Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git username replaced with **** redaction in lockfile for git+ssh direct references #1918

Closed
dquig opened this issue Sep 26, 2022 · 3 comments · Fixed by #1923
Closed

git username replaced with **** redaction in lockfile for git+ssh direct references #1918

dquig opened this issue Sep 26, 2022 · 3 comments · Fixed by #1923
Assignees
@jsirois
Labels
bug resolver

Comments

@dquig
Copy link

dquig commented Sep 26, 2022

To reproduce:

python -m pex.cli lock create \
 "ansicolors@ git+ssh://[email protected]/jonathaneunice/colors.git@c965f5b9103c5bd32a1572adb8024ebe83278fb0" \
  | jq .
{
  "allow_builds": true,
  "allow_prereleases": false,
  "allow_wheels": true,
  "build_isolation": true,
  "constraints": [],
  "locked_resolves": [
    {
      "locked_requirements": [
        {
          "artifacts": [
            {
              "algorithm": "sha256",
              "hash": "feca938276d1a7ed8c4c1a7a443e8c00d927fe4b70d9081e4f560fd8e02e8119",
              "url": "git+ssh://****@github.com/jonathaneunice/colors.git@c965f5b9103c5bd32a1572adb8024ebe83278fb0"
            }
          ],
          "project_name": "ansicolors",
          "requires_dists": [],
          "requires_python": null,
          "version": "1.1.8"
        }
      ],
      "platform_tag": [
        "cp27",
        "cp27mu",
        "manylinux_2_31_x86_64"
      ]
    }
  ],
  "path_mappings": {},
  "pex_version": "2.1.105",
  "pip_version": "20.3.4-patched",
  "prefer_older_binary": false,
  "requirements": [
    "ansicolors"
  ],
  "requires_python": [],
  "resolver_version": "pip-legacy-resolver",
  "style": "strict",
  "target_systems": [],
  "transitive": true,
  "use_pep517": null
}
@dquig dquig changed the title git username replaced with **** redaction in lockfile for private git repo direct references git username replaced with **** redaction in lockfile for git+ssh direct references Sep 26, 2022
@benjyw
Copy link
Collaborator

benjyw commented Sep 26, 2022

Relevant bit where pip redacts this: https://github.com/pypa/pip/blob/main/src/pip/_internal/utils/misc.py#L456

@engnatha
Copy link

engnatha commented Sep 28, 2022
edited
Loading

I filed pantsbuild/pants#15410 a while ago, but this is the same issue for me. It's blocking me cloning a repo in my CI but oddly works locally fine.

pip-tools, which we are currently using, does not do this behavior.

@jsirois jsirois mentioned this issue Sep 29, 2022
Closed
1 task
jsirois added a commit to jsirois/pex that referenced this issue Sep 30, 2022
@jsirois
Fix locks for git+ssh with credentials.
dadd1b0 
Previously redacted credentials from the Pip download log were embedded in
locked artifact URLs rendering the lock unusable. Now credentials are fixed
up before the lock file is written.

Fixes pex-tool#1918
@jsirois jsirois mentioned this issue Sep 30, 2022
Merged
jsirois added a commit that referenced this issue Oct 1, 2022
@jsirois
Fix locks for git+ssh with credentials. (#1923)
9491a45 
Previously redacted credentials from the Pip download log were embedded in
locked artifact URLs rendering the lock unusable. Now credentials are fixed
up before the lock file is written.

Fixes #1918
@jsirois
Copy link
Member

jsirois commented Oct 1, 2022

Alright @dquig and @engnatha the fix for this is released in Pex 2.1.107 and Pants 2.15.0.dev3 should have that fix with the PR here: pantsbuild/pants#17081

If either of you don't have a workaround (it seems like you do @engnatha) and need the upgrade to Pex 2.1.107 cherry-picked back to Pants 2.14 or 2.13 let me know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jsirois jsirois

Labels
bug resolver
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix locks for git+ssh with credentials. jsirois/pex
4 participants
@jsirois @benjyw @dquig @engnatha