Add --shared to pipx install and pipx runpip.
#829
Conversation
Darsstar
force-pushed
the
pipx_install_--share
branch
2 times, most recently
from
f394e6d to
4962004
Compare
Darsstar
force-pushed
the
pipx_install_--share
branch
from
4962004 to
2f8258d
Compare
|
Thanks for putting this together, and apologies for such a long wait time on the review (we are all volunteers so I hope you can understand). I haven't used private pypi indexes before so I had to do a little reading to come up to speed on this, but I think I'm there now. For anyone else not familiar, keyring integrates with your OS's password manager, and pip will automatically load credentials for urls in saved in keyring (reference). I see there is also a netrc, which should be automatically used by pip. Is there a reason you aren't using this instead? (I'm guessing because storing your password in plaintext isn't desirable, but wanted to confirm this was considered as an option). |
|
Plaintext is one reason, yes. The other is that Azure DevOps Personal Access Tokens expire. Microsoft's artifacts-keyring keyring backend handles that expiration problem. Pipx solves weird dependecy conflicts I have been asked to help with. Artifacts-keyring reduces authentication related issues for me to help colleagues with by a lot. Having these two (pipx & keyring) work together better would be nice for me, since I get to clean up our powershell script. (See the keyring-subprocess package's Readme if you are interested) Until I hear otherwise I'll assume I provided enough motivation for the feature and start working my way through the checklist. |
Darsstar
force-pushed
the
pipx_install_--share
branch
3 times, most recently
from
d2e9acb to
2b54cc4
Compare
Darsstar
changed the title
pipx install and --shared to pipx runpip.pipx install and pipx runpip.
|
Tests, documentation and changelog enties are now all ready for review as well. I'm also mention my related PR for Pip pypa/pip#11029 in the hope that someone ends up there via this PR. As mentioned there I hope to create a PR that passes Edit: Tests failed on Windows. That is fixed now as well. |
Darsstar
force-pushed
the
pipx_install_--share
branch
7 times, most recently
from
7dea364 to
7f9a5ad
Compare
The main use case for it is as explained in the help text: providing keyring backends while creating virtual environments while pip is looking at private repositories which require authentication. PYTHONPATH is not an option since pipx explicitly removes it from the dict of environment variables to be passed to the subprocess. Injecting it after it is created would ia a chicken and the egg problem. It still won't work out of the box. But now it should no longer be a deal-breaker and instead be, assuming PyPI is reachable, a slight hassle after installing pipx. In my case: ``` pipx install -i https://pypi.org/simple/ --shared keyring-subprocess pipx install -i https://pypi.org/simple/ keyring pipx inject -i https://pypi.org/simple/ --include-apps keyring keyring-subprocess-landmark pipx inject -i https://pypi.org/simple/ keyring artifacts-keyring # now we are good to go! # I made keyring-subprocess specifically for this feature, it has zero dependencies and should not cause a new sort of dependency hell # we could run `pipx runpip --shared freeze` to verify pip can find keyring-subprocess pipx install black pipx install ... ``` While the following would achieve the same thing, I hope we can all agree the above is better: ``` pipx runpip --shared install artifacts-keyring ```
…e case for which it was added.
Darsstar
force-pushed
the
pipx_install_--share
branch
from
7f9a5ad to
009580f
Compare
|
Note that in the next release, pip will include a As a result, making the existence of the shared libraries visible in the user interface may be something we want to avoid, as it will make it harder to change. |
|
I should probably repeat here what I said about this PR in my "vendor keyring & keyring-subprocess" PR: if that one gets merged this one would no longer be of any value to me. (And presumably potential Pipx users that want to retrieve credentials for private repositories with the keyring library.) That is because it is more general: pyprojectx, something a colleague pointed out as something we should take a look at, would become viable as soon as we updated Pip. |
|
Pip 23.1 included the |
Hi,
Is this something you folks would be willing to maintain?
Alternative aproaches to make pipx more suitable for private registries you might prefer which I am willing to implement:
If there is interest in maintaining anything like this I will add tests, if not I will maintain this as my private fork without going through the effort of adding tests.
docs/changelog.mdSummary of changes
Add --shared to
pipx installandpipx runpip.The main use case for it is as explained in the help text: providing keyring backends while creating virtual environments while pip is looking at private repositories which require authentication.
PYTHONPATH is not an option since pipx explicitly removes it from the dict of environment variables to be passed to the subprocess.
Injecting it after it is created would ia a chicken and the egg problem.
It still won't work out of the box. But now it should no longer be a deal-breaker and instead be, assuming PyPI is reachable, a slight hassle after installing pipx. Documentation should be able to alleviate this further.
Test plan
Tested by running
While the following would achieve the same thing, I hope we can all agree the above is better in the sense that we don't use
pipx runpipand are thus able to usepipx upgrade. (Also