Explicit setuptools dep breaks poetry export

[AstraLuma]

• [x] I am on the latest Poetry version.

• [x] I have searched the issues of this repo and believe that this is not a duplicate.

• [x] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Mac OSX w/ pyenv

• Poetry version: v1.0.10

• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/astronouth7303/91830b3d0a5be7e6631af5947802fcda

Issue

When setuptools is an explicit transitive dependency, the exported requirements.txt is not installable.

In this case, by zope.interface (which I believe is channels->daphne->twisted->zope.interface).

From my Dockerfile:

FROM python:3 AS builder
RUN pip install poetry
RUN mkdir /project /output
COPY . /project
WORKDIR /project
RUN poetry build -f wheel
RUN cp dist/*.whl /output
RUN poetry export -f requirements.txt -o /output/requirements.txt
WORKDIR /output
RUN pip download -r requirements.txt setuptools

The pip download fails with:

Collecting setuptools
ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    setuptools from https://files.pythonhosted.org/packages/c3/a9/5dc32465951cf4812e9e93b4ad2d314893c2fa6d5f66ce5c057af6e76d85/setuptools-49.6.0-py3-none-any.whl#sha256=4dd5bb0a0a0cff77b46ca5dd3a84857ee48c83e8223886b556613c724994073f (from zope.interface==5.1.0->-r requirements.txt (line 240))

Aside: I do not see setuptools locked in poetry.lock even though it is a run-time dependency.

The work around is to add --without-hashes to poetry export.

[AstraLuma]

Oops, this is a duplicate of #1584

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.