Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unclear documentation and error messages around combining post releases and prefix matches #831

Open
ArthurGW opened this issue Sep 9, 2024 · 0 comments
Open

Unclear documentation and error messages around combining post releases and prefix matches #831

ArthurGW opened this issue Sep 9, 2024 · 0 comments
Labels
bug packaging.requirements

Comments

@ArthurGW
Copy link

ArthurGW commented Sep 9, 2024
edited
Loading

OS: Windows 11
CPython: 3.12.5
Packaging: 24.1

Apologies for re-raising an old issue:

However, I recently came across the issue while upgrading our python usage to 3.12.5, which includes pip 24.2 which vendors packaging 24.1. Previous discussions of the issue said they would be open to users sharing valid use cases for disallowed specifiers, so here I am ;)

The specific requirement I am trying to parse is of the form:
a==1.2.3.post4.*

Which we would like to match a version such as:
a==1.2.3.post4.dev5

Our use case for this is as follows:

  • We have an internal pypi repo
  • We patch and rebuild many externally-developed packages to meet our needs, before publishing them to our internal repo
  • We use post versions for the "in between" versions between officially published external releases
  • We use dev versions on those post versions while working on new changes
  • We in turn use prefix matching when depending on those dev builds of patched external packages, to say, "use the latest development version of this particular post version"
  • This allows us to develop against these changes before landing them and doing our official post release.

I appreciate this is a somewhat esoteric use case, but it's one we've been doing for a few years and not had issues with. Given the unusual nature of this requirement, I'm not going to push hard to change behaviour here.

However, the documentation and error messages do not match the behaviour. To find out that this was not allowed, I had to look at the packaging source code, track down the commit that made the change, then the pull request, and finally the issues and mailing list discussion it stemmed from. So, even if the behaviour is not changed, a documentation change would be very useful.

The documentation here only talks about prefix matches being invalid after dev versions. It does not mention post versions. It also states, "a trailing .* is permitted on public version identifiers as described below". However:

>>> Version('1.2.3.post4').public
'1.2.3.post4'

In other words, the post is considered part of the public version, and prefix matches are stated as allowed on them.

The error message raised here is also not helpful. Example:

>>> Requirement('a==1.2.3.post4.*')
...
packaging._tokenizer.ParserSyntaxError: .* suffix can only be used with `==` or `!=` operators
    a==1.2.3.post4.*
     ~~~~~~~~~~~~~~^

The issue here is not the operator, it's the post version. So this would also benefit from updating.

Just to add that as a workaround, I can install the dependency first, then the dependent package with --no-deps, which skips validation of Requires-Dist metadata. I think this is the only workaround as I can't find a valid specifier that would match requirements of the form a==1.2.3.post4.dev5 while being restricted enough. I tried Requirement('a>=1.2.3.post4,<1.2.3.post5') but this did not match
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug packaging.requirements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brettcannon @ArthurGW