search

python-poetry / poetry

Python packaging and dependency management made easy
https://python-poetry.org
MIT License
31.1k stars 2.25k forks source link

Packages downloaded from wrong source with two primary sources #9655

Closed vit-zikmund closed 2 weeks ago

vit-zikmund commented 2 weeks ago

Description

In case there are two primary sources with the first being a private one (having a couple custom packages only) and another source mirroring/being PyPI (having it all), some of the packages from PyPI get attempted to download from the 1st source despite LegacyRepository._find_packages properly finding them in the right source.

This is easily triggered with the right config and the absence of poetry.lock.

I've tried to chase this down on the latest main (same behavior), but no dice. However, I got some clues:

The package resolving around:

Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/colorama/ HTTP/11" 404 None
Source (mama-prod): No packages found for colorama
Source (mama-prod): 0 packages found for colorama *
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/colorama/ HTTP/11" 200 None

works well, I've put some prints here and there and I see the Package.source_url that's coming out of LegacyRepository._find_packages is correct and has the right url. The problem happens in VersionSolver._choose_package_version. Before the call to Provider.complete_package, the package has a corect source_url and after the call it's wrong. Inside the method, the problematic place is this call to RepositoryPool.package(), where it iterates the repositories, touching first the one not having the package here. Instead of raising a PackageNotFound exception, the LegacyRepository.package() creates one out of thin air with the wrong source_url. I think the problem might be the CachedRepository.package() call, which should return the exception, but it doesn't seem to even check if it contains the package and seems to go straight to creating one :thinking:

I confess I didn't get the surrounding semantics, so maybe that's not the place, but it seems pretty suspicious.

Workarounds

Put the public source to the first place and the private second, but this likely works only by accident.

Poetry Installation Method

pipx

Operating System

Fedora 39

Poetry Version

Poetry (version 1.8.3)

Poetry Configuration

 ```bash session cache-dir = "/home/myself/.cache/pypoetry" experimental.system-git-client = false installer.max-workers = null installer.modern-installation = true installer.no-binary = null installer.parallel = true keyring.enabled = true repositories.mama-prod.url = "http://our-private-devpi/mama/prod/+simple/" repositories.mama-pypi-mirror.url = "http://our-private-devpi/root/pypi/+simple/" solver.lazy-wheel = true virtualenvs.create = true virtualenvs.in-project = null virtualenvs.options.always-copy = false virtualenvs.options.no-pip = false virtualenvs.options.no-setuptools = false virtualenvs.options.system-site-packages = false virtualenvs.path = "{cache-dir}/virtualenvs" # /home/myself/.cache/pypoetry/virtualenvs virtualenvs.prefer-active-python = false virtualenvs.prompt = "{project_name}-py{python_version}" warnings.export = true ```

Python Sysconfig

No response

Example pyproject.toml

[tool.poetry]
name = "bug-test"
version = "0.1.0"
description = ""
authors = ["vit-zikmund"]

# private libraries & tools
[[tool.poetry.source]]
name = "mama-prod"
url = "http://our-private-devpi/mama/prod/+simple/"
priority = "primary"

# pypi mirror
[[tool.poetry.source]]
name = "mama-pypi-mirror"
url = "http://our-private-devpi/root/pypi/+simple/"
priority = "primary"

[tool.poetry.dependencies]
python = "^3.12"

[tool.poetry.group.dev.dependencies]
pytest = "*"

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

Poetry Runtime Logs

 ```bash session $ poetry -vvv update Loading configuration file /home/myself/.config/pypoetry/config.toml Adding repository mama-prod (http://our-private-devpi/mama/prod/+simple) and setting it as primary Adding repository mama-pypi-mirror (http://our-private-devpi/root/pypi/+simple) and setting it as primary Deactivating the PyPI repository The currently activated Python version 3.11.9 is not supported by the project (^3.12). Trying to find and use a compatible version. Trying python3 Using python3 (3.12.4) Creating virtualenv pphe-analytics-pump-Au-VB6rC-py3.12 in /home/myself/.cache/pypoetry/virtualenvs [virtualenv] find interpreter for spec PythonSpec(path=/usr/bin/python3.12) [virtualenv] filesystem is case-sensitive [filelock:filelock] Attempting to acquire lock 139853755463632 on /home/myself/.local/share/virtualenv/py_info/1/f0d7a494a3f776233427cb85a7e198c7cf4913b50a203c6febc678cc4f5bf265.lock [filelock:filelock] Lock 139853755463632 acquired on /home/myself/.local/share/virtualenv/py_info/1/f0d7a494a3f776233427cb85a7e198c7cf4913b50a203c6febc678cc4f5bf265.lock [virtualenv] got python info of %s from (PosixPath('/usr/bin/python3.12'), PosixPath('/home/myself/.local/share/virtualenv/py_info/1/f0d7a494a3f776233427cb85a7e198c7cf4913b50a203c6febc678cc4f5bf265.json')) [filelock:filelock] Attempting to release lock 139853755463632 on /home/myself/.local/share/virtualenv/py_info/1/f0d7a494a3f776233427cb85a7e198c7cf4913b50a203c6febc678cc4f5bf265.lock [filelock:filelock] Lock 139853755463632 released on /home/myself/.local/share/virtualenv/py_info/1/f0d7a494a3f776233427cb85a7e198c7cf4913b50a203c6febc678cc4f5bf265.lock [virtualenv] proposed PythonInfo(spec=CPython3.12.4.final.0-64, exe=/usr/bin/python3.12, platform=linux, version='3.12.4 (main, Jun 7 2024, 00:00:00) [GCC 13.3.1 20240522 (Red Hat 13.3.1-1)]', encoding_fs_io=utf-8-utf-8) [virtualenv] accepted PythonInfo(spec=CPython3.12.4.final.0-64, exe=/usr/bin/python3.12, platform=linux, version='3.12.4 (main, Jun 7 2024, 00:00:00) [GCC 13.3.1 20240522 (Red Hat 13.3.1-1)]', encoding_fs_io=utf-8-utf-8) [virtualenv] create virtual environment via CPython3Posix(dest=/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12, clear=False, no_vcs_ignore=False, global=False) [virtualenv] create folder /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin [virtualenv] create folder /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages [virtualenv] create folder /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib64/python3.12/site-packages [virtualenv] write /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/pyvenv.cfg [virtualenv] home = /usr/bin [virtualenv] implementation = CPython [virtualenv] version_info = 3.12.4.final.0 [virtualenv] virtualenv = 20.26.3 [virtualenv] include-system-site-packages = false [virtualenv] base-prefix = /usr [virtualenv] base-exec-prefix = /usr [virtualenv] base-executable = /usr/bin/python3.12 [virtualenv] symlink /usr/bin/python3.12 to /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/python [virtualenv] create virtualenv import hook file /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages/_virtualenv.pth [virtualenv] create /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages/_virtualenv.py [virtualenv] ============================== target debug ============================== [virtualenv] debug via /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/python /home/myself/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/virtualenv/create/debug.py [virtualenv] { [virtualenv] "sys": { [virtualenv] "executable": "/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/python", [virtualenv] "_base_executable": "/usr/bin/python3.12", [virtualenv] "prefix": "/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12", [virtualenv] "base_prefix": "/usr", [virtualenv] "real_prefix": null, [virtualenv] "exec_prefix": "/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12", [virtualenv] "base_exec_prefix": "/usr", [virtualenv] "path": [ [virtualenv] "/usr/lib64/python312.zip", [virtualenv] "/usr/lib64/python3.12", [virtualenv] "/usr/lib64/python3.12/lib-dynload", [virtualenv] "/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib64/python3.12/site-packages", [virtualenv] "/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages" [virtualenv] ], [virtualenv] "meta_path": [ [virtualenv] "", [virtualenv] "", [virtualenv] "", [virtualenv] "" [virtualenv] ], [virtualenv] "fs_encoding": "utf-8", [virtualenv] "io_encoding": "utf-8" [virtualenv] }, [virtualenv] "version": "3.12.4 (main, Jun 7 2024, 00:00:00) [GCC 13.3.1 20240522 (Red Hat 13.3.1-1)]", [virtualenv] "makefile_filename": "/usr/lib64/python3.12/config-3.12-x86_64-linux-gnu/Makefile", [virtualenv] "os": "", [virtualenv] "site": "", [virtualenv] "datetime": "", [virtualenv] "math": "", [virtualenv] "json": "" [virtualenv] } [virtualenv] add seed packages via FromAppData(download=False, pip=bundle, via=copy, app_data_dir=/home/myself/.local/share/virtualenv) [virtualenv] install pip from wheel /home/myself/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/virtualenv/seed/wheels/embed/pip-24.1-py3-none-any.whl via CopyPipInstall [filelock:filelock] Attempting to acquire lock 139853779735120 on /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any.lock [filelock:filelock] Lock 139853779735120 acquired on /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any.lock [filelock:filelock] Attempting to release lock 139853779735120 on /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any.lock [filelock:filelock] Lock 139853779735120 released on /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any.lock [virtualenv] copy directory /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any/pip to /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages/pip [virtualenv] copy directory /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any/pip-24.1.dist-info to /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages/pip-24.1.dist-info [virtualenv] copy /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any/pip-24.1.virtualenv to /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages/pip-24.1.virtualenv [distlib:distlib.util] changing mode of /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/pip to 755 [distlib:distlib.util] changing mode of /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/pip3 to 755 [distlib:distlib.util] changing mode of /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/pip3.12 to 755 [distlib:distlib.util] changing mode of /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/pip-3.12 to 755 [virtualenv] generated console scripts pip pip3 pip3.12 pip-3.12 [virtualenv] add activators for Bash, CShell, Fish, Nushell, PowerShell, Python [virtualenv] write /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/pyvenv.cfg [virtualenv] home = /usr/bin [virtualenv] implementation = CPython [virtualenv] version_info = 3.12.4.final.0 [virtualenv] virtualenv = 20.26.3 [virtualenv] include-system-site-packages = false [virtualenv] base-prefix = /usr [virtualenv] base-exec-prefix = /usr [virtualenv] base-executable = /usr/bin/python3.12 [virtualenv] prompt = pphe-analytics-pump-py3.12 Using virtualenv: /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12 Updating dependencies Resolving dependencies... 1: fact: pphe-analytics-pump is 0.1.0 1: derived: pphe-analytics-pump 1: fact: pphe-analytics-pump depends on mama-commons (^1.1.12) 1: fact: pphe-analytics-pump depends on pytest (*) 1: selecting pphe-analytics-pump (0.1.0) 1: derived: pytest 1: derived: mama-commons (>=1.1.12,<2.0.0) Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Checking if keyring is available [keyring:keyring.backend] Loading KWallet [keyring:keyring.backend] Loading SecretService [keyring:keyring.backend] Loading Windows [keyring:keyring.backend] Loading chainer [keyring:keyring.backend] Loading libsecret [keyring:keyring.backend] Loading macOS Using keyring backend 'SecretService Keyring' Creating new session for our-private-devpi Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] Starting new HTTP connection (1): our-private-devpi:80 [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/pytest/ HTTP/11" 404 None Source (mama-prod): No packages found for pytest Source (mama-prod): 0 packages found for pytest * Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Checking if keyring is available Using keyring backend 'SecretService Keyring' Creating new session for our-private-devpi Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] Starting new HTTP connection (1): our-private-devpi:80 [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/pytest/ HTTP/11" 200 None Source (mama-pypi-mirror): 175 packages found for pytest * Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/mama-commons/ HTTP/11" 200 None Source (mama-prod): 1 packages found for mama-commons >=1.1.12,<2.0.0 Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/mama-commons/ HTTP/11" 404 None Source (mama-pypi-mirror): No packages found for mama-commons Source (mama-pypi-mirror): 0 packages found for mama-commons >=1.1.12,<2.0.0 1: selecting mama-commons (1.1.12) [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/pytest/ HTTP/11" 404 None 1: fact: pytest (8.3.2) depends on iniconfig (*) 1: fact: pytest (8.3.2) depends on packaging (*) 1: fact: pytest (8.3.2) depends on pluggy (>=1.5,<2) 1: fact: pytest (8.3.2) depends on colorama (*) 1: selecting pytest (8.3.2) 1: derived: colorama 1: derived: pluggy (>=1.5,<2) 1: derived: packaging 1: derived: iniconfig Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/colorama/ HTTP/11" 404 None Source (mama-prod): No packages found for colorama Source (mama-prod): 0 packages found for colorama * Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/colorama/ HTTP/11" 200 None Source (mama-pypi-mirror): 43 packages found for colorama * Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/pluggy/ HTTP/11" 404 None Source (mama-prod): No packages found for pluggy Source (mama-prod): 0 packages found for pluggy >=1.5,<2 Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/pluggy/ HTTP/11" 200 None Source (mama-pypi-mirror): 1 packages found for pluggy >=1.5,<2 Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/packaging/ HTTP/11" 404 None Source (mama-prod): No packages found for packaging Source (mama-prod): 0 packages found for packaging * Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/packaging/ HTTP/11" 200 None Source (mama-pypi-mirror): 44 packages found for packaging * Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/iniconfig/ HTTP/11" 404 None Source (mama-prod): No packages found for iniconfig Source (mama-prod): 0 packages found for iniconfig * Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/iniconfig/ HTTP/11" 200 None Source (mama-pypi-mirror): 6 packages found for iniconfig * 1: selecting pluggy (1.5.0) [urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/packaging/ HTTP/11" 404 None 1: selecting packaging (24.1) 1: selecting iniconfig (2.0.0) 1: selecting colorama (0.4.6) 1: Version solving took 1.030 seconds. 1: Tried 1 solutions. Finding the necessary packages for the current system Source (mama-prod): 0 packages found for pytest * Source (mama-pypi-mirror): 1 packages found for pytest * Source (mama-prod): 1 packages found for mama-commons >=1.1.12,<2.0.0 Source (mama-pypi-mirror): 0 packages found for mama-commons >=1.1.12,<2.0.0 Source (mama-prod): 1 packages found for pluggy >=1.5,<2 Source (mama-pypi-mirror): 1 packages found for pluggy >=1.5,<2 Source (mama-prod): 0 packages found for packaging * Source (mama-pypi-mirror): 1 packages found for packaging * Source (mama-prod): 1 packages found for iniconfig * Source (mama-pypi-mirror): 1 packages found for iniconfig * Package operations: 5 installs, 0 updates, 0 removals - Installing iniconfig (2.0.0): Pending... - Installing packaging (24.1): Pending... - Installing pluggy (1.5.0): Pending... - Installing iniconfig (2.0.0): Failed - Installing packaging (24.1): Pending... Stack trace: 5 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:285 in _execute_operation 283│ 284│ try: → 285│ result = self._do_execute_operation(operation) 286│ except EnvCommandError as e: 287│ if e.e.returncode == -2: 4 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:395 in _do_execute_operation 393│ return 0 394│ → 395│ result: int = getattr(self, f"_execute_{method}")(operation) 396│ 397│ if result != 0: 3 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:520 in _execute_install 518│ 519│ def _execute_install(self, operation: Install | Update) -> int: → 520│ status_code = self._install(operation) 521│ 522│ self._save_url_reference(operation) 2 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:558 in _install 556│ archive = self._download_link(operation, Link(package.source_url)) 557│ else: → 558│ archive = self._download(operation) 559│ 560│ operation_message = self.get_operation_message(operation) 1 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:736 in _download 734│ 735│ def _download(self, operation: Install | Update) -> Path: → 736│ link = self._chooser.choose_for(operation.package) 737│ 738│ if link.yanked: RuntimeError Unable to find installation candidates for iniconfig (2.0.0) at ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/chooser.py:74 in choose_for 70│ 71│ links.append(link) 72│ 73│ if not links: → 74│ raise RuntimeError(f"Unable to find installation candidates for {package}") 75│ 76│ # Get the best link 77│ chosen = max(links, key=lambda link: self._sort_key(package, link)) 78│ Cannot install iniconfig. - Installing packaging (24.1): Pending... - Installing pluggy (1.5.0): Pending... - Installing pluggy (1.5.0): Failed Stack trace: 5 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:285 in _execute_operation 283│ 284│ try: → 285│ result = self._do_execute_operation(operation) 286│ except EnvCommandError as e: 287│ if e.e.returncode == -2: 4 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:395 in _do_execute_operation 393│ return 0 394│ → 395│ result: int = getattr(self, f"_execute_{method}")(operation) 396│ 397│ if result != 0: 3 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:520 in _execute_install 518│ 519│ def _execute_install(self, operation: Install | Update) -> int: → 520│ status_code = self._install(operation) 521│ - Installing packaging (24.1): Installing... - Installing pluggy (1.5.0): Pending... - Installing pluggy (1.5.0): Failed Stack trace: 5 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:285 in _execute_operation 283│ 284│ try: → 285│ result = self._do_execute_operation(operation) 286│ except EnvCommandError as e: 287│ if e.e.returncode == -2: 4 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:395 in _do_execute_operation 393│ return 0 394│ → 395│ result: int = getattr(self, f"_execute_{method}")(operation) 396│ 397│ if result != 0: 3 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:520 in _execute_install 518│ 519│ def _execute_install(self, operation: Install | Update) -> int: → 520│ status_code = self._install(operation) 521│ - Installing packaging (24.1) - Installing pluggy (1.5.0): Pending... - Installing pluggy (1.5.0): Failed Stack trace: 5 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:285 in _execute_operation 283│ 284│ try: → 285│ result = self._do_execute_operation(operation) 286│ except EnvCommandError as e: 287│ if e.e.returncode == -2: 4 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:395 in _do_execute_operation 393│ return 0 394│ → 395│ result: int = getattr(self, f"_execute_{method}")(operation) 396│ 397│ if result != 0: 3 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:520 in _execute_install 518│ 519│ def _execute_install(self, operation: Install | Update) -> int: → 520│ status_code = self._install(operation) 521│ 522│ self._save_url_reference(operation) 2 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:558 in _install 556│ archive = self._download_link(operation, Link(package.source_url)) 557│ else: → 558│ archive = self._download(operation) 559│ 560│ operation_message = self.get_operation_message(operation) 1 ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:736 in _download 734│ 735│ def _download(self, operation: Install | Update) -> Path: → 736│ link = self._chooser.choose_for(operation.package) 737│ 738│ if link.yanked: RuntimeError Unable to find installation candidates for pluggy (1.5.0) at ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/chooser.py:74 in choose_for 70│ 71│ links.append(link) 72│ 73│ if not links: → 74│ raise RuntimeError(f"Unable to find installation candidates for {package}") 75│ 76│ # Get the best link 77│ chosen = max(links, key=lambda link: self._sort_key(package, link)) 78│ Cannot install pluggy. ```
Secrus commented 2 weeks ago

Having 2 primary sources is wrong (it should be caught at an earlier stage I think) and that is most likely why you see this issue.

vit-zikmund commented 2 weeks ago

Hi @Secrus, what's the issue with multiple primary sources? The docs say that's perfectly fine and we've been using them for ages.

... by adding at least one primary source ... ... All primary package sources are searched for each dependency ...

radoering commented 2 weeks ago

The docs say that's perfectly fine and we've been using them for ages.

Yes, it should be fine. (You can only have one default source, but default is deprecated anyway.)

vit-zikmund commented 2 weeks ago

Thanks @radoering. FWIW here's a couple short instructions how to setup & run a devpi server for a local reproduction, unless you have it, duh :innocent::

mkdir devpi && cd devpi
python -m venv . && source bin/activate
pip install devpi-server devpi-client
devpi-init
devpi-server
# the server should be running now, setup an empty test index
devpi use http://localhost:3141/
devpi login --password '' root
devpi index -c root/test

Now change to url of the sources to:

[[tool.poetry.source]]
name = "mama-prod"
url = "http://localhost:3141/root/test/+simple/"
priority = "primary"

[[tool.poetry.source]]
name = "mama-pypi-mirror"
url = "http://localhost:3141/root/pypi/+simple/"
priority = "primary"

Running poetry update in a fresh env should reproduce the behavior.

radoering commented 2 weeks ago

Unfortunately, I cannot reproduce the issue with this setup. I even cleared my cache (including artifacts). The installation always succeeds on my machine. I also debugged into RepositoryPool.package() and always get a PackageNotFoundError for the first source.

This is easily triggered with the right config and the absence of poetry.lock.

If it cannot be triggered if poetry.lock exists, it should be possible to narrow the issue down to poetry lock and find something wrong in poetry.lock. If this is not a locking issue but an installation issue, it should not matter if poetry.lock exists or not.

I think the problem might be the CachedRepository.package() call, which should return the exception, but it doesn't seem to even check if it contains the package and seems to go straight to creating one 🤔

This should finally call LegacyRepository._get_release_info(), which calls LegacyRepository._get_page(), which raises the exception.

Maybe, your cache is corrupt. Did you try --no-cache / clearing your cache?

vit-zikmund commented 2 weeks ago

Hi @radoering, using --no-cache indeed fixes the issue :O I haven't yet deleted the cache, are there some artifacts I could collect to help you see why/how the cache got corrupted? I will understand that might be under your radar :)

This might be a good suggestion for a bug template, as clearing the cache is something I haven't thought about to try.

radoering commented 2 weeks ago

I haven't yet deleted the cache, are there some artifacts I could collect to help you see why/how the cache got corrupted?

It is difficult to name the exact artifacts because the cache is structured by hashes. Further, we will only see what is corrupt not how it got there. The most likely reason I can think of is that mama-prod had been configured to forward to mama-pypi-mirror when the cache was created or that sources were renamed so that the packages were available in mama-prod in the past.

This might be a good suggestion for a bug template, as clearing the cache is something I haven't thought about to try.

I agree.

vit-zikmund commented 2 weeks ago

Well, those are interesting possibilities. I can't say I haven't done such fiddling while figuring some CI/CD things out. Thanks a ton for your time and I'm sincerely sorry it's such a bummer.

Filed a proper issue (with a perfect number :imp:) for the template improvement.

There's nothing else to do here. Thank you for your help!