-
-
Notifications
You must be signed in to change notification settings - Fork 259
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
problem with requirements.txt generated by pipenv lock -r
#429
Comments
yeah, support for |
Yeah, hashing is a very useful feature. I use this workaround:
Would appreciate a PR for sure. |
|
The way we generate pex files broke when we added more dependencies (we use numpy for graph generation). The choice was to build from source, without wheels; but for that we need to be able to re-build numpy, and this can be time-consuming. If we remove the --no-wheel option, we go back to the exact versions pinned in the generated requirements/base.txt; this follows the initial intent of having reproducible builds for the pex. But this does not work because the current pex implementation does not support locking versions like this, while also having a local package (here hwbench itself) in a directory (and not a wheel which has a hash). We get this error: ERROR: Can't verify hashes for these file:// requirements because they point to directories: See this pex issues and the other linked ones: pex-tool/pex#429 ; currently the pex project is building its own lock file format to better fit its needs, but that would not help us here. So this change relaxes the constraints a bit: no more lock file. The pex builds won't be reproducible, and hopefully it won't be an issue since the artifacts will be archived. And no more wheels: this should make the pexes generation significantly faster. Also upgrade the dependency resolver to be the same one we use with pip-compile (backtracking), so that we'd get a similar result if pex and requirements/base.txt are generated at the same time. Change-Id: If6d677838f86880776a125c1f5676cbf1b08ddbb
#2412 mentioned this issue which I failed to close several years ago. Pex has supported requirements files with hashes since at least Pex 2.1.22 (via #1114). Using the example repo from #2412, for example:
|
i try to get my little python tool deployable better with pex. and pex looks really really promising.
i use pipenv for developing and it has a option to generate requirements.txt files... so i tried a
pipenv run pex -r <(pipenv lock -r)
and got this
the generated requirements.txt looks like this:
i have a feeling that it has problems with parsing the hashes in the line strings. but thats just a idea.
The text was updated successfully, but these errors were encountered: