ValueError('ZIP does not support timestamps before 1980') on GitHub package install #9910
Closed
1 task done
Comments
nicholasserra
added
S: needs triage
|
Maybe the CI has an incorrect system time or delibrately set file system time to a “wrong” value (for reproducilibty for example)? This can never be triggered under normal circumstances since you can’t really have files older than 1980-01-01. But yeah setting |
|
Tried to go down the route of testing with an incorrect system time, but things like SSL cert validation blocked the entire process. I'm at a bit of a loss as to what else could be triggering it. Just issued a PR for suggested fix: Thanks! |
inmantaci
added a commit
to inmanta/inmanta-core
that referenced
this issue
May 24, 2021
Bumps [pip](https://github.com/pypa/pip) from 21.1.1 to 21.1.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>21.1.2 (2021-05-23)</h1> <h2>Bug Fixes</h2> <ul> <li>New resolver: Correctly exclude an already installed package if its version is known to be incompatible to stop the dependency resolution process with a clear error message. (<code>[#9841](pypa/pip#9841) <https://github.com/pypa/pip/issues/9841></code>_)</li> <li>Allow ZIP to archive files with timestamps earlier than 1980. (<code>[#9910](pypa/pip#9910) <https://github.com/pypa/pip/issues/9910></code>_)</li> <li>Emit clearer error message when a project root does not contain either <code>pyproject.toml</code>, <code>setup.py</code> or <code>setup.cfg</code>. (<code>[#9944](pypa/pip#9944) <https://github.com/pypa/pip/issues/9944></code>_)</li> <li>Fix detection of existing standalone pip instance for PEP 517 builds. (<code>[#9953](pypa/pip#9953) <https://github.com/pypa/pip/issues/9953></code>_)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/8737f903eaa9475e1b7693e436d9bdf17e46e43a"><code>8737f90</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/d7cf6cacdee550983686692d0d463ad493cb993d"><code>d7cf6ca</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/30faa6478edbc1e54498b7cbb20111d75a96d2dd"><code>30faa64</code></a> Fix duplicate top line in NEWS.rst</li> <li><a href="https://github.com/pypa/pip/commit/128ec362547fe11f8b3c6402687a00a06e7f6e51"><code>128ec36</code></a> Test case for backtracking an installed candidate</li> <li><a href="https://github.com/pypa/pip/commit/729c626da75b25af0640a77efdbbfc57e567e1f9"><code>729c626</code></a> Exclude a known incompatible installed candidate</li> <li><a href="https://github.com/pypa/pip/commit/1c31d3314c42d19b354f376991db2b33134dde5e"><code>1c31d33</code></a> Update src/pip/_internal/build_env.py</li> <li><a href="https://github.com/pypa/pip/commit/e266aa55ac6484d33c36aee7082243edd669e2a8"><code>e266aa5</code></a> Update news/9910.bugfix.rst</li> <li><a href="https://github.com/pypa/pip/commit/00003d5325b333290b4bcde17791ed3a489562d0"><code>00003d5</code></a> 9910 news</li> <li><a href="https://github.com/pypa/pip/commit/d55e02c71673f4332c191cf8095360c5900f7c6e"><code>d55e02c</code></a> Set strict_timestamps=False when zip is called for isolated environment</li> <li><a href="https://github.com/pypa/pip/commit/4f983c4476251c83bc320ebaaff0cb9b71d2e981"><code>4f983c4</code></a> Handle standalone pip creation from pip wheel</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/21.1.1...21.1.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Still tracking exactly how this is being triggered, but wanted to report early just in case.
Inconsistently getting
ValueError('ZIP does not support timestamps before 1980')in CI when installing requirements viagit+httpsfor packages from GitHub.I see the new zip functionality was introduced via #9689. Stack trace points to
zf.writein_create_standalone_pipfunction.Haven't been able to trigger locally in pip 21.1 yet, only seeing in CI, so wondering if i'm having some kind of network issue.
Either way, we might want to consider setting
strict_timestamps=Falsewhen using ZipFile for this:https://docs.python.org/3/library/zipfile.html#zipfile-objects
Expected behavior
Correctly install requirement from GitHub.
pip version
21.1
Python version
3.9.2
OS
python:3.9.2-buster Docker container
How to Reproduce
Still trying to nail down a consistent method to reproduce. I suspect something in my CI is contributing to the issue. But exception is triggered while trying to install via
git+httpsrequirement.Output
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: