ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not: cffi>=1.1 from https://.....

created at 10-08-2021 views: 129


  • Python 3.9
  • pip 21.2.3
  • poetry 1.1.8

Execute the command, export requirements.txt

poetry export  -f requirements.txt --output requirements.txt     

View requirements.txt


Each library has a hash encrypted field

Execute the pip install command

pip3 install --no-cache-dir --upgrade  -r requirements.txt  

Reported an error

#8 28.40 Collecting websockets==10.0
#8 28.51   Downloading websockets-10.0-cp39-cp39-manylinux2010_x86_64.whl (107 kB)
#8 29.38 Collecting cffi>=1.1
#8 29.38 ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
#8 29.38     cffi>=1.1 from (from bcrypt==3.2.0->-r /code/requirements.txt (line 19))
executor failed running [/bin/sh -c pip install --no-cache-dir --upgrade -r /code/requirements.txt]: exit code: 1

Troubleshooting ideas

  • Uninstall the cffi library and reinstall it, it won’t work
  • Regenerate the requirements.txt file and install it again, it won’t work
  • No, I searched on google and found similar issues. It seems to be a known issue, and the official poetry has not fixed it yet, so only circumvention methods are provided.


Pass this flag in the poetry export command --without-hashes

poetry export --without-hashes -f requirements.txt --output requirements.txt

I’m using this method. I have practiced it and it’s ok. It’s suitable for friends who use poetry.

I haven’t tried the latter scenes

scene 1

Stop using the pip --contstraints flag to pass packets with a fixed hash

Scene 2

If you use pip directly, fix it to a version before 20.3

python -m pip install --upgrade pip==20.2.4

Scene 3

If you are using other virtualenv that depends on pip, make sure to fix its version

python -m pip install --upgrade virtualenv==20.0.26

Or use the environment variable VIRTUALENV_PIP=20.2.4

created at:10-08-2021
edited at: 10-08-2021: