Download a package from a private repository with bad certificate

[frague59]

Hi,

I'm using a requirements.txt file, with some packages from a private repository. This repo is based on a private gitlab, with a self-signed certificate (Cannot use a right one, for some infrastructure reasons...)

I can install my packages from this repo using pip install -r ... but not using uv pip install -r ....

My requirements.txt:

mypackage @ git+https://gitlab.example.com/<my_user>/mypackage@main#egg=<my_egg>

With pip:

$ pip install -r requirements.txt
Collecting mypackage@ git+https://gitlab.ville.tg/<my user>/mypackage@main#egg=mypackage (from -r ../requirements/common.txt (line 24))
  Cloning https://gitlab.ville.tg/<my user>/mypackage  (to revision main) to /tmp/pip-install-0wbxgsrj/mypackage_3369986277e8440d861fb9f680c74595
  Running command git clone --filter=blob:none --quiet https://gitlab.ville.tg/<my user>/mypackage /tmp/pip-install-0wbxgsrj/mypackage_3369986277e8440d861fb9f680c74595
  avertissement : redirection vers https://gitlab.ville.tg/<my user>/django-notifications.git/
  Resolved https://gitlab.ville.tg/<my user>/mypackage to commit b13c3a56f54f0cf35a60df4281995ca1fc75d67f
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... done
...

Witih uv pip

$ uv pip install -r requirements.txt
Updating https://gitlab.ville.tg/fguerin/mypackage (main)                                                                                                                                                               error: Failed to download and build: mypackage @ git+https://gitlab.ville.tg/<my user>/mypackage@main#egg=mypackage
  Caused by: Git operation failed
  Caused by: failed to fetch into: /home/<my user>/.cache/uv/git-v0/db/c13f4940a991ecb3
  Caused by: failed to connect to the repository
  Caused by: the SSL certificate is invalid; class=Ssl (16); code=Certificate (-17)

Thanks for your help !

[zanieb]

Hi! Thanks for the clear issue.

Is this a duplicate of #1339? Can you add the certificate to your system trust store per #1512?

[frague59]

Thanks for your quick answer !

I do not use the --trusted-host parameter while using pip install, but I've my credentials installed in the /home/<my user>/.pypirc.

Look's like I already have this cert in my "system trust store" (not sure of what I've to put on it...)

[zanieb]

Are you using the latest version of uv?

Note we don't support reading from the .pypirc file.

[frague59]

Yes, I do.

Fresh install using pipx -- 0.1.5

[zanieb]

Thanks I'll look into this!

[dmatos2012]

What is the recommended uv way of handling this instead? Running into same issue. Yes, I could pass --extra-index-url but I have multiple packages thus it would become unfeasible. My ~/.pypirc has th following:

[distutils]
index-servers = 
    proj1
    proj2

[proj1]
repository = https://gitlab.com/api/v4/projects/<GITLAB_PROJECT_ID>/packages/pypi
username = un
password = pw

[proj2]
repository = https://gitlab.com/api/v4/projects/<GITLAB_PROJECT_ID>/packages/pypi
username = un
password = pw

[proj..n]
.....

Thus running pip install -r requirements.txt looks in all these private indexes, but uv pip install -r requirements.txt fails with:
error: HTTP status client error (401 Unauthorized) for https://gitlab.com/api/v4/projects/<GITLAB_PROJECT_ID>/packages/pypi

[sephib]

Hi,
guessing this is the same issue
just giving another aspect
working via a private repo on GCP
the authentication is done via

keyring==24.3.0
keyrings-google-artifactregistry-auth==1.1.2

when running

python -m pip install \
		--index-url https://my-region-python.pkg.dev/my-gcp-prj/python-repo/simple/ \
		--extra-index-url https://pypi.python.org/simple/ \
		--upgrade \
		-r requirements-private.txt

successfully installed
But when running

uv pip install --index-url https://my-region-python.pkg.dev/my-gcp-prj/python-repo/simple/   \      
                      --extra-index-url https://pypi.python.org/simple/   \
                      --upgrade  \
                      -r requirements-private.txt

getting the following error:

error: HTTP status client error (401 Unauthorized) for url (https://my-region-python.pkg.dev/my-gcp-prj/python-repo/simple/my-package/)

I also had an issue with the --pre flag
if my requirements-private.txt has the --pre flag, e.g.

my-package --pre

i get the following error

error: Expected '--hash', found '"--pre"' in requirements-private.txt at position NN

[zanieb]

Hi! We don't have keyring support yet. You can track that at #1520

We also do not support specifying --pre in requirements files. You can specify my-package >=0.0.0dev0 if you want to enable prereleases for a single package or --pre on the command line to enable them globally. Please open a new issue if you want to discuss that further.

[konstin]

These should now be supported through SSL_CERT_FILE and --keyring-provider/UV_KEYRING_PROVIDER.