Pipenv: Pipenv does not lock dependencies when installing from URL

Created on 2 Nov 2018 · 6Comments · Source: pypa/pipenv

Be sure to check the existing issues (both open and closed!), and make sure you are running the latest version of Pipenv.

Check the diagnose documentation for common issues before posting! We may close your issue if it is very similar to one of them. Please be considerate, or be on your way.

Make sure to mention your debugging experience if the documented solution failed.

Issue description

Pipenv does not lock dependencies when installing from URL:

mkdir /tmp/repro; cd /tmp/repro
$ pipenv install https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging
Installing https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging…
Collecting uberlogging from https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz#egg=uberlogging
  Downloading https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz
Collecting coloredlogs (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/08/0f/7877fc42fff0b9d70b6442df62d53b3868d3a6ad1b876bdb54335b30ff23/coloredlogs-10.0-py2.py3-none-any.whl
Collecting structlog (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/f0/00/0fd0ca13fa19361bec0418e4c3b6b7509048cb1fb2fa8b7cd6b3dffe13d8/structlog-18.2.0-py2.py3-none-any.whl
Collecting humanfriendly (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/79/1e/13d96248e3fcaa7777b61fa889feab44865c85e524bbd667acfa0d8b66e3/humanfriendly-4.17-py2.py3-none-any.whl
Collecting python-json-logger (from uberlogging)
  Using cached https://files.pythonhosted.org/packages/3a/ed/2ba5a2dfce45fa67e0588dd6457b59ffdef7f1fdcd2c1152e085e3c9a726/python_json_logger-0.1.9-py2.py3-none-any.whl
Collecting six (from structlog->uberlogging)
  Using cached https://files.pythonhosted.org/packages/67/4b/141a581104b1f6397bfa78ac9d43d8ad29a7ca43ea90a2d863fe3056e86a/six-1.11.0-py2.py3-none-any.whl
Requirement already satisfied, skipping upgrade: setuptools in /home/haizaar/dev/venvs/repro-2muHjEV7/lib/python3.6/site-packages (from python-json-logger->uberlogging) (40.5.0)
Building wheels for collected packages: uberlogging
  Running setup.py bdist_wheel for uberlogging: started
  Running setup.py bdist_wheel for uberlogging: finished with status 'done'
  Stored in directory: /tmp/pip-ephem-wheel-cache-nu1_rfr7/wheels/36/90/05/3401129e52691bdd63e46f78b4761dca1ff6a0c3abcb57575d
Successfully built uberlogging
Installing collected packages: humanfriendly, coloredlogs, six, structlog, python-json-logger, uberlogging
Successfully installed coloredlogs-10.0 humanfriendly-4.17 python-json-logger-0.1.9 six-1.11.0 structlog-18.2.0 uberlogging-0.0.1

Adding uberlogging to Pipfile's [packages]…
Pipfile.lock not found, creating…
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Updated Pipfile.lock (e3fb42)!
Installing dependencies from Pipfile.lock (e3fb42)…
  🐍   ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 1/1 — 00:00:03

Only one dependency is locked, which is already suspicious, and indeed Pipfile.lock only contains:

{
    "_meta": {
        "hash": {
            "sha256": "c244596befb340cb024baad8aee4ee9c2d66d19ef39c1c07dcc43024a8e3fb42"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "uberlogging": {
            "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
        }
    },
    "develop": {}
}

However pipenv graph show the dependencies properly:

$ pipenv graph
uberlogging==0.0.1
  - coloredlogs [required: Any, installed: 10.0]
    - humanfriendly [required: >=4.7, installed: 4.17]
  - humanfriendly [required: Any, installed: 4.17]
  - python-json-logger [required: Any, installed: 0.1.9]
    - setuptools [required: Any, installed: 40.5.0]
  - structlog [required: Any, installed: 18.2.0]
    - six [required: Any, installed: 1.11.0]

Expected result

Dependencies should have appeared in the Pipfile.lock.

Actual result

$ pipenv lock --verbose
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Updated Pipfile.lock (e3fb42)!
$ cat Pipfile.lock | jq .default
{
  "uberlogging": {
    "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
  }
}

$ pipenv --support

Pipenv version: '2018.10.13'

Pipenv location: '/home/haizaar/.local/lib/python3.6/site-packages/pipenv'

Python location: '/usr/bin/python3.6'

Python installations found:

3.7.0: /usr/bin/python3.7
3.7.0: /usr/bin/python3.7m
3.6.6: /home/haizaar/dev/venvs/repro-2muHjEV7/bin/python3.6
3.6.6: /usr/bin/python3.6
3.6.6: /usr/bin/python3.6m
3.5.2: /usr/bin/python3.5
3.5.2: /usr/bin/python3.5m
2.7.12: /usr/bin/python2.7

PEP 508 Information:

{'implementation_name': 'cpython',
 'implementation_version': '3.6.6',
 'os_name': 'posix',
 'platform_machine': 'x86_64',
 'platform_python_implementation': 'CPython',
 'platform_release': '4.15.0-36-generic',
 'platform_system': 'Linux',
 'platform_version': '#39~16.04.1-Ubuntu SMP Tue Sep 25 08:59:23 UTC 2018',
 'python_full_version': '3.6.6',
 'python_version': '3.6',
 'sys_platform': 'linux'}

System environment variables:

LC_PAPER
XDG_VTNR
XDG_SESSION_ID
LC_ADDRESS
CLUTTER_IM_MODULE
LC_MONETARY
XDG_GREETER_DATA_DIR
VIRTUALENVWRAPPER_SCRIPT
VIRTUALENVWRAPPER_PROJECT_FILENAME
SESSION
GPG_AGENT_INFO
PIP_PYTHON_PATH
SHELL
INFINALITY_FT_AUTOHINT_VERTICAL_STEM_DARKEN_STRENGTH
VTE_VERSION
TERM
QT_LINUX_ACCESSIBILITY_ALWAYS_ON
LC_NUMERIC
WINDOWID
GNOME_KEYRING_CONTROL
UPSTART_SESSION
GTK_MODULES
INFINALITY_FT_CONTRAST
USER
QT_ACCESSIBILITY
LC_TELEPHONE
LS_COLORS
UNITY_HAS_3D_SUPPORT
XDG_SESSION_PATH
XDG_SEAT_PATH
SSH_AUTH_SOCK
DEFAULTS_PATH
VIRTUAL_ENV
WORKON_HOME
UNITY_DEFAULT_PROFILE
XDG_CONFIG_DIRS
PIPENV_ACTIVE
PATH
DESKTOP_SESSION
QT_QPA_PLATFORMTHEME
QT_IM_MODULE
VIRTUALENVWRAPPER_HOOK_DIR
LC_IDENTIFICATION
JOB
PWD
XDG_SESSION_TYPE
XMODIFIERS
LANG
GNOME_KEYRING_PID
MANDATORY_PATH
GDM_LANG
LC_MEASUREMENT
NODE_PATH
IM_CONFIG_PHASE
COMPIZ_CONFIG_PROFILE
PS1
PYTHONDONTWRITEBYTECODE
PAPERSIZE
GDMSESSION
GTK2_MODULES
SESSIONTYPE
GITAWAREPROMPT
XDG_SEAT
HOME
SHLVL
LANGUAGE
_VIRTUALENVWRAPPER_API
GNOME_DESKTOP_SESSION_ID
UPSTART_INSTANCE
PIP_SHIMS_BASE_MODULE
LOGNAME
UPSTART_EVENTS
XDG_SESSION_DESKTOP
COMPIZ_BIN_PATH
QT4_IM_MODULE
XDG_DATA_DIRS
DBUS_SESSION_BUS_ADDRESS
LESSOPEN
UPSTART_JOB
INSTANCE
DISPLAY
XDG_RUNTIME_DIR
INFINALITY_FT_GLOBAL_EMBOLDEN_X_VALUE
GTK_IM_MODULE
XDG_CURRENT_DESKTOP
LC_TIME
LESSCLOSE
XAUTHORITY
LC_NAME
_

Pipenv–specific environment variables:

PIPENV_ACTIVE: 1

Debug–specific environment variables:

PATH: /home/haizaar/dev/venvs/repro-2muHjEV7/bin:/home/haizaar/.local/bin:/home/haizaar/.npm-packages/bin:/home/haizaar/bin:/home/haizaar/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
SHELL: /bin/bash
LANG: en_US.UTF-8
PWD: /tmp/repro
VIRTUAL_ENV: /home/haizaar/dev/venvs/repro-2muHjEV7

Contents of Pipfile ('/tmp/repro/Pipfile'):

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
uberlogging = {file = "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"}

[dev-packages]

[requires]
python_version = "3.6"

Contents of Pipfile.lock ('/tmp/repro/Pipfile.lock'):

{
    "_meta": {
        "hash": {
            "sha256": "c244596befb340cb024baad8aee4ee9c2d66d19ef39c1c07dcc43024a8e3fb42"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.6"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "uberlogging": {
            "file": "https://github.com/haizaar/uberlogging/archive/v0.0.1.tar.gz"
        }
    },
    "develop": {}
}

Type

Source