Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pip install doesn't carry-on index-url certificate - failing build dependencies installation #8999

Closed
awaizman1 opened this issue Oct 15, 2020 · 8 comments
Closed

pip install doesn't carry-on index-url certificate - failing build dependencies installation #8999

awaizman1 opened this issue Oct 15, 2020 · 8 comments
Labels
C: network connectivity C: PEP 517 impact Affected by PEP 517 processing resolution: duplicate Duplicate of an existing issue/PR

Comments

@awaizman1
Copy link

Environment

  • pip version: 20.2.3
  • Python version: 3.6.8
  • OS: Windows 10

Description

I'm using pip to install a package (iniconfig==1.1.0) from an internal secured repository, thus providing a certificate via command line args (--cert=...).
The package is distributed as a source dist (not a wheel) and pip tries first to install the package build dependencies (Installing build dependencies ...).
when it tries doing so, pip invokes a nested pip install command, carrying on the index-url but not the certificate, thus the installation fails.
Note how in the sub pip install command the index is carried on but the certificate is not:

ERROR: Command errored out with exit status 1:
   command: 'bug_venv\Scripts\python.exe' 'bug_venv\lib\site-packages\pip' install --ignore-installed --no-user --prefix 'C:\Users\AWAIZM~1\AppData\Local\Temp\pip-build-env-cmo7_f0v\overlay' --no-warn-script-location --no-binary :none: --only-binary :none: -i https://il-app-61/repository/pypi_group/simple -- 'setuptools>=41.2.0' wheel 'setuptools_scm>3'

Expected behavior

certificate argument should be carried on to sub pip install commands

How to Reproduce

  1. create a new venv with pip 20.2.3, setuptools 50.3.1 and wheel 0.35.1
python -m venv bug_venv
bug_venv\Scripts\python.exe -m pip install pip==20.2.3
bug_venv\Scripts\python.exe -m pip install -U setuptools==50.3.1 wheel==0.35.1
  1. run pip install command with internal repo and certificate
bug_venv\Scripts\python.exe -m pip install --cert=<certificate file> --index-url=<https repo url> iniconfig==1.1.0
  1. install should fail with "certificate verify failed"

Output

bug_venv\Scripts\python -m pip install --cert=F:\views\g\qprism\QBuildSystemCore\python\build_infra\src\amat_build_system\resources\amat.pem.cer --index-url=https://il-app-61/repository/pypi_group/simple iniconfig==1.1.0
Looking in indexes: https://il-app-61/repository/pypi_group/simple
Collecting iniconfig==1.1.0
  Downloading https://il-app-61/repository/pypi_group/packages/iniconfig/1.1.0/iniconfig-1.1.0.tar.gz (8.1 kB)
  Installing build dependencies ... error
  ERROR: Command errored out with exit status 1:
   command: 'bug_venv\Scripts\python.exe' 'bug_venv\lib\site-packages\pip' install --ignore-installed --no-user --prefix 'C:\Users\AWAIZM~1\AppData\Local\Temp\pip-build-env-cmo7_f0v\overlay' --no-warn-script-location --no-binary :none: --only-binary :none: -i https://il-app-61/repository/pypi_group/simple -- 'setuptools>=41.2.0' wheel 'setuptools_scm>3'
       cwd: None
  Complete output (10 lines):
  Looking in indexes: https://il-app-61/repository/pypi_group/simple
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),)': /repository/pypi_group/simple/setuptools/
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),)': /repository/pypi_group/simple/setuptools/
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),)': /repository/pypi_group/simple/setuptools/
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),)': /repository/pypi_group/simple/setuptools/
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),)': /repository/pypi_group/simple/setuptools/
  Could not fetch URL https://il-app-61/repository/pypi_group/simple/setuptools/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='il-app-61', port=443): Max retries exceeded with url: /repository/pypi_group/simple/setuptools/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),)) - skipping
  ERROR: Could not find a version that satisfies the requirement setuptools>=41.2.0 (from versions: none)
  ERROR: No matching distribution found for setuptools>=41.2.0
  Could not fetch URL https://il-app-61/repository/pypi_group/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='il-app-61', port=443): Max retries exceeded with url: /repository/pypi_group/simple/pip/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),)) - skipping
  ----------------------------------------
ERROR: Command errored out with exit status 1: 'bug_venv\Scripts\python.exe' 'bug_venv\lib\site-packages\pip' install --ignore-installed --no-user --prefix 'C:\Users\AWAIZM~1\AppData\Local\Temp\pip-build-env-cmo7_f0v\overlay' --no-warn-script-location --no-binary :none: --only-binary :none: -i https://il-app-61/repository/pypi_group/simple -- 'setuptools>=41.2.0' wheel 'setuptools_scm>3' Check the logs for full command output.
@awaizman1 awaizman1 mentioned this issue Oct 15, 2020
Closed
@pradyunsg
Copy link
Member

Is this related to pypi/warehouse#8706?

@pradyunsg pradyunsg added C: network connectivity S: awaiting response Waiting for a response/more information labels Oct 16, 2020
@awaizman1
Copy link
Author

@pradyunsg it is not related to 8706 issue

@no-response no-response bot removed the S: awaiting response Waiting for a response/more information label Oct 16, 2020
@pfmoore
Copy link
Member

pfmoore commented Oct 16, 2020

This sounds more like some pip options not being carried over to the isolated build environment.

@awaizman1
Copy link
Author

Hi @pradyunsg

This issue happens because only parts of repo-related arguments are carry over to pip subprocess during the creation of build environment.
when a user passes an index-url with a certificate both should be used by any subcall to pip.
Currently only the index-url is carry over but not he cert so it doomed to fail.

I guess the network connectivity tag is misleading here

thanks.

@pfmoore pfmoore added C: PEP 517 impact Affected by PEP 517 processing and removed C: network connectivity labels Oct 22, 2020
@pfmoore
Copy link
Member

pfmoore commented Oct 22, 2020

I guess the network connectivity tag is misleading here

Agreed. I've changed it to "PEP 517 impact" which isn't entirely accurate, I thought we had a "Build isolation" tag, but either I'm misremembering or it's been removed. PEP 517 isn't specifically build isolation, but it's the closest I could find.

@xavfernandez xavfernandez mentioned this issue Oct 31, 2020
Open
@awaizman1
Copy link
Author

Hi @pfmoore @pradyunsg ,

Kindly would like to know if there is some fix planned for this or some workaround I can use.

Thanks

@awaizman1 awaizman1 mentioned this issue Apr 26, 2021
Closed
@pfmoore
Copy link
Member

pfmoore commented Apr 26, 2021

No fix currently planned/available, I'm afraid. As usual PRs would be welcome (but it's not a simple fix!)

As a workaround, you could disable build isolation and manage the build environment manually.

@martinezlc99 martinezlc99 mentioned this issue Nov 11, 2024
Open
@ichard26 ichard26 added C: network connectivity resolution: duplicate Duplicate of an existing issue/PR labels Dec 22, 2024
@ichard26
Copy link
Member

This is a duplicate of #5502 which was fixed by #13063.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: network connectivity C: PEP 517 impact Affected by PEP 517 processing resolution: duplicate Duplicate of an existing issue/PR
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pfmoore @pradyunsg @awaizman1 @ichard26