Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6444

Python PIP provider version => latest stopped working for everyone pre-4.5.2

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: PUP 3.8.0, PUP 3.8.1, PUP 3.8.2, PUP 3.8.3, PUP 3.8.4, PUP 3.8.5, PUP 3.8.6, PUP 3.8.7, PUP 4.0.0, PUP 4.1.0, PUP 4.2.0, PUP 4.2.1, PUP 4.2.2, PUP 4.2.3, PUP 4.3.0, PUP 4.3.1, PUP 4.3.2, PUP 4.4.0, PUP 4.4.1, PUP 4.4.2, PUP 4.5.0, PUP 4.5.1
    • Fix Version/s: PUP 3.8.8, PUP 4.6.0
    • Component/s: None
    • Labels:
      None
    • Template:

      Description

      Hello,

      per https://mail.python.org/pipermail/distutils-sig/2016-June/029125.html, the PyPA team has changed the SimpleRPC Python pip endpoint to stop supporting HTTP, and forcing consumers to use HTTPS.

      The endpoint in question is used by the pip provider to determine the latest version number of a given package by name.

      While the use of SimpleRPC by the pip provider probably was a questionable choice, using a hardcoded URL for it definitely was a bad one; both of which were addressed in PUP-6120 per commit https://github.com/puppetlabs/puppet/commit/152299cc859fc74343c697841848086d4e41b6f8, which went into 4.5.2.

      Sadly, this leaves users of older versions like 3.8.x in trouble, in some cases even without them noticing it (their Puppet runs start failing obscurely).

      I'd like to request an update (for 3.8.8?) that allows configuration of the URL for the pip provider instead of the completely changed backend implementation in 4.5.2, to allow at least some transition route.

      If PyPI would put a 301 Moved Permanent in place, that wouldn't help:

      $ irb
      irb(main):001:0> require "xmlrpc/client"
      => true
      irb(main):002:0> server = XMLRPC::Client.new("pypi.io", "/", 80)
      => #<XMLRPC::Client:0x007fc73390f720 @http_header_extra=nil, @http_last_response=nil, @cookie=nil, @host="pypi.io", @path="/", @proxy_host=nil, @proxy_port=nil, @use_ssl=false, @timeout=30, @port=80, @password=nil, @user=nil, @auth=nil, @http=#<Net::HTTP pypi.io:80 open=false>, @parser=nil, @create=nil>
      irb(main):003:0> server.call("user_packages", "dstufft")
      RuntimeError: HTTP-Error: 301 Moved Permanently
      	from /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/xmlrpc/client.rb:509:in `do_rpc'
      	from /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/xmlrpc/client.rb:287:in `call2'
      	from /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/xmlrpc/client.rb:268:in `call'
      	from (irb):3
      	from /usr/local/bin/irb:11:in `<main>'
      irb(main):004:0>
      

      but the endpoint is available via https correctly in the way the pip provider expects it:

      $ curl -X POST https://pypi.python.org/pypi -H 'Content-type: text/xml' -d "<?xml version='1.0'?><methodCall><methodName>package_releases</methodName><params><param><value><string>pip</string></value></param></params></methodCall>"
      <?xml version='1.0'?>
      <methodResponse>
      <params>
      <param>
      <value><array><data>
      <value><string>8.1.2</string></value>
      </data></array></value>
      </param>
      </params>
      </methodResponse>
      

      it would be prudent or maybe even necessary to provide the infrastructure for cert management when allowing to change the URL.

      Thanks in advance!

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                count Andreas Kotes
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support