Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private pypi repository with basic auth used to work in previous versions #610

Open
shamirapz opened this issue Jul 8, 2022 · 5 comments
Open

Private pypi repository with basic auth used to work in previous versions #610

shamirapz opened this issue Jul 8, 2022 · 5 comments

Comments

@shamirapz
Copy link

I have started using buildout 3.0.0.rc3 and noticed that it was not able to pull packages from a private pypi server with basic authentication.

This is the snippet that used to work in the past:

[some_package]
recipe = zc.recipe.egg
index =
    https://user:[email protected]/packages/simple
eggs = some_package

Now with 3.0.0rc3, it shows an error that has the following form:

While:
  Installing apps.
  Getting distribution for 'some_package'.
Error: Can't download https://pypi.example.com/api/packages/pypi/files/ml-demo/0.0.1/some_package-0.0.1.tar.gz#sha256-dda0a65e388a005f56c0d7d13c5737338b527dfdeafe3727f288441be857ed93: 401 Unauthorized

What this seems to say is that buildout can pull the index, which is also behind basic auth, but cannot pull the package itself, this is to say, the credentials are not used when downloading the package.
@goschtl
Copy link

goschtl commented Jul 8, 2022

Hi,

do you have tried to use this extension?

https://pypi.org/project/cykooz.buildout.basicauth/

Maybe it helps you with your Problem.

  • Christian

@ale-rt
Copy link

ale-rt commented Jul 8, 2022

This is not a solution for the problem you posted but it might help.
If not ignore this.
I do not use any extension to access password protected repos and I try not to add secrets in my buildout cfgs.
I just configure my ~/.pypirc like:

[distutils]
index-servers =
    ...
    private

...

[private]
repository=https://private.example.com/
username=user
password=...

@shamirapz
Copy link
Author

shamirapz commented Jul 9, 2022
edited

@goschtl @ale-rt Thanks for your comments. I have tried both methods using buildout 3.0.0rc3 and unfortunately neither works.
It appears that the sections of code in how buildout installs packages have been completely rewritten. A couple of notes that I can drop here if someone else hit the same issue:

  • ~/.pypirc is ignored, none of the changes made in it were seen by buildout. It is mainly used by twine to upload packages.
  • It also appears that buildout 3.0.0rc3 doesn't read pip.conf. Combining pip.conf and ~/.netrc made pip work with basic authentication. Buildout doesn't see such configurations directly nor indirectly.

@gotcha
Copy link
Member

gotcha commented Jul 25, 2022

Just to be sure: did it work for you with 2.x ? Or am I right that you only tried 3.x ?

@2silver
Copy link

2silver commented Jan 12, 2023

This is not a solution for the problem you posted but it might help. If not ignore this. I do not use any extension to access password protected repos and I try not to add secrets in my buildout cfgs. I just configure my ~/.pypirc like:

[distutils]
index-servers =
    ...
    private

...

[private]
repository=https://private.example.com/
username=user
password=...

Works, I use 2.x

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gotcha @goschtl @ale-rt @2silver @shamirapz