Skip to content

Ignore hashes for version control repositories #994

Description

@a666

What's the problem this feature will solve?

Right now we are having the following situation.

Having a requirements.in like:

# requirements.in
django
git+ssh://git@private.server/private_app.git@0.3#egg=private_app

and doing:

$ pip-compile --generate-hashes -o requirements.txt requirements.in && pip-sync requirements.txt

gives us the error:

ERROR: Can't verify hashes for these requirements because we don't have a way to hash version control repositories:
    private_app from git+ssh://****@private.server/private_app.git@0.3#egg=private_app 
    (from -r /tmp/tmpii51x619 (line 217))

Replacing our repo with -e git+ssh://git@private.server/private_app.git@0.3#egg=private_app changes the error to

ERROR: The editable requirement posgrado_catalogs from 
git+ssh://****@private.server/private_app.git@0.3#egg=private_app
(from -r /tmp/tmp317kk_qv (line 172)) cannot be installed when requiring hashes, 
because there is no single file to hash.

Describe the solution you'd like

It would be ideal for version control repositories to skip hashing (since access and integrity is handled differently) while keeping it for every other package.

Alternative Solutions

pipenv (ugh) seems to do it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    pipRelated to pipvcsRelated to VCS requirements

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions