Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ValueError('ZIP does not support timestamps before 1980') on GitHub package install #9910

Closed
1 task done
nicholasserra opened this issue Apr 28, 2021 · 2 comments · Fixed by #9920
Closed
1 task done
Labels
type: bug A confirmed bug or unintended behavior
Milestone

Comments

@nicholasserra
Copy link
Contributor

Description

Still tracking exactly how this is being triggered, but wanted to report early just in case.

Inconsistently getting ValueError('ZIP does not support timestamps before 1980') in CI when installing requirements via git+https for packages from GitHub.

I see the new zip functionality was introduced via #9689. Stack trace points to zf.write in _create_standalone_pip function.

Haven't been able to trigger locally in pip 21.1 yet, only seeing in CI, so wondering if i'm having some kind of network issue.

Either way, we might want to consider setting strict_timestamps=False when using ZipFile for this:
https://docs.python.org/3/library/zipfile.html#zipfile-objects

Expected behavior

Correctly install requirement from GitHub.

pip version

21.1

Python version

3.9.2

OS

python:3.9.2-buster Docker container

How to Reproduce

Still trying to nail down a consistent method to reproduce. I suspect something in my CI is contributing to the issue. But exception is triggered while trying to install via git+https requirement.

Output

No response

Code of Conduct

@nicholasserra nicholasserra added S: needs triage Issues/PRs that need to be triaged type: bug A confirmed bug or unintended behavior labels Apr 28, 2021
@uranusjr
Copy link
Member

Maybe the CI has an incorrect system time or delibrately set file system time to a “wrong” value (for reproducilibty for example)? This can never be triggered under normal circumstances since you can’t really have files older than 1980-01-01.

But yeah setting strict_timestamps=False should be a good idea either way, we’ll only building a temporary file to run against and don’t really care about timestamps anyway. I’d accept a PR in a heartbeat.

@nicholasserra
Copy link
Contributor Author

Tried to go down the route of testing with an incorrect system time, but things like SSL cert validation blocked the entire process. I'm at a bit of a loss as to what else could be triggering it.

Just issued a PR for suggested fix:
#9920

Thanks!

@sbidoul sbidoul removed the S: needs triage Issues/PRs that need to be triaged label May 9, 2021
@sbidoul sbidoul added this to the 21.1.2 milestone May 9, 2021
inmantaci added a commit to inmanta/inmanta-core that referenced this issue May 24, 2021
Bumps [pip](https://github.com/pypa/pip) from 21.1.1 to 21.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p>
<blockquote>
<h1>21.1.2 (2021-05-23)</h1>
<h2>Bug Fixes</h2>
<ul>
<li>New resolver: Correctly exclude an already installed package if its version is
known to be incompatible to stop the dependency resolution process with a clear
error message. (<code>[#9841](pypa/pip#9841) &lt;https://github.com/pypa/pip/issues/9841&gt;</code>_)</li>
<li>Allow ZIP to archive files with timestamps earlier than 1980. (<code>[#9910](pypa/pip#9910) &lt;https://github.com/pypa/pip/issues/9910&gt;</code>_)</li>
<li>Emit clearer error message when a project root does not contain either
<code>pyproject.toml</code>, <code>setup.py</code> or <code>setup.cfg</code>. (<code>[#9944](pypa/pip#9944) &lt;https://github.com/pypa/pip/issues/9944&gt;</code>_)</li>
<li>Fix detection of existing standalone pip instance for PEP 517 builds. (<code>[#9953](pypa/pip#9953) &lt;https://github.com/pypa/pip/issues/9953&gt;</code>_)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/pip/commit/8737f903eaa9475e1b7693e436d9bdf17e46e43a"><code>8737f90</code></a> Bump for release</li>
<li><a href="https://github.com/pypa/pip/commit/d7cf6cacdee550983686692d0d463ad493cb993d"><code>d7cf6ca</code></a> Update AUTHORS.txt</li>
<li><a href="https://github.com/pypa/pip/commit/30faa6478edbc1e54498b7cbb20111d75a96d2dd"><code>30faa64</code></a> Fix duplicate top line in NEWS.rst</li>
<li><a href="https://github.com/pypa/pip/commit/128ec362547fe11f8b3c6402687a00a06e7f6e51"><code>128ec36</code></a> Test case for backtracking an installed candidate</li>
<li><a href="https://github.com/pypa/pip/commit/729c626da75b25af0640a77efdbbfc57e567e1f9"><code>729c626</code></a> Exclude a known incompatible installed candidate</li>
<li><a href="https://github.com/pypa/pip/commit/1c31d3314c42d19b354f376991db2b33134dde5e"><code>1c31d33</code></a> Update src/pip/_internal/build_env.py</li>
<li><a href="https://github.com/pypa/pip/commit/e266aa55ac6484d33c36aee7082243edd669e2a8"><code>e266aa5</code></a> Update news/9910.bugfix.rst</li>
<li><a href="https://github.com/pypa/pip/commit/00003d5325b333290b4bcde17791ed3a489562d0"><code>00003d5</code></a> 9910 news</li>
<li><a href="https://github.com/pypa/pip/commit/d55e02c71673f4332c191cf8095360c5900f7c6e"><code>d55e02c</code></a> Set strict_timestamps=False when zip is called for isolated environment</li>
<li><a href="https://github.com/pypa/pip/commit/4f983c4476251c83bc320ebaaff0cb9b71d2e981"><code>4f983c4</code></a> Handle standalone pip creation from pip wheel</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/21.1.1...21.1.2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pip&package-manager=pip&previous-version=21.1.1&new-version=21.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 27, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
type: bug A confirmed bug or unintended behavior
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants