Packages downloaded from wrong source with two primary sources

[vit-zikmund]

Description

In case there are two primary sources with the first being a private one (having a couple custom packages only) and another source mirroring/being PyPI (having it all), some of the packages from PyPI get attempted to download from the 1st source despite LegacyRepository._find_packages properly finding them in the right source.

This is easily triggered with the right config and the absence of poetry.lock.

I've tried to chase this down on the latest main (same behavior), but no dice. However, I got some clues:

The package resolving around:

Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/colorama/ HTTP/11" 404 None
Source (mama-prod): No packages found for colorama
Source (mama-prod): 0 packages found for colorama *
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/colorama/ HTTP/11" 200 None

works well, I've put some prints here and there and I see the Package.source_url that's coming out of LegacyRepository._find_packages is correct and has the right url. The problem happens in VersionSolver._choose_package_version. Before the call to Provider.complete_package, the package has a corect source_url and after the call it's wrong. Inside the method, the problematic place is this call to RepositoryPool.package(), where it iterates the repositories, touching first the one not having the package here.
Instead of raising a PackageNotFound exception, the LegacyRepository.package() creates one out of thin air with the wrong source_url.
I think the problem might be the CachedRepository.package() call, which should return the exception, but it doesn't seem to even check if it contains the package and seems to go straight to creating one 🤔

I confess I didn't get the surrounding semantics, so maybe that's not the place, but it seems pretty suspicious.

Workarounds

Put the public source to the first place and the private second, but this likely works only by accident.

Poetry Installation Method

pipx

Operating System

Fedora 39

Poetry Version

Poetry (version 1.8.3)

Poetry Configuration

cache-dir = "/home/myself/.cache/pypoetry"
experimental.system-git-client = false
installer.max-workers = null
installer.modern-installation = true
installer.no-binary = null
installer.parallel = true
keyring.enabled = true
repositories.mama-prod.url = "http://our-private-devpi/mama/prod/+simple/"
repositories.mama-pypi-mirror.url = "http://our-private-devpi/root/pypi/+simple/"
solver.lazy-wheel = true
virtualenvs.create = true
virtualenvs.in-project = null
virtualenvs.options.always-copy = false
virtualenvs.options.no-pip = false
virtualenvs.options.no-setuptools = false
virtualenvs.options.system-site-packages = false
virtualenvs.path = "{cache-dir}/virtualenvs"  # /home/myself/.cache/pypoetry/virtualenvs
virtualenvs.prefer-active-python = false
virtualenvs.prompt = "{project_name}-py{python_version}"
warnings.export = true

Python Sysconfig

No response

Example pyproject.toml

[tool.poetry]
name = "bug-test"
version = "0.1.0"
description = ""
authors = ["vit-zikmund"]

# private libraries & tools
[[tool.poetry.source]]
name = "mama-prod"
url = "http://our-private-devpi/mama/prod/+simple/"
priority = "primary"

# pypi mirror
[[tool.poetry.source]]
name = "mama-pypi-mirror"
url = "http://our-private-devpi/root/pypi/+simple/"
priority = "primary"

[tool.poetry.dependencies]
python = "^3.12"

[tool.poetry.group.dev.dependencies]
pytest = "*"

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

Poetry Runtime Logs

$ poetry -vvv update
Loading configuration file /home/myself/.config/pypoetry/config.toml
Adding repository mama-prod (http://our-private-devpi/mama/prod/+simple) and setting it as primary
Adding repository mama-pypi-mirror (http://our-private-devpi/root/pypi/+simple) and setting it as primary
Deactivating the PyPI repository
The currently activated Python version 3.11.9 is not supported by the project (^3.12).
Trying to find and use a compatible version. 
Trying python3
Using python3 (3.12.4)
Creating virtualenv pphe-analytics-pump-Au-VB6rC-py3.12 in /home/myself/.cache/pypoetry/virtualenvs
[virtualenv] find interpreter for spec PythonSpec(path=/usr/bin/python3.12)
[virtualenv] filesystem is case-sensitive
[filelock:filelock] Attempting to acquire lock 139853755463632 on /home/myself/.local/share/virtualenv/py_info/1/f0d7a494a3f776233427cb85a7e198c7cf4913b50a203c6febc678cc4f5bf265.lock
[filelock:filelock] Lock 139853755463632 acquired on /home/myself/.local/share/virtualenv/py_info/1/f0d7a494a3f776233427cb85a7e198c7cf4913b50a203c6febc678cc4f5bf265.lock
[virtualenv] got python info of %s from (PosixPath('/usr/bin/python3.12'), PosixPath('/home/myself/.local/share/virtualenv/py_info/1/f0d7a494a3f776233427cb85a7e198c7cf4913b50a203c6febc678cc4f5bf265.json'))
[filelock:filelock] Attempting to release lock 139853755463632 on /home/myself/.local/share/virtualenv/py_info/1/f0d7a494a3f776233427cb85a7e198c7cf4913b50a203c6febc678cc4f5bf265.lock
[filelock:filelock] Lock 139853755463632 released on /home/myself/.local/share/virtualenv/py_info/1/f0d7a494a3f776233427cb85a7e198c7cf4913b50a203c6febc678cc4f5bf265.lock
[virtualenv] proposed PythonInfo(spec=CPython3.12.4.final.0-64, exe=/usr/bin/python3.12, platform=linux, version='3.12.4 (main, Jun  7 2024, 00:00:00) [GCC 13.3.1 20240522 (Red Hat 13.3.1-1)]', encoding_fs_io=utf-8-utf-8)
[virtualenv] accepted PythonInfo(spec=CPython3.12.4.final.0-64, exe=/usr/bin/python3.12, platform=linux, version='3.12.4 (main, Jun  7 2024, 00:00:00) [GCC 13.3.1 20240522 (Red Hat 13.3.1-1)]', encoding_fs_io=utf-8-utf-8)
[virtualenv] create virtual environment via CPython3Posix(dest=/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12, clear=False, no_vcs_ignore=False, global=False)
[virtualenv] create folder /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin
[virtualenv] create folder /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages
[virtualenv] create folder /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib64/python3.12/site-packages
[virtualenv] write /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/pyvenv.cfg
[virtualenv] 	home = /usr/bin
[virtualenv] 	implementation = CPython
[virtualenv] 	version_info = 3.12.4.final.0
[virtualenv] 	virtualenv = 20.26.3
[virtualenv] 	include-system-site-packages = false
[virtualenv] 	base-prefix = /usr
[virtualenv] 	base-exec-prefix = /usr
[virtualenv] 	base-executable = /usr/bin/python3.12
[virtualenv] symlink /usr/bin/python3.12 to /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/python
[virtualenv] create virtualenv import hook file /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages/_virtualenv.pth
[virtualenv] create /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages/_virtualenv.py
[virtualenv] ============================== target debug ==============================
[virtualenv] debug via /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/python /home/myself/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/virtualenv/create/debug.py
[virtualenv] {
[virtualenv]   "sys": {
[virtualenv]     "executable": "/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/python",
[virtualenv]     "_base_executable": "/usr/bin/python3.12",
[virtualenv]     "prefix": "/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12",
[virtualenv]     "base_prefix": "/usr",
[virtualenv]     "real_prefix": null,
[virtualenv]     "exec_prefix": "/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12",
[virtualenv]     "base_exec_prefix": "/usr",
[virtualenv]     "path": [
[virtualenv]       "/usr/lib64/python312.zip",
[virtualenv]       "/usr/lib64/python3.12",
[virtualenv]       "/usr/lib64/python3.12/lib-dynload",
[virtualenv]       "/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib64/python3.12/site-packages",
[virtualenv]       "/home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages"
[virtualenv]     ],
[virtualenv]     "meta_path": [
[virtualenv]       "<class '_virtualenv._Finder'>",
[virtualenv]       "<class '_frozen_importlib.BuiltinImporter'>",
[virtualenv]       "<class '_frozen_importlib.FrozenImporter'>",
[virtualenv]       "<class '_frozen_importlib_external.PathFinder'>"
[virtualenv]     ],
[virtualenv]     "fs_encoding": "utf-8",
[virtualenv]     "io_encoding": "utf-8"
[virtualenv]   },
[virtualenv]   "version": "3.12.4 (main, Jun  7 2024, 00:00:00) [GCC 13.3.1 20240522 (Red Hat 13.3.1-1)]",
[virtualenv]   "makefile_filename": "/usr/lib64/python3.12/config-3.12-x86_64-linux-gnu/Makefile",
[virtualenv]   "os": "<module 'os' (frozen)>",
[virtualenv]   "site": "<module 'site' (frozen)>",
[virtualenv]   "datetime": "<module 'datetime' from '/usr/lib64/python3.12/datetime.py'>",
[virtualenv]   "math": "<module 'math' from '/usr/lib64/python3.12/lib-dynload/math.cpython-312-x86_64-linux-gnu.so'>",
[virtualenv]   "json": "<module 'json' from '/usr/lib64/python3.12/json/__init__.py'>"
[virtualenv] }
[virtualenv] add seed packages via FromAppData(download=False, pip=bundle, via=copy, app_data_dir=/home/myself/.local/share/virtualenv)
[virtualenv] install pip from wheel /home/myself/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/virtualenv/seed/wheels/embed/pip-24.1-py3-none-any.whl via CopyPipInstall
[filelock:filelock] Attempting to acquire lock 139853779735120 on /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any.lock
[filelock:filelock] Lock 139853779735120 acquired on /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any.lock
[filelock:filelock] Attempting to release lock 139853779735120 on /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any.lock
[filelock:filelock] Lock 139853779735120 released on /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any.lock
[virtualenv] copy directory /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any/pip to /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages/pip
[virtualenv] copy directory /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any/pip-24.1.dist-info to /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages/pip-24.1.dist-info
[virtualenv] copy /home/myself/.local/share/virtualenv/wheel/3.12/image/1/CopyPipInstall/pip-24.1-py3-none-any/pip-24.1.virtualenv to /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/lib/python3.12/site-packages/pip-24.1.virtualenv
[distlib:distlib.util] changing mode of /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/pip to 755
[distlib:distlib.util] changing mode of /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/pip3 to 755
[distlib:distlib.util] changing mode of /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/pip3.12 to 755
[distlib:distlib.util] changing mode of /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/bin/pip-3.12 to 755
[virtualenv] generated console scripts pip pip3 pip3.12 pip-3.12
[virtualenv] add activators for Bash, CShell, Fish, Nushell, PowerShell, Python
[virtualenv] write /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12/pyvenv.cfg
[virtualenv] 	home = /usr/bin
[virtualenv] 	implementation = CPython
[virtualenv] 	version_info = 3.12.4.final.0
[virtualenv] 	virtualenv = 20.26.3
[virtualenv] 	include-system-site-packages = false
[virtualenv] 	base-prefix = /usr
[virtualenv] 	base-exec-prefix = /usr
[virtualenv] 	base-executable = /usr/bin/python3.12
[virtualenv] 	prompt = pphe-analytics-pump-py3.12
Using virtualenv: /home/myself/.cache/pypoetry/virtualenvs/pphe-analytics-pump-Au-VB6rC-py3.12
Updating dependencies
Resolving dependencies...
   1: fact: pphe-analytics-pump is 0.1.0
   1: derived: pphe-analytics-pump
   1: fact: pphe-analytics-pump depends on mama-commons (^1.1.12)
   1: fact: pphe-analytics-pump depends on pytest (*)
   1: selecting pphe-analytics-pump (0.1.0)
   1: derived: pytest
   1: derived: mama-commons (>=1.1.12,<2.0.0)
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Checking if keyring is available
[keyring:keyring.backend] Loading KWallet
[keyring:keyring.backend] Loading SecretService
[keyring:keyring.backend] Loading Windows
[keyring:keyring.backend] Loading chainer
[keyring:keyring.backend] Loading libsecret
[keyring:keyring.backend] Loading macOS
Using keyring backend 'SecretService Keyring'
Creating new session for our-private-devpi
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] Starting new HTTP connection (1): our-private-devpi:80
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/pytest/ HTTP/11" 404 None
Source (mama-prod): No packages found for pytest
Source (mama-prod): 0 packages found for pytest *
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Checking if keyring is available
Using keyring backend 'SecretService Keyring'
Creating new session for our-private-devpi
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] Starting new HTTP connection (1): our-private-devpi:80
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/pytest/ HTTP/11" 200 None
Source (mama-pypi-mirror): 175 packages found for pytest *
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/mama-commons/ HTTP/11" 200 None
Source (mama-prod): 1 packages found for mama-commons >=1.1.12,<2.0.0
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/mama-commons/ HTTP/11" 404 None
Source (mama-pypi-mirror): No packages found for mama-commons
Source (mama-pypi-mirror): 0 packages found for mama-commons >=1.1.12,<2.0.0
   1: selecting mama-commons (1.1.12)
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/pytest/ HTTP/11" 404 None
   1: fact: pytest (8.3.2) depends on iniconfig (*)
   1: fact: pytest (8.3.2) depends on packaging (*)
   1: fact: pytest (8.3.2) depends on pluggy (>=1.5,<2)
   1: fact: pytest (8.3.2) depends on colorama (*)
   1: selecting pytest (8.3.2)
   1: derived: colorama
   1: derived: pluggy (>=1.5,<2)
   1: derived: packaging
   1: derived: iniconfig
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/colorama/ HTTP/11" 404 None
Source (mama-prod): No packages found for colorama
Source (mama-prod): 0 packages found for colorama *
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/colorama/ HTTP/11" 200 None
Source (mama-pypi-mirror): 43 packages found for colorama *
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/pluggy/ HTTP/11" 404 None
Source (mama-prod): No packages found for pluggy
Source (mama-prod): 0 packages found for pluggy >=1.5,<2
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/pluggy/ HTTP/11" 200 None
Source (mama-pypi-mirror): 1 packages found for pluggy >=1.5,<2
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/packaging/ HTTP/11" 404 None
Source (mama-prod): No packages found for packaging
Source (mama-prod): 0 packages found for packaging *
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/packaging/ HTTP/11" 200 None
Source (mama-pypi-mirror): 44 packages found for packaging *
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/iniconfig/ HTTP/11" 404 None
Source (mama-prod): No packages found for iniconfig
Source (mama-prod): 0 packages found for iniconfig *
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
Multiple source configurations found for our-private-devpi - mama-prod, mama-pypi-mirror
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /root/pypi/+simple/iniconfig/ HTTP/11" 200 None
Source (mama-pypi-mirror): 6 packages found for iniconfig *
   1: selecting pluggy (1.5.0)
[urllib3:urllib3.connectionpool] http://our-private-devpi:80 "GET /mama/prod/+simple/packaging/ HTTP/11" 404 None
   1: selecting packaging (24.1)
   1: selecting iniconfig (2.0.0)
   1: selecting colorama (0.4.6)
   1: Version solving took 1.030 seconds.
   1: Tried 1 solutions.

Finding the necessary packages for the current system
Source (mama-prod): 0 packages found for pytest *
Source (mama-pypi-mirror): 1 packages found for pytest *
Source (mama-prod): 1 packages found for mama-commons >=1.1.12,<2.0.0
Source (mama-pypi-mirror): 0 packages found for mama-commons >=1.1.12,<2.0.0
Source (mama-prod): 1 packages found for pluggy >=1.5,<2
Source (mama-pypi-mirror): 1 packages found for pluggy >=1.5,<2
Source (mama-prod): 0 packages found for packaging *
Source (mama-pypi-mirror): 1 packages found for packaging *
Source (mama-prod): 1 packages found for iniconfig *
Source (mama-pypi-mirror): 1 packages found for iniconfig *

Package operations: 5 installs, 0 updates, 0 removals

  - Installing iniconfig (2.0.0): Pending...
  - Installing packaging (24.1): Pending...
  - Installing pluggy (1.5.0): Pending...
  - Installing iniconfig (2.0.0): Failed
  - Installing packaging (24.1): Pending...

  Stack trace:

  5  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:285 in _execute_operation
      283│ 
      284│             try:
    → 285│                 result = self._do_execute_operation(operation)
      286│             except EnvCommandError as e:
      287│                 if e.e.returncode == -2:

  4  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:395 in _do_execute_operation
      393│             return 0
      394│ 
    → 395│         result: int = getattr(self, f"_execute_{method}")(operation)
      396│ 
      397│         if result != 0:

  3  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:520 in _execute_install
      518│ 
      519│     def _execute_install(self, operation: Install | Update) -> int:
    → 520│         status_code = self._install(operation)
      521│ 
      522│         self._save_url_reference(operation)

  2  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:558 in _install
      556│             archive = self._download_link(operation, Link(package.source_url))
      557│         else:
    → 558│             archive = self._download(operation)
      559│ 
      560│         operation_message = self.get_operation_message(operation)

  1  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:736 in _download
      734│ 
      735│     def _download(self, operation: Install | Update) -> Path:
    → 736│         link = self._chooser.choose_for(operation.package)
      737│ 
      738│         if link.yanked:

  RuntimeError

  Unable to find installation candidates for iniconfig (2.0.0)

  at ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/chooser.py:74 in choose_for
       70│ 
       71│             links.append(link)
       72│ 
       73│         if not links:
    →  74│             raise RuntimeError(f"Unable to find installation candidates for {package}")
       75│ 
       76│         # Get the best link
       77│         chosen = max(links, key=lambda link: self._sort_key(package, link))
       78│ 

Cannot install iniconfig.

  - Installing packaging (24.1): Pending...
  - Installing pluggy (1.5.0): Pending...
  - Installing pluggy (1.5.0): Failed

  Stack trace:

  5  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:285 in _execute_operation
      283│ 
      284│             try:
    → 285│                 result = self._do_execute_operation(operation)
      286│             except EnvCommandError as e:
      287│                 if e.e.returncode == -2:

  4  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:395 in _do_execute_operation
      393│             return 0
      394│ 
    → 395│         result: int = getattr(self, f"_execute_{method}")(operation)
      396│ 
      397│         if result != 0:

  3  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:520 in _execute_install
      518│ 
      519│     def _execute_install(self, operation: Install | Update) -> int:
    → 520│         status_code = self._install(operation)
      521│ 
  - Installing packaging (24.1): Installing...
  - Installing pluggy (1.5.0): Pending...
  - Installing pluggy (1.5.0): Failed

  Stack trace:

  5  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:285 in _execute_operation
      283│ 
      284│             try:
    → 285│                 result = self._do_execute_operation(operation)
      286│             except EnvCommandError as e:
      287│                 if e.e.returncode == -2:

  4  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:395 in _do_execute_operation
      393│             return 0
      394│ 
    → 395│         result: int = getattr(self, f"_execute_{method}")(operation)
      396│ 
      397│         if result != 0:

  3  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:520 in _execute_install
      518│ 
      519│     def _execute_install(self, operation: Install | Update) -> int:
    → 520│         status_code = self._install(operation)
      521│ 
  - Installing packaging (24.1)
  - Installing pluggy (1.5.0): Pending...
  - Installing pluggy (1.5.0): Failed

  Stack trace:

  5  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:285 in _execute_operation
      283│ 
      284│             try:
    → 285│                 result = self._do_execute_operation(operation)
      286│             except EnvCommandError as e:
      287│                 if e.e.returncode == -2:

  4  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:395 in _do_execute_operation
      393│             return 0
      394│ 
    → 395│         result: int = getattr(self, f"_execute_{method}")(operation)
      396│ 
      397│         if result != 0:

  3  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:520 in _execute_install
      518│ 
      519│     def _execute_install(self, operation: Install | Update) -> int:
    → 520│         status_code = self._install(operation)
      521│ 
      522│         self._save_url_reference(operation)

  2  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:558 in _install
      556│             archive = self._download_link(operation, Link(package.source_url))
      557│         else:
    → 558│             archive = self._download(operation)
      559│ 
      560│         operation_message = self.get_operation_message(operation)

