Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`--trusted-host` not passed to `pip` when installing from a lockfile

See original GitHub issue

Issue description

On the latest pipenv release, running pipenv install does not pass --trusted-host to pip.

Running pipenv install xyz does.

Expected result

--trusted-host is passed to pip.

Actual result

> pipenv install --verbose                                
Installing dependencies from Pipfile…
Installing 'aiohttp'▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 0/7 — 00:00:00
$ ['/Users/tom/.local/share/virtualenvs/tmp.YkTM0kln-68P7VPaZ/bin/pip', 'install', '--verbose', '--upgrade', '--no-deps', '-r', '/var/folders/9w/twrv54nd0v19gsbjhjs3mlhc0000gn/T/pipenv-wgs4narf-requirements/pipenv-h6s3thx1-requirement.txt', '-i', '', '--require-hashes']


> pipenv install --verbose pytest
⠋Installing 'pytest'
$ ['/Users/tom/.local/share/virtualenvs/tmp.YkTM0kln-68P7VPaZ/bin/pip', 'install', '--verbose', '--upgrade', 'pytest', '-i', '', '--trusted-host', '']

Steps to replicate

Have a Pipfile like this:

url = "http://INTERNAL_PYPI:8080"
verify_ssl = false
name = "xyz"

aiohttp = "*"

Notice how the argument is not passed to pip when calling pipenv install.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:12 (1 by maintainers)

github_iconTop GitHub Comments

KrobotPcommented, Jun 15, 2022

Hello. It is seems to me that this bug is back again. I am trying ty install a package from my private repo:

pipenv install --verbose my_package>=4.0.0 --index="" --trusted-host

but got this output (trusted-host is missing and command fails):

⠋ Installing...Writing supplied requirement line to temporary file: 'my_package'
⠇ Installing my_package...$ /home/current/me/.local/share/virtualenvs/my_project-acQDxuau/bin/python -m pip install --verbose --upgrade --exists-action=i -r /tmp/pipenv-0nipwnut-requirements/pipenv-6zqlbkle-requirement.txt -i --extra-index-url --extra-index-url
Error:  An error occurred while installing my_package!
Error text: Using pip 22.1.2 from /home/current/me/.local/share/virtualenvs/my_project-acQDxuau/lib/python3.8/site-packages/pip (python 3.8)
Looking in indexes:,,

WARNING: The repository located at is not a trusted or secure host and is being ignored. If this repository is available via HTTPS we recommend you use HTTPS instead, otherwise you may silence this warning and allow it anyway with '--trusted-host'.
ERROR: Could not find a version that satisfies the requirement my_package (from versions: none)
ERROR: No matching distribution found for my_package

Using pip 22.1.2 from /home/current/me/.local/share/virtualenvs/my_project-acQDxuau/lib/python3.8/site-packages/pip (python 3.8)
Looking in indexes:,,
✘ Installation Failed

Installation via pip directly succeeds. It is frustrating that solution provided by the error output is the thing which is not working.

Edit: Using a current version of pipenv:

$ pipenv --version
pipenv, version 2022.6.7
KrobotPcommented, Jun 15, 2022

Does your Pipfile still have the pypi source in it? If so, is it the default or secondary source?

No. Things start to work after I deleted pypi source (so only one source in my Pipfile is my private repo).

I am not sure but if you could open a new ticket about this with an example case that we can explore in more detail that would be helpful.

Ok. I will make some more experiments and create some extract some minimalistic case (probably during next week). Thanks for your help so far.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to make pipenv install <package> use SSL certificate of ...
So on the bottom line I am looking for a way to make pipenv use my firewall's certificate. EDIT: here's the output when...
Read more >
pipenv Documentation - Read the Docs
run will run a given command from the virtualenv, with any arguments forwarded (e.g. $ pipenv run python or $ pipenv run pip...
Read more >
pipenv Documentation
While pip can install Python packages, Pipenv is recommended as it's a higher-level tool that simplifies dependency management for common use ...
Read more >
Dependency Resolution - pip documentation v22.3.1
The process of determining which version of a dependency to install is known as dependency resolution. This behaviour can be disabled by passing...
Read more >
Installation — ESMValTool 2.5.0 documentation
However, this requires first installing dependencies that are not available ... the option --trusted-host , e.g. pip install ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found