HTTPError: 403 Forbidden - Invalid API Token: InvalidMacaroon('invalid macaroon signature')

[gbates101]

EDIT: May have posted this in the wrong repo? I'm seeing a somewhat similar issue (pypi/warehouse#8554), though it has been resolved. Let me know if I should move this issue to https://github.com/pypa/warehouse.

Your Environment

Thank you for taking the time to report an issue.

To more efficiently resolve this issue, we'd like to know some basic information about your system and setup.

1. Your operating system: Windows (WSL2)

2. Version of python you are running:

(entrypoint) gbates@Work:~/src/docker-entrypoint$ python -V
Python 3.7.5

3. How did you install twine? Did you use your operating system's package manager or pip or something else?

source ~/.envs/entrypoint/bin/activate
pip install twine

4. Version of twine you have installed (include complete output of):

(entrypoint) gbates@Work:~/src/docker-entrypoint$ twine --version
twine version 3.2.0 (pkginfo: 1.5.0.1, requests: 2.24.0, setuptools: 49.6.0,
requests-toolbelt: 0.9.1, tqdm: 4.49.0)

5. Which package repository are you targeting?
   I've targeted pypi and testpypi and am able to reproduce with both.

Unsure if the issue is with my package specifically (as I only have one), but here's the PKG-INFO and my config.

PKG-INFO file:

Metadata-Version: 2.1
Name: docker-entrypoint
Version: 0.1.3
Summary: Basic utility to proxy a container's normal entrypoint
Home-page: https://github.com/PlaidCloud/docker-entrypoint
Author: Garrett Bates, Dave Parsons
Author-email: garrett.bates@tartansolutions.com, dave.parsons@tartansolutions.com
License: MIT
Description: # Docker Entrypoint
        ...
Keywords: container kubernetes debug development
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3.7
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: Unix
Requires-Python: >=3.7
Description-Content-Type: text/markdown

I've attempted these three configurations:

[pypi]
  username = __token__
  password = <redacted>

[distutils]
  index-servers =
    pypi

[pypi]
  username = __token__
  password = <redacted>

[distutils]
  index-servers =
    pypi
    docker-entrypoint

[pypi]
  username = __token__
  password = # either a user-scoped token or a project-scoped token you want to set as the default

[docker-entrypoint]
  repository = https://upload.pypi.org/legacy/
  username = __token__
  password = <redacted>

The Issue

I'm being met with a 403 Forbidden on every upload attempt. I've uploaded before to this project (last time was in July), so this process used to work. The below example shows me using an API token against testpypi using CLI prompts for credentials, but it happens against pypi repo as well.

(entrypoint) gbates@Work:~/src/docker-entrypoint$ twine upload -r testpypi dist/*
Uploading distributions to https://test.pypi.org/legacy/
Enter your username: __token__
/home/gbates/.envs/entrypoint/lib/python3.7/site-packages/twine/auth.py:72: UserWarning: No recommended backend was available. Install a recommended 3rd party backend package; or, install the keyrings.alt package if you want to use the non-recommended backends. See https://pypi.org/project/keyring for details.
  warnings.warn(str(exc))
Enter your password: 
Uploading docker_entrypoint-0.1.3-py3-none-any.whl
100%|███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 15.8k/15.8k [00:00<00:00, 28.9kB/s]
NOTE: Try --verbose to see response content.
HTTPError: 403 Forbidden from https://test.pypi.org/legacy/
Invalid API Token: InvalidMacaroon('invalid macaroon signature')

I've tried the following to troubleshoot this issue:

• Recreated my virtualenv (virtualenv -p 3.7 ~/.envs/entrypoint)
• Installed only twine
• Manually cleaned up build, dist, and other folders.
• Built package (python setup.py sdist bdist_wheel)
• Ran a bunch of permutations of the upload command:
  • python -m twine upload --respository docker-entrypoint dist/*
  • python -m twine upload --config-file /home/gbates/.pypirc --respository docker-entrypoint dist/*
  • python -m twine upload --config-file /home/gbates/.pypirc dist/*
  • twine upload dist/*
• Recreated the project-specific token and updated .pypirc with it.
• Created a new account-wide token and updated .pypirc with it.
• Removed my docker-entrypoint registry and used the default pypi one instead (see configs above).
• Attempted login through CLI by renaming my config and using the prompts, as both the API token and my PyPI user.
• Attempted all of the above steps against the testpypi repo.

No matter what I attempt, I'm always met with this invalid macaroon error. I've installed twine today in a brand new virtualenv to eliminate as many variables as possible. The only thing that has changed since my last upload in July is I'm now using WSL2 instead of WSL.

Steps to Reproduce

If the issue is predictable and consistently reproducible, please list the steps here.

mkdir -p ~/.envs/entrypoint
virtualenv -p 3.7 ~/.envs/entrypoint
source ~/.envs/entrypoint/bin/activate
pip install twine
python setup.py sdist bdist_wheel
twine upload dist/*

[mischif]

It looks like the issue was identified in pypi/warehouse#8565 and the fix is coming in pypi/warehouse#8591.

[sigmavirus24]

Yep, this seems to firmly be a warehoues bug so I'm going to close this here