search

python-poetry / poetry

Python packaging and dependency management made easy
https://python-poetry.org
MIT License
31.06k stars 2.25k forks source link

Poetry hangs resolving ssh dependencies from unknown hosts #9618

Open Yarn opened 1 month ago

Yarn commented 1 month ago

Description

Running poetry lock will hang forever without any indication of why.

Running poetry lock -vvv shows ssh's interactive prompt, e.g.

The authenticity of host 'github.com (140.82.116.4)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

This prompt can be accepted and future runs can succeed.

Workarounds

Run poetry lock -vvv and interact with the ssh prompt

Poetry Installation Method

pip

Operating System

Arch

Poetry Version

1.8.3

Poetry Configuration

cache-dir = "/home/ryan/.cache/pypoetry"
experimental.system-git-client = false
installer.max-workers = null
installer.modern-installation = true
installer.no-binary = null
installer.parallel = true
keyring.enabled = true
solver.lazy-wheel = true
virtualenvs.create = true
virtualenvs.in-project = null
virtualenvs.options.always-copy = false
virtualenvs.options.no-pip = false
virtualenvs.options.no-setuptools = false
virtualenvs.options.system-site-packages = false
virtualenvs.path = "{cache-dir}/virtualenvs"  # /home/ryan/.cache/pypoetry/virtualenvs
virtualenvs.prefer-active-python = false
virtualenvs.prompt = "{project_name}-py{python_version}"
warnings.export = true

Python Sysconfig

No response

Example pyproject.toml

No response

Poetry Runtime Logs

issue does not occur with `-vvv`
dimbleby commented 1 month ago

Too bad, probably. I don't know any way to tell ssh always to fail non-interactively here.

If it shows up in verbose mode, that'll probably have to be good enough

You provided no way to reproduce this.

Yarn commented 3 weeks ago

After writing the below I noticed -o BatchMode=yes which should disable any interactive prompts.

https://man.archlinux.org/man/ssh_config.5.en#BatchMode

I think -o StrictHostKeyChecking=yes would make this specific case fail non-interactively.

-o PasswordAuthentication=no I think would cover #9626

https://man.archlinux.org/man/ssh_config.5.en#StrictHostKeyChecking https://man.archlinux.org/man/ssh_config.5.en#PasswordAuthentication

Yarn commented 3 weeks ago

to reproduce the issue comment out any entries for github.com in ~/.ssh/known_hosts and ensure no system level ssh configuration disables host key checking for that host then use the following pyproject.toml

[tool.poetry]
name = "test"
version = "0.1.0"
description = ""
authors = [""]

[tool.poetry.dependencies]
poetry = { "git" = "git@github.com:python-poetry/poetry.git" }
dimbleby commented 3 weeks ago

poetry uses dulwich for git clones, so next step is to persuade dulwich to use that parameter then

suggest you experiment with something like

diff --git a/src/poetry/vcs/git/backend.py b/src/poetry/vcs/git/backend.py
index 0fc00f0b..b3b28026 100644
--- a/src/poetry/vcs/git/backend.py
+++ b/src/poetry/vcs/git/backend.py
@@ -194,7 +194,7 @@ class Git:
         client: GitClient
         path: str

-        kwargs: dict[str, str] = {}
+        kwargs = {"ssh_command": "ssh -o BatchMode=yes"}
         credentials = get_default_authenticator().get_credentials_for_git_url(url=url)

         if credentials.password and credentials.username:

and submit a merge request if you can get it to work satisfactorily