Description
Environment
- pip version: 18.1
- Python version: 2.7
- OS: ubuntu 18.04 (docker)
Description
After merging #3846, package installation should be aborted if Requires-Python do not match the running Python version. But this feature is not working.
Expected behavior
Package installation should stop before setup.py is run.
How to Reproduce
On a fresh installed ubuntu 18.04 (Here I use docker run -it ubuntu:18.04 bash)
Run the following commands
apt update && apt install python-pip
python -m pip install -U pip
python -m pip install https://files.pythonhosted.org/packages/6a/f5/d8f543ce16d9748a2cff663f23b5c1a6d7b844cb341e3343e4bbe5a9c620/angr-8.18.10.25.tar.gz
Why do this?
Yes, python -m pip install angr works without any error. This is because data-requires-python attribute is provided on the official PyPI website according to PEP503. Python 2.7 will ignore the versions that doesn't satisfy the requirement and finally install angr-7.8.9.26 (the correct version for Python 2.7).
Unfortunately, according to PEP503,
A repository MAY include a
data-requires-pythonattribute on a file link.
There are many mirrors of PyPI which do not support data-requires-python attribute, such as https://mirrors.ustc.edu.cn/pypi/web/. When you install PyPI packages from these mirrors, you will download package versions which are in conflict with the running Python version (eg. the URL I provided above). Some packages will detect it when installing and stop immediately, but others will succeed in installing and just throw something like SyntaxError: invalid syntax only when you import it. pip should ensure that a package should not start installing if Requires-Python do not match the running Python version.
Output
root@267436d93d0c:/# python -V
Python 2.7.15rc1
root@267436d93d0c:/# python -m pip -V
pip 18.1 from /usr/local/lib/python2.7/dist-packages/pip (python 2.7)
root@267436d93d0c:/# python -m pip install https://files.pythonhosted.org/packages/6a/f5/d8f543ce16d9748a2cff663f23b5c1a6d7b844cb341e3343e4bbe5a9c620/angr-8.18.10.25.tar.gz
Collecting https://files.pythonhosted.org/packages/6a/f5/d8f543ce16d9748a2cff663f23b5c1a6d7b844cb341e3343e4bbe5a9c620/angr-8.18.10.25.tar.gz
Using cached https://files.pythonhosted.org/packages/6a/f5/d8f543ce16d9748a2cff663f23b5c1a6d7b844cb341e3343e4bbe5a9c620/angr-8.18.10.25.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-req-build-4N0yQX/setup.py", line 27, in <module>
""")
Exception:
=-=-=-=-=-=-=-=-=-=-=-=-= WELCOME TO THE FUTURE! =-=-=-=-=-=-=-=-=-=-=-=-=-=
angr has transitioned to python 3. Due to the small size of the team behind it,
we can't reasonably maintain compatibility between both python 2 and python 3.
If you want to continue using the most recent version of angr (you definitely
want that, trust us) you should upgrade to python 3. It's like getting your
vaccinations. It hurts a little bit initially but in the end it's worth it.
If you are staying on python 2 and would like to make sure you don't get
incompatible versions, make sure your pip is at least version 9.0, and it will
use our metadata to implicitly avoid them.
For more information, see here: https://docs.angr.io/MIGRATION.html
Good luck!
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-req-build-4N0yQX/
root@267436d93d0c:/# wget https://files.pythonhosted.org/packages/6a/f5/d8f543ce16d9748a2cff663f23b5c1a6d7b844cb341e3343e4bbe5a9c620/angr-8.18.10.25.tar.gz && tar xf angr-8.18.10.25.tar.gz && cat angr-8.18.10.25/PKG-INFO
Metadata-Version: 1.2
Name: angr
Version: 8.18.10.25
Summary: A multi-architecture binary analysis toolkit, with the ability to perform dynamic symbolic execution and various static analyses on binaries
Home-page: https://github.com/angr/angr
License: UNKNOWN
Description: UNKNOWN
Platform: UNKNOWN
Requires-Python: >=3.5