Log file Viewer

[08:05:35] <stor> what's the proper way to use requirements files if i want to install some packages from pypi and some from local filesystem?

[08:05:51] <stor> e.g. if i have a fork of a package also available in pypi

[08:06:14] <stor> and i don't want to install that one, but my patched version

[08:58:57] <brechtm> stor: you can add a filesystem path to the fork, but I'm not sure about the syntax

[09:00:37] <stor> i guess if i don't care if pip does a pypi lookup, i can add a -foo to the my fork's package version and require that version

[09:03:15] <brechtm> stor: you should be able to just add the path to your local fok, see https://pip.pypa.io/en/stable/reference/pip_install/#example-requirements-file

[09:04:20] <brechtm> stor: the path can point to a package (whl, sdist) but also a directory with a setup.py, I think

[09:05:20] <stor> hmm, i know... maybe my problem is how install_requires in setup.py and requirement files interact

[09:06:22] <stor> maybe i specify a pkgx==1.2-foo in setup.py and add a path to requirements.txt that allows pip to find this version

[09:07:26] <stor> ...and i'll not care about a lookup to pypi

[09:08:00] <brechtm> ah, now I understand the problem

[09:08:38] <brechtm> it doesn't work if you place the requirement at the top of requirements.txt?

[09:09:53] <brechtm> if the dependency is already installed, pip shouldn't touch it

[09:10:35] <mgedmin> PEP-440 suggests +local1 as a version suffix

[09:10:49] <mgedmin> for packages with local modifications

[09:11:50] <stor> too bad https://packaging.python.org/patching/ is a fixme :/

[09:12:01] <mgedmin> it's what I'd do -- -f path/to/local/packages and pkg==1.2+local1

[09:13:10] <stor> yep. this does a pypi lookup, right?

[09:14:35] <stor> would be nice to have --no-index in requirements.txt, then some (local) packages, then --index and pypi packages

[09:14:47] <brechtm> Is all that necessary when specifying the fork's local path in requirements.txt?

[09:20:54] <stor> i think not

[16:08:49] <narfology> I am trying to update PIP but I get this error: https://gist.github.com/l3m/0c78244634dd96119aede0ab5e6e125a

[16:08:53] <narfology> Any ideas?

[16:10:57] <xafer> What does "python -m pip --version" give you ?

[16:11:22] <narfology> pip 7.1.0 from /usr/lib/python2.7/site-packages (python 2.7)

[16:12:10] <narfology> xafer: The funny thing is, I even get the upgrade message on the call to pip install --upgrade pip

[16:12:18] <narfology> argh

[16:13:03] <xafer> What does `python -c "from pkg_resources import Environment;print(Environment()['pip'])"` print ?

[16:16:17] <narfology> [pip 7.1.0 (/usr/lib/python2.7/site-packages)]

[16:17:51] <xafer> and "pip install --upgrade pip --verbose" ?

[16:18:43] <narfology> ok nice

[16:18:49] <narfology> xafer: Could not fetch URL https://pypi.python.org/simple/pip/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765) - skipping

[16:19:25] <narfology> thanks a lot

[16:19:32] <xafer> you're welcome :)

[16:22:32] <narfology> argh

[16:22:35] <narfology> now I get a hash fail

[16:22:43] <narfology> Hash of the package https://pypi.python.org/packages/9c/32/004ce0852e0a127f07f358b715015763273799bd798956fa930814b60f39/pip-8.1.2-py2.py3-none-any.whl#md5=0570520434c5b600d89ec95393b2650b (from https://pypi.python.org/simple/pip/) (62d0eaa70fcc9f0580596d2144573954) doesn't match the expected hash 0570520434c5b600d89ec95393b2650b

[16:26:51] <narfology> I assume this is our proxy interfering. I added our custom ca-cert to CentOS, but how can I make it known to pip? Looks like pip doesn't use the system ca-certs

[16:28:10] <ngoldbaum> narfology: if you're not getting the same md5 hash as what's listed on pypi, the file you've downloaded is corrupted somehow

[16:28:38] <tdsmith> dstufft: does pip just use certifi now?

[16:30:24] <tdsmith> narfology: you can pass --cert path/to/certificates to have pip use an alternative set

[16:31:33] <narfology> tdsmith: doesn't seem to work, I still get [SSL: CERTIFICATE_VERIFY_FAILED] even if I point it to the same cert that I needed to make yum work...

[16:35:04] <tdsmith> yes, https://github.com/pypa/pip/commit/c77d4ab55ed412a3b72d0b73f504e8ddec918683#diff-f21e4e94baf6a2d2f98faab0451e418a was the change i was looking for

[16:35:33] <xafer> since 8.0.2

[16:36:30] <narfology> so I'm on 7.1.0 and can't upgrade to 8.x

[16:36:38] <narfology> yay

[16:36:49] <xafer> You can still use get-pip.py

[16:37:10] <narfology> but even if I download the pip file manually (with wget), I get a different value if I md5sum

[16:37:20] <xafer> or download pip wheel and install it

[16:37:28] <xafer> well that's strange...

[16:38:05] <tdsmith> i see 0570520434c5b600d89ec95393b2650b here

[16:38:16] <narfology> I do know my corporate proxy is evil, but this evil that it even modifies harmless pip downloads?

[16:38:17] <narfology> urgh

[16:38:33] <tdsmith> if you manually inspect the downloaded file do you see anything?

[16:38:54] <narfology> yes

[16:38:56] <narfology> argh

[16:39:07] <narfology> an html page telling me it's blocked

[16:39:11] <narfology> thanks

[19:15:48] <bowlofeggs> hello! i think the recent change to make exclude faster might have broken the ability to include subpackages: https://github.com/pypa/setuptools/issues/808

[19:16:58] <bowlofeggs> by "exclude", i mean the exclude argument to find_packages() ☺

[19:19:08] <bowlofeggs> in my case, i can workaround it, but i think the new behavior is a little surprising

[19:19:26] <bowlofeggs> and the changelog did not mention that the include behavior changed as well

[20:43:22] <dstufft> tdsmith: it bundles it's own certificate, or uses certifi if it's available