Adjust the Fallback logic for obtaining the hashes from private indexes

[matteius]

The else Fallback here is not working right, for example if my source url is: url = "https://download.pytorch.org/whl/cu117" and the page contains url's like: /whl/cu117/torch-2.0.1%2Bcu117-cp310-cp310-linux_x86_64.whl So the url that gets generated is: https://download.pytorch.org/whl/cu117/whl/cu117/torch-2.0.1%2Bcu117-cp310-cp310-linux_x86_64.whl which is wrong because it repeats /whl/cu117/

The issue

Fixes #5864
Fixes #5860
Maybe Fixes #5848

The fix

Use urllib.parse urljoin which will intelligently handle this case:

Downloading file torch-2.0.1+cu117-cp310-cp310-linux_x86_64.whl to obtain
hash...
Downloading file torch-2.0.1+cu117-cp310-cp310-win_amd64.whl to obtain hash...
Downloading file torch-2.0.1+cu117-cp311-cp311-linux_x86_64.whl to obtain
hash...
Downloading file torch-2.0.1+cu117-cp311-cp311-win_amd64.whl to obtain hash...
Downloading file torch-2.0.1+cu117-cp38-cp38-linux_x86_64.whl to obtain hash...
Downloading file torch-2.0.1+cu117-cp38-cp38-win_amd64.whl to obtain hash...
Downloading file torch-2.0.1+cu117-cp39-cp39-linux_x86_64.whl to obtain hash...
Downloading file torch-2.0.1+cu117-cp39-cp39-win_amd64.whl to obtain hash...

Install:

Writing supplied requirement line to temporary file: 'torch==2.0.1+cu117 --hash=sha256:0a56cf5d99f1c7fa29c328a6737c5e5108fa71d8f021c074f4ff0de9e8969302
--hash=sha256:245d04e1541350dba11c7b76e343ca0071bbcb10f956a09b6bede3d68db9e759 --hash=sha256:60b21e8db98f7365758a5c218f5dc533d84f046ed0876b4540ba5ba7ef6797d4
--hash=sha256:a77ba4f4b13c8b6c2c863b84a98dde2ddf1feaad5f25700d41cf3236e11d2ee8 --hash=sha256:bb54b705185bea820e6ec6485a25761bc03f689e1a09a37d814d6ea8e276b5bd
--hash=sha256:bec39e6fe7232f399c6a5cda5785517fec759fc0852e0c31d71a39f7bf6b23b3 --hash=sha256:deed82674691238ff9471fb7dd13a6eafc0c394cb6cdb249b483b4855c00276f
--hash=sha256:e06deb28938e7468bdd79ad5a4cfda36e95113507a9144a367039b35ac73986c'
Install Phase: Standard Requirements
Preparing Installation of 'torch==2.0.1+cu117 --hash=sha256:0a56cf5d99f1c7fa29c328a6737c5e5108fa71d8f021c074f4ff0de9e8969302 --hash=sha256:245d04e1541350dba11c7b76e343ca0071bbcb10f956a09b6bede3d68db9e759
--hash=sha256:60b21e8db98f7365758a5c218f5dc533d84f046ed0876b4540ba5ba7ef6797d4 --hash=sha256:a77ba4f4b13c8b6c2c863b84a98dde2ddf1feaad5f25700d41cf3236e11d2ee8
--hash=sha256:bb54b705185bea820e6ec6485a25761bc03f689e1a09a37d814d6ea8e276b5bd --hash=sha256:bec39e6fe7232f399c6a5cda5785517fec759fc0852e0c31d71a39f7bf6b23b3
--hash=sha256:deed82674691238ff9471fb7dd13a6eafc0c394cb6cdb249b483b4855c00276f --hash=sha256:e06deb28938e7468bdd79ad5a4cfda36e95113507a9144a367039b35ac73986c'
$ C:/c/Users/matte/.virtualenvs/pytorch_new-7A-x71qg/Scripts/python.exe 'C:\Users\matte\Projects\pipenv\pipenv\patched\pip\__pip-runner__.py' install -i https://download.pytorch.org/whl/cu117 --no-input
--upgrade --no-deps -r 'c:\users\matte\appdata\local\temp\pipenv-6a7209oi-requirements\pipenv-8x7x43h8-hashed-reqs.txt'
Using source directory: 'C:\\c\\Users\\matte\\.virtualenvs\\pytorch_new-7A-x71qg\\src'
Looking in indexes: https://download.pytorch.org/whl/cu117

Collecting torch==2.0.1+cu117 (from -r c:\users\matte\appdata\local\temp\pipenv-6a7209oi-requirements\pipenv-8x7x43h8-hashed-reqs.txt (line 1))

  Using cached https://download.pytorch.org/whl/cu117/torch-2.0.1%2Bcu117-cp311-cp311-win_amd64.whl (2343.6 MB)

Installing collected packages: torch

Successfully installed torch-2.0.1+cu117

I've also added better error handling for this case to avoid capturing a hash if the response is not 200. When I undo the fix, that looks like:

[  ==] Locking...Downloading file torch-2.0.1+cu117-cp310-cp310-linux_x86_64.whl to obtain hash...
[   =] Locking...HTTP error 403 while getting https://download.pytorch.org/whl/cu117/whl/cu117/torch-2.0.1%2Bcu117-cp310-cp310-linux_x86_64.whl
Downloading file torch-2.0.1+cu117-cp310-cp310-win_amd64.whl to obtain hash...
[  ==] Locking...HTTP error 403 while getting https://download.pytorch.org/whl/cu117/whl/cu117/torch-2.0.1%2Bcu117-cp310-cp310-win_amd64.whl
Downloading file torch-2.0.1+cu117-cp311-cp311-linux_x86_64.whl to obtain hash...
[==  ] Locking...HTTP error 403 while getting https://download.pytorch.org/whl/cu117/whl/cu117/torch-2.0.1%2Bcu117-cp311-cp311-linux_x86_64.whl
Downloading file torch-2.0.1+cu117-cp311-cp311-win_amd64.whl to obtain hash...
[=   ] Locking...HTTP error 403 while getting https://download.pytorch.org/whl/cu117/whl/cu117/torch-2.0.1%2Bcu117-cp311-cp311-win_amd64.whl
Downloading file torch-2.0.1+cu117-cp38-cp38-linux_x86_64.whl to obtain hash...
[ ===] Locking...HTTP error 403 while getting https://download.pytorch.org/whl/cu117/whl/cu117/torch-2.0.1%2Bcu117-cp38-cp38-linux_x86_64.whl
Downloading file torch-2.0.1+cu117-cp38-cp38-win_amd64.whl to obtain hash...
[   =] Locking...HTTP error 403 while getting https://download.pytorch.org/whl/cu117/whl/cu117/torch-2.0.1%2Bcu117-cp38-cp38-win_amd64.whl
Downloading file torch-2.0.1+cu117-cp39-cp39-linux_x86_64.whl to obtain hash...
[  ==] Locking...HTTP error 403 while getting https://download.pytorch.org/whl/cu117/whl/cu117/torch-2.0.1%2Bcu117-cp39-cp39-linux_x86_64.whl
Downloading file torch-2.0.1+cu117-cp39-cp39-win_amd64.whl to obtain hash...
[====] Locking...HTTP error 403 while getting https://download.pytorch.org/whl/cu117/whl/cu117/torch-2.0.1%2Bcu117-cp39-cp39-win_amd64.whl
[==  ] Locking...Downloading file torch-2.0.1+cu117-cp311-cp311-win_amd64.whl to obtain hash...

Latest Update is I got caching to work -- so if you download the expensive pytorch wheels in one lock phase, the subsequent lock phase is much faster! 🎉

The checklist

• Associated issue
• A news fragment in the news/ directory to describe this fix with the extension .bugfix.rst, .feature.rst, .behavior.rst, .doc.rst. .vendor.rst. or .trivial.rst (this will appear in the release changelog). Use semantic line breaks and name the file after the issue number or the PR #.

[oz123]

Well, it turns out PipSession removed a lot of code :-)

[oz123]

This is really great!

[jeffwidman]

Nice job with the caching improvement as well!

[BetterWorld-Liuser]

so...what's the final solution? I'm using the latest version of pipenv. when I run

pipenv install torch==2.0.1+cu117 --index https://download.pytorch.org/whl/cu117

It still keeps locking and downloading something I don't know...

Installing torch==2.0.1+cu117...
Resolving torch==2.0.1+cu117...
Added torch to Pipfile's [packages] ...
Installation Succeeded
Pipfile.lock not found, creating...
Locking [packages] dependencies... 
Building requirements...
Resolving dependencies...
[====] Locking...

pipfile

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[[source]]
url = "https://download.pytorch.org/whl/cu117"
verify_ssl = true
name = "downloadpytorch"

[packages]
torch = {version = "==2.0.1", index = "downloadpytorch"}

[dev-packages]

[requires]
python_version = "3.10"
python_full_version = "3.10.11"

[matteius]

@BetterWorld-Liuser The first time you lock its going to download 16 GB of wheel files from the torch index.

[BetterWorld-Liuser]

@matteius so there is no way to install just like pip install ? like just download the target whl...

[matteius]

@BetterWorld-Liuser Once you have a valid lock file, which needs the hashes of all matching wheel files for that version, which is why it has to download approximately 16 GB, then the subsequent install just downloads the one matching wheel for your system, which should be cached by the prior lock.

[BetterWorld-Liuser]

@matteius OK, I understand, thanks!