Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`--trusted-host` not passed to `pip` when installing from a lockfile

See original GitHub issue

Issue description

On the latest pipenv release, running pipenv install does not pass --trusted-host to pip.

Running pipenv install xyz does.

Expected result

--trusted-host is passed to pip.

Actual result

> pipenv install --verbose                                
Installing dependencies from Pipfile…
Installing 'aiohttp'▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 0/7 — 00:00:00
$ ['/Users/tom/.local/share/virtualenvs/tmp.YkTM0kln-68P7VPaZ/bin/pip', 'install', '--verbose', '--upgrade', '--no-deps', '-r', '/var/folders/9w/twrv54nd0v19gsbjhjs3mlhc0000gn/T/pipenv-wgs4narf-requirements/pipenv-h6s3thx1-requirement.txt', '-i', 'http://x.x.co.uk:8080', '--require-hashes']

And:

> pipenv install --verbose pytest
⠋Installing 'pytest'
$ ['/Users/tom/.local/share/virtualenvs/tmp.YkTM0kln-68P7VPaZ/bin/pip', 'install', '--verbose', '--upgrade', 'pytest', '-i', 'http://x.x.co.uk:8080', '--trusted-host', 'x.x.co.uk']

Steps to replicate

Have a Pipfile like this:

[[source]]
url = "http://INTERNAL_PYPI:8080"
verify_ssl = false
name = "xyz"

[packages]
aiohttp = "*"

Notice how the argument is not passed to pip when calling pipenv install.

Issue Analytics

State:
Created 5 years ago
Comments:12 (1 by maintainers)

Top GitHub Comments

1reaction

KrobotPcommented, Jun 15, 2022

Hello. It is seems to me that this bug is back again. I am trying ty install a package from my private repo:

pipenv install --verbose my_package>=4.0.0 --index="http://private.repo.org/x/y/z/simple" --trusted-host private.repo.org

but got this output (trusted-host is missing and command fails):

⠋ Installing...Writing supplied requirement line to temporary file: 'my_package'
⠇ Installing my_package...$ /home/current/me/.local/share/virtualenvs/my_project-acQDxuau/bin/python -m pip install --verbose --upgrade --exists-action=i -r /tmp/pipenv-0nipwnut-requirements/pipenv-6zqlbkle-requirement.txt -i http://private.repo.org/x/y/z/simple --extra-index-url https://pypi.org/simple --extra-index-url https://pypi.org/simple
Error:  An error occurred while installing my_package!
Error text: Using pip 22.1.2 from /home/current/me/.local/share/virtualenvs/my_project-acQDxuau/lib/python3.8/site-packages/pip (python 3.8)
Looking in indexes: http://private.repo.org/x/y/z/simple, https://pypi.org/simple, https://pypi.org/simple

WARNING: The repository located at private.repo.org is not a trusted or secure host and is being ignored. If this repository is available via HTTPS we recommend you use HTTPS instead, otherwise you may silence this warning and allow it anyway with '--trusted-host private.repo.org'.
ERROR: Could not find a version that satisfies the requirement my_package (from versions: none)
ERROR: No matching distribution found for my_package

Using pip 22.1.2 from /home/current/me/.local/share/virtualenvs/my_project-acQDxuau/lib/python3.8/site-packages/pip (python 3.8)
Looking in indexes: http://private.repo.org/x/y/z/simple, https://pypi.org/simple, https://pypi.org/simple
✘ Installation Failed

Installation via pip directly succeeds. It is frustrating that solution provided by the error output is the thing which is not working.

Edit: Using a current version of pipenv:

$ pipenv --version
pipenv, version 2022.6.7

0reactions

KrobotPcommented, Jun 15, 2022

Does your Pipfile still have the pypi source in it? If so, is it the default or secondary source?

No. Things start to work after I deleted pypi source (so only one source in my Pipfile is my private repo).

I am not sure but if you could open a new ticket about this with an example case that we can explore in more detail that would be helpful.

Ok. I will make some more experiments and create some extract some minimalistic case (probably during next week). Thanks for your help so far.

Top Results From Across the Web

How to make pipenv install <package> use SSL certificate of ...

So on the bottom line I am looking for a way to make pipenv use my firewall's certificate. EDIT: here's the output when...

pipenv Documentation - Read the Docs

run will run a given command from the virtualenv, with any arguments forwarded (e.g. $ pipenv run python or $ pipenv run pip...

pipenv Documentation

While pip can install Python packages, Pipenv is recommended as it's a higher-level tool that simplifies dependency management for common use ...

Dependency Resolution - pip documentation v22.3.1

The process of determining which version of a dependency to install is known as dependency resolution. This behaviour can be disabled by passing...

Installation — ESMValTool 2.5.0 documentation

However, this requires first installing dependencies that are not available ... the option --trusted-host , e.g. pip install --trusted-host=pypi.python.org ...