Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support pip 22.2 truststore API #5282

Closed
danjamesmay opened this issue Aug 22, 2022 · 3 comments · Fixed by #5283
Closed

Support pip 22.2 truststore API #5282

danjamesmay opened this issue Aug 22, 2022 · 3 comments · Fixed by #5283
Labels
Type: Enhancement 💡 This is a feature or enhancement request.

Comments

@danjamesmay
Copy link

Is your feature request related to a problem? Please describe.

Using a corporate SSL cert results in a lot of errors like the following:

[pipenv.exceptions.InstallError]: Could not fetch URL https://pypi.python.org/simple/cachetools/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/cachetools/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))

This is because it can't verify the cert against https://pypi.python.org/simple as defined in the Pipfile.

I had to set verify_ssl = false to get around this, which is obviously not ideal.

Describe the solution you'd like

Pipenv should use the new Pip 22.2 SSL api for using system cert stores: https://pip.pypa.io/en/latest/topics/https-certificates/#using-system-certificate-stores

Describe alternatives you've considered

I already tried setting REQUESTS_CA_BUNDLE to my corporate cert, but it didn't work for me.

Additional context

I'm running inside a docker container using the official Python 3.10-alpine image.

I'm running Pipenv version 2022.8.19
@matteius matteius added the Type: Enhancement 💡 This is a feature or enhancement request. label Aug 22, 2022
@matteius
Copy link
Member

Just thinking out-loud here that there are at least a couple tickets in the backlog requesting we add the ability to pass pip arguments through the installer. I am not sure how that would be yet, but either way I agree that we should support this use case.

@matteius matteius mentioned this issue Aug 22, 2022
Merged
2 tasks
@matteius
Copy link
Member

matteius commented Aug 22, 2022
edited
Loading

@danjamesmay I took a stab at adding the ability to pass --extra-pip-options="" to pipenv. There is a branch and it seems to work -- would be cool if you could try it (tagged to this ticket) and I'll look into adding tests.

@matteius
Copy link
Member

matteius commented Aug 31, 2022
edited
Loading

@danjamesmay I am wondering if you have any feedback for me on my approach of implementing this -- specifically in my example you would pass something like pipenv install --extra-pip-args="--use-feature=truststore --proxy=test" requests

I want to make sure that this is going to work for you and this general use case before I add the necessary documentation and look into new tests. Also I just merged the latest main into that branch in case you want to try it out, you can install that branch using pip.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Enhancement 💡 This is a feature or enhancement request.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow users to pass a string of extra arguments to pip pypa/pipenv
2 participants
@matteius @danjamesmay