Skip to content

Poetry does not properly resolve install-requires for certain GIT packages #8774

New issue
New issue
Closed
#9000
Closed
Poetry does not properly resolve install-requires for certain GIT packages#8774
#9000
Labels
kind/bugSomething isn't working as expected
@romain-intel

Description

@romain-intel
romain-intel
opened on Dec 10, 2023
  • Poetry version: 1.7.1
  • Python version: 3.8.18
  • OS version and name: Ubuntu
  • pyproject.toml:
[tool.poetry]
name = "poetry-demo"
version = "0.1.0"
description = ""
authors = ["Romain <[email protected]>"]
readme = "README.md"

[tool.poetry.dependencies]
python = "^3.8"
clip = {git = "https://github.com/openai/CLIP.git"}


[build-system]
requires = ["poetry-core"]
build-backend = "poetry.core.masonry.api"
  • I am on the latest stable Poetry version, installed using a recommended method.
  • I have searched the issues of this repo and believe that this is not a duplicate.
  • I have consulted the FAQ and blog for any relevant entries or release notes.
  • If an exception occurs when executing a command, I executed it again in debug mode (-vvv option) and have included the output below.

Issue

The issue is that when determining the install-requires dependency, it analyzes the setup.py file and notices that there is a install-requires but cannot parse it (it's a list comprehension and not a list). The end result is that this is then silently ignored here: https://github.com/python-poetry/poetry/blob/master/src/poetry/inspection/info.py#L565 because it doesn't check if install-requires is filled (and in fairness, shouldn't since some packages don't have that).

The crux of the issue is basically that in the SetupReader, there is no distinction between "value absent" and "value can't be read".

The proper behavior is probably to fallback to building the package if allowed in the case when the field exists but can't be extracted.

Steps to reproduce:

poetry new poetry-demo
cd poetry-demo
poetry add "git+https://github.com/openai/CLIP.git"

If you look at the CLIP project, you will see it has some requirements like torch but the poetry lock file lists no such thing and looks like this:

[[package]]
name = "clip"
version = "1.0"
description = ""
optional = false
python-versions = "*"
files = []
develop = false

[package.extras]
dev = ["pytest"]

[package.source]
type = "git"
url = "https://github.com/openai/CLIP.git"
reference = "HEAD"
resolved_reference = "a1d071733d7111c9c014f024669f959182114e33"

[metadata]
lock-version = "2.0"
python-versions = "^3.8"
content-hash = "ca6e63d2418191bea92517a4e1a4b2427c67dbcfe40147d16556cd0c674f34c3"

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugSomething isn't working as expected

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions