-
Notifications
You must be signed in to change notification settings - Fork 94
Issues with requests != 2.12 #61
Comments
+1 ... this is happening exactly for us. |
@reaperhulk, thanks for the insights. #58 is not a long term solution, and will not work all the time like you outlined. Like I later commented in that PR, I am thinking of just letting |
@yugangw-msft I've submitted urllib3/urllib3#1063, which should be in an upcoming requests release and will resolve the issues around outdated pyOpenSSL being loaded by requests. That should make it so you don't have to do |
@reaperhulk, thank you! I should revert the change once a new |
Thanks @reaperhulk . your demo illustrates that our previous workaround #58 doesn't work quite well, "due to the way pip currently does version dependency resolution", and even brings some unexpected side effects. We will revert it after your urllib3/urllib3#1063 gets merged and released in urllib3 and then in requests. For what its worth, I now understand why requests 2.12 causes the problem in the first place, and why (manually) downgrading requests to 2.11.x can make it work, documented in #58. @yugangw-msft After we revert #58 and requests has a new release, the affected developers or end users will see this exception message in their console (if they have access to one): "'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.". Hopefully this would be enough to guide the affected users to take proper action. |
@rayluo While the code you linked does raise an |
I am getting
while python -m pip install adal |
@avaranovich What is the version of your pip? Perhaps this Q&A in stackoverflow could help you. |
@avaranovich any luck with this? I am using this in Azure Web Apps where I have no control of the pip version. |
@reaperhulk, do you know when your change to utllib3 will be included in a new release of request? |
@aarsan, you can use the previous release of adal, unless you need particular fixes |
@yugangw-msft |
In #58 I see you added
requests != 2.12
to the requirements ofadal
. This is sadly not a workable restriction in practice due to the way pip currently does version dependency resolution. To illustrate, consider this simple Python package setup.py:We'll also have a
depfail/__init__.py
that looks like this:This package has two dependencies,
requests[security]
andadal
. You might rationally think that pip would recursively look through dependencies to build a full set of requirements and then use something like a SAT solver to satisfy the constraints imposed on individual packages (and, of course, fail if it can't satisfy them). Unfortunately, that is not the case. In reality here's what your virtualenv will look like if you dopip install .
:As you can see, requests 2.12.3 is installed despite the explicit
!= 2.12
. Of course if we do apython -c 'import depfail;depfail.fail()'
we getNo failure!
. So what's the problem?Well, when you define a console_script it uses setuptools entry points to invoke your script. The installed script is available in your PATH and looks something like this:
load_entry_point
is a bit more conscientious about whether or not dependencies are satisfied so it proceeds to check to see if adal's requirements are met and...This interaction means that
adal
can't effectively block requests 2.12 for users who have requests listed as a dependency that is processed beforeadal
(a presumably common scenario). Additionally, this directive causes major breakage for users who invoke their application via console scripts (not an uncommon path).The text was updated successfully, but these errors were encountered: