Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

pipenv doesn't honor NETRC environment variable

See original GitHub issue

Issue description

pipenv does not honor the NETRC environment variable.

… a location outside of the home directory can be set using the environment variable NETRC

Expected result

pipenv should leverage the path specified in the NETRC environment variable; requests library does this already:

Actual result

pipenv does not use the set NETRC variable, defaulting to only ~/.netrc and ~/_netrc paths. If using a private source (e.g Artifactory) as a url in [[source]], this results in a [pipenv.exceptions.ResolutionFailure]:

...
[ResolutionFailure]:       raise ResolutionFailure(message=str(e))
[pipenv.exceptions.ResolutionFailure]: Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
  First try clearing your dependency cache with $ pipenv lock --clear, then try the original command again.
 Alternatively, you can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
  Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: Could not find a version that matches asyncssh (from -r .... (line 3))
No versions found
Was <private artifactory URL> reachable?

Copying the .netrc file from the custom dir to either ~/.netrc and/or ~/_netrc then successfully works with no other modifications to the Pipfile file (and it resolves with public sources fine as well, so is not an issue with the packages/dependencies or something like that)

Steps to replicate

Pipfile:

[[source]]
url = "<some private pypi repository URL>"
verify_ssl = true
name = "Private PyPi"

[packages]
requests = "*"
asyncssh = "*"

[dev-packages]

[requires]
python_version = "3.10"

Create a .netrc in some directory path thats not ~/.netrc or ~/_netrc (and make sure that there are no files there currently, otherwise, temporarily move them to something like ~/.netrc.temp_backup.

machine <private repo base URL>
login <user>
password <pw | key>

Then set NETRC to the path to that file:

export NETRC=/some/path/to/that/.netrc

Then, try:

pipenv install

pipenv --version
pipenv, version 2021.5.29

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:6

github_iconTop GitHub Comments

2reactions
bigpickcommented, Mar 16, 2022

Hey 👋 , sorry for the delay, but it looks good now!

Checking what I have currently (trying this just now on macOS, fwiw):

pipenv, version 2022.1.8

With a test Pipfile like so:

[[source]]
url = "https://privatehost/artifactory/api/pypi/privaterepo/simple"
verify_ssl = true
name = "Private Repo"

[packages]
requests = "*"
asyncssh = "*"

[dev-packages]

[requires]
python_version = "3.10"

and a ~/.netrc of

machine privatehost
login <user>
password <pass>

A pipenv install works properly, and the Pipfile.lock shows the expected source:

        "sources": [
            {
                "name": "Private Repo",
                "url": "https://privatehost/artifactory/api/pypi/privaterepo/simple",
                "verify_ssl": true
            }
        ]

Doing a clean re-install with a custom NETRC envar also works:

rm Pipfile.lock
pipenv --rm

mv ~/.netrc /some/non/default/dir/.netrc
export NETRC=/some/non/default/dir/.netrc

pipenv install

(i.e it also successfully installs and shows the expected source in the lock file)

0reactions
matteiuscommented, Mar 12, 2022

@bigpick any updates?

Read more comments on GitHub >

github_iconTop Results From Across the Web

pipenv - Is it possible to use environment variables from “.env ...
I have to use limited credentials to be able to install my packages from the private repository but I wish not to commit...
Read more >
requests 2.19.0 - PyPI
environment variables : Requests now treats it as a specific IP. - Fixed a bug when sending JSON data that could cause us...
Read more >
Advanced Usage of Pipenv - Read the Docs
This document covers some of Pipenv's more glorious and advanced features. ... Pipenv will expand environment variables (if defined) in your Pipfile.
Read more >
Python - CVE - Search Results
x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by...
Read more >
pipenv Documentation
Automatically generates a Pipfile, if one doesn't exist. ... Pipenv automatically honors the WORKON_HOME environment variable, ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

No evidence of run when using pipenv run.

Next page

Category-based package installation