Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pip >=19.2 cannot install packages via custom URLs with "one element" auth #6796

Closed
slafs opened this issue Jul 27, 2019 · 4 comments · Fixed by #6818
Closed

pip >=19.2 cannot install packages via custom URLs with "one element" auth #6796

slafs opened this issue Jul 27, 2019 · 4 comments · Fixed by #6818
Labels
auto-locked Outdated issues that have been locked by automation type: bug A confirmed bug or unintended behavior

Comments

@slafs
Copy link

slafs commented Jul 27, 2019

Environment

  • pip version: >= 19.2
  • Python version: 2.7.10 and 3.7.2
  • OS: macOS Mojave

Description

When trying to install a package from a custom URL that requires authentication (e.g. from GitHub private repo releases), pip doesn't properly handle parsing of "one element" auth info e.g. GitHub access tokens (i.e. without : like the usual user:password auth info).

Expected behavior

I want to be able to install my package from a private GitHub repo with an Auth Token like this:

pip install https://[email protected]/myorganization/myprivaterepo/archive/myrelease.zip#egg=mypackage

this works fine with pip==19.1.1

How to Reproduce

  1. Create a private repo on GitHub with one release (can be empty).
  2. Create an access token at https://github.com/settings/tokens/new for private repos
  3. Try to install that release package (.zip) using the created token with pip>=19.2 like in the section above.

The output should mention a successful download of the package and a "setup.py not found" error message (if the release was empty).

Workaround

As a workaround one can put : before or after the access token so the URL looks like:

https://:[email protected]/...

Output
Instead of installing the package, pip fails with "ERROR: HTTP error 404 while getting https://...".

I've created an empty private repo, with an empty release to test that. The output for pip install -vvv ... can be found here:

The issue/difference can be observed around Starting new HTTPS connection (1): github.com:443.

Cause
I've run a git bisect session for this issue and it pointed to this commit c63ee61

This issue was also discussed at #6775 (see #6775 (comment) and #6775 (comment)).

@triage-new-issues triage-new-issues bot added the S: needs triage Issues/PRs that need to be triaged label Jul 27, 2019
@chrahunt chrahunt added the type: bug A confirmed bug or unintended behavior label Jul 27, 2019
@triage-new-issues triage-new-issues bot removed the S: needs triage Issues/PRs that need to be triaged label Jul 27, 2019
@haizaar
Copy link

haizaar commented Jul 29, 2019

Another bummer with this bug is that pipenv automatically uses the latest pip when instantiating new venv, hence people keep bumping into this.

@pradyunsg
Copy link
Member

@slafs Does this occur with #6795?

@slafs
Copy link
Author

slafs commented Jul 29, 2019

Nope. Looks like #6795 fixes the problem 👍

@pradyunsg
Copy link
Member

Released pip 19.2.2 containing a fix for this issue. :)

@pradyunsg pradyunsg unpinned this issue Aug 11, 2019
@lock lock bot added the auto-locked Outdated issues that have been locked by automation label Sep 10, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Sep 10, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
auto-locked Outdated issues that have been locked by automation type: bug A confirmed bug or unintended behavior
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants