search

pex-tool / pex

A tool for generating .pex (Python EXecutable) files, lock files and venvs.
https://docs.pex-tool.org/
Apache License 2.0
2.5k stars 257 forks source link

URL quoting regression when using `find-links` #2348

Closed tgolsson closed 5 months ago

tgolsson commented 6 months ago

Matching this Pants issue; https://github.com/pantsbuild/pants/issues/20474. Users both on Slack and GitHub are reporting regressions around URL-parts not being quoted as expected when Pex tries to download artifacts. @cburroughs helpfully bisected Pex directly and has isolated the issue to commit https://github.com/pantsbuild/pex/commit/45eea4bb274b65bc185e1ea8cfc67f507209aea0.

On my own, I've confirmed using pipx that 2.1.143 works fine, and 2.1.144 is broken which matches their conclusion:

pex3_2_1_144 lock create --interpreter-constraint $'CPython==3.10.*' --style=universal --pip-version=23.1.2 --resolver-version pip-2020-resolver --find-links=https://download.pytorch.org/whl/torch_stable.html  "torch==2.0.1+cpu" -o tmp/tmp.lock
pid 32047 -> /home/ts/.pex/venvs/41538e837189c28a1bce8019b533d7189996d251/5985ed09b49a653d6596b0e14d134c5456cf1a9f/bin/python -sE /home/ts/.pex/venvs/41538e837189c28a1bce8019b533d7189996d251/5985ed09b49a653d6596b0e14d134c5456cf1a9f/pex --disable-pip-version-check --no-python-version-warning --exists-action a --no-input --isolated -q --cache-dir /home/ts/.pex/pip/23.1.2/pip_cache --log /tmp/pex-pip-log.fkdel996/pip.log download --dest /home/ts/.pex/downloads/fingerprint_artifact.zv_s1ok7 --no-deps https://download.pytorch.org/whl/cpu/torch-2.0.1+cpu-cp310-cp310-win_amd64.whl --index-url https://pypi.org/simple --find-links https://download.pytorch.org/whl/torch_stable.html --retries 5 --timeout 15 exited with 1 and STDERR:
  ERROR: HTTP error 403 while getting https://download.pytorch.org/whl/cpu/torch-2.0.1+cpu-cp310-cp310-win_amd64.whl
ERROR: Could not install requirement torch==2.0.1+cpu from https://download.pytorch.org/whl/cpu/torch-2.0.1+cpu-cp310-cp310-win_amd64.whl because of HTTP error 403 Client Error: Forbidden for url: https://download.pytorch.org/whl/cpu/torch-2.0.1+cpu-cp310-cp310-win_amd64.whl for URL https://download.pytorch.org/whl/cpu/torch-2.0.1+cpu-cp310-cp310-win_amd64.whl

There were a few unquote changes in the linked commit, but I'm not sure if those are erroneous, if we should store the original URL as well, or if we should quote them somewhere later.

jsirois commented 5 months ago

Thanks for narrowing down this issue @tgolsson and @cburroughs.