search

python-poetry / poetry

Python packaging and dependency management made easy
https://python-poetry.org
MIT License
31.07k stars 2.26k forks source link

setuptools is not included in the lockfile #9586

Closed max-wittig closed 1 month ago

max-wittig commented 1 month ago

Description

As a package manager, poetry should lock every dependency to avoid security and reliability issues.

I expected that this was the case, but then setuptools changed and broke. See: https://github.com/python-poetry/poetry/issues/9585

Luckily in this case, it was not an attack but just a bug connected with a crash so luckily this helps us notice this issue.

Workarounds

none.

Poetry Installation Method

pipx

Operating System

macOS Sonoma 14.5

Poetry Version

Poetry (version 1.8.3)

Poetry Configuration

cache-dir = "/Users/max/Library/Caches/pypoetry"
experimental.system-git-client = false
installer.max-workers = null
installer.modern-installation = true
installer.no-binary = null
installer.parallel = true
keyring.enabled = true
solver.lazy-wheel = true
virtualenvs.create = true
virtualenvs.in-project = null
virtualenvs.options.always-copy = false
virtualenvs.options.no-pip = false
virtualenvs.options.no-setuptools = false
virtualenvs.options.system-site-packages = false
virtualenvs.path = "{cache-dir}/virtualenvs"  # /Users/max/Library/Caches/pypoetry/virtualenvs
virtualenvs.prefer-active-python = false
virtualenvs.prompt = "{project_name}-py{python_version}"
warnings.export = true

Python Sysconfig

Any

Example pyproject.toml

Any

Poetry Runtime Logs

File "/tmp/tmpppsbprsp/.venv/lib/python3.11/site-packages/setuptools/build_meta.py", line 327, in get_requires_for_build_wheel
      return self._get_build_requires(config_settings, requirements=[])
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/tmp/tmpppsbprsp/.venv/lib/python3.11/site-packages/setuptools/build_meta.py", line 297, in _get_build_requires
      self.run_setup()
    File "/tmp/tmpppsbprsp/.venv/lib/python3.11/site-packages/setuptools/build_meta.py", line 497, in run_setup
      super().run_setup(setup_script=setup_script)
    File "/tmp/tmpppsbprsp/.venv/lib/python3.11/site-packages/setuptools/build_meta.py", line 313, in run_setup
      exec(code, locals())
    File "<string>", line 9, in <module>
  ModuleNotFoundError: No module named 'setuptools.command.test'

  at /opt/poetry/venv/lib/python3.11/site-packages/poetry/installation/chef.py:164 in _prepare
      160│ 
      161│                 error = ChefBuildError("\n\n".join(message_parts))
      162│ 
      163│             if error is not None:
    → 164│                 raise error from None
      165│ 
      166│             return path
      167│ 
      168│     def _prepare_sdist(self, archive: Path, destination: Path | None = None) -> Path:
Note: This error originates from the build backend, and is likely not a problem with poetry but with jsbeautifier (1.15.1) not supporting PEP 517 builds. You can verify this by running 'pip wheel --no-cache-dir --use-pep517 "jsbeautifier (==1.15.1)"'.
dimbleby commented 1 month ago

we already pointed you at the duplicates #8752, #8216, #8261

please close

max-wittig commented 1 month ago

Duplicate, but very important. Closing...

github-actions[bot] commented 2 weeks ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.