poetry.lock [package.dependencies] markers not being respected

[wjhrdy]

Describe the bug
micropipenv is not handling the sys_platform marker appropriately and is trying to install pywinpty and pywin32 on linux.
Specifically as a dependencies of the [email protected] package

To Reproduce
Build this Dockerfile

FROM centos/python-38-centos7

ENV ENABLE_MICROPIPENV="1"
ENV POETRY_VERSION="1.1.0"

USER root
RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python -
ENV PATH="$HOME/.poetry/bin:${PATH}"
RUN mkdir /tmp/src && \
    cd /tmp/src && \
    poetry init -n -q --python "^3.8" && \
    poetry add --lock [email protected] && \
    rm -rf /opt/app-root/src/.cache/ && \
    rm -rf /opt/app-root/src/.local/ && \
    rm -rf /opt/app-root/src/.poetry/

USER 0
RUN /usr/bin/fix-permissions /tmp/src
USER 1001

RUN /usr/libexec/s2i/assemble

CMD /usr/libexec/s2i/run

Expected behavior
Respect sys_platform and os_name marker from the poetry.lock file.

pywinpty = {version = ">=1.1.0", markers = "os_name == \"nt\""}
...
pywin32 = {version = ">=1.0", markers = "sys_platform == \"win32\""}

The expected behavior is working when using poetry exported requirements.txt to install.
The workaround is to export the poetry requirements to requirements.txt and then remove the poetry files. Obviously if we are installing poetry we are defeating the purpose of using micropipenv, so I'd like the solution to not require poetry.

This Dockerfile builds fine with the same dependencies and a requirements.txt file.

FROM centos/python-38-centos7

ENV ENABLE_MICROPIPENV="1"
ENV POETRY_VERSION="1.1.0"

USER root
RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python -
ENV PATH="$HOME/.poetry/bin:${PATH}"
RUN mkdir /tmp/src && \
    cd /tmp/src && \
    poetry init -n -q --python "^3.8" && \
    poetry add --lock [email protected] && \
    poetry export -f requirements.txt --output requirements.txt --without-hashes && \
    rm -f poetry.lock && \
    rm -f pyproject.toml && \
    rm -rf /opt/app-root/src/.cache/ && \
    rm -rf /opt/app-root/src/.local/ && \
    rm -rf /opt/app-root/src/.poetry/

USER 0
RUN /usr/bin/fix-permissions /tmp/src
USER 1001

RUN /usr/libexec/s2i/assemble

CMD /usr/libexec/s2i/run

We get this output:

Ignoring pywin32: markers 'sys_platform == "win32" and python_version >= "3.6"' don't match your environment
Ignoring pywinpty: markers 'os_name == "nt" and python_version >= "3.6"' don't match your environment

[fridex]

Hi @wjhrdy, thanks for the report.

Could you please provide poetry.lock and pyproject.toml to reproduce this?

Briefly looking at this, it might be that we are not propagating markers from the dependencies section:

pywinpty = {version = ">=1.1.0", markers = "os_name == \"nt\""}
...
pywin32 = {version = ">=1.0", markers = "sys_platform == \"win32\""}

micropipenv/micropipenv.py

Lines 693 to 694 in 4051992

	if entry.get("marker"):
	requirement["markers"] = entry["marker"]

[wjhrdy]

EDIT: I changed the required package from my original post from ipywidgets to terminado because it was terminado that was causing the issues. I did this to shorten the output a bit

poetry.lock

[[package]]
name = "ptyprocess"
version = "0.7.0"
description = "Run a subprocess in a pseudo terminal"
category = "main"
optional = false
python-versions = "*"

[[package]]
name = "pywinpty"
version = "1.1.3"
description = "Pseudo terminal support for Windows from Python."
category = "main"
optional = false
python-versions = ">=3.6"

[[package]]
name = "terminado"
version = "0.8.3"
description = "Terminals served to xterm.js using Tornado websockets"
category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"

[package.dependencies]
ptyprocess = {version = "*", markers = "os_name != \"nt\""}
pywinpty = {version = ">=0.5", markers = "os_name == \"nt\""}
tornado = ">=4"

[[package]]
name = "tornado"
version = "6.1"
description = "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed."
category = "main"
optional = false
python-versions = ">= 3.5"

[metadata]
lock-version = "1.1"
python-versions = "^3.8"
content-hash = "cdb46218870e9232f43cf2200497c649c4aa6f13fa45588214cb4f3b76df270e"

[metadata.files]
ptyprocess = [
    {file = "ptyprocess-0.7.0-py2.py3-none-any.whl", hash = "sha256:4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35"},
    {file = "ptyprocess-0.7.0.tar.gz", hash = "sha256:5c5d0a3b48ceee0b48485e0c26037c0acd7d29765ca3fbb5cb3831d347423220"},
]
pywinpty = [
    {file = "pywinpty-1.1.3-cp36-none-win_amd64.whl", hash = "sha256:81dc6f16d917b756e06fc58943e9750d59dbefc0ffd2086871d3fa5f33824446"},
    {file = "pywinpty-1.1.3-cp37-none-win_amd64.whl", hash = "sha256:54557887e712ea3215ab0d9f089ed55a6cc8d826cd5d1e340d75300654c9663f"},
    {file = "pywinpty-1.1.3-cp38-none-win_amd64.whl", hash = "sha256:f5e25197397f1fef0362caf3eb89f25441827a1e48bf15827c27021592fd2160"},
    {file = "pywinpty-1.1.3-cp39-none-win_amd64.whl", hash = "sha256:b767276224f86b7560eb9173ba7956758cafcdfab97bb33837d42d2a0f1dbf67"},
    {file = "pywinpty-1.1.3.tar.gz", hash = "sha256:3a1d57b338390333812a5eed31c93c7d8ba82b131078063703e731946d90c9f2"},
]
terminado = [
    {file = "terminado-0.8.3-py2.py3-none-any.whl", hash = "sha256:a43dcb3e353bc680dd0783b1d9c3fc28d529f190bc54ba9a229f72fe6e7a54d7"},
    {file = "terminado-0.8.3.tar.gz", hash = "sha256:4804a774f802306a7d9af7322193c5390f1da0abb429e082a10ef1d46e6fb2c2"},
]
tornado = [
    {file = "tornado-6.1-cp35-cp35m-macosx_10_9_x86_64.whl", hash = "sha256:d371e811d6b156d82aa5f9a4e08b58debf97c302a35714f6f45e35139c332e32"},
    {file = "tornado-6.1-cp35-cp35m-manylinux1_i686.whl", hash = "sha256:0d321a39c36e5f2c4ff12b4ed58d41390460f798422c4504e09eb5678e09998c"},
    {file = "tornado-6.1-cp35-cp35m-manylinux1_x86_64.whl", hash = "sha256:9de9e5188a782be6b1ce866e8a51bc76a0fbaa0e16613823fc38e4fc2556ad05"},
    {file = "tornado-6.1-cp35-cp35m-manylinux2010_i686.whl", hash = "sha256:61b32d06ae8a036a6607805e6720ef00a3c98207038444ba7fd3d169cd998910"},
    {file = "tornado-6.1-cp35-cp35m-manylinux2010_x86_64.whl", hash = "sha256:3e63498f680547ed24d2c71e6497f24bca791aca2fe116dbc2bd0ac7f191691b"},
    {file = "tornado-6.1-cp35-cp35m-manylinux2014_aarch64.whl", hash = "sha256:6c77c9937962577a6a76917845d06af6ab9197702a42e1346d8ae2e76b5e3675"},
    {file = "tornado-6.1-cp35-cp35m-win32.whl", hash = "sha256:6286efab1ed6e74b7028327365cf7346b1d777d63ab30e21a0f4d5b275fc17d5"},
    {file = "tornado-6.1-cp35-cp35m-win_amd64.whl", hash = "sha256:fa2ba70284fa42c2a5ecb35e322e68823288a4251f9ba9cc77be04ae15eada68"},
    {file = "tornado-6.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:0a00ff4561e2929a2c37ce706cb8233b7907e0cdc22eab98888aca5dd3775feb"},
    {file = "tornado-6.1-cp36-cp36m-manylinux1_i686.whl", hash = "sha256:748290bf9112b581c525e6e6d3820621ff020ed95af6f17fedef416b27ed564c"},
    {file = "tornado-6.1-cp36-cp36m-manylinux1_x86_64.whl", hash = "sha256:e385b637ac3acaae8022e7e47dfa7b83d3620e432e3ecb9a3f7f58f150e50921"},
    {file = "tornado-6.1-cp36-cp36m-manylinux2010_i686.whl", hash = "sha256:25ad220258349a12ae87ede08a7b04aca51237721f63b1808d39bdb4b2164558"},
    {file = "tornado-6.1-cp36-cp36m-manylinux2010_x86_64.whl", hash = "sha256:65d98939f1a2e74b58839f8c4dab3b6b3c1ce84972ae712be02845e65391ac7c"},
    {file = "tornado-6.1-cp36-cp36m-manylinux2014_aarch64.whl", hash = "sha256:e519d64089b0876c7b467274468709dadf11e41d65f63bba207e04217f47c085"},
    {file = "tornado-6.1-cp36-cp36m-win32.whl", hash = "sha256:b87936fd2c317b6ee08a5741ea06b9d11a6074ef4cc42e031bc6403f82a32575"},
    {file = "tornado-6.1-cp36-cp36m-win_amd64.whl", hash = "sha256:cc0ee35043162abbf717b7df924597ade8e5395e7b66d18270116f8745ceb795"},
    {file = "tornado-6.1-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:7250a3fa399f08ec9cb3f7b1b987955d17e044f1ade821b32e5f435130250d7f"},
    {file = "tornado-6.1-cp37-cp37m-manylinux1_i686.whl", hash = "sha256:ed3ad863b1b40cd1d4bd21e7498329ccaece75db5a5bf58cd3c9f130843e7102"},
    {file = "tornado-6.1-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:dcef026f608f678c118779cd6591c8af6e9b4155c44e0d1bc0c87c036fb8c8c4"},
    {file = "tornado-6.1-cp37-cp37m-manylinux2010_i686.whl", hash = "sha256:70dec29e8ac485dbf57481baee40781c63e381bebea080991893cd297742b8fd"},
    {file = "tornado-6.1-cp37-cp37m-manylinux2010_x86_64.whl", hash = "sha256:d3f7594930c423fd9f5d1a76bee85a2c36fd8b4b16921cae7e965f22575e9c01"},
    {file = "tornado-6.1-cp37-cp37m-manylinux2014_aarch64.whl", hash = "sha256:3447475585bae2e77ecb832fc0300c3695516a47d46cefa0528181a34c5b9d3d"},
    {file = "tornado-6.1-cp37-cp37m-win32.whl", hash = "sha256:e7229e60ac41a1202444497ddde70a48d33909e484f96eb0da9baf8dc68541df"},
    {file = "tornado-6.1-cp37-cp37m-win_amd64.whl", hash = "sha256:cb5ec8eead331e3bb4ce8066cf06d2dfef1bfb1b2a73082dfe8a161301b76e37"},
    {file = "tornado-6.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:20241b3cb4f425e971cb0a8e4ffc9b0a861530ae3c52f2b0434e6c1b57e9fd95"},
    {file = "tornado-6.1-cp38-cp38-manylinux1_i686.whl", hash = "sha256:c77da1263aa361938476f04c4b6c8916001b90b2c2fdd92d8d535e1af48fba5a"},
    {file = "tornado-6.1-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:fba85b6cd9c39be262fcd23865652920832b61583de2a2ca907dbd8e8a8c81e5"},
    {file = "tornado-6.1-cp38-cp38-manylinux2010_i686.whl", hash = "sha256:1e8225a1070cd8eec59a996c43229fe8f95689cb16e552d130b9793cb570a288"},
    {file = "tornado-6.1-cp38-cp38-manylinux2010_x86_64.whl", hash = "sha256:d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f"},
    {file = "tornado-6.1-cp38-cp38-manylinux2014_aarch64.whl", hash = "sha256:8f959b26f2634a091bb42241c3ed8d3cedb506e7c27b8dd5c7b9f745318ddbb6"},
    {file = "tornado-6.1-cp38-cp38-win32.whl", hash = "sha256:34ca2dac9e4d7afb0bed4677512e36a52f09caa6fded70b4e3e1c89dbd92c326"},
    {file = "tornado-6.1-cp38-cp38-win_amd64.whl", hash = "sha256:6196a5c39286cc37c024cd78834fb9345e464525d8991c21e908cc046d1cc02c"},
    {file = "tornado-6.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:f0ba29bafd8e7e22920567ce0d232c26d4d47c8b5cf4ed7b562b5db39fa199c5"},
    {file = "tornado-6.1-cp39-cp39-manylinux1_i686.whl", hash = "sha256:33892118b165401f291070100d6d09359ca74addda679b60390b09f8ef325ffe"},
    {file = "tornado-6.1-cp39-cp39-manylinux1_x86_64.whl", hash = "sha256:7da13da6f985aab7f6f28debab00c67ff9cbacd588e8477034c0652ac141feea"},
    {file = "tornado-6.1-cp39-cp39-manylinux2010_i686.whl", hash = "sha256:e0791ac58d91ac58f694d8d2957884df8e4e2f6687cdf367ef7eb7497f79eaa2"},
    {file = "tornado-6.1-cp39-cp39-manylinux2010_x86_64.whl", hash = "sha256:66324e4e1beede9ac79e60f88de548da58b1f8ab4b2f1354d8375774f997e6c0"},
    {file = "tornado-6.1-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:a48900ecea1cbb71b8c71c620dee15b62f85f7c14189bdeee54966fbd9a0c5bd"},
    {file = "tornado-6.1-cp39-cp39-win32.whl", hash = "sha256:d3d20ea5782ba63ed13bc2b8c291a053c8d807a8fa927d941bd718468f7b950c"},
    {file = "tornado-6.1-cp39-cp39-win_amd64.whl", hash = "sha256:548430be2740e327b3fe0201abe471f314741efcb0067ec4f2d7dcfb4825f3e4"},
    {file = "tornado-6.1.tar.gz", hash = "sha256:33c6e81d7bd55b468d2e793517c909b139960b6c790a60b7991b9b6b76fb9791"},
]

pyproject.toml

[tool.poetry]
name = ""
version = "0.1.0"
description = ""
authors = [""]

[tool.poetry.dependencies]
python = "^3.8"
terminado = "0.8.3"

[tool.poetry.dev-dependencies]

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

[wjhrdy]

poetry exported requirements.txt

ptyprocess==0.7.0; python_version >= "2.7" and python_full_version < "3.0.0" and os_name != "nt" or python_full_version >= "3.4.0" and os_name != "nt"
pywinpty==1.1.3; python_version >= "3.6" and python_full_version < "3.0.0" and os_name == "nt" or python_full_version >= "3.4.0" and os_name == "nt" and python_version >= "3.6"
terminado==0.8.3; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.4.0")
tornado==6.1; python_version >= "3.5" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.5"

[wjhrdy]

here is how pipenv handles it

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
terminado = "0.8.3"

[dev-packages]

[requires]
python_version = "3.8"

pipfile.lock (as generated by pipenv)

{
    "_meta": {
        "hash": {
            "sha256": "23bec64c321aedee86269ad460b459d9829760175d6be35e2e8ba321677844ec"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.8"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "ptyprocess": {
            "hashes": [
                "sha256:4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35",
                "sha256:5c5d0a3b48ceee0b48485e0c26037c0acd7d29765ca3fbb5cb3831d347423220"
            ],
            "markers": "os_name != 'nt'",
            "version": "==0.7.0"
        },
        "terminado": {
            "hashes": [
                "sha256:1e01183885f64c1bba3cf89a5a995ad4acfed4e5f00aebcce1bf7f089b0825a1",
                "sha256:221eef83e6a504894842f7dccfa971ca2e98ec22a8a9118577e5257527674b42"
            ],
            "index": "pypi",
            "version": "==0.11.0"
        },
        "tornado": {
            "hashes": [
                "sha256:0a00ff4561e2929a2c37ce706cb8233b7907e0cdc22eab98888aca5dd3775feb",
                "sha256:0d321a39c36e5f2c4ff12b4ed58d41390460f798422c4504e09eb5678e09998c",
                "sha256:1e8225a1070cd8eec59a996c43229fe8f95689cb16e552d130b9793cb570a288",
                "sha256:20241b3cb4f425e971cb0a8e4ffc9b0a861530ae3c52f2b0434e6c1b57e9fd95",
                "sha256:25ad220258349a12ae87ede08a7b04aca51237721f63b1808d39bdb4b2164558",
                "sha256:33892118b165401f291070100d6d09359ca74addda679b60390b09f8ef325ffe",
                "sha256:33c6e81d7bd55b468d2e793517c909b139960b6c790a60b7991b9b6b76fb9791",
                "sha256:3447475585bae2e77ecb832fc0300c3695516a47d46cefa0528181a34c5b9d3d",
                "sha256:34ca2dac9e4d7afb0bed4677512e36a52f09caa6fded70b4e3e1c89dbd92c326",
                "sha256:3e63498f680547ed24d2c71e6497f24bca791aca2fe116dbc2bd0ac7f191691b",
                "sha256:548430be2740e327b3fe0201abe471f314741efcb0067ec4f2d7dcfb4825f3e4",
                "sha256:6196a5c39286cc37c024cd78834fb9345e464525d8991c21e908cc046d1cc02c",
                "sha256:61b32d06ae8a036a6607805e6720ef00a3c98207038444ba7fd3d169cd998910",
                "sha256:6286efab1ed6e74b7028327365cf7346b1d777d63ab30e21a0f4d5b275fc17d5",
                "sha256:65d98939f1a2e74b58839f8c4dab3b6b3c1ce84972ae712be02845e65391ac7c",
                "sha256:66324e4e1beede9ac79e60f88de548da58b1f8ab4b2f1354d8375774f997e6c0",
                "sha256:6c77c9937962577a6a76917845d06af6ab9197702a42e1346d8ae2e76b5e3675",
                "sha256:70dec29e8ac485dbf57481baee40781c63e381bebea080991893cd297742b8fd",
                "sha256:7250a3fa399f08ec9cb3f7b1b987955d17e044f1ade821b32e5f435130250d7f",
                "sha256:748290bf9112b581c525e6e6d3820621ff020ed95af6f17fedef416b27ed564c",
                "sha256:7da13da6f985aab7f6f28debab00c67ff9cbacd588e8477034c0652ac141feea",
                "sha256:8f959b26f2634a091bb42241c3ed8d3cedb506e7c27b8dd5c7b9f745318ddbb6",
                "sha256:9de9e5188a782be6b1ce866e8a51bc76a0fbaa0e16613823fc38e4fc2556ad05",
                "sha256:a48900ecea1cbb71b8c71c620dee15b62f85f7c14189bdeee54966fbd9a0c5bd",
                "sha256:b87936fd2c317b6ee08a5741ea06b9d11a6074ef4cc42e031bc6403f82a32575",
                "sha256:c77da1263aa361938476f04c4b6c8916001b90b2c2fdd92d8d535e1af48fba5a",
                "sha256:cb5ec8eead331e3bb4ce8066cf06d2dfef1bfb1b2a73082dfe8a161301b76e37",
                "sha256:cc0ee35043162abbf717b7df924597ade8e5395e7b66d18270116f8745ceb795",
                "sha256:d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f",
                "sha256:d371e811d6b156d82aa5f9a4e08b58debf97c302a35714f6f45e35139c332e32",
                "sha256:d3d20ea5782ba63ed13bc2b8c291a053c8d807a8fa927d941bd718468f7b950c",
                "sha256:d3f7594930c423fd9f5d1a76bee85a2c36fd8b4b16921cae7e965f22575e9c01",
                "sha256:dcef026f608f678c118779cd6591c8af6e9b4155c44e0d1bc0c87c036fb8c8c4",
                "sha256:e0791ac58d91ac58f694d8d2957884df8e4e2f6687cdf367ef7eb7497f79eaa2",
                "sha256:e385b637ac3acaae8022e7e47dfa7b83d3620e432e3ecb9a3f7f58f150e50921",
                "sha256:e519d64089b0876c7b467274468709dadf11e41d65f63bba207e04217f47c085",
                "sha256:e7229e60ac41a1202444497ddde70a48d33909e484f96eb0da9baf8dc68541df",
                "sha256:ed3ad863b1b40cd1d4bd21e7498329ccaece75db5a5bf58cd3c9f130843e7102",
                "sha256:f0ba29bafd8e7e22920567ce0d232c26d4d47c8b5cf4ed7b562b5db39fa199c5",
                "sha256:fa2ba70284fa42c2a5ecb35e322e68823288a4251f9ba9cc77be04ae15eada68",
                "sha256:fba85b6cd9c39be262fcd23865652920832b61583de2a2ca907dbd8e8a8c81e5"
            ],
            "markers": "python_version >= '3.5'",
            "version": "==6.1"
        }
    },
    "develop": {}
}

[wjhrdy]

This is the pipfile.lock that micropipenv._poetry2pipfile_lock() generates.

{
    "_meta": {
        "hash": {
            "sha256": "cdb46218870e9232f43cf2200497c649c4aa6f13fa45588214cb4f3b76df270e"
        },
        "pipfile-spec": 6,
        "sources": [
            {
                "url": "https://pypi.org/simple",
                "name": "5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706",
                "verify_ssl": true
            }
        ],
        "requires": {
            "python_version": "3.9"
        }
    },
    "default": {
        "ptyprocess": {
            "version": "==0.7.0",
            "hashes": [
                "sha256:4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35",
                "sha256:5c5d0a3b48ceee0b48485e0c26037c0acd7d29765ca3fbb5cb3831d347423220"
            ],
            "index": "5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706"
        },
        "pywinpty": {
            "version": "==1.1.3",
            "hashes": [
                "sha256:81dc6f16d917b756e06fc58943e9750d59dbefc0ffd2086871d3fa5f33824446",
                "sha256:54557887e712ea3215ab0d9f089ed55a6cc8d826cd5d1e340d75300654c9663f",
                "sha256:f5e25197397f1fef0362caf3eb89f25441827a1e48bf15827c27021592fd2160",
                "sha256:b767276224f86b7560eb9173ba7956758cafcdfab97bb33837d42d2a0f1dbf67",
                "sha256:3a1d57b338390333812a5eed31c93c7d8ba82b131078063703e731946d90c9f2"
            ],
            "index": "5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706"
        },
        "terminado": {
            "version": "==0.8.3",
            "hashes": [
                "sha256:a43dcb3e353bc680dd0783b1d9c3fc28d529f190bc54ba9a229f72fe6e7a54d7",
                "sha256:4804a774f802306a7d9af7322193c5390f1da0abb429e082a10ef1d46e6fb2c2"
            ],
            "index": "5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706"
        },
        "tornado": {
            "version": "==6.1",
            "hashes": [
                "sha256:d371e811d6b156d82aa5f9a4e08b58debf97c302a35714f6f45e35139c332e32",
                "sha256:0d321a39c36e5f2c4ff12b4ed58d41390460f798422c4504e09eb5678e09998c",
                "sha256:9de9e5188a782be6b1ce866e8a51bc76a0fbaa0e16613823fc38e4fc2556ad05",
                "sha256:61b32d06ae8a036a6607805e6720ef00a3c98207038444ba7fd3d169cd998910",
                "sha256:3e63498f680547ed24d2c71e6497f24bca791aca2fe116dbc2bd0ac7f191691b",
                "sha256:6c77c9937962577a6a76917845d06af6ab9197702a42e1346d8ae2e76b5e3675",
                "sha256:6286efab1ed6e74b7028327365cf7346b1d777d63ab30e21a0f4d5b275fc17d5",
                "sha256:fa2ba70284fa42c2a5ecb35e322e68823288a4251f9ba9cc77be04ae15eada68",
                "sha256:0a00ff4561e2929a2c37ce706cb8233b7907e0cdc22eab98888aca5dd3775feb",
                "sha256:748290bf9112b581c525e6e6d3820621ff020ed95af6f17fedef416b27ed564c",
                "sha256:e385b637ac3acaae8022e7e47dfa7b83d3620e432e3ecb9a3f7f58f150e50921",
                "sha256:25ad220258349a12ae87ede08a7b04aca51237721f63b1808d39bdb4b2164558",
                "sha256:65d98939f1a2e74b58839f8c4dab3b6b3c1ce84972ae712be02845e65391ac7c",
                "sha256:e519d64089b0876c7b467274468709dadf11e41d65f63bba207e04217f47c085",
                "sha256:b87936fd2c317b6ee08a5741ea06b9d11a6074ef4cc42e031bc6403f82a32575",
                "sha256:cc0ee35043162abbf717b7df924597ade8e5395e7b66d18270116f8745ceb795",
                "sha256:7250a3fa399f08ec9cb3f7b1b987955d17e044f1ade821b32e5f435130250d7f",
                "sha256:ed3ad863b1b40cd1d4bd21e7498329ccaece75db5a5bf58cd3c9f130843e7102",
                "sha256:dcef026f608f678c118779cd6591c8af6e9b4155c44e0d1bc0c87c036fb8c8c4",
                "sha256:70dec29e8ac485dbf57481baee40781c63e381bebea080991893cd297742b8fd",
                "sha256:d3f7594930c423fd9f5d1a76bee85a2c36fd8b4b16921cae7e965f22575e9c01",
                "sha256:3447475585bae2e77ecb832fc0300c3695516a47d46cefa0528181a34c5b9d3d",
                "sha256:e7229e60ac41a1202444497ddde70a48d33909e484f96eb0da9baf8dc68541df",
                "sha256:cb5ec8eead331e3bb4ce8066cf06d2dfef1bfb1b2a73082dfe8a161301b76e37",
                "sha256:20241b3cb4f425e971cb0a8e4ffc9b0a861530ae3c52f2b0434e6c1b57e9fd95",
                "sha256:c77da1263aa361938476f04c4b6c8916001b90b2c2fdd92d8d535e1af48fba5a",
                "sha256:fba85b6cd9c39be262fcd23865652920832b61583de2a2ca907dbd8e8a8c81e5",
                "sha256:1e8225a1070cd8eec59a996c43229fe8f95689cb16e552d130b9793cb570a288",
                "sha256:d14d30e7f46a0476efb0deb5b61343b1526f73ebb5ed84f23dc794bdb88f9d9f",
                "sha256:8f959b26f2634a091bb42241c3ed8d3cedb506e7c27b8dd5c7b9f745318ddbb6",
                "sha256:34ca2dac9e4d7afb0bed4677512e36a52f09caa6fded70b4e3e1c89dbd92c326",
                "sha256:6196a5c39286cc37c024cd78834fb9345e464525d8991c21e908cc046d1cc02c",
                "sha256:f0ba29bafd8e7e22920567ce0d232c26d4d47c8b5cf4ed7b562b5db39fa199c5",
                "sha256:33892118b165401f291070100d6d09359ca74addda679b60390b09f8ef325ffe",
                "sha256:7da13da6f985aab7f6f28debab00c67ff9cbacd588e8477034c0652ac141feea",
                "sha256:e0791ac58d91ac58f694d8d2957884df8e4e2f6687cdf367ef7eb7497f79eaa2",
                "sha256:66324e4e1beede9ac79e60f88de548da58b1f8ab4b2f1354d8375774f997e6c0",
                "sha256:a48900ecea1cbb71b8c71c620dee15b62f85f7c14189bdeee54966fbd9a0c5bd",
                "sha256:d3d20ea5782ba63ed13bc2b8c291a053c8d807a8fa927d941bd718468f7b950c",
                "sha256:548430be2740e327b3fe0201abe471f314741efcb0067ec4f2d7dcfb4825f3e4",
                "sha256:33c6e81d7bd55b468d2e793517c909b139960b6c790a60b7991b9b6b76fb9791"
            ],
            "index": "5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706"
        }
    },
    "develop": {}
}

