-
Notifications
You must be signed in to change notification settings - Fork 423
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pip install --trusted-host
support
#1339
Comments
Hi! Thanks for your feedback. Could you explain why this is valuable to you? Not saying we shouldn't have it, just want to learn more about use-cases. |
Of course! I work on developing a PyPI-compatible repository that I'll occasionally run locally either without https or using self-signed certificates, in which case I need to supply the |
This is a need I have to use with an internal mirror/index. I would love to see this implemented. |
This is perhaps tangential to this exact issue, but we'd like to see better support for secure connections to registries with custom CAs too. Right now we see |
Thanks @edwardpeek-crown ! I think we'll need to expose something like we explored in #615 |
The method @edwardpeek-crown pointed to is the way we usually implement our local config, but trusted host would work for us. I would be happy to see either implementation to allow the use of an internal mirror/registry. |
Hello, I have a similar need here. We're using an internal devpi repo with a certificate signed by an internal root CA. Those are trusted by my workstation's Windows certificate store but I'm still getting an Thank you! |
Coming from #1535 where I originally had a request for both So, related to this request for |
Linking #1474 which solved a similar use case for us. |
+1 for uv to support |
+1. Waiting for this feature so we can use uv as the default in my work team. |
+1. Seems like a superb tool, but we can't use it in our team without trusted-host support. |
Please don't comment with +1s, just upvote the original post. We'd like to keep the issue focused on substantive discussion and updates on implementation for all those subscribed. The next step here is a prototype of how we would accomplish this, i.e. |
I'd also like to see examples of tools other than |
E.g. Docker has a similar feature called |
--insecure-skip-tls-verify on kubectl
…On Fri, Mar 29, 2024, 01:23 Zanie Blue ***@***.***> wrote:
I'd also like to see examples of tools other than pip that expose a flag
to allow invalid certificates.
—
Reply to this email directly, view it on GitHub
<#1339 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEF5Z5E444MOIYQMYFWB5PDY2TUDVAVCNFSM6AAAAABDK6NKISVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRWGYZDIOBUGY>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Hashicorp vault apparently also supports this with the environment variable VAULT_SKIP_VERIFY |
Where I work, there is an internal Pypi mirror which is also used to uploading our internal pypi packages. Unfortunately, IT has configured these hosts with "HTTP", so I have been providing both of the following args to our pip install commands. "--trusted-host" and "--extra-index-url". Please add support for both, so that I can onboard to "uv". we are already using ruff, and it is blazing fast. I am very excited to use uv as well. |
I believe that with http, if you remove the trusted-host and keep the
extra-index-url, things should work fine. For me, the problem only arises
on https with self signed certificates, which is common behind a corporate
firewall.
…On Tue, Apr 2, 2024, 13:01 Jason ***@***.***> wrote:
Where I work, there is an internal Pypi mirror which is also used to
uploading our internal pypi packages. Unfortunately, IT has configured
these hosts with "HTTP", so I have been providing both of the following
args to our pip install commands. "--trusted-host" and "--extra-index-url".
Please add support for both, so that I can onboard to "uv". we are already
using ruff, and it is blazing fast. I am very excited to use uv as well.
—
Reply to this email directly, view it on GitHub
<#1339 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEF5Z5C6XONT44KWK7IN3SLY3LI45AVCNFSM6AAAAABDK6NKISVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMZSGQ2TCOBWGA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
You can check if the host is the same passed via |
@inoa-jboliveira is there an API to do so per request? We use a shared client for all of the requests we make. |
From a quick search, I believe you can create a
|
I am trying to use uv in a github workflow, and I am getting an error:
seems to be related to this Issue. |
What is the current best workaround? |
To still use pip instead of uv. Sadly this is the major blocker for us |
I'd accept a pull request adding this. |
This comment was marked as off-topic.
This comment was marked as off-topic.
Unfortunately, I also need this feature - I'll try to add this in a PR. |
This is also currently a blocking feature that we need at our company. We LOVE uv and use it for a ton of our docker builds, but we have private devpi servers that we launch for testing on CI and uv won't install from them sadly. I would happily submit a PR, but I don't know rust :( |
I'm working on it currently, but it might take another week before I can submit a reviewable PR because it's more effort than I originally thought, and I only have a bit of experience with Rust, but I'm trying my best 🙂. |
@fkapsahili Feel free to put up a draft early if you need help! |
pip install
has thetrusted-host
flag:Seems like a nice-to-have for
uv pip install
to also support this flag.The text was updated successfully, but these errors were encountered: