You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I searched open reports and couldn't find a duplicate
What happened?
Hi folks!
First of all thanks for the amazing tool!
At work we are using private channels with an embeded token via an environment variable.
When we create the lock file the first time, it correctly embeds the token environment variable in each package URL. However, when we call --update, it strips the authentication token from all URLs.
Is this a bug or are we using conda-lock incorrectly?
Note the url: https://eden.esss.co/conda-channel/mirror-conda-forge/noarch/boltons-23.0.0-pyhd8ed1ab_0.tar.bz2 line: the environment variable has been stripped, and the extension changed from .conda to .tar.bz2.
Conda Info
mamba version : 1.4.4
active environment : None
shell level : 0
user config file : C:\Users\bruno\.condarc
populated config files : w:\mambaforge\.condarc
W:\Mamba\.condarc
conda version : 23.5.0
conda-build version : 3.25.0
python version : 3.10.10.final.0
virtual packages : __archspec=1=x86_64
__cuda=11.7=0
__win=0=0
base environment : w:\mambaforge (writable)
conda av data dir : w:\mambaforge\etc\conda
conda av metadata url : None
channel URLs : https://{REDACTED_URL}/mamba-esss/win-64
https://{REDACTED_URL}/mamba-esss/noarch
https://{REDACTED_URL}/mirror-conda-forge/win-64
https://{REDACTED_URL}/mirror-conda-forge/noarch
https://{REDACTED_URL}/mirror-main/win-64
https://{REDACTED_URL}/mirror-main/noarch
package cache : W:\Miniconda\pkgs
W:\Mamba\pkgs
envs directories : W:\Mamba\envs
w:\mambaforge\envs
C:\Users\bruno\.conda\envs
C:\Users\bruno\AppData\Local\conda\conda\envs
platform : win-64
user-agent : conda/23.5.0 requests/2.28.2 CPython/3.10.10 Windows/10 Windows/10.0.22000
administrator : False
netrc file : None
offline mode : False
Noticed that it is also changing the file extensions in the url field from .conda to .tar.bz2, which renders the lock file unusable. I've updated the title and description accordingly. 👍
Checklist
What happened?
Hi folks!
First of all thanks for the amazing tool!
At work we are using private channels with an embeded token via an environment variable.
When we create the lock file the first time, it correctly embeds the token environment variable in each package URL. However, when we call
--update
, it strips the authentication token from all URLs.Is this a bug or are we using
conda-lock
incorrectly?Reproducer:
$ mamba lock
This generates the
conda-lock.yml
file correctly, with each URL containing the environment variable embeded:Note the
url: https://$ESSS_CONDA_CHANNEL_TOKEN@eden.esss.co/conda-channel/mirror-conda-forge/noarch/boltons-23.0.0-pyhd8ed1ab_0.conda
line.However when we execute:
$ mamba lock --update boltons
All the
$ESSS_CONDA_CHANNEL_TOKEN
strings are stripped from the individual package urls:Note the
url: https://eden.esss.co/conda-channel/mirror-conda-forge/noarch/boltons-23.0.0-pyhd8ed1ab_0.tar.bz2
line: the environment variable has been stripped, and the extension changed from.conda
to.tar.bz2
.Conda Info
Conda Config
Conda list
Additional Context
No response
The text was updated successfully, but these errors were encountered: