devpi
netrc not used when fetching packages from mirror index
Prereqs
- [x] Are you using the latest released version? Using 2.2.0, latest release on PyPI.
- [X] Provide the output of
pip listfrom the virtual environment you are using.
Package Version
--------------------------------- ---------
aiohttp 3.8.1
aiosignal 1.2.0
appdirs 1.4.4
argon2-cffi 21.1.0
async-timeout 4.0.1
attrs 21.2.0
backports.entry-points-selectable 1.1.1
beautifulsoup4 4.10.0
bleach 4.1.0
build 0.7.0
certifi 2021.10.8
cffi 1.15.0
Chameleon 3.9.1
charset-normalizer 2.0.8
check-manifest 0.47
cmarkgfm 0.6.0
defusedxml 0.7.1
devpi 2.2.0
devpi-client 5.2.3
devpi-common 3.6.0
devpi-server 6.3.0
devpi-web 4.0.8
distlib 0.3.3
docutils 0.18.1
execnet 1.9.0
filelock 3.4.0
frozenlist 1.2.0
hupper 1.10.3
idna 3.3
itsdangerous 2.0.1
lazy 1.4
multidict 5.2.0
packaging 21.3
passlib 1.7.4
PasteDeploy 2.1.1
pep517 0.12.0
pip 21.3.1
pkginfo 1.8.1
plaster 1.0
plaster-pastedeploy 0.7
platformdirs 2.4.0
pluggy 1.0.0
py 1.11.0
pycparser 2.21
Pygments 2.10.0
pyparsing 3.0.6
pyramid 2.0
pyramid-chameleon 0.3
python-dateutil 2.8.2
readme-renderer 30.0
repoze.lru 0.7
requests 2.26.0
ruamel.yaml 0.17.17
setuptools 58.3.0
six 1.16.0
soupsieve 2.3.1
strictyaml 1.6.0
toml 0.10.2
tomli 1.2.2
tox 3.24.4
translationstring 1.4
typing_extensions 4.0.0
urllib3 1.26.7
venusian 3.0.0
virtualenv 20.10.0
waitress 2.0.0
webencodings 0.5.1
WebOb 1.8.7
wheel 0.37.0
Whoosh 2.7.4
yarl 1.7.2
zope.deprecation 4.4.0
zope.interface 5.4.0
- [x] Provide the Python and operating system versions under which the issue occurs. Python 3.10.0 on macOSD Monterey (12.0.1)
- [x] If possible, provide a minimal example to reproduce the issue. This doesn't seem practical
Description
I've got a PyPI repository on artifactory that serves my company's internal/private packages. I've created a devpi mirror index of that. I use .netrc to specify the user name and password for the artifactory repository, and that seems to work fine when creating the index: devpi sees the index and is able to find out what packages it contains. devpi even seems to be indexing the artifactory repo correctly.
However, I'm not able to actually install packages from the devpi mirror index. When I do a pip install -i <url of devpi index> <package name>, the installation fails and the devpi server reports that "The project
If I instead specify the user name and password in the URL when creating the index, everything works correctly.
So it seems like devpi will use .netrc when creating the index, at least enough to see what packages exist, but it doesn't use .netrc when fetching the actual package contents.
Should I even be expecting this to work at all, or is devpi explicitly not supporting .netrc? If it's supposed to support .netrc, is there anything I can try to get it to work? I'd prefer to just be able to rely on .netrc all of the time.
Could you try with the release from https://m.devpi.net/fschulze/dev/devpi-server/6.3.1
I installed the wheel and restarted the server. The web interface reported the correct new version, 3.6.1, but the problem still seems to persist.
I took a look at the source of aiohttp and it seems they only read authentication info from ~/.netrc for proxy settings, but not for general requests. You have to try and get that feature added by them.