Skip to content

pip: binary filter ignores environment markers, Hermeto could fails on excluded-platform packages #1570

Description

@ide-developer

Description

When using the binary filter with arch: ppc64le (or s390x), hermeto attempts to download packages that have environment markers explicitly excluding those platforms (e.g. platform_machine != "ppc64le"). Hermeto should skip these requirements entirely based on the markers, but instead tries to find arch-specific wheels and fails with PackageRejected.

Edit : Hermeto should skip these requirements entirely based on the markers.
Hermeto falls back to fetching an sdist if available, skipping the missing wheel. However, Hermeto could potentially fail if the requirements.txt file doesn't record the hash for the respective sdist (via manual requirements.txt edits) and only records wheel hashes.

Reproducer (synthetic)

mkdir /tmp/hermeto-repro && cd /tmp/hermeto-repro

#   NOTE THE EXPLICIT HASH SPECIFIER IT WILL NOT MATCH AN SDIST
cat > requirements.txt << 'EOF'
bcrypt==5.0.0 ; implementation_name == "cpython" and platform_machine != "ppc64le" and platform_machine != "s390x" and sys_platform == "linux" \
    --hash=sha256:81e5dab254e44e82bee49bca4e593b21b7e70a48bcf15725d6588df387098e54
EOF

cat > pyproject.toml << 'EOF'
[project]
name = "repro"
version = "0.1.0"
EOF

mkdir -p /tmp/hermeto-out
podman run --rm \
  -v "$(pwd):/source:z" \
  -v /tmp/hermeto-out:/output:z \
  ghcr.io/hermetoproject/hermeto:0.51.0 \
  fetch-deps --source /source --output /output \
  '[{"type":"pip","path":".","requirements_files":["requirements.txt"],"binary":{"arch":"ppc64le","os":"linux"}}]'

Expected behavior

Hermeto should recognize that bcrypt==5.0.0 has platform_machine != "ppc64le" in its environment marker and skip it entirely when the binary filter specifies arch: ppc64le.

Actual behavior

INFO -- Processing requirement line 'bcrypt==5.0.0 ; implementation_name == "cpython" and platform_machine != "ppc64le" ...'
INFO Filtering out bcrypt-5.0.0.tar.gz due to checksum mismatch
ERROR PackageRejected: No distributions found for package bcrypt==5.0.0

Hermeto processes the requirement, tries to find a ppc64le wheel, can't find one, and fails.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    Fields

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions