search

pypa / pip

The Python package installer
https://pip.pypa.io/
MIT License
9.52k stars 3.03k forks source link

Can not install a release archived of a private Github repo using Basic Authentication #2864

Closed tupy closed 7 years ago

tupy commented 9 years ago

For private repositories, Github sends a 302 redirect for curl connections. However, pip install receive a 406 error. I open a ticket in Github to investigate this, but I also would like to debug the pip request.

$ pip install -v https://ACCESS_TOKEN:x-oauth-basic@github.com/user/private_repo/archive/v0.1.0.tar.gz#egg=private_repo

Downloading/unpacking private_repo from https://ACCESS_TOKEN:x-oauth-basic@github.com/user/private_repo/archive/v0.1.0.tar.gz
  HTTP error 406 while getting https://ACCESS_TOKEN:x-oauth-basic@github.com/user/private_repo/archive/v0.1.0.tar.gz
  Could not install requirement private_repo from https://ACCESS_TOKEN:x-oauth-basic@github.com/user/private_repo/archive/v0.1.0.tar.gz because of error HTTP Error 406: Not Acceptable
Cleaning up...
  Removing temporary dir /Users/user/workspaces/python/envs/webpy/build...
Could not install requirement private_repo from https://ACCESS_TOKEN:x-oauth-basic@github.com/user/private_repo/archive/v0.1.0.tar.gz because of HTTP error HTTP Error 406: Not Acceptable for URL https://ACCESS_TOKEN:x-oauth-basic@github.com/user/private_repo/archive/v0.1.0.tar.gz
Exception information:
Traceback (most recent call last):
  File "/Users/user/workspaces/python/envs/webpy/lib/python2.7/site-packages/pip/basecommand.py", line 134, in main
    status = self.run(options, args)
  File "/Users/user/workspaces/python/envs/webpy/lib/python2.7/site-packages/pip/commands/install.py", line 236, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Users/user/workspaces/python/envs/webpy/lib/python2.7/site-packages/pip/req.py", line 1099, in prepare_files
    % (req_to_install, e, url))
InstallationError: Could not install requirement private_repo from https://ACCESS_TOKEN:x-oauth-basic@github.com/user/private_repo/archive/v0.1.0.tar.gz because of HTTP error HTTP Error 406: Not Acceptable for URL https://ACCESS_TOKEN:x-oauth-basic@github.com/user/private_repo/archive/v0.1.0.tar.gz

Storing complete log in /Users/user/.pip/pip.log

$ curl -v https://ACCESS_TOKEN:x-oauth-basic@github.com/user/private_repo/archive/v0.1.0.tar.gz#egg=private_repo

* Hostname was NOT found in DNS cache
*   Trying 192.30.252.129...
* Connected to github.com (192.30.252.129) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: github.com
* Server certificate: DigiCert SHA2 Extended Validation Server CA
* Server certificate: DigiCert High Assurance EV Root CA
* Server auth using Basic with user 'ACCESS_TOKEN'
> GET /user/private_repo/archive/v0.1.0.tar.gz HTTP/1.1
> Authorization: Basic XXXXXXXXXXX
> User-Agent: curl/7.37.1
> Host: github.com
> Accept: */*
>
< HTTP/1.1 302 Found
* Server GitHub.com is not blacklisted
< Server: GitHub.com
< Date: Wed, 03 Jun 2015 11:58:59 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Status: 302 Found
< Content-Security-Policy: default-src *; script-src assets-cdn.github.com collector-cdn.github.com; object-src assets-cdn.github.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' assets-cdn.github.com; img-src 'self' data: assets-cdn.github.com identicons.github.com www.google-analytics.com collector.githubapp.com *.githubusercontent.com *.gravatar.com *.wp.com; media-src 'none'; frame-src 'self' render.githubusercontent.com gist.github.com www.youtube.com player.vimeo.com checkout.paypal.com; font-src assets-cdn.github.com; connect-src 'self' live.github.com wss://live.github.com uploads.github.com status.github.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com
< Public-Key-Pins: max-age=300; pin-sha256="SHA_256"; pin-sha256="SHA256="; includeSubDomains
< Cache-Control: no-cache
< X-GitHub-User: githubuser
< Vary: X-PJAX
< Location: https://codeload.github.com/user/private_repo/tar.gz/v0.1.0?token=RECEIVED_TOKEN
< X-UA-Compatible: IE=Edge,chrome=1
< Set-Cookie: logged_in=yes; domain=.github.com; path=/; expires=Sun, 03 Jun 2035 11:58:59 -0000; secure; HttpOnly
< Set-Cookie: dotcom_user=githubuser; domain=.github.com; path=/; expires=Sun, 03 Jun 2035 11:58:59 -0000; secure; HttpOnly
< Set-Cookie: _gh_sess=ANY_VAL; path=/; secure; HttpOnly
< X-Request-Id: 986f1f1701df4c78aa23f09c28054491
< X-Runtime: 0.013281
< X-GitHub-Request-Id: BFBEEF32:45CB:1C7F77D:556EEC03
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: deny
< Vary: Accept-Encoding
< X-Served-By: 926b734ea1992f8ee1f88ab967a93dac
<
* Connection #0 to host github.com left intact
<html><body>You are being <a href="https://codeload.github.com/user/private_repo/tar.gz/v0.1.0?token=RECEIVED_TOKEN">redirected</a>.</body></html>%
dstufft commented 7 years ago

Closing this as I don't believe this to be a pip bug, if you're still getting this I would try to reproduce it with requests directly, and if you can raise the issue with them.