Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PyPI deployments not working when "special" chars in password #377

Closed
ulope opened this issue Dec 10, 2015 · 46 comments

Comments

@ulope
Copy link

commented Dec 10, 2015

It seems that some characters (I observed at least $ to cause this) in the PyPI password seem to break things, preventing deployments from working.

The error message when using such a password:

Uploading distributions to https://pypi.python.org/pypi
Uploading hydrachain-0.1.4-py2.py3-none-any.whl
HTTPError: 401 Client Error: You must be identified to edit package information for url: https://pypi.python.org/pypi

Plaintext or encrypted made no difference.

@BanzaiMan

This comment has been minimized.

Copy link
Member

commented Dec 10, 2015

This is basically the same issue as one that's explained in https://docs.travis-ci.com/user/encryption-keys#Note-on-escaping-certain-symbols. Perhaps it needs to be placed elsewhere?

@ulope

This comment has been minimized.

Copy link
Author

commented Dec 27, 2015

What I find especially problematic is that this problem also occurs when using the travis cli utility. IMO it should know about the encoding issue and pre-process the value as needed.

@BanzaiMan

This comment has been minimized.

Copy link
Member

commented Jan 7, 2016

I am not sure if CLI can reliably determine the user really wants the literal FOO=6\&a\(5\!1AB\\ (thus CLI should escape this string as necessary), or it is actually escaped already (so CLI should leave it alone).

Perhaps CLI can add warnings about escaping characters, but that's as far as it can go.

@toomanybrians

This comment has been minimized.

Copy link

commented Jan 15, 2016

I'm having this same issue. Originally I had an equal sign in my PyPI password, but I changed it to just letters and numbers and also updated and regenerated the encrypted password in the .travis.yml file, but I'm still getting this same error:

creating build/bdist.linux-x86_64/wheel/mpf-0.30.0.dev8.dist-info/WHEEL
Uploading distributions to https://pypi.python.org/pypi
Uploading mpf-0.30.0.dev8-py3-none-any.whl
HTTPError: 401 Client Error: You must be identified to edit package information for url: https://pypi.python.org/pypi

Anyone have any ideas of what else this could be? Could it be a general password error or something?

@danriti

This comment has been minimized.

Copy link

commented Jan 18, 2016

Running into this error as well:

https://travis-ci.org/danriti/python-traceview/jobs/103205722#L528

The strange thing is that this works when I deploy to the "test" pypi server (https://testpypi.python.org/pypi):

https://travis-ci.org/danriti/python-traceview/jobs/103205213#L514

But for some reason I can't get this to work against production PyPI 😢

arokem added a commit to arokem/nitime that referenced this issue Feb 7, 2016
@SimplicityGuy

This comment has been minimized.

Copy link

commented Feb 12, 2016

I was hitting this issue and was skeptical that removing the = from my password would fix the issue. Low and behold, doing so fixed this.

Please prioritize this fix!

@nedbat

This comment has been minimized.

Copy link

commented Mar 16, 2016

We just lost a number of hours to this problem as well. I reject the idea that it's the same problem mentioned here: https://docs.travis-ci.com/user/encryption-keys#Note-on-escaping-certain-symbols That note is about the need to escape characters if you use them in a shell command line.

In our case, we were typing the characters into stdin, where there is no need to escape.

nedbat added a commit to edx/edx-lint that referenced this issue Mar 16, 2016
Updated PyPI password.
Believe it or not, Travis cannot encrypt special characters:
travis-ci/dpl#377
@scientificbruno

This comment has been minimized.

Copy link

commented Aug 10, 2016

I just ran into this issue as well (my password contained a $). I tried encrypting the password using single-quotes in bash, but that didn't solve the issue. I changed the password to exclude special characters and that worked.

reece added a commit to biocommons/biocommons.seqrepo that referenced this issue Aug 18, 2016
dhermes added a commit to dhermes/ci-diff-helper that referenced this issue Oct 7, 2016
@jakirkham

This comment has been minimized.

Copy link

commented Oct 12, 2016

Running into this issue on Travis CI. Is the general consensus that we can only have alphanumeric characters in passwords used to deploy to PyPI? That feels a lot less safe IMHO, but maybe we could have the documentation say that at least.

jezdez added a commit to jazzband/django-axes that referenced this issue Nov 4, 2016
Fix PyPI password again
This referes to travis-ci/dpl#377 basically
@jezdez jezdez referenced this issue Nov 4, 2016
adamhadani added a commit to RDFLib/rdflib-sqlalchemy that referenced this issue Nov 14, 2016
@Tungsteno74

This comment has been minimized.

Copy link

commented Nov 15, 2016

@danriti I have the exact same problem of your, but i use SemaphoreCi instead of Travis (run well on testpypi but fail on pypi).
Do you have solved the problem?

@rayluo

This comment has been minimized.

Copy link

commented Feb 27, 2017

As a side note to @danriti :
I was reading your otherwise excellent blog post and everything was promising until I got bitten by this issue. To be fair, it was not your fault but, at a hindsight, you could have mentioned that in your blog too, especially when you've also bitten by it. :-) Still thank you!

@danriti

This comment has been minimized.

Copy link

commented Feb 28, 2017

@rayluo no problem, glad it was helpful 👍

bermudezjd added a commit to Harvard-University-iCommons/dj-log-config-helper that referenced this issue Mar 15, 2017
Attempting to get around an apparent issue with encrypted PyPi passwo…
…rds and 401s that are happening when attempting to deploy there, per travis-ci/dpl#377.  I’ve updated the underlying password to PyPi to exclude special chars.  Let’s see if this works…
@rjollos

This comment has been minimized.

Copy link

commented Jun 14, 2017

I'm having this same issue. Originally I had an equal sign in my PyPI password, but I changed it to just letters and numbers and also updated and regenerated the encrypted password in the .travis.yml file, but I'm still getting this same error:

After many hours of frustration, I found that I need to specify --repo. I assume this is because I was testing by pushing to a remote that was not origin.

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

I have encountred this issue too, it was working fine for a long time for many of my repos, but now I tried for a new repo and it simply refuses to work..

@BanzaiMan

This comment has been minimized.

Copy link
Member

commented Jun 21, 2017

@esc Do make sure that the secrets are not copied and pasted. Each repository has its own encryption key, so that you'd need to encrypt your secret(s) anew for a new repository.

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

@BanzaiMan yes, I used travis encrypt --repo -- FYI: I have used this successfully for many repos for many years and this breakage is new.

@BanzaiMan

This comment has been minimized.

Copy link
Member

commented Jun 21, 2017

@esc Are you saying that you escaped the special characters correctly and are still getting incorrect results?

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

I don't have any special characters in my password, only lowercase, uppercase and numbers.

@BanzaiMan

This comment has been minimized.

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

@BanzaiMan ok, re-encrypting now.

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

I am using the command:

travis encrypt --repo TwentyBN/twentybn-dl <PASSWORD>

@BanzaiMan this is correct, right?

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

I re-encrypted and the problem seems to persist.

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

Travis command-line client version 1.8.8.

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

Seems like either the encryption or the decryption or both isn't working correctly.

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

@BanzaiMan also, what do you mean by: "is incorrect"?

@BanzaiMan

This comment has been minimized.

Copy link
Member

commented Jun 21, 2017

Could you try invoking the command without the password, but supply it in STDIN? After the password, hit return, and ctl-D.

$ travis encrypt -r TwentyBN/twentybn-dl
Reading from stdin, press Ctrl+D when done
foobarbaz
^D
Please add the following to your .travis.yml file:

  secure: "QzWN…"

"Incorrect" means the value cannot be decrypted using the repository's private key.

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

pushed.

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

@BanzaiMan I tried, but to no avail, seems like the travis command line client isn't giving me a good secret.

@BanzaiMan

This comment has been minimized.

Copy link
Member

commented Jun 21, 2017

@esc. That may indeed be the case. I reckon it may be pulling the public key from .com still. Try adding --org to travis encrypt (in either form).

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

ok, decryption works now, however I still get:

Note: you are uploading to the old upload URL. It's recommended to use the new URL "https://upload.pypi.org/legacy/" or to leave the URL unspecified and allow twine to choose.
Uploading twentybn-dl-163.19.tar.gz
Received "500: Internal Server Error" Package upload appears to have failed.  Retry 1 of 5
Uploading twentybn-dl-163.19.tar.gz
Received "500: Internal Server Error" Package upload appears to have failed.  Retry 2 of 5
Uploading twentybn-dl-163.19.tar.gz
Received "500: Internal Server Error" Package upload appears to have failed.  Retry 3 of 5
Uploading twentybn-dl-163.19.tar.gz
Received "500: Internal Server Error" Package upload appears to have failed.  Retry 4 of 5
Uploading twentybn-dl-163.19.tar.gz
Received "500: Internal Server Error" Package upload appears to have failed.  Retry 5 of 5
It appears you're uploading to pypi.python.org (or testpypi) you've received a 500 error response. PyPI is being phased out for pypi.org. Try using https://upload.pypi.org/legacy/ (or https://test.pypi.org/legacy/) to upload your packages instead. These are the default URLs for Twine now.
HTTPError: 500 Server Error: Internal Server Error for url: https://pypi.python.org/pypi
@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

I guess the 401 is solved though, so I'll keep banging my head to solve this next hurdle.

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

Using:

commit 4db4625b163553d89a20a2e2ac8bae73ed838007
Author: Valentin Haenel <valentin@haenel.co>
Date:   Wed Jun 21 17:16:35 2017 +0200

    upload to the legacy server

diff --git a/.travis.yml b/.travis.yml
index ae6a3069ac..7effd03372 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,6 +20,7 @@ script:
 deploy:
   provider: pypi
   user: esc
+  server: https://upload.pypi.org/legacy/
   distributions: sdist
   skip_cleanup

Solved this problem too.

@BanzaiMan thanks so much for your help!!

@esc

This comment has been minimized.

Copy link

commented Jun 21, 2017

So yes, the travis command line client might be confused about public and private github repos, using --org or --pro will make it explicit.

$ travis encrypt --help | grep api
    -e, --api-endpoint URL           Travis API server to talk to
        --pro                        short-cut for --api-endpoint 'https://api.travis-ci.com/'
        --org                        short-cut for --api-endpoint 'https://api.travis-ci.org/'
@stale

This comment has been minimized.

Copy link

commented Apr 12, 2018

Thanks for contributing to this issue. As it has been 90 days since the last activity, we are automatically closing the issue. This is often because the request was already solved in some way and it just wasn't updated or it's no longer applicable. If that's not the case, please do feel free to either reopen this issue or open a new one. We'll gladly take a look again! You can read more here: https://blog.travis-ci.com/2018-03-09-closing-old-issues

@jessebrennan

This comment has been minimized.

Copy link

commented Jun 28, 2018

My password contained a # character and I still had this problem. I tried escaping like:

travis encrypt --add deploy.password 'passwordwith\#'

and also

travis encrypt --add deploy.password "passwordwith\\#"

as suggested on the encryption docs. I had success using an alphanumeric password. Am I missing something here?

recamshak added a commit to line/clova-cek-sdk-python that referenced this issue Aug 3, 2018
This should release tagged commit on PyPi.
Not sure I got the password encryption correctly though:
travis-ci/dpl#377

And apparently we will need to re-encrypt once we make the
repo public:
travis-ci/dpl#377 (comment)
recamshak added a commit to line/clova-cek-sdk-python that referenced this issue Aug 3, 2018
This should release tagged commit on PyPi.
Not sure I got the password encryption correctly though:
travis-ci/dpl#377

And apparently we will need to re-encrypt once we make the
repo public:
travis-ci/dpl#377 (comment)
simanto604newscred added a commit to simanto604newscred/django-axes that referenced this issue Jul 31, 2019
simanto604newscred added a commit to simanto604newscred/django-axes that referenced this issue Jul 31, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.