pip
pip copied to clipboard
pypa
Incorrect resolution, when providing `--python-version` equal to minimum allowable cpython version
Description
I am trying to download a wheel with: pip download cryptography==44.0.0 --only-binary=:all: --no-deps --platform musllinux_1_2_x86_64 --implementation cp --python-version 39, however this fails:
ERROR: Could not find a version that satisfies the requirement cryptography==44.0.0 (from versions: 42.0.0, 42.0.1, 42.0.2, 42.0.3, 42.0.4, 42.0.5, 42.0.6, 42.0.7, 42.0.8, 43.0.0, 43.0.1, 43.0.3)
ERROR: No matching distribution found for cryptography==44.0.0
If you however provide --python-version 310 or anything larger than 39 it works. But it's cp39 wheel with abi3 so it should work on python 3.9
Expected behavior
No response
pip version
pip 25.0.1
Python version
3.11
OS
Mac OS
How to Reproduce
pip download cryptography==44.0.0 --only-binary=:all: --no-deps --platform musllinux_1_2_x86_64 --implementation cp --python-version 39<-- this fails, but shouldn't- Now run:
pip download cryptography==44.0.0 --only-binary=:all: --no-deps --platform musllinux_1_2_x86_64 --implementation cp --python-version 310<-- this works
Output
No response
Code of Conduct
- [x] I agree to follow the PSF Code of Conduct.
Not near a computer to test, but shouldn't the versions be 3.9 and 3.10, not 39 and 310?
@notatallshaw doesn't matter, both are accepted as input, 3.9 is equivalent as 39 as an arg
cryptography 44.0.0 explicitly excludes Python 3.9.0 and 3.9.1.
Try with --python-version 3.9.2. If you use cryptography, you'll need to bump your minimum allowable cpython version to that.
My pip (25.1.1) mentions the failing requirements -- perhaps upgrade pip to get better messages?
ERROR: Ignored the following versions that require a different python version: 44.0.0 Requires-Python !=3.9.0,!=3.9.1,>=3.7; 44.0.1 Requires-Python !=3.9.0,!=3.9.1,>=3.7; 44.0.2 Requires-Python !=3.9.0,!=3.9.1,>=3.7; 44.0.3 Requires-Python !=3.9.0,!=3.9.1,>=3.7
@encukou but why wouldn't py39 trigger a download? To me that seems incorrect, if I mention I should have python 3.9 compatible version it should download the one that is compatible with 3.9.X
Because cryptography 44.0.0 is not compatible with Python 3.9.0. The index metadata includes python-requires, so pip sees that before trying to download, and rejects that version of cryptography.
Use --python-version 3.9.2 if you want to get cryptography 44.0.0 (and you don't need Python 3.9.0 support).
Because cryptography 44.0.0 is not compatible with Python 3.9.0. The index metadata includes
python-requires, so pip sees that before trying to download, and rejects that version of cryptography.Use
--python-version 3.9.2if you want to get cryptography 44.0.0 (and you don't need Python 3.9.0 support).
That I get, but why does 39 resolve to 3.9.0 and not to any available 3.9.X
I also wouldn't know that 3.9.2 is the one I should minimally select. I simply look at the wheel name in the json response of a pypi version and then decompose that name into a pip wheel command, and the wheel says cp39, so I would expect it to be able to download a version that is compatible with 3.9 when I do --python-version 39
That I get, but why does 39 resolve to 3.9.0 and not to any available 3.9.X
Even if it did mean "any 3.9.X" (which it doesn't), that would still exclude cryptography 44.0.0, as that doesn't work on "any 3.9.X".
I also wouldn't know that 3.9.2 is the one I should minimally select.
I understand that, but you shouldn't be thinking of it like that. What you should be specifying is the version of the Python interpreter you intend to use this download on. That will always be a precise version. You're assuming that the downloads are applicable for a range of Python versions, and that's not guaranteed - in many cases it might well be true (not many packages restrict themselves to particular bugfix versions of Python) but you shouldn't be relying on it.
Anyway, the solution to your problem is clear - specify Python 3.9.2 and you'll get the files you want.
FWIW, there is an open question here on what are the semantics of requires-python, but that's because the spec is unclear, which needs to be solved at the spec level before pip can do anything about it.
See prior discussions:
https://discuss.python.org/t/requires-python-upper-limits/12663 https://discuss.python.org/t/requires-python-and-pre-release-python-versions/62959
That I get, but why does 39 resolve to 3.9.0 and not to any available 3.9.X
Even if it did mean "any 3.9.X" (which it doesn't), that would still exclude cryptography 44.0.0, as that doesn't work on "any 3.9.X".
I also wouldn't know that 3.9.2 is the one I should minimally select.
I understand that, but you shouldn't be thinking of it like that. What you should be specifying is the version of the Python interpreter you intend to use this download on. That will always be a precise version. You're assuming that the downloads are applicable for a range of Python versions, and that's not guaranteed - in many cases it might well be true (not many packages restrict themselves to particular bugfix versions of Python) but you shouldn't be relying on it.
Anyway, the solution to your problem is clear - specify Python 3.9.2 and you'll get the files you want.
Alright, thanks for explanation! I will refactor my code to pass in the latest available 3.9.X version to --python-version
I will refactor my code to pass in the latest available 3.9.X version to --python-version
If you want “minimum allowable cpython version” (as in the title here), you can hardcode 3.9.2: cryptography 4.4.0 is extremely unlikely to update their requirements.