pip install throws an error when empty Content-Type is returned by official pypi index #11958
Closed
1 task done
Labels
resolution: duplicate
Duplicate of an existing issue/PR
Description
For the
pip install
command I'm running, I have 2 PYPI repo indexes set up - as a main index, private mirror where all dependencies are downloaded from, and as an extra index - pypi.org in case of missing dependency / private mirror being down.My build process consists of several builders running behind a company's VPN. Each builder might run concurrently several builds. Each build runs concurrently 10+ pip install (1 pip install for every venv that is created concurrently). Most dependencies that have their version locked are used from cache on the builder, so they are not redownloaded every time.
I have made sure that all dependencies used by me are available on my private index.
This issue seems to occur only for deps used for testing, where I do not have the lockfile generated for them. My assumption is that pip install tries to resolve the newest version for all subdependencies of my testing dependencies, because they are not locked. To find the newest version, it checks for available version in both indexes, because one of them might actually contain a newer version. I believe pypi.org (that is my extra index) is rate-limiting me in this case and empty Content-Type is received in the response sporadically, which causes it to crash, even though (main) private index gave it a valid version list for the said dependency. So basically:
These errors were much more prominent when private index was not available in my build process yet, which further solidifies my speculation. They seem to be much more rare now that only some dev dependencies are checked in official pypi.org index. Rerunning the build pretty much always fixes the previous error. Even though it says "skipping page" I believe for some reason it does not skip it, or known versions from other indexes are not accounted for in this case.
I believe in this case, if main index returned proper list of dependency versions and the response received from the extra index is not valid, a warning should have been displayed that extra-index is not accounted for in this case. I suppose that "Warning: skipping page (...)" is supposed to do that, but it seems it does not actually fully skip it, it feels like pip in this case lost the information about available versions for this dependency received from the other mirror.
Expected behavior
Pip shows a warning that it could not resolve the dependency version from specified extra index, proceeds to use only working main index.
Other cases (all of them are followed by could not find a version from versions none error):
pip version
22.0.4
Python version
3.8.8
OS
ubuntu 20.04
How to Reproduce
Output
Code of Conduct
The text was updated successfully, but these errors were encountered: