Support wheel cache when using --require-hashes #11897
Conversation
|
Exciting! I will do my very best to try to get pip built locally using this (I would honestly have attacked this myself if I knew how to get the dev env working 😂) |
Nothing fancy really: |
sbidoul
force-pushed
the
cache-hash-checking-sbi
branch
2 times, most recently
from
9abf6b0
to
a1c78e5
Compare
|
Combined with #11872, one can use |
sbidoul
force-pushed
the
cache-hash-checking-sbi
branch
from
bd3673f
to
76d8341
Compare
|
I'd like to get this in 23.1. @ewdurbin if you can confirm it fixes the issue within the next week or so, that would be excellent. Please ask for help if you are still unsure how to test against the version with the PR. |
|
Thanks for the ping. PyCon prep has me pretty slammed but I need to do some warehouse work in the next day or so. I'll try running from this branch to confirm it works in dev. |
Hmmm, I guess I was tricked by the tox.ini in the past and never found success. Testing this now. |
|
Hmmmmm I must be holding it wrong, but with the refactor of our actions in https://github.com/pypi/warehouse/pull/13357/files I would have expected the pip cache to pick up the wheels from the new "deps" initial job, but no dice: https://github.com/pypi/warehouse/actions/runs/4596723814/jobs/8118550985 |
There was no cache available when |
That was the first run, so there was no cache. The
Then the downstream build matrix was able to get it:
|
sbidoul
force-pushed
the
cache-hash-checking-sbi
branch
from
6e3e346
to
7fb8feb
Compare
|
@ewdurbin I don't immediately understand what's wrong with your test. I rebased this PR in case there is some interaction with some previously unmerged pip 23.1 change. FWIW, I just tried this script which shows it works fine. #!/bin/bash
set -eaux -o pipefail
VENV=$(mktemp -d)
python -m venv $VENV
source $VENV/bin/activate
pip install -U git+https://github.com/pypa/pip@refs/pull/11897/head
REQS=$(mktemp)
export PIP_CACHE_DIR=$(mktemp -d)
export PIP_NO_BINARY=:all:
cat <<EOF > $REQS
lxml==4.9.2 \
--hash sha256:2455cfaeb7ac70338b3257f41e21f0724f4b5b0c0e7702da67ee6c3640835b67 \
--hash sha256:7b515674acfdcadb0eb5d00d8a709868173acece5cb0be3dd165950cbfdf5409
EOF
echo "======= first install builds from source"
pip install -r $REQS
echo "======= reinstall gets wheel from cache"
pip install --force-reinstall -r $REQS |
|
This one is now ready. |
| "and re-downloading source." | ||
| ) | ||
| req.link = direct_url_as_link(req.download_info) | ||
| link = req.link |
There was a problem hiding this comment.
Hmm, I'm afraid this part still needs some work. If req.download_info contains an invalid hash, it re-downloads an URL with an invalid hash fragment, which means we never get a good cache entry.
There was a problem hiding this comment.
Ok, I resolved this by adding a new cached_wheel_source_link field to InstallRequirement. I also renamed original_link_is_in_wheel_cache to is_wheel_from_cache to better reflect its meaning.
sbidoul
force-pushed
the
cache-hash-checking-sbi
branch
3 times, most recently
from
16b2aa8
to
8abc7e9
Compare
|
So this is ready again 🟢 |
sbidoul
force-pushed
the
cache-hash-checking-sbi
branch
from
b0c5edf
to
2a471a7
Compare
| link: Link, | ||
| download_dir: str, | ||
| hashes: Optional[Hashes], | ||
| warn_on_hash_mismatch: bool = True, |
There was a problem hiding this comment.
Not some that needs to change, I’m just suddenly curious how peopel choose between positive and negative flags. Personally I’d probably choose to implement this as suppress_hash_mismatch_warning=False.
There was a problem hiding this comment.
In this case I think I wanted to avoid a double negation and save half a brain cycle when reading the only condition using this flag.
src/pip/_internal/req/req_install.py
Outdated
| # When is_wheel_from_cache is True, it means that this InstallRequirement | ||
| # is a local wheel file in the cache of locally built wheels. | ||
| self.is_wheel_from_cache = False | ||
| # When is_wheel_from_cache is True, this is the source link corresponding | ||
| # to the cache entry, which was used to download and build the cached wheel. | ||
| self.cached_wheel_source_link: Optional[Link] = None |
There was a problem hiding this comment.
Do we need two attributes for this? From what I can tell these are always set together and is_wheel_from_cache can be entirely implied by cached_wheel_source_link is not None.
There was a problem hiding this comment.
This is indeed a logical next step in this refactoring. Done.
This more accurately reflects that it is not necessarily related to original_link, original_link being the direct URL link, and the wheel cache can also be populated from sdists URL discovered by the finder.
sbidoul
force-pushed
the
cache-hash-checking-sbi
branch
from
2a471a7
to
efe2d27
Compare
|
@sbidoul This is going to miss 23.1. If you want to get it included in that release, can you do anything in the next hour or two? Otherwise, I'll push it to 23.2. |
|
Wow, that was quick! Thanks. |
closes #5037
@ewdurbin would you like to test this and try to break it?
I'm not doing it for the bounty, as this is also one of the things in my way of actually using hashes. So hopefully we'll share a 🍺 if our paths cross one day.
TODO
pip wheel(I think it works but the warning should be silenced)