Merge pull request #2981 from pypa/fix-trusted-hosts

Fix trusted-host passthru

news/2979.bugfix

@@ -0,0 +1 @@
+Fixed a bug which caused ``verify_ssl`` to fail to drop through to ``pip install`` correctly as ``trusted-host``.

pipenv/core.py

@@ -780,6 +780,7 @@ def do_install_dependencies(
                 requirements_dir=requirements_dir,
                 extra_indexes=extra_indexes,
                 pypi_mirror=pypi_mirror,
+                trusted_hosts=trusted_hosts
             )
             c.dep = dep
             c.ignore_hash = ignore_hash
@@ -1307,11 +1308,14 @@ def pip_install(
     requirements_dir=None,
     extra_indexes=None,
     pypi_mirror=None,
+    trusted_hosts=None
 ):
     from notpip._internal import logger as piplogger
 
     src = []
-
+    if not trusted_hosts:
+        trusted_hosts = []
+    trusted_hosts.extend(os.environ.get("PIP_TRUSTED_HOSTS", []))
     if environments.is_verbose():
         piplogger.setLevel(logging.INFO)
         if requirement:
@@ -1335,23 +1339,30 @@ def pip_install(
 
     # Try installing for each source in project.sources.
     if index:
-        if not is_valid_url(index):
-            index = project.find_source(index).get("url")
-        sources = [{"url": index}]
+        try:
+            index_source = project.find_source(index)
+            index_source = index_source.copy()
+        except SourceNotFound:
+            src_name = project.src_name_from_url(index)
+            verify_ssl = True if index not in trusted_hosts else False
+            index_source = {"url": index, "verify_ssl": verify_ssl, "name": src_name}
+        sources = [index_source.copy(),]
         if extra_indexes:
             if isinstance(extra_indexes, six.string_types):
-                extra_indexes = [extra_indexes]
+                extra_indexes = [extra_indexes,]
             for idx in extra_indexes:
                 try:
-                    extra_src = project.find_source(idx).get("url")
+                    extra_src = project.find_source(idx)
                 except SourceNotFound:
-                    extra_src = idx
-                if extra_src != index:
-                    sources.append({"url": extra_src})
+                    src_name = project.src_name_from_url(idx)
+                    verify_ssl = True if idx not in trusted_hosts else False
+                    extra_src = {"url": idx, "verify_ssl": verify_ssl, "name": extra_src}
+                if extra_src["url"] != index_source["url"]:
+                    sources.append(extra_src)
         else:
             for idx in project.pipfile_sources:
                 if idx["url"] != sources[0]["url"]:
-                    sources.append({"url": idx["url"]})
+                    sources.append(idx)
     else:
         sources = project.pipfile_sources
     if pypi_mirror:
@@ -1372,6 +1383,10 @@ def pip_install(
         with open(r) as f:
             if "--hash" not in f.read():
                 ignore_hashes = True
+    # trusted_hosts = [
+    #     "--trusted-host={0}".format(source.get("url")) for source in sources
+    #     if not source.get("verify_ssl", True)
+    # ]
     pip_command = [which_pip(allow_global=allow_global), "install"]
     if pre:
         pip_command.append("--pre")

pipenv/project.py

@@ -823,6 +823,20 @@ class Project(object):
         # Write Pipfile.
         self.write_toml(p)
 
+    def src_name_from_url(self, index_url):
+        name, _, tld_guess = six.moves.urllib.parse.urlsplit(index_url).netloc.rpartition(
+            "."
+        )
+        src_name = name.replace(".", "")
+        try:
+            self.get_source(name=src_name)
+        except SourceNotFound:
+            name = src_name
+        else:
+            from random import randint
+            name = "{0}-{1}".format(src_name, randint(1, 1000))
+        return name
+
     def add_index_to_pipfile(self, index, verify_ssl=True):
         """Adds a given index to the Pipfile."""
         # Read and append Pipfile.
@@ -833,18 +847,7 @@ class Project(object):
             source = {"url": index, "verify_ssl": verify_ssl}
         else:
             return
-        name, _, tld_guess = six.moves.urllib.parse.urlsplit(index).netloc.rpartition(
-            "."
-        )
-        src_name = name.replace(".", "")
-        try:
-            self.get_source(name=src_name)
-        except SourceNotFound:
-            source[name] = src_name
-        else:
-            from random import randint
-
-            source[name] = "{0}-{1}".format(src_name, randint(1, 1000))
+        source["name"] = self.src_name_from_url(index)
         # Add the package to the group.
         if "source" not in p:
             p["source"] = [source]

pipenv/utils.py

@@ -397,6 +397,7 @@ def resolve_deps(
     using pip-tools -- and their hashes, using the warehouse API / pip.
     """
     from .patched.notpip._vendor.requests.exceptions import ConnectionError
+    from .vendor.requirementslib.models.requirements import Requirement
     from ._compat import TemporaryDirectory
 
     index_lookup = {}
@@ -447,17 +448,11 @@ def resolve_deps(
                 sys.exit(1)
     for result in resolved_tree:
         if not result.editable:
-            name = pep423_name(result.name)
-            version = clean_pkg_version(result.specifier)
+            req = Requirement.from_ireq(result)
+            name = pep423_name(req.name)
+            version = str(req.get_version())
             index = index_lookup.get(result.name)
-            if not markers_lookup.get(result.name):
-                markers = (
-                    str(result.markers)
-                    if result.markers and "extra" not in str(result.markers)
-                    else None
-                )
-            else:
-                markers = markers_lookup.get(result.name)
+            req.index = index
             collected_hashes = []
             if result in hashes:
                 collected_hashes = list(hashes.get(result))
@@ -493,13 +488,21 @@ def resolve_deps(
             # except (ValueError, KeyError, ConnectionError, IndexError):
             #     if verbose:
             #         print('Error generating hash for {}'.format(name))
-            collected_hashes = sorted(set(collected_hashes))
-            d = {"name": name, "version": version, "hashes": collected_hashes}
-            if index:
-                d.update({"index": index})
-            if markers:
-                d.update({"markers": markers.replace('"', "'")})
-            results.append(d)
+            req.hashes = sorted(set(collected_hashes))
+            name, _entry = req.pipfile_entry
+            entry = {}
+            if isinstance(_entry, six.string_types):
+                entry["version"] = _entry.lstrip("=")
+            else:
+                entry.update(_entry)
+                entry["version"] = version
+            entry["name"] = name
+            # if index:
+            #     d.update({"index": index})
+            if markers_lookup.get(result.name):
+                entry.update({"markers": markers_lookup.get(result.name)})
+            entry = translate_markers(entry)
+            results.append(entry)
     req_dir.cleanup()
     return results