dd86c085fae2efd48ac91dd7ccffcfc0571387fe1193d33b6394db7ef31fe2a4",
                "sha256:e00b098126fd45523dd056d2efba6c5a63b71ffe9f2bbe1a4fe1716e1d0c331e",
                "sha256:e229a521186c75c8ad9490854fd8bbdd9a0c9aa3a524326b55be83b54d4e0ad9",
                "sha256:e263d77ee3dd201c3a142934a086a4450861778baaeeb45db4591ef65550b0a6",
                "sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b",
                "sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01",
                "sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0"
            ],
            "version": "==1.15.1"
        },
        "cryptography": {
            "hashes": [
                "sha256:0d09fb5356f975974dbcb595ad2d178305e5050656affb7890a1583f5e02a306",
                "sha256:23c2d778cf829f7d0ae180600b17e9fceea3c2ef8b31a99e3c694cbbf3a24b84",
                "sha256:3fb248989b6363906827284cd20cca63bb1a757e0a2864d4c1682a985e3dca47",
                "sha256:41d7aa7cdfded09b3d73a47f429c298e80796c8e825ddfadc84c8a7f12df212d",
                "sha256:42cb413e01a5d36da9929baa9d70ca90d90b969269e5a12d39c1e0d475010116",
                "sha256:4c2f0d35703d61002a2bbdcf15548ebb701cfdd83cdc12471d2bae80878a4207",
                "sha256:4fd871184321100fb400d759ad0cddddf284c4b696568204d281c902fc7b0d81",
                "sha256:5259cb659aa43005eb55a0e4ff2c825ca111a0da1814202c64d28a985d33b087",
                "sha256:57a51b89f954f216a81c9d057bf1a24e2f36e764a1ca9a501a6964eb4a6800dd",
                "sha256:652627a055cb52a84f8c448185922241dd5217443ca194d5739b44612c5e6507",
                "sha256:67e120e9a577c64fe1f611e53b30b3e69744e5910ff3b6e97e935aeb96005858",
                "sha256:6af1c6387c531cd364b72c28daa29232162010d952ceb7e5ca8e2827526aceae",
                "sha256:6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34",
                "sha256:7efe8041897fe7a50863e51b77789b657a133c75c3b094e51b5e4b5cec7bf906",
                "sha256:84537453d57f55a50a5b6835622ee405816999a7113267739a1b4581f83535bd",
                "sha256:8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922",
                "sha256:95dd7f261bb76948b52a5330ba5202b91a26fbac13ad0e9fc8a3ac04752058c7",
                "sha256:a74fbcdb2a0d46fe00504f571a2a540532f4c188e6ccf26f1f178480117b33c4",
                "sha256:a983e441a00a9d57a4d7c91b3116a37ae602907a7618b882c8013b5762e80574",
                "sha256:ab8de0d091acbf778f74286f4989cf3d1528336af1b59f3e5d2ebca8b5fe49e1",
                "sha256:aeb57c421b34af8f9fe830e1955bf493a86a7996cc1338fe41b30047d16e962c",
                "sha256:ce785cf81a7bdade534297ef9e490ddff800d956625020ab2ec2780a556c313e",
                "sha256:d0d651aa754ef58d75cec6edfbd21259d93810b73f6ec246436a21b7841908de"
            ],
            "index": "pypi",
            "version": "==41.0.3"
        },
        "pycparser": {
            "hashes": [
                "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9",
                "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206"
            ],
            "version": "==2.21"
        }
    },
    "develop": {}
}

Actual result

Hashes in Pipfile.lock are only for my current OS, where I'm running pipenv install

{
    "_meta": {
        "hash": {
            "sha256": "90025a8184f3365cfb0e9f07920c49ce086e43ac5335361e1ca7a562e9ab9e30"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.10"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "cffi": {
            "hashes": [
                "sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21",
                "sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9"
            ],
            "version": "==1.15.1"
        },
        "cryptography": {
            "hashes": [
                "sha256:652627a055cb52a84f8c448185922241dd5217443ca194d5739b44612c5e6507",
                "sha256:6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34",
                "sha256:8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922"
            ],
            "index": "pypi",
            "version": "==41.0.3"
        },
        "pycparser": {
            "hashes": [
                "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9",
                "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206"
            ],
            "version": "==2.21"
        }
    },
    "develop": {}
}

Steps to replicate

Provide the steps to replicate (which usually at least includes the commands and the Pipfile).

  1. Create a Pipfile
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[requires]
python_version = "3.10"

[packages]
cryptography = "*"
  1. set pipenv version to 2023.7.23
  2. set PIPENV_PYPI_MIRROR to a custom repo
  3. run pipenv install
  4. inspect Pipfile.lock

$ pipenv --support

Pipenv version: '2023.7.23'

Pipenv location: '/Users/foo/.pyenv/versions/3.10.2/lib/python3.10/site-packages/pipenv'

Python location: '/Users/foo/.pyenv/versions/3.10.2/bin/python3.10'

OS Name: 'posix'

User pip version: '21.2.4'

user Python installations found:

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.10.2',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '22.6.0',
 'platform_system': 'Darwin',
 'platform_version': 'Darwin Kernel Version 22.6.0: Wed Jul  5 22:21:56 PDT '
                     '2023; root:xnu-8796.141.3~6/RELEASE_X86_64',
 'python_full_version': '3.10.2',
 'python_version': '3.10',
 'sys_platform': 'darwin'}

System environment variables:

  • TERM_PROGRAM
  • PYENV_ROOT
  • TERM
  • SHELL
  • TMPDIR
  • TERM_PROGRAM_VERSION
  • AWS_CREDENTIAL_EXPIRATION
  • PIP_INDEX_URL
  • AWS_SESSION_TOKEN
  • TERM_SESSION_ID
  • AWS_VAULT
  • PYENV_VERSION
  • WORKSPACE
  • ZSH
  • USER
  • COMMAND_MODE
  • CODEARTIFACT_AUTH_TOKEN
  • SSH_AUTH_SOCK
  • PYENV_DIR
  • __CF_USER_TEXT_ENCODING
  • PAGER
  • LSCOLORS
  • PATH
  • LaunchInstanceID
  • AWS_DEFAULT_REGION
  • COMPOSE_FILES_DIR
  • __CFBundleIdentifier
  • PWD
  • AWS_SECRET_ACCESS_KEY
  • LANG
  • ITERM_PROFILE
  • AWS_REGION
  • PYENV_HOOK_PATH
  • XPC_FLAGS
  • RBENV_SHELL
  • PIPENV_PYPI_MIRROR
  • XPC_SERVICE_NAME
  • AWS_ACCESS_KEY_ID
  • PYENV_SHELL
  • SHLVL
  • HOME
  • COLORFGBG
  • LC_TERMINAL_VERSION
  • ITERM_SESSION_ID
  • LESS
  • LOGNAME
  • LC_TERMINAL
  • SECURITYSESSIONID
  • SQLITE_EXEMPT_PATH_FROM_VNODE_GUARDS
  • ASDF_HASHICORP_TERRAFORM_VERSION_FILE
  • COLORTERM
  • PYTHONDONTWRITEBYTECODE
  • PIP_DISABLE_PIP_VERSION_CHECK
  • PYTHONFINDER_IGNORE_UNSUPPORTED

Pipenv–specific environment variables:

  • PIPENV_PYPI_MIRROR: https://aws:....codeartifact.us-east-2.amazonaws.com/pypi/foo-python/simple/

Debug–specific environment variables:

  • PATH: /Users/foo/.pyenv/versions/3.8.7/bin:/Users/foo/.pyenv/versions/3.9.13/bin:/Users/foo/.pyenv/versions/3.10.2/bin:/Users/foo/.pyenv/versions/3.9.10/bin:/Users/foo/.pyenv/versions/3.8.10/bin:/Users/foo/.pyenv/versions/3.10.2/bin:/usr/local/Cellar/pyenv/2.3.16/libexec:/usr/local/Cellar/pyenv/2.3.16/plugins/python-build/bin:/Users/foo/.pyenv/shims:/Users/foo/bin:/Users/foo/.pyenv/bin:/Users/foo/.rbenv/shims:/Users/foo/bin:/Users/foo/.pyenv/bin:/Users/foo/.rbenv/shims:/Users/foo/.pyenv/bin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Users/foo/.asdf/shims:/Users/foo/.asdf/shims
  • SHELL: /bin/zsh
  • LANG: en_US.UTF-8

Contents of Pipfile ('/Users/foo/workspace/foo-test-cryptograph-all-platform-hashes/Pipfile'):

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[requires]
python_version = "3.10"

[packages]
cryptography = "*"

Contents of Pipfile.lock ('/Users/foo/workspace/foo-test-cryptograph-all-platform-hashes/Pipfile.lock'):

{
    "_meta": {
        "hash": {
            "sha256": "90025a8184f3365cfb0e9f07920c49ce086e43ac5335361e1ca7a562e9ab9e30"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.10"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "cffi": {
            "hashes": [
                "sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21",
                "sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9"
            ],
            "version": "==1.15.1"
        },
        "cryptography": {
            "hashes": [
                "sha256:652627a055cb52a84f8c448185922241dd5217443ca194d5739b44612c5e6507",
                "sha256:6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34",
                "sha256:8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922"
            ],
            "index": "pypi",
            "version": "==41.0.3"
        },
        "pycparser": {
            "hashes": [
                "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9",
                "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206"
            ],
            "version": "==2.21"
        }
    },
    "develop": {}
}
@matteius
Copy link
Member

@jermbop Could you check this on: #5793
Planning to merge that this month and it will be important to know if what you are describing is an issue with that branch as well. If it is, I think I need more details about what you mean by custom repo.

@jermbop
Copy link
Author

jermbop commented Aug 14, 2023

@matteius I followed the steps from #5793 (comment) to install your version. I confirmed the version is set to

pipenv --version
pipenv, version 2023.7.24.dev0

I'm still seeing the same issue where the Pipfile.lock only has hashes for my OS.

For our custom repo we are setting PIPENV_PYPI_MIRROR and pulling through AWS's Codeartifact

@matteius
Copy link
Member

@jermbop I see, using a private index -- question, is there a recent prior version of pipenv that was resolving all hashes for a private index?

@boonware
Copy link

I am also seeing this with version 2023.7.23 while using the extra index https://download.pytorch.org/whl/cpu to install torch. Downgrading to version 2023.7.9 has fixed the problem.

@jermbop
Copy link
Author

jermbop commented Aug 15, 2023

@matteius
@boonware and I are seeing the same behavior. 2023.7.9 works for me as well.

@jermbop jermbop changed the title Release v2023.7.23 not resolving all platform hashes when pulling from a custom repo Release v2023.7.23 not resolving all platform hashes when pulling from a custom index Aug 15, 2023
@matteius matteius added Type: Bug 🐛 This issue is a bug. Priority: High This item is high priority and should be resolved quickly. labels Aug 17, 2023
@matteius
Copy link
Member

I was able to get this sorted on the draft-no-reqslib branch and pushed up some small changes based on my testing.

INFO:pipenv.patched.pip._internal.network.download:Using cached requests-2.31.0-py3-none-any.whl (62 kB)
INFO:pipenv.patched.pip._internal.network.download:Using cached certifi-2023.7.22-py3-none-any.whl (158 kB)
INFO:pipenv.patched.pip._internal.network.download:Using cached charset_normalizer-3.2.0-cp38-cp38-win_amd64.whl (96 kB)
INFO:pipenv.patched.pip._internal.network.download:Using cached urllib3-2.0.4-py3-none-any.whl (123 kB)
INFO:pipenv.patched.pip._internal.network.download:Using cached typing_extensions-4.7.1-py3-none-any.whl (33 kB)
Downloading file
https://download.pytorch.org/whl/cu111/whl/cu111/torch-1.10.2%2Bcu111-cp36-cp36
m-linux_x86_64.whl to obtain hash...
Downloading file
https://download.pytorch.org/whl/cu111/whl/cu111/torch-1.10.2%2Bcu111-cp36-cp36
m-win_amd64.whl to obtain hash...
Downloading file
https://download.pytorch.org/whl/cu111/whl/cu111/torch-1.10.2%2Bcu111-cp37-cp37
m-linux_x86_64.whl to obtain hash...
Downloading file
https://download.pytorch.org/whl/cu111/whl/cu111/torch-1.10.2%2Bcu111-cp37-cp37
m-win_amd64.whl to obtain hash...
Downloading file
https://download.pytorch.org/whl/cu111/whl/cu111/torch-1.10.2%2Bcu111-cp38-cp38
-linux_x86_64.whl to obtain hash...
Downloading file
https://download.pytorch.org/whl/cu111/whl/cu111/torch-1.10.2%2Bcu111-cp38-cp38
-win_amd64.whl to obtain hash...
Downloading file
https://download.pytorch.org/whl/cu111/whl/cu111/torch-1.10.2%2Bcu111-cp39-cp39
-linux_x86_64.whl to obtain hash...
Downloading file
https://download.pytorch.org/whl/cu111/whl/cu111/torch-1.10.2%2Bcu111-cp39-cp39
-win_amd64.whl to obtain hash...
[ ===] Locking...
Success!
Locking [dev-packages] dependencies...
Updated Pipfile.lock (c0a33c165f07d81030173ceeabab4a677a39b73dabb7de87af1ed11b6cf3b709)!
        "torch": {
            "hashes": [
                "sha256:0b4b32831aca1761be49a1d584d509f02d03bc6108c114972b4457a971007e9a",
                "sha256:3828d951c5a6e78d0b0a4edc1cfd21f7319ce08650cd68a605169e60aa33ddf9",
                "sha256:7bc0d93f1fb20618ac3aa793ef74c7b8800a065d2d5dd09284846cb0f6154b25",
                "sha256:9cfc57dd2b3ac6832e87ac7f5bf2cf2809ce00f08978a6c91d0f021b395d42ec",
                "sha256:a9119bf83a3c2b98c6a40b31102fca359fb2c875d328ace7a4b80d2223a2a9d6",
                "sha256:b3e301dea27fdc7f6534231adf91d8df5d6b9754186feafbe145e5bd57b857a8",
                "sha256:c20b57584a7fd7d5487ebd29a812b922e6831967a6e5ea3738f038d232793923",
                "sha256:c5241543c3c9667bca8d99e49d1de6392a89803bedf4f1e4fb758ab08366b4cc"
            ],
            "index": "downloadpytorch",
            "version": "==1.10.2+cu111"
        },

@jermbop
Copy link
Author

jermbop commented Aug 17, 2023

I seem to have your latest commit -> Resolved https://github.com/pypa/pipenv.git to commit 8a62691fc0237fe4c9d61226393c2529a7c13ebc

I'm still seeing the same behavior where my Pipfile.lock only has hashes for my OS.

@matteius
Copy link
Member

@jerempy Assuming your private index has an index page that can match the file names with the version being resolved, I would think it should work -- but you are also using PIPENV_PYPI_MIRROR which I am not as familiar with and haven't tested this case. One thing that would be helpful to try since my assumption is PIPENV_PYPI_MIRROR just replaces the default index, is try replacing the default index of pypi in your example with the private index and see if it works that way. Its likely that the way the sources are pulled doesn't consider PIPENV_PYPI_MIRROR and so it ends up pulling just the one hash using the direct link of the one that matched your platform in the resolver.

@jermbop
Copy link
Author

jermbop commented Aug 17, 2023

@matteius

https://pipenv-fork.readthedocs.io/en/latest/advanced.html#using-a-pypi-mirror

To my understanding I can either run pipenv install --pypi-mirror <mirror_url> or set PIPENV_PYPI_MIRROR. I did test the former command and am seeing the same outcome. When I downgrade to 2023.7.9 PIPENV_PYPI_MIRROR is working as expected.

@matteius
Copy link
Member

matteius commented Aug 17, 2023

@jermbop thats a different docs link, I think it would be this one: https://pipenv.pypa.io/en/latest/indexes/#using-a-pypi-mirror

To my understanding I can either run pipenv install --pypi-mirror <mirror_url> or set PIPENV_PYPI_MIRROR.

Yes that is correct, but my suspicion is that is also where there may still be a bug. Since I do not have access to your private pypi mirror, its harder for me to test this which is why I am asking if you can try to not use the pypi-mirror in testing my branch and instead change the Pipfile or lockfile source URL to be the mirror and run a couple checks. This will help me determine:

  1. Is it just a bug with pypi-mirror (ok we can look more deeply into that if so) OR
  2. Is it perhaps something isn't matching when we scrape the index for the hashes.

On my branch there should be good output with -v or --verbose that should show where its trying to obtain the hashes, if there is an error there that would also be useful to know, or maybe its skipping that because the source isn't in the lockfile directly.

Its not really going to be too useful for me to test on main/current release because my future looking branch is likely to get merged soon, and so I'll want to find the path forward from starting from that code. Nothing stood out to me comparing 2023.7.11 to 2023.7.9 anyway and plus a lot more fixes in the draft-no-reqlib branch including the fix from today that I verified against the pytorch index.

Just to reiterate, I think there is a bug and it should be fixed, but it somewhat non-trivial and so some help pin-pointing it will help me do a better job with it.

@jermbop
Copy link
Author

jermbop commented Aug 17, 2023

@matteius I removed PIPENV_PYPI_MIRROR from my env vars, updated the Pipfile source, and captured the lockfile and verbose output.

Pipfile

[[source]]
url = "https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/"

verify_ssl = true
name = "pypi"

[requires]
python_version = "3.10"

[packages]
cryptography = "*"

Pipfile.lock

``` { "_meta": { "hash": { "sha256": "f4733ffb52d998353d78a421bddc36b09d51a95a6779f203cf18c248734cd676" }, "pipfile-spec": 6, "requires": { "python_version": "3.10" }, "sources": [ { "name": "pypi", "url": "https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/", "verify_ssl": true } ] }, "default": { "cffi": { "hashes": [ "sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21", "sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9" ], "version": "==1.15.1" }, "cryptography": { "hashes": [ "sha256:652627a055cb52a84f8c448185922241dd5217443ca194d5739b44612c5e6507", "sha256:6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34", "sha256:8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922" ], "index": "pypi", "markers": "python_version >= '3.7'", "version": "==41.0.3" }, "pycparser": { "hashes": [ "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9", "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206" ], "version": "==2.21" } }, "develop": {} } ```

Verbose output of pipenv install -v --dev

``` pipenv install -v --dev Using python: 3.10 Path to python: /Users/myusername/.pyenv/versions/3.10.2/bin/python3 Creating a virtualenv for this project... Pipfile: /Users/myusername/workspace/test-cryptograph-all-platform-hashes/Pipfile Using /Users/myusername/.pyenv/versions/3.10.2/bin/python3 (3.10.2) to create virtualenv... ⠇ Creating virtual environment...created virtual environment CPython3.10.2.final.0-64 in 474ms creator CPython3Posix(dest=/Users/myusername/.local/share/virtualenvs/test-cryptograph-all-platform-hashe-eEkz4Ddq, clear=False, no_vcs_ignore=False, global=False) seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/Users/myusername/Library/Application Support/virtualenv) added seed packages: pip==23.2.1, setuptools==68.0.0, wheel==0.41.1 activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator

✔ Successfully created virtual environment!
Virtualenv location: /Users/myusername/.local/share/virtualenvs/test-cryptograph-all-platform-hashe-eEkz4Ddq
Pipfile.lock not found, creating...
Locking [packages] dependencies...
Building requirements...
Resolving dependencies...
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting()
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('cryptography'), None)
INFO:pipenv.patched.pip._internal.operations.prepare:Collecting cryptography (from -r
/var/folders/6n/cgk3c7pn3kg97b5md65vw7bw0000gp/T/pipenv-4fy8295n-requirements/pipenv-r6w40273-constraints.txt (line 2))
INFO:pipenv.patched.pip._internal.network.download:Using cached
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_12_x86_64.whl (2.8
MB)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(0)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('cffi>=1.12'),
LinkCandidate('https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_12_x8
6_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)'))
INFO:pipenv.patched.pip._internal.operations.prepare:Collecting cffi>=1.12 (from cryptography->-r
/var/folders/6n/cgk3c7pn3kg97b5md65vw7bw0000gp/T/pipenv-4fy8295n-requirements/pipenv-r6w40273-constraints.txt (line 2))
INFO:pipenv.patched.pip._internal.network.download:Using cached
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl (179 kB)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.pinning(LinkCandidate('https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_12_x86_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)'))
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending_round(0, state)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(1)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('pycparser'),
LinkCandidate('https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sha256
=39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)'))
INFO:pipenv.patched.pip._internal.operations.prepare:Collecting pycparser (from cffi>=1.12->cryptography->-r
/var/folders/6n/cgk3c7pn3kg97b5md65vw7bw0000gp/T/pipenv-4fy8295n-requirements/pipenv-r6w40273-constraints.txt (line 2))
INFO:pipenv.patched.pip._internal.network.download:Using cached
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/2.21/pycparser-2.21-py2.py3-none-any.whl (118 kB)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.pinning(LinkCandidate('https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sha256=39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)'))
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending_round(1, state)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(2)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.pinning(LinkCandidate('https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/2.21/pycparser-2.21-py2.py3-none-any.whl#sha256=8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 (from
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/)'))
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending_round(2, state)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(3)
INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending(State(mapping=OrderedDict([('cryptography',
LinkCandidate('https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_12_x8
6_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)')), ('cffi',
LinkCandidate('https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sha256
=39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)')), ('pycparser',
LinkCandidate('https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/2.21/pycparser-2.21-py2.py3-none-any.whl#sha256=8ee4542
9555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 (from
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/)'))]), criteria={'cryptography':
Criterion((SpecifierRequirement('cryptography'), via=None)), 'cffi': Criterion((SpecifierRequirement('cffi>=1.12'),
via=LinkCandidate('https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_1
2_x86_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)'))), 'pycparser':
Criterion((SpecifierRequirement('pycparser'),
via=LinkCandidate('https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sh
a256=39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)')))}, backtrack_causes=[]))
⠋ Locking...
✔ Success!
Locking [dev-packages] dependencies...
Updated Pipfile.lock (f4733ffb52d998353d78a421bddc36b09d51a95a6779f203cf18c248734cd676)!
Installing dependencies from Pipfile.lock (4cd676)...
Writing supplied requirement line to temporary file: 'cffi==1.15.1 --hash=sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21
--hash=sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9'
Writing supplied requirement line to temporary file: "cryptography==41.0.3; python_version >= '3.7' --hash=sha256:652627a055cb52a84f8c448185922241dd5217443ca194d5739b44612c5e6507
--hash=sha256:6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34 --hash=sha256:8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922"
Writing supplied requirement line to temporary file: 'pycparser==2.21 --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9
--hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206'
Install Phase: Standard Requirements
Preparing Installation of 'cffi==1.15.1 --hash=sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21
--hash=sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9'
Preparing Installation of "cryptography==41.0.3; python_version >= '3.7' --hash=sha256:652627a055cb52a84f8c448185922241dd5217443ca194d5739b44612c5e6507
--hash=sha256:6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34 --hash=sha256:8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922"
Preparing Installation of 'pycparser==2.21 --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9
--hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206'
$ /Users/myusername/.local/share/virtualenvs/test-cryptograph-all-platform-hashe-eEkz4Ddq/bin/python
/Users/myusername/.pyenv/versions/3.10.2/lib/python3.10/site-packages/pipenv/patched/pip/pip-runner.py install -i
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/ --no-input --upgrade --no-deps -r /var/folders/6n/cgk3c7pn3kg97b5md65vw7bw0000gp/T/pipenv-idg8eukk-requirements/pipenv-jngmouuh-hashed-reqs.txt
Using source directory: '/Users/myusername/.local/share/virtualenvs/test-cryptograph-all-platform-hashe-eEkz4Ddq/src'
Looking in indexes: https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/

Collecting cffi==1.15.1 (from -r /var/folders/6n/cgk3c7pn3kg97b5md65vw7bw0000gp/T/pipenv-idg8eukk-requirements/pipenv-jngmouuh-hashed-reqs.txt (line 1))

Using cached https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl (179
kB)

Collecting cryptography==41.0.3 (from -r /var/folders/6n/cgk3c7pn3kg97b5md65vw7bw0000gp/T/pipenv-idg8eukk-requirements/pipenv-jngmouuh-hashed-reqs.txt (line 2))

Using cached
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_12_x86_64.whl (2.8
MB)

Collecting pycparser==2.21 (from -r /var/folders/6n/cgk3c7pn3kg97b5md65vw7bw0000gp/T/pipenv-idg8eukk-requirements/pipenv-jngmouuh-hashed-reqs.txt (line 3))

Using cached https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/2.21/pycparser-2.21-py2.py3-none-any.whl (118 kB)

Installing collected packages: cffi, pycparser, cryptography

Successfully installed cffi-1.15.1 cryptography-41.0.3 pycparser-2.21

Install Phase: Editable Requirements
Preparing Installation of 'cffi==1.15.1 --hash=sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21
--hash=sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9'
Preparing Installation of "cryptography==41.0.3; python_version >= '3.7' --hash=sha256:652627a055cb52a84f8c448185922241dd5217443ca194d5739b44612c5e6507
--hash=sha256:6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34 --hash=sha256:8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922"
Preparing Installation of 'pycparser==2.21 --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9
--hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206'
$ /Users/myusername/.local/share/virtualenvs/test-cryptograph-all-platform-hashe-eEkz4Ddq/bin/python
/Users/myusername/.pyenv/versions/3.10.2/lib/python3.10/site-packages/pipenv/patched/pip/pip-runner.py install -i
https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/ --no-input --upgrade --no-deps -r /var/folders/6n/cgk3c7pn3kg97b5md65vw7bw0000gp/T/pipenv-idg8eukk-requirements/pipenv-oi0mf3fl-reqs.txt
Using source directory: '/Users/myusername/.local/share/virtualenvs/test-cryptograph-all-platform-hashe-eEkz4Ddq/src'
Looking in indexes: https://aws:{ourToken}@{ourCustomDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/

Installing dependencies from Pipfile.lock (4cd676)...
To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.

</details>

@matteius
Copy link
Member

@jermbop thanks for the output, while 8a62691fc0237fe4c9d61226393c2529a7c13ebc is the commit hash of my latest commit, something isn't adding up with the output, because I added a err.print (rich stderr print) statement to the common function get_file_hash ... I truly believe it should log at least once "Downloading file {link.filename} to obtain hash..." for the hash it did obtain. 🤔 Although ...

There is logic to get the hash from the url of the package link from the index page if its available. Are you able to determine if the hashes are in the your index links (usually as query parameters at the end of the URLs). Also, are you sure that your private mirror has multiple wheels of the same package version for different platforms that it would be able to obtain? If not, it may be possible it was actually getting those extra hashes from pypi before ... really hard to make a determination yet.

@jermbop
Copy link
Author

jermbop commented Aug 18, 2023

@matteius

I tested again with version 2023.7.9. I have both the Pipfile source url and PIPENV_PYPI_MIRROR pointing to our custom index. I also included a snapshot of our custom indexes assets for cryptography. It includes all hashes. Please let me know if there's anything you'd like me to run or test out.

