Description
When using the binary filter with arch: ppc64le (or s390x), hermeto attempts to download packages that have environment markers explicitly excluding those platforms (e.g. platform_machine != "ppc64le"). Hermeto should skip these requirements entirely based on the markers, but instead tries to find arch-specific wheels and fails with PackageRejected.
Edit : Hermeto should skip these requirements entirely based on the markers.
Hermeto falls back to fetching an sdist if available, skipping the missing wheel. However, Hermeto could potentially fail if the requirements.txt file doesn't record the hash for the respective sdist (via manual requirements.txt edits) and only records wheel hashes.
Reproducer (synthetic)
mkdir /tmp/hermeto-repro && cd /tmp/hermeto-repro
# NOTE THE EXPLICIT HASH SPECIFIER IT WILL NOT MATCH AN SDIST
cat > requirements.txt << 'EOF'
bcrypt==5.0.0 ; implementation_name == "cpython" and platform_machine != "ppc64le" and platform_machine != "s390x" and sys_platform == "linux" \
--hash=sha256:81e5dab254e44e82bee49bca4e593b21b7e70a48bcf15725d6588df387098e54
EOF
cat > pyproject.toml << 'EOF'
[project]
name = "repro"
version = "0.1.0"
EOF
mkdir -p /tmp/hermeto-out
podman run --rm \
-v "$(pwd):/source:z" \
-v /tmp/hermeto-out:/output:z \
ghcr.io/hermetoproject/hermeto:0.51.0 \
fetch-deps --source /source --output /output \
'[{"type":"pip","path":".","requirements_files":["requirements.txt"],"binary":{"arch":"ppc64le","os":"linux"}}]'
Expected behavior
Hermeto should recognize that bcrypt==5.0.0 has platform_machine != "ppc64le" in its environment marker and skip it entirely when the binary filter specifies arch: ppc64le.
Actual behavior
INFO -- Processing requirement line 'bcrypt==5.0.0 ; implementation_name == "cpython" and platform_machine != "ppc64le" ...'
INFO Filtering out bcrypt-5.0.0.tar.gz due to checksum mismatch
ERROR PackageRejected: No distributions found for package bcrypt==5.0.0
Hermeto processes the requirement, tries to find a ppc64le wheel, can't find one, and fails.
Description
When using the
binaryfilter witharch: ppc64le(ors390x), hermeto attempts to download packages that have environment markers explicitly excluding those platforms (e.g.platform_machine != "ppc64le").Hermeto should skip these requirements entirely based on the markers, but instead tries to find arch-specific wheels and fails withPackageRejected.Edit : Hermeto should skip these requirements entirely based on the markers.
Hermeto falls back to fetching an sdist if available, skipping the missing wheel. However, Hermeto could potentially fail if the
requirements.txtfile doesn't record the hash for the respective sdist (via manual requirements.txt edits) and only records wheel hashes.Reproducer (synthetic)
Expected behavior
Hermeto should recognize that
bcrypt==5.0.0hasplatform_machine != "ppc64le"in its environment marker and skip it entirely when the binary filter specifiesarch: ppc64le.Actual behavior
Hermeto processes the requirement, tries to find a ppc64le wheel, can't find one, and fails.