Oauthlib: Error when new PIP resolved accesses Oauthlib data

Created on 2 Dec 2020  ·  14Comments  ·  Source: oauthlib/oauthlib

Describe the bug

In Airflow, we are experiencing problems when we are trying to use the PIP released 2 days ago which has the new resolver on by default.

ERROR: Requested oauthlib[signedtoken]>=1.0.0 from https://files.pythonhosted.org/packages/e5/54/4f96c51b171cf3a64a04b8c5167268803205bc5943b5cdf70bd770727b88/oauthlib-1.1.0-1.tar.gz#sha256=0f786c5573248a38efa86c48c59c0c93140ac836ab2a246aeefd8f9039e999ba (from jira->apache-airflow==1.10.13) has different version in metadata: '1.1.0'

How to reproduce

  • Setup an empty virtualenv for Python 3.6
  • Upgrade to latest pip: pip install --upgrade pip
  • pip --version should return 20.3
  • Run this command:
pip install "https://github.com/apache/airflow/archive/v1-10-test.tar.gz#egg=apache-airflow[all]" --constraint https://raw.githubusercontent.com/apache/airflow/constraints-1-10/constraints-3.6.txt
  • Observe the output. It will keep on finding good dependencies until 
Collecting oauthlib[signedtoken]>=1.0.0
  Using cached oauthlib-3.0.2-py2.py3-none-any.whl (143 kB)
  Using cached oauthlib-3.0.1-py2.py3-none-any.whl (142 kB)
  Using cached oauthlib-3.0.0-py2.py3-none-any.whl (142 kB)
  Using cached oauthlib-2.1.0-py2.py3-none-any.whl (121 kB)
  Using cached oauthlib-2.0.7-py2.py3-none-any.whl (124 kB)
  Using cached oauthlib-2.0.6.tar.gz (127 kB)
  Using cached oauthlib-2.0.5.tar.gz (129 kB)
  Using cached oauthlib-2.0.4.tar.gz (127 kB)
  Using cached oauthlib-2.0.3.tar.gz (127 kB)
  Using cached oauthlib-2.0.2.tar.gz (125 kB)
  Using cached oauthlib-2.0.1.tar.gz (122 kB)
  Using cached oauthlib-2.0.0.tar.gz (122 kB)
  Using cached oauthlib-1.1.2.tar.gz (111 kB)
  Using cached oauthlib-1.1.1.tar.gz (108 kB)
  Using cached oauthlib-1.1.0-1.tar.gz (106 kB)
ERROR: Requested oauthlib[signedtoken]>=1.0.0 from https://files.pythonhosted.org/packages/e5/54/4f96c51b171cf3a64a04b8c5167268803205bc5943b5cdf70bd770727b88/oauthlib-1.1.0-1.tar.gz#sha256=0f786c5573248a38efa86c48c59c0c93140ac836ab2a246aeefd8f9039e999ba (from jira->apache-airflow[all]) has different version in metadata: '1.1.0'
````
Apparently, metadata in published oauthlib 1.1.0-1 is wrong snd points to 1.1.0.



The same command with the legacy resolver works fine:

pip install --use-deprecated legacy-resolver "https://github.com/apache/airflow/archive/v1-10-test.tar.gz#egg=apache-airflow[all]" --constraint https://raw.githubusercontent.com/apache/airflow/constraints-1-10/constraints-3.6.txt
```

Expected behavior

I expect the resolver does not get broken by broken metadata.
Opened similar issue in PIP https://github.com/pypa/pip/issues/9203 as I am not sure who can fix it.

picture potiuk
👍1

Most helpful comment

I have unyanked the release, if someone could confirm it still work, that will be great :)

picture JonathanHuot on 25 Feb 2021
👍3

All 14 comments

I tried pip install oauthlib[signedtoken]>=1.0.0.
It works as expected. I'm not sure what else we can do.

thedrow picture thedrow on 3 Dec 2020

Maybe ytou can remove/yank the offending library version ? I can also try to add limitation to oauthlub in our case!

potiuk picture potiuk on 3 Dec 2020

I tried pip install oauthlib[signedtoken]>=1.0.0.

Try pip install oauthlib==1.1.0, since that's the version that's failing. pip 20.3 has a resolver that backtracks on conflicts.

pradyunsg picture pradyunsg on 3 Dec 2020

Confirmed by PIP developers that yanking this version should fix it. https://github.com/pypa/pip/issues/9203#issuecomment-737891765

Would the maintainers be so kind to yank it?

potiuk picture potiuk on 3 Dec 2020

If you guys can yank (https://pypi.org/help/#yanked) that release, it should help us at Airflow and hopefully more libraries like us to use the new PIP resolver without error.

Really appreciate all the work you guys are doing

kaxil picture kaxil on 3 Dec 2020

Hi,
I have yanked the release. Let me know if it is ok now.
Regards

JonathanHuot picture JonathanHuot on 3 Dec 2020
3

Thanks, appreciate that 🙏

kaxil picture kaxil on 3 Dec 2020

Thanks a lot ! Really appreciate.

Unfottunately, despite PIP maintainer confirmation, it did not work: https://github.com/pypa/pip/issues/9203#issuecomment-738395432

Feel free to unyank @JonathanHuot

potiuk picture potiuk on 3 Dec 2020

Just update - don't unyank it please yet :). Seems that fix is coming https://github.com/pypa/pip/pull/9226

potiuk picture potiuk on 4 Dec 2020
1

Looks like this is fixed now (tested using pip 21.0)

recvfrom picture recvfrom on 27 Jan 2021
👍1

Thanks for letting us know :)

thedrow picture thedrow on 1 Feb 2021

@JonathanHuot Did we unyank the release yet?

thedrow picture thedrow on 1 Feb 2021

I have unyanked the release, if someone could confirm it still work, that will be great :)

JonathanHuot picture JonathanHuot on 25 Feb 2021
👍3

Works :)

potiuk picture potiuk on 25 Feb 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

thedrow picture thedrow  ·  31Comments
jcampbell05 picture jcampbell05  ·  14Comments
ViktorHaag picture ViktorHaag  ·  11Comments
polamayster picture polamayster  ·  19Comments
JonathanHuot picture JonathanHuot  ·  10Comments