Tag Archives: all requirements must have their versions pinned with ==. These do not: cffi>=1.1 from https://…..

pip install poetry Export requirements.txt Error: ERROR: In –require-hashes mode, all requirements must have their versions pinned with ==. These do not: cffi>=1.1 from https://…..

background

Python 3.9

pip 21.2.3

poetry   1.1.8

Execute the command to export requirements.txt

 poetry export  -f requirements.txt --output requirements.txt

seerequirements.txt

Each library has a hash encryption field

Execute the PIP install command

pip3 install --no-cache-dir --upgrade  -r requirements.txt

It’s wrong

#8 28.40 Collecting websockets==10.0
#8 28.51   Downloading websockets-10.0-cp39-cp39-manylinux2010_x86_64.whl (107 kB)
#8 29.38 Collecting cffi>=1.1
#8 29.38 ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
#8 29.38     cffi>=1.1 from https://files.pythonhosted.org/packages/be/2a/6d266eea47dbb2d872bbd1b8954a2d167668481ff34ebb70ffdd1113eeab/cffi-1.14.6-cp39-cp39-manylinux1_x86_64.whl#sha256=f3ebe6e73c319340830a9b2825d32eb6d8475c1dac020b4f0aa774ee3b898d1c (from bcrypt==3.2.0->-r /code/requirements.txt (line 19))
------
executor failed running [/bin/sh -c pip install --no-cache-dir --upgrade -r /code/requirements.txt]: exit code: 1

Troubleshooting ideas

Uninstall cffi library and reinstall it. No

Regenerate the requirements.txt file and then install it. No

No, Google searched and found the issue of similar problems. It seems that it is a known problem, and the official poetry hasn’t fixed it yet. It only provides a way to avoid it

https://github.com/actions/virtual-environments/issues/2245

Solution

This flag is passed in the poetry export command  — without-hashes

poetry export --without-hashes -f requirements.txt --output requirements.txt

I use this method. It can be used in practice. It is suitable for small partners who use poetry

The following scenes have not been tried

Scene 1

Stop using PIP — constraints flag to pass packages with fixed hashes

Scene 2

If you use PIP directly, fix it to versions before 20.3

python -m pip install --upgrade pip==20.2.4

Scene 3

If you are using another   Virtualenv depends on pip. Please ensure that its version is fixed

python -m pip install --upgrade virtualenv==20.0.26

Or use the environment variable virtualenv_ PIP=20.2.4