[Bug-Candidate]: pip install fails when run against fresh install due to hexbytes version mismatch

[BramSrna]

Describe the issue:

When running a pip install against a fresh install, it fails due to a hexbytes mismatch issue:

root@6c2547e41a3c:/app# python3 -m pip install slither-analyzer
Collecting slither-analyzer
  Downloading slither_analyzer-0.10.1-py3-none-any.whl (773 kB)
     |████████████████████████████████| 773 kB 4.6 MB/s
Collecting pycryptodome>=3.4.6
  Downloading pycryptodome-3.20.0-cp35-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.1 MB)
     |████████████████████████████████| 2.1 MB 16.9 MB/
...
  Created wheel for pyunormalize: filename=pyunormalize-15.1.0-py3-none-any.whl size=516034 sha256=a814e25e962ba4d3ab60a61853df416b9e22173705f02287672111441adc6859
  Stored in directory: /root/.cache/pip/wheels/9c/b0/c0/a498ec8b5b9c4490e66cf5a29822cf1d31eff5dcae13313b6b
Successfully built parsimonious pyunormalize
ERROR: eth-rlp 2.1.0 has requirement hexbytes>=1.2.0, but you'll have hexbytes 0.3.1 which is incompatible.
Installing collected packages: pycryptodome, eth-hash, eth-typing, toolz, cytoolz, eth-utils, wcwidth, prettytable, regex, parsimonious, eth-abi, lru-dict, bitarray, hexbytes, eth-keys, rlp, typing-extensions, eth-rlp, eth-keyfile, eth-account, websockets, pyunormalize, multidict, yarl, attrs, frozenlist, aiosignal, async-timeout, aiohttp, rpds-py, referencing, pkgutil-resolve-name, zipp, importlib-resources, jsonschema-specifications, jsonschema, protobuf, web3, cbor2, packaging, solc-select, crytic-compile, slither-analyzer

I was using python 3.8.10:

root@6c2547e41a3c:/app# python3 --version
Python 3.8.10

and these were my current installs:

root@6c2547e41a3c:/app# pip freeze
certifi==2019.11.28
chardet==3.0.4
dbus-python==1.2.16
idna==2.8
PyGObject==3.36.0
python-apt==2.0.1+ubuntu0.20.4.1
requests==2.22.0
requests-unixsocket==0.2.0
six==1.14.0
urllib3==1.25.8

I think it's because web3 uses an older version of hexbytes: https://github.com/ethereum/web3.py/blob/main/setup.py#L71. That's being updated with web3 7.0: ethereum/web3.py#3127, so that may fix the issue.

Code example to reproduce the issue:

Running:

python3 -m pip install slither-analyzer

Version:

No version currently installed:

root@6c2547e41a3c:/app# slither --version
Traceback (most recent call last):
  File "/usr/local/bin/slither", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/dist-packages/slither/__main__.py", line 746, in main
    main_impl(all_detector_classes=detectors, all_printer_classes=printers)
  File "/usr/local/lib/python3.8/dist-packages/slither/__main__.py", line 760, in main_impl
    args = parse_args(all_detector_classes, all_printer_classes)
  File "/usr/local/lib/python3.8/dist-packages/slither/__main__.py", line 301, in parse_args
    version=require("slither-analyzer")[0].version,
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 901, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 792, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (hexbytes 0.3.1 (/usr/local/lib/python3.8/dist-packages), Requirement.parse('hexbytes>=1.2.0'), {'eth-rlp'})

Relevant log output:

No response

[BramSrna]

If I setup the requirements.txt before the pip:

crytic-compile==0.3.6
eth-typing==4.0.0
eth-utils==4.0.0
packaging==23.2
prettytable==3.10.0
pycryptodome==3.20.03
web3==6.15.1

and install that:

root@d9e2063f3c42:/app# pip freeze
aiohttp==3.9.3
aiosignal==1.3.1
async-timeout==4.0.3
attrs==23.2.0
bitarray==2.9.2
cbor2==5.6.2
certifi==2019.11.28
chardet==3.0.4
crytic-compile==0.3.6
cytoolz==0.12.3
dbus-python==1.2.16
eth-account==0.11.0
eth-hash==0.7.0
eth-keyfile==0.8.0
eth-keys==0.5.0
eth-rlp==2.1.0
eth-typing==4.0.0
eth-utils==4.0.0
eth_abi==5.0.1
frozenlist==1.4.1
hexbytes==0.3.1
idna==2.8
importlib_resources==6.4.0
jsonschema==4.21.1
jsonschema-specifications==2023.12.1
lru-dict==1.2.0
multidict==6.0.5
packaging==23.2
parsimonious==0.9.0
pkgutil_resolve_name==1.3.10
prettytable==3.10.0
protobuf==5.26.1
pycryptodome==3.20.0
PyGObject==3.36.0
python-apt==2.0.1+ubuntu0.20.4.1
pyunormalize==15.1.0
referencing==0.34.0
regex==2023.12.25
requests==2.22.0
requests-unixsocket==0.2.0
rlp==4.0.0
rpds-py==0.18.0
six==1.14.0
solc-select==1.0.4
toolz==0.12.1
typing_extensions==4.10.0
urllib3==1.25.8
wcwidth==0.2.13
web3==6.15.1
websockets==12.0
yarl==1.9.4
zipp==3.18.1

The run the pip install for slither-analyzer it works:

root@d9e2063f3c42:/app# pip install slither-analyzer
Collecting slither-analyzer
  Downloading slither_analyzer-0.10.1-py3-none-any.whl.metadata (31 kB)
Requirement already satisfied: packaging in /usr/local/lib/python3.8/dist-packages (from slither-analyzer) (23.2)
Requirement already satisfied: prettytable>=3.3.0 in /usr/local/lib/python3.8/dist-packages (from slither-analyzer) (3.10.0)
Requirement already satisfied: pycryptodome>=3.4.6 in /usr/local/lib/python3.8/dist-packages (from slither-analyzer) (3.20.0)
Requirement already satisfied: crytic-compile<0.4.0,>=0.3.6 in /usr/local/lib/python3.8/dist-packages (from slither-analyzer) (0.3.6)
Requirement already satisfied: web3>=6.0.0 in /usr/local/lib/python3.8/dist-packages (from slither-analyzer) (6.15.1)
Requirement already satisfied: eth-abi>=4.0.0 in /usr/local/lib/python3.8/dist-packages (from slither-analyzer) (5.0.1)
Requirement already satisfied: eth-typing>=3.0.0 in /usr/local/lib/python3.8/dist-packages (from slither-analyzer) (4.0.0)
Requirement already satisfied: eth-utils>=2.1.0 in /usr/local/lib/python3.8/dist-packages (from slither-analyzer) (4.0.0)
Requirement already satisfied: cbor2 in /usr/local/lib/python3.8/dist-packages (from crytic-compile<0.4.0,>=0.3.6->slither-analyzer) (5.6.2)
Requirement already satisfied: solc-select>=v1.0.4 in /usr/local/lib/python3.8/dist-packages (from crytic-compile<0.4.0,>=0.3.6->slither-analyzer) (1.0.4)
Requirement already satisfied: parsimonious<0.10.0,>=0.9.0 in /usr/local/lib/python3.8/dist-packages (from eth-abi>=4.0.0->slither-analyzer) (0.9.0)
Requirement already satisfied: eth-hash>=0.3.1 in /usr/local/lib/python3.8/dist-packages (from eth-utils>=2.1.0->slither-analyzer) (0.7.0)
Requirement already satisfied: cytoolz>=0.10.1 in /usr/local/lib/python3.8/dist-packages (from eth-utils>=2.1.0->slither-analyzer) (0.12.3)
Requirement already satisfied: wcwidth in /usr/local/lib/python3.8/dist-packages (from prettytable>=3.3.0->slither-analyzer) (0.2.13)
Requirement already satisfied: aiohttp>=3.7.4.post0 in /usr/local/lib/python3.8/dist-packages (from web3>=6.0.0->slither-analyzer) (3.9.3)
Requirement already satisfied: eth-account>=0.8.0 in /usr/local/lib/python3.8/dist-packages (from web3>=6.0.0->slither-analyzer) (0.11.0)
Requirement already satisfied: hexbytes<0.4.0,>=0.1.0 in /usr/local/lib/python3.8/dist-packages (from web3>=6.0.0->slither-analyzer) (0.3.1)
Requirement already satisfied: jsonschema>=4.0.0 in /usr/local/lib/python3.8/dist-packages (from web3>=6.0.0->slither-analyzer) (4.21.1)
Requirement already satisfied: lru-dict<1.3.0,>=1.1.6 in /usr/local/lib/python3.8/dist-packages (from web3>=6.0.0->slither-analyzer) (1.2.0)
Requirement already satisfied: protobuf>=4.21.6 in /usr/local/lib/python3.8/dist-packages (from web3>=6.0.0->slither-analyzer) (5.26.1)
Requirement already satisfied: requests>=2.16.0 in /usr/lib/python3/dist-packages (from web3>=6.0.0->slither-analyzer) (2.22.0)
Requirement already satisfied: typing-extensions>=4.0.1 in /usr/local/lib/python3.8/dist-packages (from web3>=6.0.0->slither-analyzer) (4.10.0)
Requirement already satisfied: websockets>=10.0.0 in /usr/local/lib/python3.8/dist-packages (from web3>=6.0.0->slither-analyzer) (12.0)
Requirement already satisfied: pyunormalize>=15.0.0 in /usr/local/lib/python3.8/dist-packages (from web3>=6.0.0->slither-analyzer) (15.1.0)
Requirement already satisfied: aiosignal>=1.1.2 in /usr/local/lib/python3.8/dist-packages (from aiohttp>=3.7.4.post0->web3>=6.0.0->slither-analyzer) (1.3.1)
Requirement already satisfied: attrs>=17.3.0 in /usr/local/lib/python3.8/dist-packages (from aiohttp>=3.7.4.post0->web3>=6.0.0->slither-analyzer) (23.2.0)
Requirement already satisfied: frozenlist>=1.1.1 in /usr/local/lib/python3.8/dist-packages (from aiohttp>=3.7.4.post0->web3>=6.0.0->slither-analyzer) (1.4.1)
Requirement already satisfied: multidict<7.0,>=4.5 in /usr/local/lib/python3.8/dist-packages (from aiohttp>=3.7.4.post0->web3>=6.0.0->slither-analyzer) (6.0.5)
Requirement already satisfied: yarl<2.0,>=1.0 in /usr/local/lib/python3.8/dist-packages (from aiohttp>=3.7.4.post0->web3>=6.0.0->slither-analyzer) (1.9.4)
Requirement already satisfied: async-timeout<5.0,>=4.0 in /usr/local/lib/python3.8/dist-packages (from aiohttp>=3.7.4.post0->web3>=6.0.0->slither-analyzer) (4.0.3)
Requirement already satisfied: toolz>=0.8.0 in /usr/local/lib/python3.8/dist-packages (from cytoolz>=0.10.1->eth-utils>=2.1.0->slither-analyzer) (0.12.1)
Requirement already satisfied: bitarray>=2.4.0 in /usr/local/lib/python3.8/dist-packages (from eth-account>=0.8.0->web3>=6.0.0->slither-analyzer) (2.9.2)
Requirement already satisfied: eth-keyfile>=0.6.0 in /usr/local/lib/python3.8/dist-packages (from eth-account>=0.8.0->web3>=6.0.0->slither-analyzer) (0.8.0)
Requirement already satisfied: eth-keys>=0.4.0 in /usr/local/lib/python3.8/dist-packages (from eth-account>=0.8.0->web3>=6.0.0->slither-analyzer) (0.5.0)
Requirement already satisfied: eth-rlp>=0.3.0 in /usr/local/lib/python3.8/dist-packages (from eth-account>=0.8.0->web3>=6.0.0->slither-analyzer) (2.1.0)
Requirement already satisfied: rlp>=1.0.0 in /usr/local/lib/python3.8/dist-packages (from eth-account>=0.8.0->web3>=6.0.0->slither-analyzer) (4.0.0)
Requirement already satisfied: importlib-resources>=1.4.0 in /usr/local/lib/python3.8/dist-packages (from jsonschema>=4.0.0->web3>=6.0.0->slither-analyzer) (6.4.0)
Requirement already satisfied: jsonschema-specifications>=2023.03.6 in /usr/local/lib/python3.8/dist-packages (from jsonschema>=4.0.0->web3>=6.0.0->slither-analyzer) (2023.12.1)
Requirement already satisfied: pkgutil-resolve-name>=1.3.10 in /usr/local/lib/python3.8/dist-packages (from jsonschema>=4.0.0->web3>=6.0.0->slither-analyzer) (1.3.10)
Requirement already satisfied: referencing>=0.28.4 in /usr/local/lib/python3.8/dist-packages (from jsonschema>=4.0.0->web3>=6.0.0->slither-analyzer) (0.34.0)
Requirement already satisfied: rpds-py>=0.7.1 in /usr/local/lib/python3.8/dist-packages (from jsonschema>=4.0.0->web3>=6.0.0->slither-analyzer) (0.18.0)
Requirement already satisfied: regex>=2022.3.15 in /usr/local/lib/python3.8/dist-packages (from parsimonious<0.10.0,>=0.9.0->eth-abi>=4.0.0->slither-analyzer) (2023.12.25)
INFO: pip is looking at multiple versions of eth-rlp to determine which version is compatible with other requirements. This could take a while.
Collecting eth-rlp>=0.3.0 (from eth-account>=0.8.0->web3>=6.0.0->slither-analyzer)
  Downloading eth_rlp-2.0.0-py3-none-any.whl.metadata (4.6 kB)
  Downloading eth_rlp-1.0.1-py3-none-any.whl.metadata (4.5 kB)
Requirement already satisfied: zipp>=3.1.0 in /usr/local/lib/python3.8/dist-packages (from importlib-resources>=1.4.0->jsonschema>=4.0.0->web3>=6.0.0->slither-analyzer) (3.18.1)
Requirement already satisfied: idna>=2.0 in /usr/lib/python3/dist-packages (from yarl<2.0,>=1.0->aiohttp>=3.7.4.post0->web3>=6.0.0->slither-analyzer) (2.8)
Downloading slither_analyzer-0.10.1-py3-none-any.whl (773 kB)
   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 773.5/773.5 kB 15.8 MB/s eta 0:00:00
Downloading eth_rlp-1.0.1-py3-none-any.whl (4.9 kB)
Installing collected packages: eth-rlp, slither-analyzer
  Attempting uninstall: eth-rlp
    Found existing installation: eth-rlp 2.1.0
    Uninstalling eth-rlp-2.1.0:
      Successfully uninstalled eth-rlp-2.1.0
Successfully installed eth-rlp-1.0.1 slither-analyzer-0.10.1
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
root@d9e2063f3c42:/app# slither .
WARNING:Slither:No contract was analyzed
INFO:Slither:. analyzed (0 contracts with 94 detectors), 0 result(s) found
root@d9e2063f3c42:/app# pip freeze
aiohttp==3.9.3
aiosignal==1.3.1
async-timeout==4.0.3
attrs==23.2.0
bitarray==2.9.2
cbor2==5.6.2
certifi==2019.11.28
chardet==3.0.4
crytic-compile==0.3.6
cytoolz==0.12.3
dbus-python==1.2.16
eth-account==0.11.0
eth-hash==0.7.0
eth-keyfile==0.8.0
eth-keys==0.5.0
eth-rlp==1.0.1
eth-typing==4.0.0
eth-utils==4.0.0
eth_abi==5.0.1
frozenlist==1.4.1
hexbytes==0.3.1
idna==2.8
importlib_resources==6.4.0
jsonschema==4.21.1
jsonschema-specifications==2023.12.1
lru-dict==1.2.0
multidict==6.0.5
packaging==23.2
parsimonious==0.9.0
pkgutil_resolve_name==1.3.10
prettytable==3.10.0
protobuf==5.26.1
pycryptodome==3.20.0
PyGObject==3.36.0
python-apt==2.0.1+ubuntu0.20.4.1
pyunormalize==15.1.0
referencing==0.34.0
regex==2023.12.25
requests==2.22.0
requests-unixsocket==0.2.0
rlp==4.0.0
rpds-py==0.18.0
six==1.14.0
slither-analyzer==0.10.1
solc-select==1.0.4
toolz==0.12.1
typing_extensions==4.10.0
urllib3==1.25.8
wcwidth==0.2.13
web3==6.15.1
websockets==12.0
yarl==1.9.4
zipp==3.18.1

[BramSrna]

I think this was actually an issue with my pip. Running pip3 install --upgrade pip and then doing pip install slither-analyzer works successfully. Sorry for the false alarm, I'll close this ticket.