poetry 2.1.3: The requested command export does not exist #10642
Description
(Disclaimer: I'm new to ORT so I hope my question is relevant)
Describe the bug
- I have a Python project built using
poetry2.1.3 (installed usingpip install poetry). - I want to analyze it using ORT 63.1.1
- When I run
ortit says:
Poetry failed to resolve dependencies for path 'poetry.lock': IOException: Running 'poetry export --without-hashes --format=requirements.txt --only=main' in '/home/mando/git/fuzzy-set' failed with exit code 1:
The requested command export does not exist
And indeed poetry export does not exist, see this message). What should I do?
To Reproduce
In my setup my source tree is in ~/git/fuzzy-set which contains the poetry.lock and pyproject.toml files.
Steps to reproduce the behavior:
pip install poetry -U
mkdir ~/ort/fuzzy-set/
ort analyze -i ~/git/fuzzy-set -o ~/ort/fuzzy-set/... and the error shows.
Expected behavior
I guess that ORT should cope with the various versions of poetry or at least guide the user to configure ~/.ort/config.yml if this can help.
Console / log output
(mando@velvet) (~) $ ort analyze -i ~/git/fuzzy-set -o ~/ort/fuzzy-set/
Hoplite is configured to infer which sealed type to choose by inspecting the config values at runtime. This behaviour is now deprecated in favour of explicitly specifying the type through a discriminator field. In 3.0 this new behavior will become the default. To enable this behavior now (and disable this warning), invoke withExplicitSealedTypes() on the ConfigLoaderBuilder.
______________________________
/ \_______ \__ ___/ The OSS Review Toolkit, version 63.1.1,
| | | | _/ | | built with JDK 21.0.7+6-LTS, running under Java 21.0.7.
| | | | | \ | | Executing 'analyze' as 'mando' on Linux
\________/ |____|___/ |____| with 8 CPUs and a maximum of 3964 MiB of memory.
Environment variables:
HOME = /home/mando
SHELL = /bin/bash
TERM = xterm-256color
Looking for ORT configuration in the following file:
/home/mando/.ort/config/config.yml (does not exist)
Looking for analyzer-specific configuration in the following files and directories:
/home/mando/git/fuzzy-set/.ort.yml (does not exist)
/home/mando/.ort/config/resolutions.yml (does not exist)
The following 26 package manager(s) are enabled:
Bazel, Bower, Bundler, Cargo, Carthage, CocoaPods, Composer, Conan, GoMod, Gradle Inspector, Maven, NPM, NuGet, PIP, Pipenv, PNPM, Poetry, Pub, SBT, SpdxDocumentFile, Stack, Swift Package Manager, Tycho, Unmanaged, Yarn, Yarn 2+
The following 2 package curation provider(s) are enabled:
DefaultDir, DefaultFile
Analyzing project path:
/home/mando/git/fuzzy-set
Found 1 Poetry definition file(s) at:
poetry.lock
Found in total 1 definition file(s) from the following 1 package manager(s):
Poetry
22:13:29.685 [DefaultDispatcher-worker-1] ERROR org.ossreviewtoolkit.analyzer.PackageManager - Poetry failed to resolve dependencies for path 'poetry.lock': IOException: Running 'poetry export --without-hashes --format=requirements.txt --only=main' in '/home/mando/git/fuzzy-set' failed with exit code 1:
The requested command export does not exist.
Documentation: https://python-poetry.org/docs/cli/
Wrote analyzer result to '/home/mando/ort/fuzzy-set/analyzer-result.yml' (0,00 MiB) in 928.150876ms.
The analysis took 1.751644126s.
Found 1 project(s) and 0 package(s) in total (not counting excluded ones).
Applied 0 curation(s) from 0 of 2 provider(s).
Resolved issues: 0 errors, 0 warnings, 0 hints.
Unresolved issues: 1 error, 0 warnings, 0 hints.
There is 1 unresolved issue with a severity equal to or greater than the WARNING threshold.
Environment
Output of the ort requirements command:
(mando@velvet) (~) $ ort requirements
Hoplite is configured to infer which sealed type to choose by inspecting the config values at runtime. This behaviour is now deprecated in favour of explicitly specifying the type through a discriminator field. In 3.0 this new behavior will become the default. To enable this behavior now (and disable this warning), invoke withExplicitSealedTypes() on the ConfigLoaderBuilder.
______________________________
/ \_______ \__ ___/ The OSS Review Toolkit, version 63.1.1,
| | | | _/ | | built with JDK 21.0.7+6-LTS, running under Java 21.0.7.
| | | | | \ | | Executing 'requirements' as 'mando' on Linux
\________/ |____|___/ |____| with 8 CPUs and a maximum of 3964 MiB of memory.
Environment variables:
HOME = /home/mando
SHELL = /bin/bash
TERM = xterm-256color
Looking for ORT configuration in the following file:
/home/mando/.ort/config/config.yml (does not exist)
Scanners:
- Askalono: Requires 'askalono' in no specific version. Tool not found.
- BoyterLc: Requires 'lc' in no specific version. Tool not found.
- Licensee: Requires 'licensee' in no specific version. Tool not found.
- ScanCode: Requires 'scancode' in version >=30.0.0. Tool not found.
PackageManagers:
- Bazel: Requires 'bazel' in version >=7.0.0. Tool not found.
- Bower: Requires 'bower' in version >=1.8.8. Tool not found.
- Buildozer: Requires 'buildozer' in no specific version. Tool not found.
- Cargo: Requires 'cargo' in no specific version. Tool not found.
- CocoaPods: Requires 'pod' in version >=1.11.0. Tool not found.
- Composer: Requires 'composer' in version >=1.5.0. Tool not found.
- Go: Requires 'go' in version >=1.21.1. Tool not found.
- Npm: Requires 'npm' in version >=6.0.0 and <11.0.0. Tool not found.
- NuGetInspector: Requires 'nuget-inspector' in no specific version. Tool not found.
- Pipenv: Requires 'pipenv' in version >=2018.10.9. Tool not found.
- Pnpm: Requires 'pnpm' in version >=5.0.0 and <11.0.0. Tool not found.
* Poetry: Requires 'poetry' in no specific version. Found version 2.1.3.
- PythonInspector: Requires 'python-inspector' in version >=0.9.2. Tool not found.
- Sbt: Requires 'sbt' in no specific version. Tool not found.
- Stack: Requires 'stack' in version >=2.1.1. Tool not found.
- Swift: Requires 'swift' in no specific version. Tool not found.
- Yarn: Requires 'yarn' in version >=1.3.0 and <1.23.0. Tool not found.
Other tools:
- Conan: Requires 'conan' in version >=1.44.0 and <3.0.0. Tool not found.
- Pub: Requires 'dart' in version >=2.10.0. Tool not found.
VersionControlSystems:
* Git: Requires 'git' in version >=2.29.0. Found version 2.47.2.
- GitRepo: Requires 'repo' in no specific version. Tool not found.
- Mercurial: Requires 'hg' in no specific version. Tool not found.
Prefix legend:
- The tool was not found in the PATH environment.
+ The tool was found in the PATH environment, but not in the required version.
* The tool was found in the PATH environment in the required version.
ScanCode license texts not found.
Not all tools requirements were satisfied:
! Some tools were not found at all.
I didn't configured ~/.ort/config.yml:
(mando@velvet) (~) $ ort config --show-active
Hoplite is configured to infer which sealed type to choose by inspecting the config values at runtime. This behaviour is now deprecated in favour of explicitly specifying the type through a discriminator field. In 3.0 this new behavior will become the default. To enable this behavior now (and disable this warning), invoke withExplicitSealedTypes() on the ConfigLoaderBuilder.
______________________________
/ \_______ \__ ___/ The OSS Review Toolkit, version 63.1.1,
| | | | _/ | | built with JDK 21.0.7+6-LTS, running under Java 21.0.7.
| | | | | \ | | Executing 'config' as 'mando' on Linux
\________/ |____|___/ |____| with 8 CPUs and a maximum of 3964 MiB of memory.
Environment variables:
HOME = /home/mando
SHELL = /bin/bash
TERM = xterm-256color
Looking for ORT configuration in the following file:
/home/mando/.ort/config/config.yml (does not exist)
The active configuration is:
ort:
addAuthorsToCopyrights: false
allowedProcessEnvironmentVariableNames:
- "CARGO_HTTP_USER_AGENT"
- "COMPOSER_ALLOW_SUPERUSER"
- "CONAN_LOGIN_ENCRYPTION_KEY"
- "CONAN_LOGIN_USERNAME"
- "CONAN_PASSWORD"
- "CONAN_USERNAME"
- "CONAN_USER_HOME"
- "CONAN_USER_HOME_SHORT"
- "DOTNET_CLI_CONTEXT_ANSI_PASS_THRU"
- "GIT_ASKPASS"
- "GIT_HTTP_USER_AGENT"
- "GRADLE_USER_HOME"
- "HACKAGE_USERNAME"
- "HACKAGE_PASSWORD"
- "HACKAGE_KEY"
- "PWD"
- "USER"
- "USERPROFILE"
deniedProcessEnvironmentVariablesSubstrings:
- "key"
- "pass"
- "pwd"
- "token"
- "user"
enableRepositoryPackageConfigurations: false
enableRepositoryPackageCurations: false
forceOverwrite: false
licenseFilePatterns:
licenseFilenames:
- "copying*"
- "copyright"
- "licence*"
- "license*"
- "*.licence"
- "*.license"
- "unlicence"
- "unlicense"
patentFilenames:
- "patents"
otherLicenseFilenames:
- "readme*"
packageConfigurationProviders:
- type: "DefaultDir"
id: "DefaultDir"
enabled: true
options: {}
packageCurationProviders:
- type: "DefaultDir"
id: "DefaultDir"
enabled: true
options: {}
- type: "DefaultFile"
id: "DefaultFile"
enabled: true
options: {}
severeIssueThreshold: "WARNING"
severeRuleViolationThreshold: "WARNING"
analyzer:
allowDynamicVersions: false
enabledPackageManagers:
- "Bazel"
- "Bower"
- "Bundler"
- "Cargo"
- "Carthage"
- "CocoaPods"
- "Composer"
- "Conan"
- "GoMod"
- "GradleInspector"
- "Maven"
- "NPM"
- "NuGet"
- "PIP"
- "Pipenv"
- "PNPM"
- "Poetry"
- "Pub"
- "SBT"
- "SpdxDocumentFile"
- "Stack"
- "SwiftPM"
- "Tycho"
- "Unmanaged"
- "Yarn"
- "Yarn2"
skipExcluded: false
advisor:
skipExcluded: false
downloader:
allowMovingRevisions: false
includedLicenseCategories: []
skipExcluded: false
sourceCodeOrigins:
- "VCS"
- "ARTIFACT"
scanner:
skipConcluded: false
skipExcluded: false
includeFilesWithoutFindings: false
detectedLicenseMapping:
LicenseRef-scancode-agpl-generic-additional-terms: "NOASSERTION"
LicenseRef-scancode-free-unknown: "NOASSERTION"
LicenseRef-scancode-generic-cla: "NOASSERTION"
LicenseRef-scancode-generic-exception: "NOASSERTION"
LicenseRef-scancode-generic-export-compliance: "NOASSERTION"
LicenseRef-scancode-generic-tos: "NOASSERTION"
LicenseRef-scancode-generic-trademark: "NOASSERTION"
LicenseRef-scancode-gpl-generic-additional-terms: "NOASSERTION"
LicenseRef-scancode-other-copyleft: "NOASSERTION"
LicenseRef-scancode-other-permissive: "NOASSERTION"
LicenseRef-scancode-patent-disclaimer: "NOASSERTION"
LicenseRef-scancode-unknown: "NOASSERTION"
LicenseRef-scancode-unknown-license-reference: "NOASSERTION"
LicenseRef-scancode-unknown-spdx: "NOASSERTION"
LicenseRef-scancode-warranty-disclaimer: "NOASSERTION"
ignorePatterns:
- "**/*.ort.yml"
- "**/*.spdx.yml"
- "**/*.spdx.yaml"
- "**/*.spdx.json"
- "**/META-INF/DEPENDENCIES"
- "**/META-INF/DEPENDENCIES.txt"
- "**/META-INF/NOTICE"
- "**/META-INF/NOTICE.txt"
reporter: {}
notifier: {}