search

astral-sh / rye

a Hassle-Free Python Experience
https://rye.astral.sh
MIT License
12.08k stars 425 forks source link

Rye sync does not apply tool.rye.lock-generate-hashes #1150

Open detemegandy opened 2 weeks ago

detemegandy commented 2 weeks ago

Steps to Reproduce

  1. make a project
  2. set tool.rye.lock-generate-hashes = true in pyproject.toml
  3. run rye sync

Expected Result

hashes in .lock files

Actual Result

no hashes in .lock files - even if flag is shown

Version Info

rye 0.34.0 commit: 0.34.0 (d31340178 2024-05-20) platform: macos (aarch64) self-python: cpython@3.12.3 symlink support: true uv enabled: true

Stacktrace

No response

kubijo commented 1 week ago

@mitsuhiko

I am just now trying to switch to rye from poetry (we are using it only to manage dependencies for an internal company project, so our use-case is perhaps easier than others').

Anyway, this issue interests me as well. I would like to configure as much as possible through config file(s) to force behavior across rye commands, and the generate-hashes does not seem to be configurable that way.

…or am I just missing some general mechanism where user can force some configuration values through env variables / local config, and it's just not documented?

Footnote: I will now chime in with some monetary support because I really like where this is going, thank you!

hackermandh commented 1 week ago

I fixed it!

Locking happens via uv, so you actually need:

[tool.uv.pip]
generate-hashes = true

I found this via the PR that added the feature. I was reading the code until uv.rs when it hit me: "ooooh, it's using uv under the hood, so it's probably a uv option!", and after a little experimentation I got it working.

I have to admit that this makes for a confusing config, so moving (or copying) this option to the rye config would make sense to me, but I can't speak to its complexity (or whether that's even a good idea).

edit: I do want to note that even thought generate-hash was technically used, it just happened via config and not a 'flag', it says it hasn't:

# generated by rye
# use `rye lock` or `rye sync` to update this lockfile
#
# last locked with the following flags:
#   pre: false
#   features: []
#   all-features: false
#   with-sources: false
#   generate-hashes: false

-e file:.
attrs==23.2.0 \
    --hash=sha256:935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30 \
    --hash=sha256:99b87a485a5820b23b879f04c2305b44b951b502fd64be915879d77a7e8fc6f1
    # via cattrs
bcrypt==4.1.3 \
    --hash=sha256:01746eb2c4299dd0ae1670234bf77704f581dd72cc180f444bfe74eb80495b64 \
    --hash=sha256:037c5bf7c196a63dcce75545c8874610c600809d5d82c305dd327cd4969995bf \
    --hash=sha256:094fd31e08c2b102a14880ee5b3d09913ecf334cd604af27e1013c76831f7b05 \
    --hash=sha256:0d4cf6ef1525f79255ef048b3489602868c47aea61f375377f0d00514fe4a78c \
    --hash=sha256:193bb49eeeb9c1e2db9ba65d09dc6384edd5608d9d672b4125e9320af9153a15 \
    --hash=sha256:2505b54afb074627111b5a8dc9b6ae69d0f01fea65c2fcaea403448c503d3991 \
    <etc>