Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when new PIP resolved accesses Oauthlib data #744

Closed
potiuk opened this issue Dec 2, 2020 · 14 comments
Closed

Error when new PIP resolved accesses Oauthlib data #744

potiuk opened this issue Dec 2, 2020 · 14 comments

Comments

@potiuk
Copy link

potiuk commented Dec 2, 2020
edited

Describe the bug

In Airflow, we are experiencing problems when we are trying to use the PIP released 2 days ago which has the new resolver on by default.

ERROR: Requested oauthlib[signedtoken]>=1.0.0 from https://files.pythonhosted.org/packages/e5/54/4f96c51b171cf3a64a04b8c5167268803205bc5943b5cdf70bd770727b88/oauthlib-1.1.0-1.tar.gz#sha256=0f786c5573248a38efa86c48c59c0c93140ac836ab2a246aeefd8f9039e999ba (from jira->apache-airflow==1.10.13) has different version in metadata: '1.1.0'

How to reproduce

  • Setup an empty virtualenv for Python 3.6
  • Upgrade to latest pip: pip install --upgrade pip
  • pip --version should return 20.3
  • Run this command:
pip install "https://github.com/apache/airflow/archive/v1-10-test.tar.gz#egg=apache-airflow[all]" --constraint https://raw.githubusercontent.com/apache/airflow/constraints-1-10/constraints-3.6.txt
  • Observe the output. It will keep on finding good dependencies until
Collecting oauthlib[signedtoken]>=1.0.0
  Using cached oauthlib-3.0.2-py2.py3-none-any.whl (143 kB)
  Using cached oauthlib-3.0.1-py2.py3-none-any.whl (142 kB)
  Using cached oauthlib-3.0.0-py2.py3-none-any.whl (142 kB)
  Using cached oauthlib-2.1.0-py2.py3-none-any.whl (121 kB)
  Using cached oauthlib-2.0.7-py2.py3-none-any.whl (124 kB)
  Using cached oauthlib-2.0.6.tar.gz (127 kB)
  Using cached oauthlib-2.0.5.tar.gz (129 kB)
  Using cached oauthlib-2.0.4.tar.gz (127 kB)
  Using cached oauthlib-2.0.3.tar.gz (127 kB)
  Using cached oauthlib-2.0.2.tar.gz (125 kB)
  Using cached oauthlib-2.0.1.tar.gz (122 kB)
  Using cached oauthlib-2.0.0.tar.gz (122 kB)
  Using cached oauthlib-1.1.2.tar.gz (111 kB)
  Using cached oauthlib-1.1.1.tar.gz (108 kB)
  Using cached oauthlib-1.1.0-1.tar.gz (106 kB)
ERROR: Requested oauthlib[signedtoken]>=1.0.0 from https://files.pythonhosted.org/packages/e5/54/4f96c51b171cf3a64a04b8c5167268803205bc5943b5cdf70bd770727b88/oauthlib-1.1.0-1.tar.gz#sha256=0f786c5573248a38efa86c48c59c0c93140ac836ab2a246aeefd8f9039e999ba (from jira->apache-airflow[all]) has different version in metadata: '1.1.0'

Apparently, metadata in published oauthlib 1.1.0-1 is wrong snd points to 1.1.0.

The same command with the legacy resolver works fine:

pip install --use-deprecated legacy-resolver "https://github.com/apache/airflow/archive/v1-10-test.tar.gz#egg=apache-airflow[all]" --constraint https://raw.githubusercontent.com/apache/airflow/constraints-1-10/constraints-3.6.txt

Expected behavior

I expect the resolver does not get broken by broken metadata.
Opened similar issue in PIP pypa/pip#9203 as I am not sure who can fix it.
This was referenced Dec 2, 2020
Closed
Closed
@thedrow
Copy link
Collaborator

thedrow commented Dec 3, 2020

I tried pip install oauthlib[signedtoken]>=1.0.0.
It works as expected. I'm not sure what else we can do.

@potiuk
Copy link
Author

potiuk commented Dec 3, 2020
edited

Maybe ytou can remove/yank the offending library version ? I can also try to add limitation to oauthlub in our case!

@pradyunsg
Copy link

I tried pip install oauthlib[signedtoken]>=1.0.0.

Try pip install oauthlib==1.1.0, since that's the version that's failing. pip 20.3 has a resolver that backtracks on conflicts.

@potiuk
Copy link
Author

potiuk commented Dec 3, 2020

Confirmed by PIP developers that yanking this version should fix it. pypa/pip#9203 (comment)

Would the maintainers be so kind to yank it?

@kaxil
Copy link

kaxil commented Dec 3, 2020

If you guys can yank (https://pypi.org/help/#yanked) that release, it should help us at Airflow and hopefully more libraries like us to use the new PIP resolver without error.

Really appreciate all the work you guys are doing

@JonathanHuot
Copy link
Member

Hi,
I have yanked the release. Let me know if it is ok now.
Regards

@kaxil
Copy link

kaxil commented Dec 3, 2020

Thanks, appreciate that 🙏

@potiuk
Copy link
Author

potiuk commented Dec 3, 2020

Thanks a lot ! Really appreciate.

Unfottunately, despite PIP maintainer confirmation, it did not work: pypa/pip#9203 (comment)

Feel free to unyank @JonathanHuot

@potiuk
Copy link
Author

potiuk commented Dec 4, 2020
edited

Just update - don't unyank it please yet :). Seems that fix is coming pypa/pip#9226

@recvfrom
Copy link

Looks like this is fixed now (tested using pip 21.0)

@thedrow thedrow closed this as completed Feb 1, 2021
@thedrow
Copy link
Collaborator

thedrow commented Feb 1, 2021

Thanks for letting us know :)

@thedrow
Copy link
Collaborator

thedrow commented Feb 1, 2021

@JonathanHuot Did we unyank the release yet?

@JonathanHuot
Copy link
Member

I have unyanked the release, if someone could confirm it still work, that will be great :)

@potiuk
Copy link
Author

potiuk commented Feb 25, 2021

Works :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@thedrow @potiuk @JonathanHuot @pradyunsg @kaxil @recvfrom