Comments (3)
jsirois
commented on August 13, 2024
1
Ok, since I'm confident the current scheme is broken for anyone with VCS or local project requirements (the hash can never match the hash of the pinned artifact currently emitted) I feel safe I don't break anyone using --hash further by switching fro X==Y to the VCS requirement or local project path as appropriate. If there are folks like you hypothezise that munge the file, they'll at least now have the proper list of requirements left. Towards that end, I think I'll add an export format choice to omit hashes. This seems like a real-world reasonablish use case.
from pex.
jsirois
commented on August 13, 2024
It's likely the case the only answer here is to fail fast when exporting a lock with either VCS or Local project requirements since the resulting --hashed requirements file will be unusable by any known tool.
from pex.
huonw
commented on August 13, 2024
I could imagine it's not implausible that someone takes the output of export and munges it to remove the --hashes (opting-in to losing the security advantages of the hashes, of course), and thus making this an error would break them. That might be a use case PEX regards too weird/extreme, though.
from pex.
Related Issues (20)
- ValueError: invalid literal for int() with base 10 during pex build HOT 5
- How to bootstrap external pex files within running Python interpreter HOT 23
- Finalize Python 3.13 support HOT 1
- Build fails/incomplete on requirements.txt schema not followed correctly HOT 9
- Allow subsetting a PEX lockfile in PEX format, not just pip HOT 12
- Support for pip-compile generated requirements with hashes HOT 8
- bdist_pex called from tox fails with python 3.12 HOT 7
- Regression of artifact URL due to change since pip 23.3 HOT 12
- Monkey patch warning when using PEX to run a gunicorn app HOT 6
- A way to configure sys.executable flags at PEX runtime HOT 8
- Add support for `--override`ing transitive dependencies. HOT 1
- Add `--provided`: like `--exclude`, but require the excluded project is available at boot time.
- "Resolving wheels disallowed" error when using `--lock` and `--only-binary` HOT 3
- Add more distribution metadata parsing context to failures.
- Add support for Pip 24.2 / statically linked musl libc CPythons
- Adding support to have all command line flags respected via environment variables HOT 6
- How does pex resolve defaut `--pip-version` HOT 13
- Support `--scie-pbs-flavor`. HOT 3
- Support `--scie` for PyPy.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pex.