Document how to disable keyring for users who might want to #6773
Comments
pradyunsg
added
type: docs
|
+1, although I'd prefer it if we documented "how to disable keyring" rather than linking to an ongoing discussion. Let's wait for the discussion to complete and document the conclusions it comes to. |
|
I prefer that too, though I think we can follow up with prose describing the final conclusions later -- it needs someone to convert the discussion there to prose. Until then, linking to the issue is better than doing nothing. :) |
|
Hi, Can i take this up ? |
|
@SharatChandar Sure! We'd probably start by adding the above text to the user guide (the relevant file is in docs/html). I'll leave it to your judgment to determine where in the file/document, to add this section. Feel free to mention me if you need any help. :) |
|
@pradyunsg I have a query. Should i document the entire twine discussion or provide a link to the discussion like twine ? Also check this jaraco/keyring#340 and let me know if i should include these. |
|
Documenting the ways to disable would be ideal. Providing a link to the discussion would work too, but someone would have to come and change that into a discussion later. If you're willing to write a discussion, that'd be great! The keyring PR seems like a great approach to disable keyring. We should definitely document that. |
|
Keyring in certain cases can prevent the installing of certain packages and modules due to authentication errors. In such cases disabling the keyring is recommended.Keyring can be manually uninstalled but doing so may invalidate other packages that depends on Keyring. How to disable the keyring Method 2 : @pradyunsg Should i include some other methods too or will this do ? |
|
@SharatChandar You should probably consider cross-platform here. I'm not aware of a keyring "daemon" on Windows (or a service, which would be the equivalent there), so your "Method 2" would make no sense to a Windows user. |
|
@pfmoore Oh Sorry am new to this. I ll keep a cross platform approach going forward. |
|
No problem, no-one can think of all this stuff, that's why it's worth asking for feedback the way you did :-) |
|
@SharatChandar I think we should suggest to users to set environment variable We don't want users disabling the OS keyring password, since that is less secure. |
|
To see more about why I suggest that, see the documentation in the commit that closed jaraco/keyring#340 -- jaraco/keyring@5a887c1. |
|
Python keyring by default is set to null. keyring can be disabled via command line using '--disable'. Environments may disable keyring by setting PYTHON_KEYRING_BACKEND to keyring.backends.null.Keyring in the config file. @pradyunsg these are the methods provided by jaraco to disable keyring. Will it be sufficient to document these ? |
|
Yep yep. Also, I prefer that you don't address me as "bro". |
|
@pradyunsg Sorry, Didn't mean to offend you. I ll address you formally. |
Added documentation about how to disable keyring. Refered pypa/twine#338 for it.
Added documentation about how to disable keyring. Refered pypa/twine#338 for it.
Added NEWS entry for the issue pypa#6773. Added documentation on how to disable keyring.
brainwane
removed
the
good first issue
|
@jaraco Would it be possible to add a section about "how to disable keyring" to keyring's documentation? (see #8019 (comment) for context) Or is it documented somewhere and I can't find it? |
|
i think instead of adding a documentation for workaround, would be better to make a proper fix, which will make pip calling keyring only if it's needed, not on every |
|
Readme now has a section on disabling. |
Since now there is a separate section in keyring docs we can refer back to, where should the link go? I was thinking somewhere in https://pip.pypa.io/en/latest/user_guide/#basic-authentication-credentials might be a good idea. (Since I think that keyring provides you another way to authenticate to pypi) If that is the case, I can go ahead and create a documentation PR which will add the above link to our docs |
…21.2.1
Jason R. Coombs (16):
Suppress warnings in pytest-flake8, pytest-black, and pytest-checkdocs.
Prefer pytest-black to pytest-black-multipy
Test against Windows and Mac
Define a default pool_vm_image
Remove tox-venv and tox-pip-version. Tox-venv is discouraged (tox-dev/tox-venv#48 (comment)) and tox-pip-version was only there to support tox-venv. venv is dead; long live virtualenv.
Add section on disabling keyring. Ref pypa/pip#6773
Replace use of pkg_resources in test_packaging.
Add test capturing expectation that keyring should load degenerately if no metadata is present. Ref #426.
Allow keyring to be imported in environments missing the metadata. Restores expectation lost in 19.3.0. Fixes #426. Alternative to #422.
Update changelog. Ref #426.
Add test capturing expectation that it should be possible to limit to recommended backends. Ref #423.
Ensure ChainerBackend is excluded early to avoid recursion errors when evaluating limits on backends. Fixes #423.
Update changelog. Ref #423.
Rename tests to aid pytest with discovery.
xfail the tests. Ref #436.
Add test to trigger the undesirable behavior. Ref #355.
|
Wait... IMHO No solution proposed here is likeable ! in my case 👍
Why is not pip asking for the keyring only when required ? (i.e. when using a private repo, for what this feature has been introduced)... And providing a way to bypass the keyring ? ...This feature will just waste 20 minute or so to many developper either not using keyrings or not understanding why pip behaviour changed... |
@pradyunsg this is no solution, this will naturally lead users to set that var in their profiles, bashrc, etc. BUT this is affecting behavior of keyring package, not pip. It's sound to assume that people want to continue using their other python apps depending on keyring. So, really, don't defer this to keyring's conf. and come up with a way to configure pip. |
It'd probably be useful to add something like the following to our documentation. Borrowing from twine:
The text was updated successfully, but these errors were encountered: