Poetry 1.3.1 Pypi Certs

[wendytang]

• Poetry version: 1.3.1

• Python version: 3.8.13

• OS version and name: macOS 13.2

• pyproject.toml

• I have searched the issues of this repo and believe that this is not a duplicate.

• I have consulted the FAQ and blog for any relevant entries or release notes.

• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option) and have included the output below.

Issue

Hi Poetry team,

I wanted to report an issue that we are experiencing with installing dependencies in poetry version 1.3.1. Our org uses self signed certs, and we ran into an issue of not being able to reach Pypi https://pypi.org/simple/pip/ when installing dependencies. Is this expected behavior?

The solution we've come up with is to concat certifi certs into our private certs for poetry 1.3.1.
We did not notice this issue with poetry 1.2.2, so wondering if anyone knows what cert logic has changed between 1.2.2 and 1.3.1.

Running poetry install

Updating dependencies
Resolving dependencies... (8.3s)

Writing lock file

Package operations: 28 installs, 1 update, 0 removals

  • Installing pyyaml (6.0): Failed

  CalledProcessError

  Command '['/Users/wendytang/.pyenv/versions/3.8.13/envs/test1.3.1/bin/python', '-m', 'pip', 'install', '--use-pep517', '--disable-pip-version-check', '--isolated', '--no-input', '--prefix', '/Users/wendytang/.pyenv/versions/3.8.13/envs/test1.3.1', '--no-deps', '/Users/wendytang/Library/Caches/pypoetry/artifacts/5d/8f/cd/9f2f6734795ff68d45903e197ac2f62f8df61a45d8f24ca1565622c076/PyYAML-6.0.tar.gz']' returned non-zero exit status 1.

  at ~/.pyenv/versions/3.8.13/lib/python3.8/subprocess.py:516 in run
       512│             # We don't call process.wait() as .__exit__ does that for us.
       513│             raise
       514│         retcode = process.poll()
       515│         if check and retcode:
    →  516│             raise CalledProcessError(retcode, process.args,
       517│                                      output=stdout, stderr=stderr)
       518│     return CompletedProcess(process.args, retcode, stdout, stderr)
       519│ 
       520│ 

The following error occurred when trying to handle this error:


  EnvCommandError

  Command ['/Users/wendytang/.pyenv/versions/3.8.13/envs/test1.3.1/bin/python', '-m', 'pip', 'install', '--use-pep517', '--disable-pip-version-check', '--isolated', '--no-input', '--prefix', '/Users/wendytang/.pyenv/versions/3.8.13/envs/test1.3.1', '--no-deps', '/Users/wendytang/Library/Caches/pypoetry/artifacts/5d/8f/cd/9f2f6734795ff68d45903e197ac2f62f8df61a45d8f24ca1565622c076/PyYAML-6.0.tar.gz'] errored with the following return code 1, and output: 
  Processing /Users/wendytang/Library/Caches/pypoetry/artifacts/5d/8f/cd/9f2f6734795ff68d45903e197ac2f62f8df61a45d8f24ca1565622c076/PyYAML-6.0.tar.gz
    Installing build dependencies: started
    Installing build dependencies: finished with status 'error'
    error: subprocess-exited-with-error
    
    × pip subprocess to install build dependencies did not run successfully.
    │ exit code: 1
    ╰─> [10 lines of output]
        WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)'))': /simple/setuptools/
        WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)'))': /simple/setuptools/
        WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)'))': /simple/setuptools/
        WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)'))': /simple/setuptools/
        WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)'))': /simple/setuptools/
        Could not fetch URL https://pypi.org/simple/setuptools/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/setuptools/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)'))) - skipping
        ERROR: Could not find a version that satisfies the requirement setuptools (from versions: none)
        ERROR: No matching distribution found for setuptools
        Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)'))) - skipping
        WARNING: There was an error checking the latest version of pip.
        [end of output]
    
    note: This error originates from a subprocess, and is likely not a problem with pip.
  error: subprocess-exited-with-error
  
  × pip subprocess to install build dependencies did not run successfully.
  │ exit code: 1
  ╰─> See above for output.
  
  note: This error originates from a subprocess, and is likely not a problem with pip.

[dimbleby]

maybe a result of running pip subprocesses with --isolated.

You seem to have figured out a solution so it's hard to get excited either way.

[andrewblane]

maybe a result of running pip subprocesses with --isolated.

Did this change between 1.2.1 and 1.3.1?

[damienrj]

Looks like it was changed with 1.3.0
https://github.com/python-poetry/poetry/blob/master/CHANGELOG.md#130---2022-12-09

[damienrj]

Sounds like it is related to #7182 (and therefor #3249 )

[neersighted]

This is intentional, if you need to coerce pip's behavior use the global pip configuration as per #3249.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.