You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Authentication for extra index URLs requests user-interactive authentication even when authentication is specified in the extra index URL itself.
Describe your environment
Arch Linux
Python version: Python 3.6.3
Pipenv version: pipenv, version 8.3.2
Expected result
When I add a [[source]] with a URL that has authentication information (e.g. https://user:password@host/pypi/simple), authentication information should not be requested.
Actual result
$ pipenv lock --verbose
Locking [dev-packages] dependencies…
Using pip: -i https://pypi.python.org/simple --extra-index-url https://xxxUSERxxx:xxxPASSWORDxxx@xxxHOSTxxx/xxxPATHxxx/pypi/simple
ROUND 1
Current constraints:
xxx
xxx
xxx
Finding the best candidates:
User for xxxxxxxx:
This then waits for user input.
Steps to replicate
Add a [[source]] to the Pipfile with a URL that requires basic http auth.
Add a package to the Pipfile that uses the specified index (e.g. package_name: {version="*", index="index_name"}.
Run pipenv lock.
The text was updated successfully, but these errors were encountered:
Sorry, this is not a pipenv issue; it happens even with normal pip outside of the virtualenv.
FYI, for anyone wondering how to use private pip repos with CI and docker, you'll have to use the PIP_EXTRA_INDEX_URL environment variable with authentication. This can be done for local testing with a .env file that isn't checked into a VCS, and remotely with whatever your CI tool uses for environment variable definition (usually in GUI or CLI settings for the repo). If you are using docker, you can then inject this with a --build-arg YOUR_ARG_KEY=$YOUR_ENV_VAR. I would add this to the relevant issue (#1020), but it was closed for some reason.
@Californian OT here, but using --build-arg for secrets is not good. You can actually get the secret from the build history; try docker history <image> and you'll see it there.
Authentication for extra index URLs requests user-interactive authentication even when authentication is specified in the extra index URL itself.
Describe your environment
Python 3.6.3
pipenv, version 8.3.2
Expected result
When I add a
[[source]]
with a URL that has authentication information (e.g.https://user:password@host/pypi/simple
), authentication information should not be requested.Actual result
This then waits for user input.
Steps to replicate
[[source]]
to thePipfile
with a URL that requires basic http auth.Pipfile
that uses the specified index (e.g.package_name: {version="*", index="index_name"}
.pipenv lock
.The text was updated successfully, but these errors were encountered: