poetry-plugin-export icon indicating copy to clipboard operation
poetry-plugin-export copied to clipboard

Published 20 hours ago verified publisher icon python-poetry

`poetry export -f requirements.txt` creates deprecated format URI for private git dependencies

Open rambo opened this issue 4 years ago • 8 comments

  • [x] I am on the latest Poetry version.
  • [x] I have searched the issues of this repo and believe that this is not a duplicate.
  • [x] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).
  • OS version and name: OSX Catalina (python 3.7 from homebrew)
  • Poetry version: 1.0.8

Issue

After exporting with poetry export -f requirements.txt --without-hashes -o foo.txt running pip install -r foo.txt gives warnings like the one below from private git dependencies.

Obtaining [REDACTED] from [email protected][REDACTED]

DEPRECATION: This form of VCS requirement is being deprecated: [email protected][REDACTED]

pip 21.0 will remove support for this functionality. A possible replacement is git+https://[email protected]/..., git+ssh://[email protected]/..., or the insecure git+git://[email protected]/.... You can find discussion regarding this at https://github.com/pypa/pip/issues/7554.

rambo avatar Jun 06 '20 09:06 rambo

How did you add the dependency?

poetry just prefixes the dependency with git+

SanketDG avatar Jun 06 '20 16:06 SanketDG

I'm pretty sure I just added the line

REDACTED = {git = "[email protected]:REDACTED.git"}

manually to pyproject.toml, if I just prefix that with ssh:// then poetry install itself fails with Command '['git', 'clone', 'ssh://[email protected]:REDACTED', '/var/folders/ym/675v9ms93qs0pl79xm2zsgrr0000gn/T/pypoetry-git-REDACTEDdcrj1q5y']' returned non-zero exit status 128.

Edit: just tried adding the dependency again with poetry add git+ssh://[email protected]:REDACTED.git and ended up with the exact same dependency line in pyproject.toml as before.

rambo avatar Jun 06 '20 19:06 rambo

Right.

If conformance with pip is something favoured by poetry, all git urls should be regulated.

I will wait for what the maintainers have to say on this before trying to fix anything.

SanketDG avatar Jun 07 '20 01:06 SanketDG

@SanketDG: We would really appreciate your contribution. So go on :+1:

I would suggest you have a look at https://github.com/python-poetry/poetry/blob/bc9acdbcf9082c311ff2545225e00347acf31fd8/poetry/packages/vcs_dependency.py#L83-L88 to get an idea of how to fix it most probably in https://github.com/python-poetry/poetry/blob/bc9acdbcf9082c311ff2545225e00347acf31fd8/poetry/utils/exporter.py#L73-L83

fin swimmer

finswimmer avatar Jun 07 '20 14:06 finswimmer

@finswimmer The issue is not in the exporter, but rather in add where the protocol information is lost.

SanketDG avatar Jun 09 '20 01:06 SanketDG

But if the ssh:// (with or without git+ prefix) protocol is added back in manually it doesn't work because the git clone command poetry generates fails.

rambo avatar Jun 09 '20 05:06 rambo

@SanketDG: As @rambo said, I guess how ssh:// url's are handled by poetry add are due to the point, that you can easily copy&paste from github, gitlab etc.

I think fixing the output of poetry export is enough here.

fin swimmer

finswimmer avatar Jun 10 '20 09:06 finswimmer

I thinks fixing the output of poetry export is enough here.

Agreed.

rambo avatar Jun 10 '20 10:06 rambo