  1  ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/executor.py:736 in _download
      734│ 
      735│     def _download(self, operation: Install | Update) -> Path:
    → 736│         link = self._chooser.choose_for(operation.package)
      737│ 
      738│         if link.yanked:

  RuntimeError

  Unable to find installation candidates for pluggy (1.5.0)

  at ~/.local/pipx/venvs/poetry/lib64/python3.11/site-packages/poetry/installation/chooser.py:74 in choose_for
       70│ 
       71│             links.append(link)
       72│ 
       73│         if not links:
    →  74│             raise RuntimeError(f"Unable to find installation candidates for {package}")
       75│ 
       76│         # Get the best link
       77│         chosen = max(links, key=lambda link: self._sort_key(package, link))
       78│ 

Cannot install pluggy.

[Secrus]

Having 2 primary sources is wrong (it should be caught at an earlier stage I think) and that is most likely why you see this issue.

[vit-zikmund]

Hi @Secrus, what's the issue with multiple primary sources? The docs say that's perfectly fine and we've been using them for ages.

... by adding at least one primary source ...
... All primary package sources are searched for each dependency ...

[radoering]

The docs say that's perfectly fine and we've been using them for ages.

Yes, it should be fine. (You can only have one default source, but default is deprecated anyway.)

[vit-zikmund]

Thanks @radoering.
FWIW here's a couple short instructions how to setup & run a devpi server for a local reproduction, unless you have it, duh 😇:

mkdir devpi && cd devpi
python -m venv . && source bin/activate
pip install devpi-server devpi-client
devpi-init
devpi-server
# the server should be running now, setup an empty test index
devpi use http://localhost:3141/
devpi login --password '' root
devpi index -c root/test

Now change to url of the sources to:

[[tool.poetry.source]]
name = "mama-prod"
url = "http://localhost:3141/root/test/+simple/"
priority = "primary"

[[tool.poetry.source]]
name = "mama-pypi-mirror"
url = "http://localhost:3141/root/pypi/+simple/"
priority = "primary"

Running poetry update in a fresh env should reproduce the behavior.

[radoering]

Unfortunately, I cannot reproduce the issue with this setup. I even cleared my cache (including artifacts). The installation always succeeds on my machine. I also debugged into RepositoryPool.package() and always get a PackageNotFoundError for the first source.

This is easily triggered with the right config and the absence of poetry.lock.

If it cannot be triggered if poetry.lock exists, it should be possible to narrow the issue down to poetry lock and find something wrong in poetry.lock. If this is not a locking issue but an installation issue, it should not matter if poetry.lock exists or not.

I think the problem might be the CachedRepository.package() call, which should return the exception, but it doesn't seem to even check if it contains the package and seems to go straight to creating one 🤔

This should finally call LegacyRepository._get_release_info(), which calls LegacyRepository._get_page(), which raises the exception.

Maybe, your cache is corrupt. Did you try --no-cache / clearing your cache?

[vit-zikmund]

Hi @radoering, using --no-cache indeed fixes the issue :O
I haven't yet deleted the cache, are there some artifacts I could collect to help you see why/how the cache got corrupted? I will understand that might be under your radar :)

This might be a good suggestion for a bug template, as clearing the cache is something I haven't thought about to try.

[radoering]

I haven't yet deleted the cache, are there some artifacts I could collect to help you see why/how the cache got corrupted?

It is difficult to name the exact artifacts because the cache is structured by hashes. Further, we will only see what is corrupt not how it got there. The most likely reason I can think of is that mama-prod had been configured to forward to mama-pypi-mirror when the cache was created or that sources were renamed so that the packages were available in mama-prod in the past.

This might be a good suggestion for a bug template, as clearing the cache is something I haven't thought about to try.

I agree.

[vit-zikmund]

Well, those are interesting possibilities. I can't say I haven't done such fiddling while figuring some CI/CD things out. Thanks a ton for your time and I'm sincerely sorry it's such a bummer.

Filed a proper issue (with a perfect number 👿) for the template improvement.

There's nothing else to do here. Thank you for your help!