-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pip-audit doesnt allow authenticating into an extra index #706
Comments
Thanks for the report! Could you say a bit more about your use case, and how (if) you have pip has a few authentication mechanisms that don't require interactivity; do any of these work for you? |
If I do the static url authentication everything does go through. However, the behaviour (the hangup) was unexpected. Im assuming this is happening at the point in the workflow the underlying pip is asking for user input of username and password. The ability to input the data or, alternately, it erroring out, would be, I humbly suggest, better behaviour. Or perhaps a documentation update saying interactive auth isnt supported. |
Got it, thank you for confirming -- that makes sense; I just wanted to establish that
Yep, that's unexpected and a bug on our end -- I'll be opening a PR for that. I think we'll probably start with erroring out, since plumbing input into the |
Closes #706. Signed-off-by: William Woodruff <william@trailofbits.com>
@nickanna42 would you be able to try out the changes in #707 and see if they produce an error for you, rather than blocking indefinitely? |
* _virtual_env: add --no-input to all invocations Closes #706. Signed-off-by: William Woodruff <william@trailofbits.com> * CHANGELOG: record changes Signed-off-by: William Woodruff <william@trailofbits.com> * pyproject: filter coverage==7.3.2 See nedbat/coveragepy#1713. Signed-off-by: William Woodruff <william@trailofbits.com> --------- Signed-off-by: William Woodruff <william@trailofbits.com>
Hi @woodruffw, Sorry for hijacking this issue but I'm facing a problem that I think is related. The authentication mechanism that I'm using is through the keyring with the Google Artifact Registry backend.
The Do you know what I'm doing wrong? Thank you! |
@fgsalomon Sorry, there isn't enough information there for me to know for certain 🙂. Depending on how you're invoking I apologize for the extra bit of work, but could you file a new issue for your behavior? The bug report form contains a bunch of steps that make triage way simpler and faster on our side. |
I'm sorry, I should have done it in the first place. I hope I've done it right now. |
Much appreciated! |
Bug description
When running a
pip-audit -r requirements.txt
which contains an--extra-index-url
flag that links to an index which requires authentication, pip-audit hangs on the "Installing package in isolated environment" stepReproduction steps
requirements.txt contents:
run
pip-audit -r requirements.txt
Expected behavior
A prompt asking for username and password pops up when pip-audit encounters an index which requires authentication
Screenshots and logs
If applicable, add screenshots to help explain your problem.
Similarly, if applicable and possible, re-run the command with
--verbose
,and paste the logs in the code block below:
Platform information
pip-audit
version (pip-audit -V
): 2.6.1python -V
orpython3 -V
): 3.11.7pip
version (pip -V
orpip3 -V
): 23.2.1The text was updated successfully, but these errors were encountered: