pip exits with success despite incompatible constraint

Created on 3 Sep 2019 · 3Comments · Source: pypa/pip

Environment

pip version: 19.2.3
Python version: 3.7.4
OS: macOS 18.7.0

This was also reproduced using docker run python:3.

Description

pip installs a package with broken dependencies, if a constraints file specifies an incompatible version. An error message is shown, but the exit code is 0.

For example, environs 5.2.1 requires marshmallow>=2.7.0, but pip installs it with marshmallow 2.6.0 if the latter is specified in a constraints file.

Expected behavior

pip should not install the package, and exit with failure.

How to Reproduce

Create constraints.txt with marshmallow==2.6.0
Create requirements.txt with environs==5.2.1
Run pip install -r requirements.txt -c constraints.txt

Output

$ docker run --rm -ti python:3 sh
# python -V
Python 3.7.4
# pip -V
pip 19.2.3 from /usr/local/lib/python3.7/site-packages/pip (python 3.7)
# uname -a
Linux 4d4f16cc965f 4.9.184-linuxkit #1 SMP Tue Jul 2 22:58:16 UTC 2019 x86_64 GNU/Linux
# echo marshmallow==2.6.0 > constraints.txt
# echo environs==5.2.1 > requirements.txt
# pip install -r requirements.txt -c constraints.txt
Collecting environs==5.2.1 (from -r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/5f/c9/6b576b8b374dfe78d9435988e6a53497822f31b9da5bdd446343ad1a4d1b/environs-5.2.1-py2.py3-none-any.whl
Collecting marshmallow==2.6.0 (from -c constraints.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/33/44/c3bdd4222909b6452ebe5c028ea5dbe7e9409307b3b933026218c677fcf1/marshmallow-2.6.0-py2.py3-none-any.whl (44kB)
     |████████████████████████████████| 51kB 729kB/s
Collecting python-dotenv (from environs==5.2.1->-r requirements.txt (line 1))
  Downloading https://files.pythonhosted.org/packages/57/c8/5b14d5cffe7bb06bedf9d66c4562bf90330d3d35e7f0266928c370d9dd6d/python_dotenv-0.10.3-py2.py3-none-any.whl
ERROR: environs 5.2.1 has requirement marshmallow>=2.7.0, but you'll have marshmallow 2.6.0 which is incompatible.
Installing collected packages: marshmallow, python-dotenv, environs
Successfully installed environs-5.2.1 marshmallow-2.6.0 python-dotenv-0.10.3
# echo $?
0

duplicate auto-locked awaiting response support

Source

cjolowicz

👍1

All 3 comments

This is essentially the same as #988 (see also: #5137).

Pip figures out requirements on a first-encountered basis (though that is subject to change without notice). When the requirements file and constraints file are parsed, we end up with environs==5.2.1 as a requirement and marshmallow==2.6.0 as a constraint. When environs is being processed, marshmallow is noticed as a dependency and the existing entry (marshmallow==2.6.0) is marked as a requirement, and the existing version is the one used for installation. I think using the user-provided value (even if just as a constraint) is probably the most correct behavior we can have here.

The error that is traced is the same that would be traced for a plain pip install environs==5.2.1 marshmallow==2.6.0 or separate invocations like pip install environs==5.2.1 && pip install marshmallow==2.6.0.

chrahunt on 14 Sep 2019

👍1

This was added in #5000. The reason the exit code isn't 1, is backwards compatibility.

If you want to programically know that this is happening, you want to run pip check.

pradyunsg on 15 Sep 2019

👍1

This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.