Re: [Distutils] Disabling non HTTPS access to APIs on PyPI

On Oct 27, 2017 11:49, "Alex Domoradov" alex.hha@gmail.com wrote:
RUN pip install --upgrade pip
Try upgrading setuptools here too.
-n

By the way, some pages on pypi itself are pointing to http:
See, e.g. the "Download URL:" link here:
https://pypi.python.org/pypi/google-appengine
On 27 October 2017 at 17:22, Nathaniel Smith njs@vorpus.org wrote:
On Oct 27, 2017 11:49, "Alex Domoradov" alex.hha@gmail.com wrote:
RUN pip install --upgrade pip
Try upgrading setuptools here too.
-n
Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig

On 27 October 2017 at 21:05, Leonardo Rochael Almeida leorochael@gmail.com wrote:
By the way, some pages on pypi itself are pointing to http:
See, e.g. the "Download URL:" link here:
That's the project itself doing that, I believe (it's metadata from setup.py) so you'd need to report it to them.
Paul

I got it. And what I should do with old system? For e.g. we still use ubuntu 12.04. Is there any way to upgrade pip/setuptools?
On Fri, Oct 27, 2017 at 11:17 PM, Paul Moore p.f.moore@gmail.com wrote:
On 27 October 2017 at 21:05, Leonardo Rochael Almeida leorochael@gmail.com wrote:
By the way, some pages on pypi itself are pointing to http:
See, e.g. the "Download URL:" link here:
That's the project itself doing that, I believe (it's metadata from setup.py) so you'd need to report it to them.
Paul _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig

On 27 October 2017 at 22:22, Alex Domoradov alex.hha@gmail.com wrote:
I got it. And what I should do with old system? For e.g. we still use ubuntu 12.04. Is there any way to upgrade pip/setuptools?
Well, if Ubuntu aren't offering an upgrade, you can do
pip install -i https://pypi.python.org/simple/ ...
Or install your own copy of pip/setuptools, I guess (get-pip --user, see https://pip.pypa.io/en/stable/installing/#installing-with-get-pip-py). Paul

On Friday, October 27, 2017, Paul Moore p.f.moore@gmail.com wrote:
On 27 October 2017 at 22:22, Alex Domoradov <alex.hha@gmail.com javascript:;> wrote:
I got it. And what I should do with old system? For e.g. we still use
ubuntu
12.04. Is there any way to upgrade pip/setuptools?
Well, if Ubuntu aren't offering an upgrade, you can do
pip install -i https://pypi.python.org/simple/ ...
Or install your own copy of pip/setuptools, I guess (get-pip --user, see https://pip.pypa.io/en/stable/installing/#installing-with-get-pip-py). Paul
Does this upgrade system pip, regardless of the package checksums:
$ sudo pip install -i https://pypi.python.org/simple/ -U pip setuptools
If that doesn't work (or **isn't advisable because `sudo pip` is dangerous**), you can also configure the index URL with a config file or an environment variable:
https://pip.pypa.io/en/latest/user_guide/#config-file lists the paths for Windows, MacOS, and Linux.
/etc/pip.conf ~/.pip/pip.conf $VIRTUAL_ENV/pip.conf
``` [global]
index-url = https://pypi.python.org/simple/ ```
$ export PIP_INDEX_URL="https://pypi.python.org/simple/"
Setuptools (easy_install) uses ~/.pydistutils.cfg :
``` [easy_install] index_url = https://pypi.python.org/simple/ ```
Buildout uses buildout.cfg and ~/.buildout/default.cfg :
``` [buildout] index = https://pypi.python.org/simple/ ```
"What to do when PyPi goes down" (2010) https://jacobian.org/writing/when-pypi-goes-down/
This URL also works as the -i/--index-url?

On Sat, Oct 28, 2017 at 12:22:32AM +0300, Alex Domoradov wrote:
I got it. And what I should do with old system? For e.g. we still use ubuntu 12.04. Is there any way to upgrade pip/setuptools?
If you're using Ubuntu 12.04, then presumably you're paying Canoncial for extended support, so ask them to provide a pip/setuptools SRU.
(If you're not paying Canonical, then you're not getting security updates and should upgrade ASAP.)
Marius Gedminas

Yes, I know that. But unfortunately it's a legacy, so there is no way :(
I have resolved my issue with the following line in Dockerfile
RUN echo "[easy_install]\n\nindex-url = https://pypi.python.org/simple/" > ~/.pydistutils.cfg
On Mon, Oct 30, 2017 at 3:21 PM, Marius Gedminas marius@gedmin.as wrote:
On Sat, Oct 28, 2017 at 12:22:32AM +0300, Alex Domoradov wrote:
I got it. And what I should do with old system? For e.g. we still use
ubuntu
12.04. Is there any way to upgrade pip/setuptools?
If you're using Ubuntu 12.04, then presumably you're paying Canoncial for extended support, so ask them to provide a pip/setuptools SRU.
(If you're not paying Canonical, then you're not getting security updates and should upgrade ASAP.)
Marius Gedminas
Favorite MS-DOS error message: "Drive C: not ready, close door."
Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
participants (6)
-
Alex Domoradov
-
Leonardo Rochael Almeida
-
Marius Gedminas
-
Nathaniel Smith
-
Paul Moore
-
Wes Turner