Install specific version of setuptools as a dependency of package

Question

My package has setuptools in dependencies. I am trying to restrict the version of setuptools when installing my package. The package has following restriction in setup.py:

setup(
    setup_requires=[
        'setuptools==50.2.0',
        'pip>=19,!=20.0,!=20.0.1,<21'
        ],
...

And it has the same restriction in pyproject.toml:

[build-system]
requires = ["setuptools==50.2.0", "pip>=19,!=20.0,!=20.0.1,<21", "wheel"]  # PEP 508 specifications.

However, when installing my package with pip, it downloads the latest setuptools 50.3.0.

Why does it ignore the requirements? How can I make it not install the latest version?

Answer 1

Thanks to the answers and comments I can make a conclusion.

To use a specific version of setuptools it is necessary to have it in both locations - in pyproject.toml and at the beginning of install_requires of setup.py.

The tool like pip will use the version from pyproject.toml to build the project. However, if there is any dependency that has the latest version of setuptools in its requirements, then the latest version will be used to install the dependency. Also, the environment will keep the version that was last installed.

Answer 2

I think you're getting confused about build time (setup_requires / pyproject.toml build-system requires) and installed time (install_requires). at install time, you're getting unpinned setuptools because it's a transitive dependency without version restrictions

setuptools is being pulled in via a transitive dependency in install_requires (notably: jsonschema):

$ visualize-requirements t.txt
 cryptography>=2.4.2,<3
   - cffi!=1.11.3,>=1.8
     - pycparser
   - six>=1.4.1
 click>=7.0,<8
 intelhex<3,>=2.2.1
 python-jose<4,>=3.0.1
   - pyasn1
   - rsa
     - pyasn1>=0.1.3
   - ecdsa<0.15
     - six
   - six<2.0
 jsonschema<4,>=3.0.0
   - six>=1.11.0
   - attrs>=17.4.0
   - setuptools
   - pyrsistent>=0.14.0
 pyocd==0.27.3
   - intervaltree<4.0,>=3.0.2
     - sortedcontainers<3.0,>=2.0
   - pylink-square
     - six
     - psutil>=5.2.2
     - future
   - cmsis-pack-manager>=0.2.7
     - milksnake>=0.1.2
       - cffi>=1.6.0
         - pycparser
     - appdirs>=1.4
     - pyyaml>=3.12
   - pyelftools
   - six<2.0,>=1.0
   - colorama
   - prettytable
   - pyusb>=1.0.0b2,<2.0
   - pyyaml<6.0,>=5.1
   - intelhex<3.0,>=2.0
 cbor==1.0.0
 imgtool==1.7.0a1
   - intelhex>=2.2.1
   - click
   - cryptography>=2.4.2
     - cffi!=1.11.3,>=1.8
       - pycparser
     - six>=1.4.1
   - cbor>=1.0.0

I'm using visualize-requirements from a tool I wrote called requirements-tools

Answer 3

Seems accurate, 50.3.0 is greater than 40.0, less than 51, and not equal to 46.0 or 50.0. You may need to further restrict your requirements. If you know which version you want, just specify that explicitly

EDIT:

I created a fresh venv and checked pip list, seems like with a high enough version of pip, setuptools comes at 50.3.0.

$ pip3 -V
pip 8.1.1 from /usr/lib/python3/dist-packages (python 3.5)
$ pip3 list | grep setup
setuptools (20.7.0)
You are using pip version 8.1.1, however version 20.2.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

Inside the venv (assuming Python 3.x)

$ . vv/bin/activate
(vv) $ pip3 -V
pip 20.2.3 from /home/user/vv/lib/python3.5/site-packages/pip (python 3.5)
(vv) $ pip3 list | grep setup
DEPRECATION: Python 3.5 reached the end of its life on September 13th, 2020. Please upgrade your Python as Python 3.5 is no longer maintained. pip 21.0 will drop support for Python 3.5 in January 2021. pip 21.0 will remove support for this functionality.
setuptools 50.3.0