Skip to content

Reject already-installed wheels that don't match the target platform#15484

Merged
charliermarsh merged 3 commits intomainfrom
charlie/wheel-validation
Aug 25, 2025
Merged

Reject already-installed wheels that don't match the target platform#15484
charliermarsh merged 3 commits intomainfrom
charlie/wheel-validation

Conversation

@charliermarsh
Copy link
Member

@charliermarsh charliermarsh commented Aug 24, 2025
edited
Loading

Summary

We've received several requests to validate that installed wheels match the current Python platform. This isn't super common, since it requires that your platform changes in some meaningful way (e.g., you switch from x86 to ARM), though in practice, it sounds like it can happen in HPC environments. This seems like a good thing to do regardless, so we now validate that the tags (as recoded in WHEEL) are consistent with the current platform during installs.

Closes #15035.

@charliermarsh charliermarsh added the no-build Disable building binaries in CI label Aug 24, 2025
@charliermarsh charliermarsh force-pushed the charlie/wheel-validation branch from 64050c2 to 7391c5a Compare August 24, 2025 15:43
@charliermarsh charliermarsh force-pushed the charlie/wheel-validation branch 2 times, most recently from a3e6e69 to dc2c5fa Compare August 24, 2025 18:17
@charliermarsh charliermarsh marked this pull request as ready for review August 24, 2025 18:17
@charliermarsh charliermarsh force-pushed the charlie/wheel-validation branch from dc2c5fa to a35fcc8 Compare August 24, 2025 18:18
@charliermarsh charliermarsh added the enhancement New feature or improvement to existing functionality label Aug 24, 2025
@charliermarsh charliermarsh force-pushed the charlie/wheel-validation branch from a35fcc8 to b5a96a3 Compare August 24, 2025 18:27
@charliermarsh charliermarsh force-pushed the charlie/wheel-validation branch from b5a96a3 to ea6f3dc Compare August 24, 2025 18:40
@charliermarsh charliermarsh mentioned this pull request Aug 24, 2025
Closed
konstin
konstin reviewed Aug 25, 2025
View reviewed changes
@charliermarsh charliermarsh requested a review from konstin August 25, 2025 12:29
zanieb
zanieb reviewed Aug 25, 2025
View reviewed changes
zanieb
zanieb reviewed Aug 25, 2025
View reviewed changes
crates/uv-installer/src/site_packages.rs Outdated
// Verify that the package is compatible with the current tags.
if let Some(wheel_tags) = distribution.read_tags()? {
if !wheel_tags.is_compatible(tags) {
// TODO(charlie): Show the expanded tag hint, that explains _why_ it doesn't match.
Copy link
Member

@zanieb zanieb Aug 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 this seems nice to have, might be worth opening an issue for it maybe someone can pick it up

@charliermarsh charliermarsh force-pushed the charlie/wheel-validation branch from b775710 to 0c4e3a6 Compare August 25, 2025 12:54
@charliermarsh charliermarsh enabled auto-merge (squash) August 25, 2025 13:19
@charliermarsh charliermarsh disabled auto-merge August 25, 2025 13:19
@charliermarsh charliermarsh merged commit be4d5b7 into main Aug 25, 2025
195 of 196 checks passed
@charliermarsh charliermarsh deleted the charlie/wheel-validation branch August 25, 2025 13:20
@BrewTestBot BrewTestBot mentioned this pull request Aug 28, 2025
Merged
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Sep 2, 2025
@tmeijn
build(deps): update astral-sh/uv to v0.8.14
8650760 
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [astral-sh/uv](https://github.com/astral-sh/uv) | patch | `0.8.13` -> `0.8.14` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (astral-sh/uv)</summary>

### [`v0.8.14`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0814)

[Compare Source](astral-sh/uv@0.8.13...0.8.14)

##### Python

- Add managed CPython distributions for aarch64 musl

##### Enhancements

- Add `--python-platform` to `uv pip check` ([#&#8203;15486](astral-sh/uv#15486))
- Add an environment variable for `UV_ISOLATED` ([#&#8203;15428](astral-sh/uv#15428))
- Add logging to the uv build backend ([#&#8203;15533](astral-sh/uv#15533))
- Allow more trailing null bytes in zip files ([#&#8203;15452](astral-sh/uv#15452))
- Allow pinning managed Python versions to specific build versions ([#&#8203;15314](astral-sh/uv#15314))
- Cache PyTorch wheels by default ([#&#8203;15481](astral-sh/uv#15481))
- Reject already-installed wheels that don't match the target platform ([#&#8203;15484](astral-sh/uv#15484))
- Add `--no-install-local` option to `uv sync`, `uv add` and `uv export`  ([#&#8203;15328](astral-sh/uv#15328))
- Include cycle error message in `uv pip` CLI ([#&#8203;15453](astral-sh/uv#15453))

##### Preview features

- Fix format of `{version}` on `uv format` failure ([#&#8203;15527](astral-sh/uv#15527))
- Lock during installs in `uv format` to prevent races ([#&#8203;15551](astral-sh/uv#15551))
- Respect `--project` in `uv format` ([#&#8203;15438](astral-sh/uv#15438))
- Run `uv format` in the project root ([#&#8203;15440](astral-sh/uv#15440))

##### Configuration

- Add file-to-CLI overrides for build isolation configuration ([#&#8203;15437](astral-sh/uv#15437))
- Add file-to-CLI overrides for reinstall configuration ([#&#8203;15426](astral-sh/uv#15426))

##### Performance

- Cache `WHEEL` and `METADATA` reads in installed distributions ([#&#8203;15489](astral-sh/uv#15489))

##### Bug fixes

- Avoid erroring when creating `venv` in current working directory ([#&#8203;15537](astral-sh/uv#15537))
- Avoid introducing unnecessary system dependency on CUDA ([#&#8203;15449](astral-sh/uv#15449))
- Clear discovered site packages when creating virtual environment ([#&#8203;15522](astral-sh/uv#15522))
- Read index credentials from the environment during `uv publish` checks ([#&#8203;15545](astral-sh/uv#15545))
- Refuse to remove non-virtual environments in `uv venv` ([#&#8203;15538](astral-sh/uv#15538))
- Stop setting `CLICOLOR_FORCE=1` when calling build backends ([#&#8203;15472](astral-sh/uv#15472))
- Support file or directory removal for Windows symlinks ([#&#8203;15543](astral-sh/uv#15543))

##### Documentation

- Fix GitHub guide highlight lines ([#&#8203;15443](astral-sh/uv#15443))
- Move Resolver to new Internals section in the Reference ([#&#8203;15465](astral-sh/uv#15465))
- Split the "Authentication" page into sections ([#&#8203;15575](astral-sh/uv#15575))
- Update uninstall docs to mention `uvw.exe` needs to be removed ([#&#8203;15536](astral-sh/uv#15536))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44OC4wIiwidXBkYXRlZEluVmVyIjoiNDEuODguMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
@dead10ck dead10ck mentioned this pull request Sep 18, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zanieb zanieb zanieb approved these changes

@konstin konstin konstin approved these changes

Assignees

No one assigned

Labels

enhancement New feature or improvement to existing functionality no-build Disable building binaries in CI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

uv sync --python-platform does not update environment when switching to a lower GLIBC-bound platform

3 participants

@charliermarsh @zanieb @konstin