diff --git a/news/2979.bugfix b/news/2979.bugfix new file mode 100644 index 00000000..67aae073 --- /dev/null +++ b/news/2979.bugfix @@ -0,0 +1 @@ +Fixed a bug which caused ``verify_ssl`` to fail to drop through to ``pip install`` correctly as ``trusted-host``. diff --git a/pipenv/core.py b/pipenv/core.py index d22953ac..8a983dc4 100644 --- a/pipenv/core.py +++ b/pipenv/core.py @@ -780,6 +780,7 @@ def do_install_dependencies( requirements_dir=requirements_dir, extra_indexes=extra_indexes, pypi_mirror=pypi_mirror, + trusted_hosts=trusted_hosts ) c.dep = dep c.ignore_hash = ignore_hash @@ -1307,11 +1308,14 @@ def pip_install( requirements_dir=None, extra_indexes=None, pypi_mirror=None, + trusted_hosts=None ): from notpip._internal import logger as piplogger src = [] - + if not trusted_hosts: + trusted_hosts = [] + trusted_hosts.extend(os.environ.get("PIP_TRUSTED_HOSTS", [])) if environments.is_verbose(): piplogger.setLevel(logging.INFO) if requirement: @@ -1335,23 +1339,30 @@ def pip_install( # Try installing for each source in project.sources. if index: - if not is_valid_url(index): - index = project.find_source(index).get("url") - sources = [{"url": index}] + try: + index_source = project.find_source(index) + index_source = index_source.copy() + except SourceNotFound: + src_name = project.src_name_from_url(index) + verify_ssl = True if index not in trusted_hosts else False + index_source = {"url": index, "verify_ssl": verify_ssl, "name": src_name} + sources = [index_source.copy(),] if extra_indexes: if isinstance(extra_indexes, six.string_types): - extra_indexes = [extra_indexes] + extra_indexes = [extra_indexes,] for idx in extra_indexes: try: - extra_src = project.find_source(idx).get("url") + extra_src = project.find_source(idx) except SourceNotFound: - extra_src = idx - if extra_src != index: - sources.append({"url": extra_src}) + src_name = project.src_name_from_url(idx) + verify_ssl = True if idx not in trusted_hosts else False + extra_src = {"url": idx, "verify_ssl": verify_ssl, "name": extra_src} + if extra_src["url"] != index_source["url"]: + sources.append(extra_src) else: for idx in project.pipfile_sources: if idx["url"] != sources[0]["url"]: - sources.append({"url": idx["url"]}) + sources.append(idx) else: sources = project.pipfile_sources if pypi_mirror: @@ -1372,6 +1383,10 @@ def pip_install( with open(r) as f: if "--hash" not in f.read(): ignore_hashes = True + # trusted_hosts = [ + # "--trusted-host={0}".format(source.get("url")) for source in sources + # if not source.get("verify_ssl", True) + # ] pip_command = [which_pip(allow_global=allow_global), "install"] if pre: pip_command.append("--pre") diff --git a/pipenv/project.py b/pipenv/project.py index 7fdf48cc..3a4d3cce 100644 --- a/pipenv/project.py +++ b/pipenv/project.py @@ -823,6 +823,20 @@ class Project(object): # Write Pipfile. self.write_toml(p) + def src_name_from_url(self, index_url): + name, _, tld_guess = six.moves.urllib.parse.urlsplit(index_url).netloc.rpartition( + "." + ) + src_name = name.replace(".", "") + try: + self.get_source(name=src_name) + except SourceNotFound: + name = src_name + else: + from random import randint + name = "{0}-{1}".format(src_name, randint(1, 1000)) + return name + def add_index_to_pipfile(self, index, verify_ssl=True): """Adds a given index to the Pipfile.""" # Read and append Pipfile. @@ -833,18 +847,7 @@ class Project(object): source = {"url": index, "verify_ssl": verify_ssl} else: return - name, _, tld_guess = six.moves.urllib.parse.urlsplit(index).netloc.rpartition( - "." - ) - src_name = name.replace(".", "") - try: - self.get_source(name=src_name) - except SourceNotFound: - source[name] = src_name - else: - from random import randint - - source[name] = "{0}-{1}".format(src_name, randint(1, 1000)) + source["name"] = self.src_name_from_url(index) # Add the package to the group. if "source" not in p: p["source"] = [source] diff --git a/pipenv/utils.py b/pipenv/utils.py index 371a550a..f3599301 100644 --- a/pipenv/utils.py +++ b/pipenv/utils.py @@ -397,6 +397,7 @@ def resolve_deps( using pip-tools -- and their hashes, using the warehouse API / pip. """ from .patched.notpip._vendor.requests.exceptions import ConnectionError + from .vendor.requirementslib.models.requirements import Requirement from ._compat import TemporaryDirectory index_lookup = {} @@ -447,17 +448,11 @@ def resolve_deps( sys.exit(1) for result in resolved_tree: if not result.editable: - name = pep423_name(result.name) - version = clean_pkg_version(result.specifier) + req = Requirement.from_ireq(result) + name = pep423_name(req.name) + version = str(req.get_version()) index = index_lookup.get(result.name) - if not markers_lookup.get(result.name): - markers = ( - str(result.markers) - if result.markers and "extra" not in str(result.markers) - else None - ) - else: - markers = markers_lookup.get(result.name) + req.index = index collected_hashes = [] if result in hashes: collected_hashes = list(hashes.get(result)) @@ -493,13 +488,21 @@ def resolve_deps( # except (ValueError, KeyError, ConnectionError, IndexError): # if verbose: # print('Error generating hash for {}'.format(name)) - collected_hashes = sorted(set(collected_hashes)) - d = {"name": name, "version": version, "hashes": collected_hashes} - if index: - d.update({"index": index}) - if markers: - d.update({"markers": markers.replace('"', "'")}) - results.append(d) + req.hashes = sorted(set(collected_hashes)) + name, _entry = req.pipfile_entry + entry = {} + if isinstance(_entry, six.string_types): + entry["version"] = _entry.lstrip("=") + else: + entry.update(_entry) + entry["version"] = version + entry["name"] = name + # if index: + # d.update({"index": index}) + if markers_lookup.get(result.name): + entry.update({"markers": markers_lookup.get(result.name)}) + entry = translate_markers(entry) + results.append(entry) req_dir.cleanup() return results