serverless-python-requirements: Missing hash for setuptools?

Not sure where this issue belongs, but maybe someone here has a solution.

I have a serverless project using pipenv. One of the requirements (jira) includes setuptools as a dependency. When trying to run serverless deploy with this plugin I get the following error:

In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    setuptools>=20.10.1 from https://pypi.python.org/packages/32/28/16fffbead19dc705f9546134ca81090d6c266aff6173fb092bb6d8dfd76a/setuptools-36.5.0-py2.py3-none-any.whl#md5=14b28ae24ea931a752f70acaafcb1b9f (from jira==1.0.10->-r .serverless/requirements.txt (line 2))

Pipenv generates a requirements.txt with hashes, however it seems that the hash for setuptools is missing or not working. The following command does not work.

pip install -t .serverless/requirements -r .serverless/requirements.txt

However the following works (setuptools is already installed in a fresh virtualenv).

pip install -r .serverless/requirements.txt

So my guess is that the issue is either with pipenv (generating a faulty requirements.txt), pip or jira.

This is what my generated requirements.txt looks like:

lazy-object-proxy==1.3.1 --hash=sha256:209615b0fe4624d79e50220ce3310ca1a9445fd8e6d3572a896e7f9146bbf019  --hash=sha256:1b668120716eb7ee21d8a38815e5eb3bb8211117d9a90b0f8e21722c0758cc39  --hash=sha256:cb924aa3e4a3fb644d0c463cad5bc2572649a6a3f68a7f8e4fbe44aaa6d77e4c  --hash=sha256:2c1b21b44ac9beb0fc848d3993924147ba45c4ebc24be19825e57aabbe74a99e  --hash=sha256:320ffd3de9699d3892048baee45ebfbbf9388a7d65d832d7e580243ade426d2b  --hash=sha256:2df72ab12046a3496a92476020a1a0abf78b2a7db9ff4dc2036b8dd980203ae6  --hash=sha256:27ea6fd1c02dcc78172a82fc37fcc0992a94e4cecf53cb6d73f11749825bd98b  --hash=sha256:e5b9e8f6bda48460b7b143c3821b21b452cb3a835e6bbd5dd33aa0c8d3f5137d  --hash=sha256:7661d401d60d8bf15bb5da39e4dd72f5d764c5aff5a86ef52a042506e3e970ff  --hash=sha256:61a6cf00dcb1a7f0c773ed4acc509cb636af2d6337a08f362413c76b2b47a8dd  --hash=sha256:bd6292f565ca46dee4e737ebcc20742e3b5be2b01556dafe169f6c65d088875f  --hash=sha256:933947e8b4fbe617a51528b09851685138b49d511af0b6c0da2539115d6d4514  --hash=sha256:d0fc7a286feac9077ec52a927fc9fe8fe2fabab95426722be4c953c9a8bede92  --hash=sha256:7f3a2d740291f7f2c111d86a1c4851b70fb000a6c8883a59660d95ad57b9df35  --hash=sha256:5276db7ff62bb7b52f77f1f51ed58850e315154249aceb42e7f4c611f0f847ff  --hash=sha256:94223d7f060301b3a8c09c9b3bc3294b56b2188e7d8179c762a1cda72c979252  --hash=sha256:6ae6c4cb59f199d8827c5a07546b2ab7e85d262acaccaacd49b62f53f7c456f7  --hash=sha256:f460d1ceb0e4a5dcb2a652db0904224f367c9b3c1470d5a7683c0480e582468b  --hash=sha256:e81ebf6c5ee9684be8f2c87563880f93eedd56dd2b6146d8a725b50b7e5adb0f  --hash=sha256:81304b7d8e9c824d058087dcb89144842c8e0dea6d281c031f59f0acf66963d4  --hash=sha256:ddc34786490a6e4ec0a855d401034cbd1242ef186c20d79d2166d6a4bd449577  --hash=sha256:7bd527f36a605c914efca5d3d014170b2cb184723e423d26b1fb2fd9108e264d  --hash=sha256:ab3ca49afcb47058393b0122428358d2fbe0408cf99f1b58b295cfeb4ed39109  --hash=sha256:7cb54db3535c8686ea12e9535eb087d32421184eacc6939ef15ef50f83a5e7e2  --hash=sha256:0ce34342b419bd8f018e6666bfef729aec3edf62345a53b537a4dcc115746a33  --hash=sha256:e34b155e36fa9da7e1b7c738ed7767fc9491a62ec6af70fe9da4a057759edc2d  --hash=sha256:50e3b9a464d5d08cc5227413db0d1c4707b6172e4d4d915c1c70e4de0bbff1f5  --hash=sha256:27bf62cb2b1a2068d443ff7097ee33393f8483b570b475db8ebf7e1cba64f088  --hash=sha256:eb91be369f945f10d3a49f5f9be8b3d0b93a4c2be8f8a5b83b0571b8123e0a7a
jira==1.0.10 --hash=sha256:3886af9c6211fa24f518e3b10ed32779838b4f3ae0b2ac1c0ab869f8f086d57a  --hash=sha256:409a0a94800f05a1e8e078540eb5610e243586bd5ee9bc8cae8899cbbd061898
py==1.4.34 --hash=sha256:2ccb79b01769d99115aa600d7eed99f524bf752bba8f041dc1c184853514655a  --hash=sha256:0f2d585d22050e90c7d293b6451c83db097df77871974d90efd5a30dc12fcde3
ordereddict==1.1; python_version < '3.1' --hash=sha256:1c35b4ac206cef2d24816c89f89cf289dd3d38cf7c449bb3fab7bf6d43f01b1f
requests-oauthlib==0.8.0 --hash=sha256:50a8ae2ce8273e384895972b56193c7409601a66d4975774c60c2aed869639ca  --hash=sha256:883ac416757eada6d3d07054ec7092ac21c7f35cb1d2cf82faf205637081f468
argparse==1.4.0; python_version < '3.2' --hash=sha256:c31647edb69fd3d465a847ea3157d37bed1f95f19760b11a47aa91c04b666314  --hash=sha256:62b089a55be1d8949cd2bc7e0df0bddb9e028faefc8c32038cc84862aefdd6e4
urllib3==1.22 --hash=sha256:06330f386d6e4b195fbfc736b297f58c5a892e4440e54d294d7004e3a9bbea1b  --hash=sha256:cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f
pylint==1.7.4 --hash=sha256:948679535a28afc54afb9210dabc6973305409042ece8e5768ca1409910c1ed8  --hash=sha256:1f65b3815c3bf7524b845711d54c4242e4057dd93826586620239ecdfe591fb1
backports.functools-lru-cache==1.4; python_version == '2.7' --hash=sha256:4ba998e881f285c1d1b73f5b6e3766539b4e162320f9589334400c5ddc35198c  --hash=sha256:31f235852f88edc1558d428d890663c49eb4514ffec9f3650e7f3c9e4a12e36f
singledispatch==3.4.0.3; python_version < '3.4' --hash=sha256:833b46966687b3de7f438c761ac475213e53b306740f1abfaa86e1d1aae56aa8  --hash=sha256:5b06af87df13818d14f08a028e42f566640aef80805c3b50c5056b086e3c2b9c
coverage==4.4.1 --hash=sha256:c1456f66c536010cf9e4633a8853a9153e8fd588393695295afd4d0fc16c1d74  --hash=sha256:97a7ec51cdde3a386e390b159b20f247ccb478084d925c75f1faa3d26c01335e  --hash=sha256:83e955b975666b5a07d217135e7797857ce844eb340a99e46cc25525120417c4  --hash=sha256:483ed14080c5301048128bb027b77978c632dd9e92e3ecb09b7e28f5b92abfcf  --hash=sha256:ef574ab9640bcfa2f3c671831faf03f65788945fdf8efa4d4a1fffc034838e2a  --hash=sha256:c5a205b4da3c624f5119dc4d84240789b5906bb8468902ec22dcc4aad8aa4638  --hash=sha256:5dea90ed140e7fa9bc00463313f9bc4a6e6aff297b4969615e7a688615c4c4d2  --hash=sha256:f9e83b39d29c2815a38e4118d776b482d4082b5bf9c9147fbc99a3f83abe480a  --hash=sha256:700040c354f0230287906b1276635552a3def4b646e0145555bc9e2e5da9e365  --hash=sha256:7f1eacae700c66c3d7362a433b228599c9d94a5a3a52613dddd9474e04deb6bc  --hash=sha256:13ef9f799c8fb45c446a239df68034de3a6f3de274881b088bebd7f5661f79f8  --hash=sha256:dfb011587e2b7299112f08a2a60d2601706aac9abde37aa1177ea825adaed923  --hash=sha256:381be5d31d3f0d912334cf2c159bc7bea6bfe6b0e3df6061a3bf2bf88359b1f6  --hash=sha256:83a477ac4f55a6ef59552683a0544d47b68a85ce6a80fd0ca6b3dc767f6495fb  --hash=sha256:dfd35f1979da31bcabbe27bcf78d4284d69870731874af629082590023a77336  --hash=sha256:9681efc2d310cfc53863cc6f63e88ebe7a48124550fa822147996cb09390b6ab  --hash=sha256:53770b20ac5b4a12e99229d4bae57af0945be87cc257fce6c6c7571a39f0c5d4  --hash=sha256:8801880d32f11b6df11c32a961e186774b4634ae39d7c43235f5a24368a85f07  --hash=sha256:16db2c69a1acbcb3c13211e9f954e22b22a729909d81f983b6b9badacc466eda  --hash=sha256:ef43a06a960b46c73c018704051e023ee6082030f145841ffafc8728039d5a88  --hash=sha256:c3e2736664a6074fc9bd54fb643f5af0fc60bfedb2963b3d3f98c7450335e34c  --hash=sha256:17709e22e4c9f5412ba90f446fb13b245cc20bf4a60377021bbff6c0f1f63e7c  --hash=sha256:a2f7106d1167825c4115794c2ba57cc3b15feb6183db5328fa66f94c12902d8b  --hash=sha256:2a08e978f402696c6956eee9d1b7e95d3ad042959b71bafe1f3e4557cbd6e0ac  --hash=sha256:57f510bb16efaec0b6f371b64a8000c62e7e3b3e48e8b0a5745ade078d849814  --hash=sha256:0f1883eab9c19aa243f51308751b8a2a547b9b817b721cc0ecf3efb99fafbea7  --hash=sha256:e00fe141e22ce6e9395aa24d862039eb180c6b7e89df0bbaf9765e9aebe560a9  --hash=sha256:ec596e4401553caa6dd2e3349ce47f9ef82c1f1bcba5d8ac3342724f0df8d6ff  --hash=sha256:c820a533a943ebc860acc0ce6a00dd36e0fdf2c6f619ff8225755169428c5fa2  --hash=sha256:b7f7283eb7badd2b8a9c6a9d6eeca200a0a24db6be79baee2c11398f978edcaa  --hash=sha256:a5ed27ad3e8420b2d6b625dcbd3e59488c14ccc06030167bcf14ffb0f4189b77  --hash=sha256:d7b70b7b4eb14d0753d33253fe4f121ca99102612e2719f0993607deb30c6f33  --hash=sha256:4047dc83773869701bde934fb3c4792648eda7c0e008a77a0aec64157d246801  --hash=sha256:7a9c44400ee0f3b4546066e0710e1250fd75831adc02ab99dda176ad8726f424  --hash=sha256:0f649e68db74b1b5b8ca4161d08eb2b8fa8ae11af1ebfb80e80e112eb0ef5300  --hash=sha256:52964fae0fafef8bd283ad8e9a9665205a9fdf912535434defc0ec3def1da26b  --hash=sha256:36aa6c8db83bc27346ddcd8c2a60846a7178ecd702672689d3ea1828eb1a4d11  --hash=sha256:9824e15b387d331c0fc0fef905a539ab69784368a1d6ac3db864b4182e520948  --hash=sha256:4a678e1b9619a29c51301af61ab84122e2f8cc7a0a6b40854b808ac6be604300  --hash=sha256:8bb7c8dca54109b61013bc4114d96effbf10dea136722c586bce3a5d9fc4e730  --hash=sha256:1a41d621aa9b6ab6457b557a754d50aaff0813fad3453434de075496fca8a183  --hash=sha256:0fa423599fc3d9e18177f913552cdb34a8d9ad33efcf52a98c9d4b644edb42c5  --hash=sha256:e61a4ba0b2686040cb4828297c7e37bcaf3a1a1c0bc0dbe46cc789dde51a80fa  --hash=sha256:ce9ef0fc99d11d418662e36fd8de6d71b19ec87c2eab961a117cc9d087576e72
certifi==2017.7.27.1 --hash=sha256:54a07c09c586b0e4c619f02a5e94e36619da8e2b053e20f594348c0611803704  --hash=sha256:40523d2efb60523e113b44602298f0960e900388cf3bb6043f645cf57ea9e3f5
six==1.11.0 --hash=sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb  --hash=sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9
configparser==3.5.0; python_version == '2.7' --hash=sha256:5308b47021bc2340965c371f0f058cc6971a04502638d4244225c49d80db273a
astroid==1.5.3 --hash=sha256:39a21dd2b5d81a6731dc0ac2884fa419532dffd465cdd43ea6c168d36b76efb3  --hash=sha256:492c2a2044adbf6a84a671b7522e9295ad2f6a7c781b899014308db25312dd35
oauthlib==2.0.4 --hash=sha256:514e293cb356dd53d596692207d48d9231b997995c9a4167eefa868583d74d13
defusedxml==0.5.0 --hash=sha256:702a91ade2968a82beb0db1e0766a6a273f33d4616a6ce8cde475d8e09853b20  --hash=sha256:24d7f2f94f7f3cb6061acb215685e5125fbcdc40a857eff9de22518820b0a4f4
wrapt==1.10.11 --hash=sha256:d4d560d479f2c21e1b5443bbd15fe7ec4b37fe7e53d335d3b9b0a7b1226fe3c6
pbr==3.1.1 --hash=sha256:60c25b7dfd054ef9bb0ae327af949dd4676aa09ac3a9471cdc871d8a9213f9ac  --hash=sha256:05f61c71aaefc02d8e37c0a3eeb9815ff526ea28b3b76324769e6158d7f95be1
enum34==1.1.6; python_version < '3.4' --hash=sha256:6bd0f6ad48ec2aa117d3d141940d484deccda84d4fcd884f5c3d93c23ecd8c79  --hash=sha256:644837f692e5f550741432dd3f223bbb9852018674981b1664e5dc339387588a  --hash=sha256:8ad8c4783bf61ded74527bffb48ed9b54166685e4230386a9ed9b1279e2df5b1  --hash=sha256:2d81cbbe0e73112bdfe6ef8576f2238f2ba27dd0d55752a776c41d38b7da2850
pytest-coverage==0.0 --hash=sha256:dedd084c5e74d8e669355325916dc011539b190355021b037242514dee546368  --hash=sha256:db6af2cbd7e458c7c9fd2b4207cee75258243c8a81cad31a7ee8cfad5be93c05
pytest-cov==2.5.1 --hash=sha256:890fe5565400902b0c78b5357004aab1c814115894f4f21370e2433256a3eeec  --hash=sha256:03aa752cf11db41d281ea1d807d954c4eda35cfa1b21d6971966cc041bbf6e2d
mccabe==0.6.1 --hash=sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42  --hash=sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f
pytest==3.2.3 --hash=sha256:81a25f36a97da3313e1125fce9e7bbbba565bc7fec3c5beb14c262ddab238ac1  --hash=sha256:27fa6617efc2869d3e969a3e75ec060375bfb28831ade8b5cdd68da3a741dc3c
isort==4.2.15 --hash=sha256:cd5d3fc2c16006b567a17193edf4ed9830d9454cbeb5a42ac80b36ea00c23db4  --hash=sha256:79f46172d3a4e2e53e7016e663cc7a8b538bec525c36675fcfd2767df30b3983
chardet==3.0.4 --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691  --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae
requests==2.18.4 --hash=sha256:6a1b267aa90cac58ac3a765d067950e7dbbf75b1da07e895d1f594193a40a38b  --hash=sha256:9c443e7324ba5b85070c4a818ade28bfabedf16ea10206da1132edaa6dda237e
pytest-cover==3.0.0 --hash=sha256:578249955eb3b5f3991209df6e532bb770b647743b7392d3d97698dc02f39ebb  --hash=sha256:5bdb6c1cc3dd75583bb7bc2c57f5e1034a1bfcb79d27c71aceb0b16af981dbf4
idna==2.6 --hash=sha256:8c7309c718f94b3a625cb648ace320157ad16ff131ae0af362c9f21b80ef6ec4  --hash=sha256:2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f
requests-toolbelt==0.8.0 --hash=sha256:42c9c170abc2cacb78b8ab23ac957945c7716249206f90874651971a4acff237  --hash=sha256:f6a531936c6fa4c6cfce1b9c10d5c4f498d16528d2a54a22ca00011205a187b5

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 2
  • Comments: 19 (6 by maintainers)

Most upvoted comments

For anyone else hitting this, if your using an older pipenv, I had to run pip3 install pipenv --upgrade to get the version that fixes this.

+2
xer0x on Jul 17, 2018

@dfee that issue was closed 3days ago and is in pipenv master

+2
awhillas on Feb 20, 2018

Yeah, I hope to get some time to dig into the issue from the pipenv side of things soon*

+2
Tethik on Nov 10, 2017

Unsure how closely it’s related, but a recent reference to that issue was labeled as a bug a few days ago: https://github.com/pypa/pipenv/issues/1380

Anyway, it looks like I’m going to need to go the route of disabling pipenv.

+1
dfee on Feb 16, 2018

This is mine:

[[source]]

url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"


[dev-packages]

pytest = "*"
pylint = "*"
pytest-coverage = "*"
"autopep8" = "*"
"boto3" = "*"


[packages]

jira = "*"
requests = "*"
raven-python-lambda = "*"


[requires]

python_version = "3.6"
+1
Tethik on Jan 10, 2018

@Tethik or @mlosev could one of you share your Pipfile so that I could recreate this?

+1
dschep on Jan 10, 2018

I’m having the exact same issue with a very similar scenario as you. Looks like in my case its pytest that requires setuptools.

+1
jeff-savin on Oct 26, 2017
Read more comments on GitHub
← serverless-python-requirements: Issue with serverless deploy, requirements.txt not found
serverless-python-requirements: Packaging just layer with python requirements fails →