Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug fix: Follow only dependencies of current platform #12

Merged
merged 1 commit into from
Sep 13, 2017
Merged

Bug fix: Follow only dependencies of current platform #12

merged 1 commit into from
Sep 13, 2017

Conversation

suutari-ai
Copy link
Collaborator

Commit 4900c7c introduced a feature which makes generate_hashes to
generate the hashes of all the available wheel packages for a
distribution. Revert that feature, because it has two problems:

  1. Prequ is meant to compile the dependencies for just a single
    platform, the current one. Hashes for any other platform shouldn't
    be in the generated txt file.

  2. It broke the PackageFinder so that the dependencies aren't resolved
    for the current platform, but for a magical "can install anything"
    platform and ended up generating incorrect dependency tree. See the
    example below.

Here's an example that demonstrates why dependencies should be followed
for the current platform rather than accepting any wheel package:

Suppose you have "cryptography" in your source requirements and you're
compiling the requirements for Python 2.7. The newest version of
cryptography is currently 2.0.3 which has wheels for Python 2 and 3.

The Python 3 wheel of cryptography==2.0.3 requires asn1crypto>=0.21.0,
cffi>=1.7, idna>=2.1 and six>=1.4.1, but the Python 2 wheel requires
asn1crypto>=0.21.0, cffi>=1.7, enum34, idna>=2.1, ipaddress and
six>=1.4.1. If the Python 3 wheel is used to resolve the dependencies,
then enum34 or ipaddress will not be added to the dependency tree, since
they are not its dependencies. Therefore it's essential to use the
Python 2 wheel when resolving dependencies for Python 2 platform,
otherwise the enum34 and ipaddress will not be pinned in the generated
txt file as they should.

@codecov-io
Copy link

codecov-io commented Sep 13, 2017
edited
Loading

Codecov Report

Merging #12 into master will increase coverage by 0.15%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #12      +/-   ##
==========================================
+ Coverage   80.24%   80.39%   +0.15%     
==========================================
  Files          26       26              
  Lines        1721     1714       -7     
  Branches      347      347              
==========================================
- Hits         1381     1378       -3     
+ Misses        269      267       -2     
+ Partials       71       69       -2
Impacted Files Coverage Δ
prequ/repositories/pypi.py 90.19% <ø> (+3.04%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9d92857...41852ff. Read the comment docs.

@suutari
Bug fix: Follow only dependencies of current platform
41852ff 
Commit 4900c7c introduced a feature which makes generate_hashes to
generate the hashes of all the available wheel packages for a
distribution.  Revert that feature, because it has two problems:

 1. Prequ is meant to compile the dependencies for just a single
    platform, the current one.  Hashes for any other platform shouldn't
    be in the generated txt file.

 2. It broke the PackageFinder so that the dependencies aren't resolved
    for the current platform, but for a magical "can install anything"
    platform and ended up generating incorrect dependency tree.  See the
    example below.

Here's an example that demonstrates why dependencies should be followed
for the current platform rather than accepting any wheel package:

Suppose you have "cryptography" in your source requirements and you're
compiling the requirements for Python 2.7.  The newest version of
cryptography is currently 2.0.3 which has wheels for Python 2 and 3.

The Python 3 wheel of cryptography==2.0.3 requires asn1crypto>=0.21.0,
cffi>=1.7, idna>=2.1 and six>=1.4.1, but the Python 2 wheel requires
asn1crypto>=0.21.0, cffi>=1.7, enum34, idna>=2.1, ipaddress and
six>=1.4.1.  If the Python 3 wheel is used to resolve the dependencies,
then enum34 or ipaddress will not be added to the dependency tree, since
they are not its dependencies.  Therefore it's essential to use the
Python 2 wheel when resolving dependencies for Python 2 platform,
otherwise the enum34 and ipaddress will not be pinned in the generated
txt file as they should.
@suutari-ai suutari-ai merged commit 41852ff into master Sep 13, 2017
@suutari-ai suutari-ai deleted the respect-platform branch September 13, 2017 21:00
@suutari-ai suutari-ai mentioned this pull request Sep 13, 2017
Closed
@suutari-ai suutari-ai mentioned this pull request Sep 30, 2017
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@suutari-ai @codecov-io @suutari