search

astral-sh / uv

An extremely fast Python package and project manager, written in Rust.
https://docs.astral.sh/uv
Apache License 2.0
25.03k stars 723 forks source link

`uv add` and `uv lock` fail on corporate network #6563

Open maxfirman opened 2 months ago

maxfirman commented 2 months ago

I'm running into some problems trying to use uv add and uv lock commands on a machine running behind a corporate proxy.

I have configured internal pypi mirrors in my ~/.config/uv/uv.toml file:

[pip]
index-url = "<pypi_mirrror_url>"

I then run through the following "hello world" example and get some errors along the way:

➜  uv init hello-uv             
Initialized project `hello-uv` at `/home/develop/hello-uv`

➜  cd hello-uv

➜  uv add requests 
Using Python 3.12.3 interpreter at: /home/linuxbrew/.linuxbrew/opt/python@3.12/bin/python3.12
Creating virtualenv at: .venv
⠼ requests==1.2.3                                                                                                                                   error: Failed to download and build `requests==1.2.3`
  Caused by: Failed to extract archive
  Caused by: Invalid gzip header

➜  cat pyproject.toml
[project]
name = "hello-uv"
version = "0.1.0"
description = "Add your description here"
readme = "README.md"
requires-python = ">=3.12"
dependencies = [
    "requests",
]

[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"

➜  uv lock           
⠼ requests==1.2.3                                                                                                                                   error: Failed to download and build `requests==1.2.3`
  Caused by: Failed to extract archive
  Caused by: Invalid gzip header

➜  uv pip compile pyproject.toml
Resolved 5 packages in 1.66s
# This file was autogenerated by uv via the following command:
#    uv pip compile pyproject.toml
certifi==2024.7.4
    # via requests
charset-normalizer==3.3.2
    # via requests
idna==3.8
    # via requests
requests==2.32.3
    # via hello-uv (pyproject.toml)
urllib3==2.2.2
    # via requests

The interesting thing is that the uv pip compile pyproject.toml command succeeds, whereas the uv add and uv lock commands fail.

If I subsequently delete the ~/.config/uv/uv.toml file, then the uv pip compile pyproject.toml command fails with the same error:

➜  uv pip compile pyproject.toml
⠸ requests==1.2.3                                                                                                                                   error: Failed to download and build `requests==1.2.3`
  Caused by: Failed to extract archive
  Caused by: Invalid gzip header

This would seem to imply that the uv add and uv lock commands are not respecting the index-url configuration.

charliermarsh commented 2 months ago

Can you try removing the [pip] header from your uv.toml?

charliermarsh commented 2 months ago

Settings under [pip] only apply to uv pip; settings at the top-level apply to everything (uv sync, uv lock, and uv pip et al).

maxfirman commented 2 months ago

Brilliant, that worked! Thanks

zanieb commented 2 months ago

@charliermarsh why do we fail with this weird error? because the proxy returns a weird response?

zanieb commented 2 months ago

(@maxfirman if you can get more details about what the response from the proxy is that'd be helpful for improving the error message for other users, uv will say more about the requests with RUST_LOG=trace uv add --verbose ...)

maxfirman commented 2 months ago

uv_add_failure.log @zanieb log file attached

zanieb commented 2 months ago

What kind of response is returned when you GET https://files.pythonhosted.org/packages/61/79/efc316760a906763de872d7328c9bf8c5af28708a35fdae57fbb4ee005f7/requests-1.2.3.tar.gz?

maxfirman commented 2 months ago

curl_pythonhosted.log @zanieb see attached log. The request goes via our proxy and gets redirected to a our Artifactory which ultimately returns a 404. This looks likely to be a proxy misconfiguration on our end. It would definitely be better to have uv fail immediately and surface the 404 error.