Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pex should trust any host passed via --index or --find-links. #812

Closed
jsirois opened this issue Nov 25, 2019 · 1 comment · Fixed by #813
Closed

Pex should trust any host passed via --index or --find-links. #812

jsirois opened this issue Nov 25, 2019 · 1 comment · Fixed by #813
Assignees
@jsirois
Labels
bug resolver

Comments

@jsirois
Copy link
Member

jsirois commented Nov 25, 2019

The underlying pip calls don't assume this and error out, e.g.:

E   	WARNING: The repository located at www.antlr3.org is not a trusted or secure host and is being ignored. If this repository is available via HTTPS we recommend you use HTTPS instead, otherwise you may silence this warning and allow it anyway with '--trusted-host www.antlr3.org'.
E   	ERROR: Could not find a version that satisfies the requirement antlr_python_runtime==3.1.3 (from versions: none)
E   	ERROR: No matching distribution found for antlr_python_runtime==3.1.3
...
E   	Exception caught: (pex.resolver.Unsatisfiable)
...
E   	  File "/b/f/w/pants/backend/python/subsystems/pex_build_util.py", line 278, in _resolve_multi
E   	    allow_prereleases=python_setup.resolver_allow_prereleases)
E   	  File "/b/f/w/pex_root/install/pex-2.0.2-py2.py3-none-any.whl.b89b057c31d08e6bebdb4531720b75237c56588e/pex-2.0.2-py2.py3-none-any.whl/pex/resolver.py", line 195, in resolve
E   	    raise Unsatisfiable(str(e))
E   	
E   	Exception message: Executing /usr/bin/python2.7 -s -m pip --disable-pip-version-check --isolated -q --cache-dir /home/nobody/.cache/pants/python_cache/requirements/CPython-2.7.12 download --dest /tmp/tmpj2dt894x/resolved --index-url https://pypi.org/simple/ --find-links http://www.antlr3.org/download/Python/ antlr_python_runtime==3.1.3 failed with 1
@jsirois
Copy link
Member Author

jsirois commented Nov 25, 2019

Related to #803 in that --trusted-host is a pip network option, but I can't see a reason to expose this directly vs assume it from indexes / find_links.

@jsirois jsirois self-assigned this Nov 25, 2019
jsirois added a commit to jsirois/pex that referenced this issue Nov 26, 2019
@jsirois
Implicitly trust explicitly requested repos.
446990b 
Previously we did not do this and could thus confusingly fail resolves
against explicitly requested insecure repos.

Fixes pex-tool#812
@jsirois jsirois mentioned this issue Nov 26, 2019
Merged
jsirois added a commit that referenced this issue Nov 26, 2019
@jsirois
Implicitly trust explicitly requested repos. (#813)
a641fd7 
Previously we did not do this and could thus confusingly fail resolves
against explicitly requested insecure repos.

Fixes #812
This was referenced Nov 26, 2019
Merged
Closed
@a-teammate a-teammate mentioned this issue Nov 29, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jsirois jsirois

Labels
bug resolver
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implicitly trust explicitly requested repos. jsirois/pex
1 participant
@jsirois