-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
poetry fails with pypi.org certificate when I have multiple repositories #2839
Comments
@nylocx I'll check it out if the bug is still standing with the latest version which includes the commit, thanks! |
@kalfa I just rechecked with an install of master: But I still see errors about self signed certificates even after trying all combinations of
But even with all packages in the requirements coming from pypi as soon as I add
|
Update, I "solved" the issue. My Certificate downloaded via Chrome had Windows line endings which did not work well. |
I confirm that the issue is still present |
I can also confirm that the issue is still present. I'm using my company's pypi server (SSL self-signed), and it can see my package, but now it fails when attempting to contact https://pypi.org/simple/. It would be great to get this worked out soon, or it would be awesome if we could just bypass SSL. The hacky fix that everyone has mentioned to date no longer appears to work on my install. Plus, hacks are just hacks. |
My hack was to This is by no means a good hack nor enough, since we still need a way to do |
This should be long-solved by the authentication refactor and special casing of PyPI as a repo -- please open a new issue if you hit this in 2022 on 1.2.x. |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
[x ] I am on the latest Poetry version.
[x ] I have searched the issues of this repo and believe that this is not a duplicate.
[x ] If an exception occurs when executing a command, I executed it again in debug mode (
-vvv
option).OS version and name: Linux Centos 7 kernel 3.10.0-1062.4.1.el7.x86_64 python 3.6.7, also OSX 10.14.6 with brewed python 3.6.5
Poetry version: 1.0.10
poetry seems to be unable to contact pypi.org when I use a private repository.
My certificate is self-signed. It uses basic http auth which for this example I added to the config.
Note: I redacted my repository URL, package name and authors data (email).
Steps
pyproject.toml generated with poetry init and no deps/dev-deps:
then add the repository credentials and certificate (it is self-signed) for my internal repo
Then add the first depedency. my-package depends only on packages on pypi.org (as the logs shows):
If I try to add a pypi.org package direclty, it gives the same result
Variations
I tried with and without /simple in my-repository URL.
Failed for other reasons, but that's not the issue.
I tried using secondary=true in pyproject.toml for my repository
Same problem
I tried using default=true in pyproject.toml for my repository
I expected it to not try to contact pypi.org at all, but actually failed with the same exact issue, against pypi.org certificate.
I tried to remove the repository block from pyproject.toml and install
poetry add dataclasses
This can access pypi normally.
I tried to download the chain certs for pypi.org and add them to poetry for "PyPI".
Same result
What happened
poetry finds my-package in my private repository, but then fails when looking up deps on pypi.org, with
like it is trying to use the wrong certificate
Expected results
Finds packges on my private repositories and its deps on pypi.org without certificate problems.
The text was updated successfully, but these errors were encountered: