lock file uses incompatible version

[naweiss]

• I have searched the issue tracker and believe that this is not a duplicate.

Steps to reproduce

Create the following pyproject.toml:

[tool.pdm]
[[tool.pdm.source]]
name = "pypi"
url = "http://localhost:8080/simple"  # in practise the url is for private repo on another computer
verify_ssl = false

[project]
dependencies = [
    "multidict"
]
requires-python = ">=3.7"

The private repo contains the following versions of multidict (copied from pypi.org):

• multidict-4.7.6-cp37-cp37m-manylinux1_x86_64.whl
• multidict-4.7.6-cp38-cp38-manylinux1_x86_64.whl
• multidict-4.7.6.tar.gz
• multidict-5.0.0-cp38-cp38-macosx_10_14_x86_64.whl

plus some older irrelevant versions.
Note: You can use the package pypiserver to create a local server for reproducing the issue: pypi-server run --disable-fallback -p 8080 <path_to_dir_with_the_packages>/

Run pdm lock, the lock file would something look like:

[[package]]
[[package]]
name = "multidict"
version = "5.0.0"
requires_python = ">=3.5"
...
[metadata.files]
"multidict 5.0.0" = [
    {url = "http://localhost:8080/packages/multidict-5.0.0-cp38-cp38-macosx_10_14_x86_64.whl", hash = "sha256:4ef76ce695da72e176f6a51867afb3bf300ce16ba2597824caaef625af5906a9"},
]
...

Run pdm sync -vv.

Actual behavior

Obviously when running pdm sync -vv the sync fails with the following error:

unearth.evaluator: Skipping link <Link http://localhost:8080/packages/multidict-5.0.0-cp38-cp38-macosx_10_14_x86_64.whl (from None)>: none of the wheel tags(cp38-cp38-macosx_10_14_x86_64) are compatible
  X Install multidict 5.0.0 failed

Expected behavior

The lock file should look something like:

[metadata.files]
"multidict 4.7.6" = [
    {url = "http://localhost:8080/packages/multidict-4.7.6-cp37-cp37m-manylinux1_x86_64.whl", hash = "sha256:fcfbb44c59af3f8ea984de67ec7c306f618a3ec771c2843804069917a8f2e255"},
    {url = "http://localhost:8080/packages/multidict-4.7.6-cp38-cp38-manylinux1_x86_64.whl", hash = "sha256:51a4d210404ac61d32dada00a50ea7ba412e6ea945bbe992e4d7a595276d2ec7"},
    {url = "http://localhost:8080/packages/multidict-4.7.6.tar.gz", hash = "sha256:fbb77a75e529021e7c4a8d4e823d88ef4d23674a202be4f5addffc72cbb91430"},
]

So the package will be installable for python ">=3.7" as required

Environment Information

PDM version:
  2.5.3
Python Interpreter:
  /home/user/.local/share/pdm/venvs/playground-zGNw9Emh-3.7/bin/python (3.7)
Project Root:
  /home/user/playground
Local Packages:

{
  "implementation_name": "cpython",
  "implementation_version": "3.7.16",
  "os_name": "posix",
  "platform_machine": "x86_64",
  "platform_release": "4.4.0-22621-Microsoft",
  "platform_system": "Linux",
  "platform_version": "#1105-Microsoft Fri Jan 01 08:00:00 PST 2016",
  "python_full_version": "3.7.16",
  "platform_python_implementation": "CPython",
  "python_version": "3.7",
  "sys_platform": "linux"
}

[frostming]

It's rather abnormal to have incomplete releases like that. PDM assumes every release has all the required wheels and at least a sdist to fallback to. So it performs the resolution without regarding the current platform and produces a cross-platform lockfile.

In the next version this can be resolved by generating a non-cross-platform lockfile with an option.

[frostming]

This could be resolved by #2995