Permalink
Browse files

pip >= 1.5 needs --allow-all-external

Starting from version 1.5, pip stopped downloading packages hosted in an
external site, even if there's a checksum in PyPI that we can check the
resulting package against. This breaks when downloading argparse==1.2.1 with
Python 2.6.

Here we allow all external downloads. It shouldn't be a security issue, as
we're still checking the package's hash against PyPI.

For more info, check
http://stackoverflow.com/questions/21021326/security-considerations-of-pip-allow-external
  • Loading branch information...
1 parent d3e744e commit a5402f880678e51e266be40d7ea7f7f80ec492c6 @vitorbaptista vitorbaptista committed Feb 13, 2014
Showing with 2 additions and 2 deletions.
  1. +2 −2 bin/travis-install-dependencies
@@ -31,8 +31,8 @@ sudo -u postgres psql -c 'CREATE DATABASE ckan_test WITH OWNER ckan_default;'
sudo -u postgres psql -c 'CREATE DATABASE datastore_test WITH OWNER ckan_default;'
export PIP_USE_MIRRORS=true
-pip install -r requirements.txt
-pip install -r dev-requirements.txt
+pip install -r requirements.txt --allow-all-external
+pip install -r dev-requirements.txt --allow-all-external
python setup.py develop

0 comments on commit a5402f8

Please sign in to comment.