search

matrix-org / synapse-s3-storage-provider

Synapse storage provider to fetch and store media in Amazon S3
Apache License 2.0
118 stars 33 forks source link

Package contains invalid dependency specifications #79

Closed benbz closed 1 year ago

benbz commented 1 year ago

When attempting to add synapse-s3-storage-provider to a Synapse checkout via poetry I get the following:

$ poetry add git+https://github.com/matrix-org/synapse-s3-storage-provider.git#main
Invalid constraint (boto3>=1.9.23<2.0) found in synapse-s3-storage-provider-1.1 dependencies, skipping
Invalid constraint (botocore>=1.12.23<2.0) found in synapse-s3-storage-provider-1.1 dependencies, skipping
Invalid constraint (humanize>=0.5.1<0.6) found in synapse-s3-storage-provider-1.1 dependencies, skipping
Invalid constraint (psycopg2>=2.7.5<3.0) found in synapse-s3-storage-provider-1.1 dependencies, skipping
Invalid constraint (PyYAML>=3.13<4.0) found in synapse-s3-storage-provider-1.1 dependencies, skipping
Invalid constraint (tqdm>=4.26.0<5.0) found in synapse-s3-storage-provider-1.1 dependencies, skipping

Updating dependencies
Resolving dependencies... (1.2s)

Writing lock file

Package operations: 1 install, 0 updates, 0 removals

  • Installing synapse-s3-storage-provider (1.1 5d734de)

The above is with poetry 1.2.2 (poetry-core 1.3.2), however this issue is also present with poetry 1.2.0 (poetry-core 1.1.0) and poetry 1.2.1 (poetry-core 1.2.0) however -vvv needs to be provided to see these messages.

The important changes poetry add makes to my poetry.lock are:

diff --git a/poetry.lock b/poetry.lock
index 291f3c51e..6db58736e 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1174,6 +1174,24 @@ category = "main"
 optional = false
 python-versions = "*"

+[[package]]
+name = "synapse-s3-storage-provider"
+version = "1.1"
+description = ""
+category = "main"
+optional = false
+python-versions = "*"
+develop = false
+
+[package.dependencies]
+Twisted = "*"
+
+[package.source]
+type = "git"
+url = "https://github.com/matrix-org/synapse-s3-storage-provider.git"
+reference = "main"
+resolved_reference = "5d734dee80c9eabcb7a7a712efcf38dbb5933a55"
+
 [[package]]
 name = "systemd-python"
 version = "234"
DMRobertson commented 1 year ago

Introduced by #18. Looks like these strings are added verbatim to the wheel:

  Requires-Dist: boto3 (>=1.9.23<2.0)
  Requires-Dist: botocore (>=1.12.23<2.0)
  Requires-Dist: humanize (>=0.5.1<0.6)
  Requires-Dist: psycopg2 (>=2.7.5<3.0)
  Requires-Dist: PyYAML (>=3.13<4.0)
  Requires-Dist: tqdm (>=4.26.0<5.0)
  Requires-Dist: Twisted
DMRobertson commented 1 year ago

https://peps.python.org/pep-0508/ specifies the rules. pip seems happy with the deps as written---though I don't know if it's interpreting them as intended or if it's just ignoring them.

DMRobertson commented 1 year ago

Seems like pip was ignoring them:

Collecting PyYAML>=3.13<4.0
  Using cached PyYAML-6.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (682 kB)

well that's unfortunate.