I couldn’t find a proper solution for the following or to put it in another way I don’t know what to search for.
We have a private PyPi repository hosted on Nexus and everything works as it should. I defined the pip.conf and pypirc as documented. To store the credentials I am using the keyring package, but the following issue arises.
When I try to build a package with python3 -m build the process fails because the credentials are seemingly not being read from the keyring inside the temp venv.
Is there any setup to pass these credentials through keyring into the temp venv? It would be enough to guide me to some tutorials or an explanation.
What is the error message here? Is the keyring package not available? Are the credentials not available? Does keyring package fail to access the keyring?
The keyring package is available, installed and has the current credentials installed which I can verify since pip asked me before to store them and works now without asking for any credentials anymore.
I can verify that it uses the right repo by running the pip install in the verbose mode.
This the verbose output of python3 -m build -vvv
python3 -m build -vvv
* Creating isolated environment: venv+pip...
* Installing packages in isolated environment:
- setuptools-scm>=7
- setuptools>=69
- wheel
> /home/user/miniconda3/bin/python3 -m pip --python /tmp/build-env-hpz7cmbh/bin/python -vv install --use-pep517 --no-warn-script-location --no-compile -r /tmp/build-reqs-jg9vsjsb.txt
< Using pip 23.3.1 from /home/user/miniconda3/lib/python3.11/site-packages/pip (python 3.11)
< Non-user install because user site-packages disabled
< Created temporary directory: /tmp/pip-build-tracker-k06vvnpl
< Initialized build tracking at /tmp/pip-build-tracker-k06vvnpl
< Created build tracker: /tmp/pip-build-tracker-k06vvnpl
< Entered build tracker: /tmp/pip-build-tracker-k06vvnpl
< Created temporary directory: /tmp/pip-install-eqn1o41a
< Created temporary directory: /tmp/pip-ephem-wheel-cache-_3st9vqm
< Looking in indexes: https://repo.company.de/repository/vc-pypi/simple
< 1 location(s) to search for versions of wheel:
< * https://repo.company.de/repository/vc-pypi/simple/wheel/
< Fetching project page and analyzing links: https://repo.company.de/repository/vc-pypi/simple/wheel/
< Getting page https://repo.company.de/repository/vc-pypi/simple/wheel/
< Found index url https://repo.company.de/repository/vc-pypi/simple/
< Looking up "https://repo.company.de/repository/vc-pypi/simple/wheel/" in the cache
< Request header has "max_age" as 0, cache bypassed
< Starting new HTTPS connection (1): repo.company.de:443
< https://repo.company.de:443 "GET /repository/vc-pypi/simple/wheel/ HTTP/1.1" 401 0
< Found index url https://repo.company.de/repository/vc-pypi/simple/
< Keyring provider requested: auto
< Keyring provider set: subprocess with executable /home/user/miniconda3/bin/keyring
It stops on the call to keyring, thus my assumption was that there is somehow a problem between the created environment and the keyring.
“It stops”, as in it hangs and doesn’t produce any further output? To me that would indicate they keyring is waiting for user input which it’s not going to get.
I am not that familiar with the details of how keyring works here, hopefully someone else will be able to provide you more information.
Although, make sure that the executable mentioned in the last line is actually the one you want to be invoked.
That would be irritating because it works without any further input when I use the pip install command, but I cannot 100% exclude that.
Thank you for your time though!
I quickly checked the verbose output of pip install. This is the partial output:
Using pip 23.3.1 from /home/user/miniconda3/lib/python3.11/site-packages/pip (python 3.11)
Non-user install because site-packages writeable
Created temporary directory: /tmp/pip-build-tracker-_9qdkl1g
Initialized build tracking at /tmp/pip-build-tracker-_9qdkl1g
Created build tracker: /tmp/pip-build-tracker-_9qdkl1g
Entered build tracker: /tmp/pip-build-tracker-_9qdkl1g
Created temporary directory: /tmp/pip-install-qrsvtl3_
Created temporary directory: /tmp/pip-ephem-wheel-cache-erdgzygd
Looking in indexes: https://repo.company.de/repository/vc-pypi/simple
1 location(s) to search for versions of django:
* https://repo.company.de/repository/vc-pypi/simple/django/
Fetching project page and analyzing links: https://repo.company.de/repository/vc-pypi/simple/django/
Getting page https://repo.company.de/repository/vc-pypi/simple/django/
Found index url https://repo.company.de/repository/vc-pypi/simple/
Starting new HTTPS connection (1): repo.company.de:443
https://repo.company.de:443 "GET /repository/vc-pypi/simple/django/ HTTP/1.1" 401 0
Found index url https://repo.company.de/repository/vc-pypi/simple/
Keyring provider requested: auto
Keyring provider set: import
Getting credentials from keyring for https://repo.company.de/repository/vc-pypi/simple/
Loading KWallet
Loading SecretService
Loading Windows
Loading chainer
Loading libsecret
Loading macOS
Getting credentials from keyring for repo.company.de
Found credentials in keyring for repo.company.de
...
The last message indicates that it successfully retrieves the credentials from the keyring without any further input
Notices that it uses a different Keyring provider.
In the build venv keyring is not installed at this point, presumably because you are trying to get it from the private repo. I don’t know what the proper solution for that is.
I’ve had success in the past with using a long-lived venv with keyring installed to pip download (which runs a full resolve by default) to a directory, then with the temp venv pip install --no-index -f from that directory.
It just hanging has in my experience been indicative of waiting for user input, but stdin not being the terminal.