Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pypi.<name>.ca_certs config option does not work #2041

Closed
1 task done
p-rogalski opened this issue Jun 20, 2023 · 4 comments · Fixed by #2044
Closed
1 task done

pypi.<name>.ca_certs config option does not work #2041

p-rogalski opened this issue Jun 20, 2023 · 4 comments · Fixed by #2044
Labels
🐛 bug Something isn't working

Comments

@p-rogalski
Copy link
Contributor

p-rogalski commented Jun 20, 2023
edited
Loading

  • I have searched the issue tracker and believe that this is not a duplicate.

Make sure you run commands with -v flag before pasting the output.

Steps to reproduce

  1. Add a source named custom to pyproject.toml, who's URL is signed by a self-signed certificate

  2. Provide the corresponding CA bundle via command-line:

    pdm config pypi.custom.ca_certs /path/to/ca-certificates.crt

  3. Try to add a package, which is only present on the custom source index

  4. See an SSLError when trying to use the index, e.g. with pdm add or pdm install

Actual behavior

Traceback 

PS F:\my-project> pdm install -v
STATUS: Resolving packages from lockfile...
STATUS: Fetching hashes for resolved packages...
unearth.preparer: The file . is a local directory, use it directly
All packages are synced to date, nothing to do.
Installing the project as an editable package...
pdm.termui: Preparing isolated env for PEP 517 build...
pdm.termui: Running PEP 517 backend to build a wheel for <Link file:///F:/my-project (from None)>
pdm.termui: ======== Start resolving requirements ========
pdm.termui:   pdm-backend
pdm.termui:   python>=3.11.2,<3.11.3
pdm.termui:   Adding requirement pdm-backend
  ✖ Install my_package 0.1.0 failed
Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "c:\users\p.rogalski\.local\bin\pdm.exe\__main__.py", line 7, in <module>
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\core.py", line 289, in main
    return Core().main(args)
           ^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\core.py", line 207, in main
    raise cast(Exception, err).with_traceback(traceback) from None
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\core.py", line 202, in main
    self.handle(project, options)
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\core.py", line 157, in handle
    command.handle(project, options)
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\cli\commands\install.py", line 88, in handle
    actions.do_sync(
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\cli\actions.py", line 203, in do_sync
    synchronizer.synchronize()
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\installers\synchronizers.py", line 454, in synchronize
    self.install_candidate(self_key, progress)
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\installers\synchronizers.py", line 275, in install_candidate
    self.manager.install(can)
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\installers\manager.py", line 33, in install
    installer(str(prepared.build()), self.environment, prepared.direct_url())
                  ^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\models\candidates.py", line 389, in build
    self.wheel = Path(builder.build(build_dir, metadata_directory=self._metadata_dir))
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\builders\editable.py", line 37, in build
    self.install(self._requires, shared=True)
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\builders\base.py", line 297, in install
    install_requirements(missing, env)
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\installers\core.py", line 25, in install_requirements
    resolved, _ = resolve(
                  ^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\resolver\core.py", line 35, in resolve
    result = resolver.resolve(requirements, max_rounds)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\resolvelib\resolvers.py", line 546, in resolve
    state = resolution.resolve(requirements, max_rounds=max_rounds)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\resolvelib\resolvers.py", line 397, in resolve
    self._add_to_criteria(self.state.criteria, r, parent=None)
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\resolvelib\resolvers.py", line 173, in _add_to_criteria
    if not criterion.candidates:
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\resolvelib\structs.py", line 127, in __bool__
    next(iter(self))
         ^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\resolvelib\structs.py", line 136, in __iter__
    self._factory() if self._iterable is None else self._iterable
    ^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\resolver\providers.py", line 145, in matches_gen
    candidates = self._find_candidates(reqs[0])
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\resolver\providers.py", line 124, in _find_candidates
    return self.repository.find_candidates(requirement, requirement.prerelease or self.allow_prereleases)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\models\repositories.py", line 154, in find_candidates
    cans = LazySequence(self._find_candidates(requirement))
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\models\repositories.py", line 356, in _find_candidates
    if not cans:
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\unearth\utils.py", line 209, in __bool__
    for _ in self:
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\pdm\models\repositories.py", line 352, in <genexpr>
    cans = LazySequence(
                       ^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\unearth\finder.py", line 256, in find_one_source
    return sorted(result, key=self._sort_key, reverse=True)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\unearth\collector.py", line 133, in collect_links_from_location
    yield from _collect_links_from_index(session, location)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\unearth\collector.py", line 153, in _collect_links_from_index
    page = fetch_page(session, location)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\unearth\collector.py", line 140, in fetch_page
    resp = _get_html_response(session, location)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\unearth\collector.py", line 175, in _get_html_response
    resp = session.get(
           ^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\requests\sessions.py", line 600, in get
    return self.request("GET", url, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\requests\sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\requests\sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\cachecontrol\adapter.py", line 76, in send
    resp = super().send(request, stream, timeout, verify, cert, proxies)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\p.rogalski\.local\pipx\venvs\pdm\Lib\site-packages\requests\adapters.py", line 517, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='gitlab.custom.domain', port=443): Max retries exceeded with url: /api/v4/groups/20/-/packages/pypi/simple/pdm-backend/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

(I replaced my index domain with gitlab.custom.domain for security reasons.)

Expected behavior

The CA bundle should be used by PDM for the given source to verify the self-signed certificate.

Environment Information

# Paste the output of `pdm info && pdm info --env` below:
PS F:\my-project> pdm info && pdm info --env
PDM version:
  2.7.4
Python Interpreter:
  F:\my-project\.venv\Scripts\python.exe (3.11-32)
Project Root:
  F:/my-project
Local Packages:

{
  "implementation_name": "cpython",
  "implementation_version": "3.11.2",
  "os_name": "nt",
  "platform_machine": "AMD64",
  "platform_release": "10",
  "platform_system": "Windows",
  "platform_version": "10.0.22621",
  "python_full_version": "3.11.2",
  "platform_python_implementation": "CPython",
  "python_version": "3.11",
  "sys_platform": "win32"
}
@p-rogalski p-rogalski added the 🐛 bug Something isn't working label Jun 20, 2023
@frostming
Copy link
Collaborator

Because we don't support per-source ca-certs settings, just change the pypi.ca_certs config and it will work.
The same applies to client_cert and client_key

@frostming frostming closed this as not planned Won't fix, can't repro, duplicate, stale Jun 21, 2023
@p-rogalski
Copy link
Contributor Author

Understood

This means the following line in the docs is wrong and should be removed:

pdm/docs/docs/reference/configuration.md

Line 62 in b31edde

| `pypi.<name>.ca_certs` | Path to a PEM-encoded CA cert bundle (used for server cert verification) | The CA certificates from [certifi](https://pypi.org/project/certifi/) | No | |

@p-rogalski p-rogalski mentioned this issue Jun 21, 2023
Closed
2 tasks
@frostming
Copy link
Collaborator

Oh yeah, that was a mistake. But you seems to send PR to the wrong upstream :)

@p-rogalski
Copy link
Contributor Author

Oh yeah, I will correct the PR

@p-rogalski p-rogalski mentioned this issue Jun 21, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛 bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove pypi.<name>.ca_certs configuration option from docs p-rogalski/pdm
2 participants
@frostming @p-rogalski