Implement PEP 751 "A file format to list Python dependencies for installation reproducibility" (a.k.a. lock files | `pylock.toml` | `pylock.*.toml`)

[webknjaz]

What's the problem this feature will solve?

Proper ecosystem-standard lock files are getting traction yet again and we have to keep up. This will allow us to work with more ecosystem tooling than just pip, uniformly covering more use cases. And personally, I'm just thrilled to see this PEP implemented across the Python Packaging ecosystem.

Describe the solution you'd like

Implementation of whatever's possible, including both lock file types. The feature should be marked as experimental until PEP 751 is marked as accepted. But it should give people opportunity to try it out and perhaps feed the feedback back into the upstream discussion.

Alternative Solutions

Not doing anything..?

Additional context

This is a follow-up for #1526 that @brettcannon opened years ago.

The initial discussion is @ https://discuss.python.org/t/lock-files-again-but-this-time-w-sdists/46593.

The current open discussion is @ https://discuss.python.org/t/pep-751-lock-files-again/59173.

[Zoidmania]

PEP 751 was accepted today!

[webknjaz]

That's wonderful news!

[webknjaz]

UPD: https://github.com/pypa/pip/pull/13213 just got in! I bet we can make use of it somehow…

[WhyNotHugo]

Regarding pip-sync support for these lockfiles: do we want to extend pip-sync to support one new format, or simply implement a new program focused solely on that?

I'm inclined for the latter approach, in the interest of keeping things simple (and "do one thing and do it well").

[webknjaz]

I'm torn here. I think that a command called "sync" would be exactly what make an env look a certain way. I.e. install from a lock file. OTOH, I also understand wanting to start from a clean slate. There's been mentions of possibly having a pip sync upstream. So even thinking about this might be redundant.