Output of install with version 2023.7.9

pipenv install -v --dev Pipfile.lock not found, creating... Locking [packages] dependencies... Building requirements... Resolving dependencies... Reporter.starting() INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting() Reporter.adding_requirement(SpecifierRequirement('cryptography'), None) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('cryptography'), None) Reporter.starting_round(0) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(0) Reporter.adding_requirement(SpecifierRequirement('cffi>=1.12'), LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_12_x8 6_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)')) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('cffi>=1.12'), LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_12_x8 6_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)')) Reporter.pinning(LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi 3-macosx_10_12_x86_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)')) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.pinning(LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/beac on-python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_12_x86_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)')) Reporter.ending_round(0, state) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending_round(0, state) Reporter.starting_round(1) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(1) Reporter.adding_requirement(SpecifierRequirement('pycparser'), LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sha256 =39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)')) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.adding_requirement(SpecifierRequirement('pycparser'), LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sha256 =39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)')) Reporter.pinning(LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_ x86_64.whl#sha256=39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)')) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.pinning(LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/beac on-python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sha256=39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)')) Reporter.ending_round(1, state) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending_round(1, state) Reporter.starting_round(2) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(2) Reporter.pinning(LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/2.21/pycparser-2.21-py2.py3-none-any.w hl#sha256=8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/)')) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.pinning(LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/beac on-python/simple/pycparser/2.21/pycparser-2.21-py2.py3-none-any.whl#sha256=8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/)')) Reporter.ending_round(2, state) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending_round(2, state) Reporter.starting_round(3) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.starting_round(3) Reporter.ending(State(mapping=OrderedDict([('cryptography', LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_12_x8 6_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)')), ('cffi', LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sha256 =39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)')), ('pycparser', LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/2.21/pycparser-2.21-py2.py3-none-any.whl#sha256=8ee4542 9555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/)'))]), criteria={'cryptography': Criterion((SpecifierRequirement('cryptography'), via=None)), 'cffi': Criterion((SpecifierRequirement('cffi>=1.12'), via=LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_1 2_x86_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)'))), 'pycparser': Criterion((SpecifierRequirement('pycparser'), via=LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sh a256=39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)')))}, backtrack_causes=[])) INFO:pipenv.patched.pip._internal.resolution.resolvelib.reporter:Reporter.ending(State(mapping=OrderedDict([('cryptography', LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_12_x8 6_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)')), ('cffi', LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sha256 =39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)')), ('pycparser', LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/2.21/pycparser-2.21-py2.py3-none-any.whl#sha256=8ee4542 9555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/pycparser/)'))]), criteria={'cryptography': Criterion((SpecifierRequirement('cryptography'), via=None)), 'cffi': Criterion((SpecifierRequirement('cffi>=1.12'), via=LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/41.0.3/cryptography-41.0.3-cp37-abi3-macosx_10_1 2_x86_64.whl#sha256=8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cryptography/) (requires-python:>=3.7)'))), 'pycparser': Criterion((SpecifierRequirement('pycparser'), via=LinkCandidate('https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/1.15.1/cffi-1.15.1-cp310-cp310-macosx_10_9_x86_64.whl#sh a256=39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 (from https://{ourCustomerDomain}.d.codeartifact.us-east-2.amazonaws.com/pypi/python/simple/cffi/)')))}, backtrack_causes=[])) ⠼ Locking... ✔ Success! Locking [dev-packages] dependencies... Updated Pipfile.lock (90025a8184f3365cfb0e9f07920c49ce086e43ac5335361e1ca7a562e9ab9e30)! Installing dependencies from Pipfile.lock (ab9e30)... Installing dependencies from Pipfile.lock (ab9e30)... To activate this project's virtualenv, run pipenv shell. Alternatively, run a command inside the virtualenv with pipenv run.
Screenshot 2023-08-18 at 12 20 53 PM

@matteius
Copy link
Member

Thanks @jermbop -- that does indicate the URLs have the sha256 hashes as query parameters -- we can dig in more if its still broken, but I cut release 2023.8.19 and would be good confirm to its still broken before we dig deeper. I would also be open to scheduling a debugging session if possible.

@jermbop
Copy link
Author

jermbop commented Aug 21, 2023

@matteius Just tested with 2023.8.19. I'm still seeing the same issue. I'm open for a debugging session!

@matteius
Copy link
Member

@jermbop I may have some time next weekend given its calling for rain here. If you click on my github profile, I have my email you can send me and I can invite you to a python developers slack group ...

@matteius matteius added Status: Awaiting Update ⏳ This issue requires more information before assistance can be provided. and removed Priority: High This item is high priority and should be resolved quickly. labels Aug 26, 2023
@matejsp
Copy link

matejsp commented Aug 30, 2023

This is related also to my bug #5894

@matteius
Copy link
Member

matteius commented Sep 1, 2023

I am hopeful that 2023.9.1 solves this for you @jermbop since it did for @matejsp's example.

@jermbop
Copy link
Author

jermbop commented Sep 5, 2023

@matteius I tested changes from your branch issue-5827-compat (version 2023.9.2.dev0). This branch correctly installs all platform hashes! Thanks for your work on this. When a release is cut I can test again, making sure it works for the release

@matteius
Copy link
Member

matteius commented Sep 7, 2023

2023.9.7 included this change.

@matteius matteius closed this as completed Sep 7, 2023
@jermbop
Copy link
Author

jermbop commented Sep 7, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Status: Awaiting Update ⏳ This issue requires more information before assistance can be provided. triage Type: Bug 🐛 This issue is a bug.
Projects
None yet
Development

No branches or pull requests

4 participants