Difference vs. pip: installing `cyptography`

python-poetry / poetry

Python packaging and dependency management made easy

https://python-poetry.org

MIT License

30.59k stars 2.24k forks source link

Difference vs. pip: installing `cyptography` #6102

Closed dimaqq closed 1 year ago

dimaqq commented 1 year ago

poetry add cryptography does not install cffi. pip install cryptography installs cffi.

Which is actually correct?

dimaqq commented 1 year ago

Why it matters? While many parts cryptography work without cffi, some parts require it. Someone adds a dep to the project that depends on cryptography and the program fails at run-time because the transient-transient-dep is missing.

clintonroy commented 1 year ago

poetry add cryptography does install cffi for me.

Updating dependencies
Resolving dependencies...
   1: fact: tester is 0.1.0
   1: derived: tester
   1: fact: tester depends on cryptography (^37.0.4)
   1: selecting tester (0.1.0)
   1: derived: cryptography (>=37.0.4,<38.0.0)
PyPI: 1 packages found for cryptography >=37.0.4,<38.0.0
   1: fact: cryptography (37.0.4) depends on cffi (>=1.12)
   1: selecting cryptography (37.0.4)
   1: derived: cffi (>=1.12)
PyPI: 16 packages found for cffi >=1.12
   1: fact: cffi (1.15.1) depends on pycparser (*)
   1: selecting cffi (1.15.1)
   1: derived: pycparser
PyPI: 21 packages found for pycparser *
   1: selecting pycparser (2.21)
   1: Version solving took 0.027 seconds.
   1: Tried 1 solutions.

Note the fact that cryptography depends on cffi.

If you can reproduce your issue, and give us a lot more details to be able to reproduce it please do so, otherwise please close this ticket.

dimaqq commented 1 year ago

Sure: https://github.com/dimaqq/test-cry-cffi

dimaqq commented 1 year ago

Tested with Poetry version 1.1.14, Python 3.8 and 3.10 on Linux.

dimaqq commented 1 year ago

Somehow when I did poetry add cryptography in a fresh poetry project (as well as an existing project), cffi was not added to the lock file, while cryptography was.

However, if I do poetry lock, the lock file gets updated and looks reasonable (pycparser and cffi are included) and subsequent poetry intsall does install them.

So I guess the problem I'm seeing is that "poetry add x" doesn't properly "lock" the project. 🤔

radoering commented 1 year ago

[metadata.files]
cryptography = []

Empty metadata files could be related to #5970. Since you are already using 1.1.14, maybe you have to clear your cache.

dimbleby commented 1 year ago

clear your cache and re-lock.

clearly this was #5970 and can be closed

github-actions[bot] commented 4 months ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.