VCS version Support

[JoseKilo]

Hi,

Should pip-lock support something like:

-e git+https://github.com/jazzband/sorl-thumbnail.git#399732591c4cd40e5266d33d2fdd12b3cd137d1e#egg=sorl-thumbnail

I'm getting: ValueError: need more than 1 value to unpack.

According to pip docs, that's valid syntax for a requirements file: https://pip.pypa.io/en/stable/reference/pip_install/#requirements-file-format .

Similar problem using pip-lock>=1.1.0 for example, only == seems to be supported, is that expected ?

[adamchainz]

It's not possible to support the -e URL's afaik, because the git hash is discarded and not stored anywhere on the filesystem (correct me if I'm wrong...). pip-lock should probably ignore them though, like it does https:// URL's. Anywhere pro tip: for downloading repos from github it's faster to use tarball URL's with pip as it doesn't have to use the git protocol and multiple git commands to update, e.g. https://github.com/jazzband/sorl-thumbnail/archive/399732591c4cd40e5266d33d2fdd12b3cd137d1e.tar.gz

As for >=, it is only intended to support ==, as it's for repeatable environments. Use something like pip-compile to turn a file with >= into a file with == in it. Perhaps it should error if there's any operator other than ==.

[JoseKilo]

Oh, that's perfect, I will use it like that for now. Thank you !

However, using tar.gz seems to download the file every time I do pip install -r requirements.txt. Using git+https://... (without the -e), even though it's slower, it doesn't need to download it more that once. And that sounds like the hash is preserved somewhere, or maybe pip compares the version from the setup.py file somehow.

I'm using pip 9.0.1.