[goern]

/kind bug
/priority important-soon

[fridex]

Thanks @wjhrdy for the report and provided content, putting this on my list. In the meantime, if somebody wants to fix this, contributions are welcome.

[frenzymadness]

I'd like to help with the fix for this but I need some help. @fridex do you want to implement this yourself or mentor me?

I almost figured it out, but I need to verify my approach. Using the project mentioned above with the terminado package in the dependencies: From the poetry.lock I cannot tell for sure whether ptyprocess or pywinpty are direct application dependencies or not, so I have to take a look at the pyproject.toml, right?

Let's say that ptyprocess is not defined as a dependency directly and poetry.lock contains it just because terminado depends on it. In that case, the main record in pipfile.lock should contain the markers defined in the [package.dependencies] of terminado.

To be more specific:
pyproject.toml:

[tool.poetry]
name = ""
version = "0.1.0"
description = ""
authors = [""]

[tool.poetry.dependencies]
python = "^3.8"
terminado = "0.8.3"

[tool.poetry.dev-dependencies]

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

and poetry.lock:

[[package]]
name = "ptyprocess"
version = "0.7.0"
description = "Run a subprocess in a pseudo terminal"
category = "main"
optional = false
python-versions = "*"

[[package]]
name = "pywinpty"
version = "1.1.3"
description = "Pseudo terminal support for Windows from Python."
category = "main"
optional = false
python-versions = ">=3.6"

[[package]]
name = "terminado"
version = "0.8.3"
description = "Terminals served to xterm.js using Tornado websockets"
category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"

[package.dependencies]
ptyprocess = {version = "*", markers = "os_name != \"nt\""}
pywinpty = {version = ">=0.5", markers = "os_name == \"nt\""}
tornado = ">=4"

[[package]]
name = "tornado"
version = "6.1"
description = "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed."
category = "main"
optional = false
python-versions = ">= 3.5"

Produces this Pipfile.lock:

{ '_meta': { 'hash': { 'sha256': '547b54729bd8499dd0946fd7a89f483ec6087dcf2f278546f8023ba7f2013c27'},
             'pipfile-spec': 6,
             'requires': {'python_version': '3.9'},
             'sources': [ { 'name': '5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706',
                            'url': 'https://pypi.org/simple',
                            'verify_ssl': True}]},
  'default': { 'ptyprocess': { 'hashes': [ 'sha256:4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35',
                                           'sha256:5c5d0a3b48ceee0b48485e0c26037c0acd7d29765ca3fbb5cb3831d347423220'],
                               'index': '5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706',
                               'markers': 'os_name != "nt"',
                               'version': '==0.7.0'},
               'pywinpty': { 'hashes': [ 'sha256:81dc6f16d917b756e06fc58943e9750d59dbefc0ffd2086871d3fa5f33824446',
                                         'sha256:54557887e712ea3215ab0d9f089ed55a6cc8d826cd5d1e340d75300654c9663f',
                                         'sha256:f5e25197397f1fef0362caf3eb89f25441827a1e48bf15827c27021592fd2160',
                                         'sha256:b767276224f86b7560eb9173ba7956758cafcdfab97bb33837d42d2a0f1dbf67',
                                         'sha256:3a1d57b338390333812a5eed31c93c7d8ba82b131078063703e731946d90c9f2'],
                             'index': '5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706',
                             'markers': 'os_name == "nt"',
                             'version': '==1.1.3'},
               'terminado': { 'hashes': [ 'sha256:a43dcb3e353bc680dd0783b1d9c3fc28d529f190bc54ba9a229f72fe6e7a54d7',
                                          'sha256:4804a774f802306a7d9af7322193c5390f1da0abb429e082a10ef1d46e6fb2c2'],
                              'index': '5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706',
                              'version': '==0.8.3'},

But if I specify for example pywinpty as a direct dependency, the markers are not moved to the package from the dependency definition because I want to install it unconditionaly:

pyproject.toml

[tool.poetry]
name = ""
version = "0.1.0"
description = ""
authors = [""]

[tool.poetry.dependencies]
python = "^3.8"
terminado = "0.8.3"
pywinpty = "1.1.3"

[tool.poetry.dev-dependencies]

[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

and poetry.lock

[[package]]
name = "ptyprocess"
version = "0.7.0"
description = "Run a subprocess in a pseudo terminal"
category = "main"
optional = false
python-versions = "*"

[[package]]
name = "pywinpty"
version = "1.1.3"
description = "Pseudo terminal support for Windows from Python."
category = "main"
optional = false
python-versions = ">=3.6"

[[package]]
name = "terminado"
version = "0.8.3"
description = "Terminals served to xterm.js using Tornado websockets"
category = "main"
optional = false
python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*"

[package.dependencies]
ptyprocess = {version = "*", markers = "os_name != \"nt\""}
pywinpty = {version = ">=0.5", markers = "os_name == \"nt\""}
tornado = ">=4"

produces Pipfile.lock:

{ '_meta': { 'hash': { 'sha256': '6d0ca610b597c39fc2c01937352a3a0d679f4cde8e3404e2049f8ad4f7038352'},
             'pipfile-spec': 6,
             'requires': {'python_version': '3.9'},
             'sources': [ { 'name': '5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706',
                            'url': 'https://pypi.org/simple',
                            'verify_ssl': True}]},
  'default': { 'ptyprocess': { 'hashes': [ 'sha256:4b41f3967fce3af57cc7e94b888626c18bf37a083e3651ca8feeb66d492fef35',
                                           'sha256:5c5d0a3b48ceee0b48485e0c26037c0acd7d29765ca3fbb5cb3831d347423220'],
                               'index': '5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706',
                               'markers': 'os_name != "nt"',
                               'version': '==0.7.0'},
               'pywinpty': { 'hashes': [ 'sha256:81dc6f16d917b756e06fc58943e9750d59dbefc0ffd2086871d3fa5f33824446',
                                         'sha256:54557887e712ea3215ab0d9f089ed55a6cc8d826cd5d1e340d75300654c9663f',
                                         'sha256:f5e25197397f1fef0362caf3eb89f25441827a1e48bf15827c27021592fd2160',
                                         'sha256:b767276224f86b7560eb9173ba7956758cafcdfab97bb33837d42d2a0f1dbf67',
                                         'sha256:3a1d57b338390333812a5eed31c93c7d8ba82b131078063703e731946d90c9f2'],
                             'index': '5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706',
                             'version': '==1.1.3'},
               'terminado': { 'hashes': [ 'sha256:a43dcb3e353bc680dd0783b1d9c3fc28d529f190bc54ba9a229f72fe6e7a54d7',
                                          'sha256:4804a774f802306a7d9af7322193c5390f1da0abb429e082a10ef1d46e6fb2c2'],
                              'index': '5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706',
                              'version': '==0.8.3'},

Where the markers are not moved from terminado definition to pywinpty because we specified pywinpty as a dependency manually.

I'm gonna propose my change as WIP PR and we can discuss it. Are there any other corner use-cases I forget about?

[frenzymadness]

Draft pull request: #188

[fridex]

I'd like to help with the fix for this but I need some help. @fridex do you want to implement this yourself or mentor me?

Sure, always happy to help. 👍🏻

I almost figured it out, but I need to verify my approach. Using the project mentioned above with the terminado package in the dependencies: From the poetry.lock I cannot tell for sure whether ptyprocess or pywinpty are direct application dependencies or not, so I have to take a look at the pyproject.toml, right?

Yes, that's correct.

... snip
Where the markers are not moved from terminado definition to pywinpty because we specified pywinpty as a dependency manually.

Shouldn't pywinpty have the environment marker "os_name == "nt" as stated in poetry.lock?

If an environment marker is applied to a dependency, it should not be propagated anyhow - I think it should be applied on the given dependency (regardless if it is direct or indirect dependency). BTW you can double check this behaviour with Pipenv:

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
terminado = "*"

[dev-packages]

[requires]
python_version = "3.8"

Pipfile.lock (hashes removed):

{
    "_meta": {
        "hash": {
            "sha256": "ad700aa48ec4a89c24a2b215e61ded207ead3b8a2bf20213b7c3010ca47edb49"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.8"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "ptyprocess": {
            "markers": "os_name != 'nt'",
            "version": "==0.7.0"
        },
        "terminado": {
            "index": "pypi",
            "version": "==0.11.1"
        },
        "tornado": {
            "markers": "python_version >= '3.5'",
            "version": "==6.1"
        }
    },
    "develop": {}
}

Pipenv also provides a way to specify markers on the direct dependencies:

[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"

[packages]
requests = {version="*", markers="os_name == \"nt\""}

[dev-packages]

[requires]
python_version = "3.8"

Pipfile.lock:

{
    "_meta": {
        "hash": {
            "sha256": "b61e2572e90afe7a935b99229476ecb57daa24dec2df9226028a997363ecc62c"
        },
        "pipfile-spec": 6,
        "requires": {
            "python_version": "3.8"
        },
        "sources": [
            {
                "name": "pypi",
                "url": "https://pypi.org/simple",
                "verify_ssl": true
            }
        ]
    },
    "default": {
        "requests": {
            "hashes": [
                "sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24",
                "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"
            ],
            "markers": "os_name == 'nt'",
            "version": "==2.26.0"
        }
    },
    "develop": {}
}

[frenzymadness]

... snip
Where the markers are not moved from terminado definition to pywinpty because we specified pywinpty as a dependency manually.

Shouldn't pywinpty have the environment marker "os_name == "nt" as stated in poetry.lock?

If an environment marker is applied to a dependency, it should not be propagated anyhow - I think it should be applied on the given dependency (regardless if it is direct or indirect dependency).

I'm not sure about the last statement. See this example: Let's say, my application directly depends only on yarl package:

[tool.poetry.dependencies]
python = "^3.7"
yarl = "1.6.3"

One of the yarl's dependencies is typing-extensions but only for Python < 3.8, see: https://github.com/aio-libs/yarl/blob/15dc7e7af948c09b848c2aa04b625f916693bf16/setup.py#L36 - ('typing_extensions>=3.7.4;python_version<"3.8"')
So, the generated poetry.lock contains this:

[[package]]
name = "typing-extensions"
version = "3.10.0.0"
description = "Backported and Experimental Type Hints for Python 3.5+"
category = "main"
optional = false
python-versions = "*"

[[package]]
name = "yarl"
version = "1.6.3"
description = "Yet another URL library"
category = "main"
optional = false
python-versions = ">=3.6"

[package.dependencies]
idna = ">=2.0"
multidict = ">=4.0"
typing-extensions = {version = ">=3.7.4", markers = "python_version < \"3.8\""}

And finally, the Pipfile.lock generated by the micropipenv contains this:

               'typing-extensions': { 'index': '5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706',
                                      'markers': 'python_version < "3.8"',

This is fine, the marker is there because it should be installed as a dependency of yarl only if the Python version is lower than 3.8.

And now my point. Let's say that I (as a maintainer of an application) want to install typing-extensions for all Pythons no matter which version we run on. So now, I not only depends on yarl but also directly on typing-extensions:

[tool.poetry.dependencies]
python = "^3.7"
yarl = "1.6.3"
typing-extensions = "3.10.0.0"

poetry.lock looks exactly the same, which is kinda surprising for me, but I'm able to respect that the dependency is now direct without any markers in the resulting Pipfile.lock:

               'typing-extensions': { 'index': '5a06749b2297be54ac5699f6f2761716adc5001a2d5f8b915ab2172922dd5706',
                                      'version': '==3.10.0.0'},

I'm not able to reproduce the same process in pipenv because there are bugs in the name normalization and unfortunately, yarl depends on typing_extenstion which is not correct because the correct name is typing-extensions. But let's demonstrate the same in pipenv using werkzeug which requires dataclasses for Python < 3.7.

If I depend only on werkzeug:

[packages]
werkzeug = "==2.0.1"

the marker for the Python version is respected in the lock file:

    "default": {
        "dataclasses": {
            "markers": "python_version < '3.7'",
            "version": "==0.8"
        },
        "werkzeug": {
            "index": "pypi",
            "version": "==2.0.1"
        }

But if I depend on dataclasses directly, for whatever reason I might have:

[packages]
werkzeug = "==2.0.1"
dataclasses = "==0.8"

the marker is not there:

    "default": {
        "dataclasses": {
            "index": "pypi",
            "version": "==0.8"
        },
        "werkzeug": {
            "index": "pypi",
            "version": "==2.0.1"
        }

And it makes sense to me to implement it this way also in micropipenv even the poetry does not change its locfile when you add/remove the direct dependency in the examples above. Because - using the last example - if the dependency is indirect, it's the responsibility of werkzeug maintainers to specify the correct markers and micropipenv should respect them and transfer them from poetry.lock to pipfile.lock, but if the dependency on dataclasses is direct and specified manually in my configuration file, it's my responsibility to set the correct markers and the markers from werkzeug project should not be taken into account.

I'm not really able to reproduce any issue in poetry because it behaves correctly, see this matrix for the same werkzeug example:

• for Python 3.6
  • direct or indirect dependency on dataclasses - there is no difference, the package is mentioned in the lock file and always defined also as a dependency of werkzeug with the marker for Python < 3.7.
• for Python 3.7
  • direct dependency on dataclasses - the package is there and it's not specified as a dependency of werkzeug because it does not require it for Python 3.7
  • indirect dependency on dataclasses - the package is not there at all, which makes sense

After some time with this, I think that the difference in how to handle the markers might depend on Python version we are using - is it the same which the lock file has been prepared for or not?

But to mimic the behavior of pipenv described above, we should check whether the dependency is direct or not.

[fridex]

I'm not sure about the last statement.
... snip

You are definitely right - the evaluation you described makes perfect sense. I did not realize it and this way we have a bug in Thoth's adviser thoth-station/adviser#2076

poetry.lock looks exactly the same, which is kinda surprising for me
..snip

It looks like the main difference between Poetry and Pipenv is when the environment markers evaluation is done and what is written to files. If I understand the behaviour you explored above, Pipenv prepares environment markers in advance and writes them to Pipfile.lock. That's why the lock file states dataclasses without environment markers in the werkzeug+dataclasses example.

On the other hand, Poetry keeps track of environment markers in raw format in lock files and evaluates them during the installation process - that's how I understand no change in the lock file when you added typing-extensions to direct dependencies.

As the marker evaluation is different in these cases, I think converting poetry files to pipenv.lock will not be that straightforward as the conversion will need to respect what Pipenv does under the hood when generating the lock file.

The issue might arise when a dependency is introduced by multiple packages. Let's say we have direct dependencies A and B that both depend on C with the following environment markers:

A depends on C; python_version < '3.8'

B depends on C; os_name == 'nt'

As Poetry keeps this information in a similar way as written above, there are no issues with the lock file Poetry uses. However, if we want to translate that into a Pipfile.lock in micropipenv, we will need to respect both environment markers (as environment markers need to be joined into one entry in the lock file):

C==1.0.0; python_version < '3.8' or os_name == 'nt'