Export fails to take proper care of extra in deps with more than one path

[shaib]

• [x] I am on the latest Poetry version.

• [x] I have searched the issues of this repo and believe that this is not a duplicate.

• [x] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Debian testing (bookworm, i.e. on the way to 12.0)

• Poetry version: 1.1.13 installed from pip

• Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/shaib/3bd014dd9cfe39faf23dcd1363da9a2d

Issue

Starting from scratch, adding one dependency which requires google-api-core[grpc] and another which constrains google-api-core (the real project is of course significantly more complex and the limit is derived), all is well as long as we're in poetry; but when exported, even though all the chain of dependencies seems to be exported, it seems that the extra designation itself is not; and the result is, that when we try to pip install from the requirements file, we get

ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    google-api-core[grpc]<2.0.0dev,>=1.14.0 from ... (from firebase-admin==4.5.3->-r requirements.txt (line 13))

All the details -- a log of the session, the poetry add -vvv output, the pyproject.toml, poetry.lock and requirements.txt are in the gist listed above.

(edit: Running, in the above, the command

$ sed -i 's/google-api-core/google-api-core[grpc]/g' requirements.txt

allows pip to install everything)

4912 seems to be closely related but I believe it is not the same issue.

[Secrus]

Hi. As with release 1.2, export is gonna be moved to plugin poetry-plugin-export, could you please check if this issue is still present with poetry 1.2 and plugin? If so, please report it in the plugin repository (linked above).

[johnthagen]

I hit a similar issue in Docker running poetry export with Poetry 1.1.13:

#0 167.7 Collecting cffi>=1.0.1
#0 167.7 ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
#0 167.7     cffi>=1.0.1 from https://files.pythonhosted.org/packages/e2/25/00fd291e0872d43dabe070e7b761ba37453a1a94bd6e28c31b73112d8f0c/cffi-1.15.0-cp39-cp39-manylinux_2_12_x86_64.manylinux2010_x86_64.whl#sha256=74fdfdbfdc48d3f47148976f49fab3251e550a8720bebc99bf1483f5bfb5db3e (from argon2-cffi-bindings==21.2.0->-r requirements.txt (line 10))

Installing Poetry 1.2.0b1 within Docker moved the problem to another location:

...
#0 214.1 Collecting pycparser
#0 214.2 ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
#0 214.2     pycparser from https://files.pythonhosted.org/packages/62/d5/5f610ebe421e85889f2e55e33b7f9a6795bd982198517d912eb1c76e1a53/pycparser-2.21-py2.py3-none-any.whl#sha256=8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 (from cffi==1.15.0->-r requirements.txt (line 59))

The parts of the Dockerfile

# Change this to 1.2.0b1
ENV POETRY_VERSION 1.1.13

RUN pip install "poetry==${POETRY_VERSION}"

COPY pyproject.toml poetry.lock ./
RUN poetry export --output requirements.txt

RUN python -m venv ${VIRTUAL_ENV}
ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"

RUN pip install --upgrade pip wheel && \
    pip install -r requirements.txt

[abn]

This was resolved by #5688 and https://github.com/python-poetry/poetry-plugin-export/pull/65

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.