classification
Title: PIP doesn't honor --trusted-host or --cert options
Type: behavior Stage: resolved
Components: macOS, SSL Versions: Python 3.6
process
Status: closed Resolution: third party
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, dstufft, ned.deily, ronaldoussoren, ugultopu
Priority: normal Keywords:

Created on 2016-12-25 07:38 by ugultopu, last changed 2016-12-25 16:11 by dstufft. This issue is now closed.

Messages (3)
msg283987 - (view) Author: Utku Gultopu (ugultopu) Date: 2016-12-25 07:38
Steps to Reproduce
==================
1. Install Python 3.6.0 on macOS Sierra, using the macOS binary installer from python.org.
2. Don't install any SSL certificates.
3. Run `pip install -U channels`. It will fail.
4. Run `pip install -U --trusted-host pypi.python.org channels`. It will fail too.
5. Run `pip --cert ~/cacert.pem install -U channels` (where `cacert.pem` is [this](https://curl.haxx.se/ca/cacert.pem).) It will fail too.

Expected Results
================
Command at number 3 to fail, commands at number 4 and 5 to succeed.

Actual Results
==============
Commands at number 3, 4 and 5 fail.

Version Info
============
Python 3.6.0 (v3.6.0:41df79263a11, Dec 22 2016, 17:23:13) 
[GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin

macOS Sierra 10.12

pip 9.0.1 from /Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages (python 3.6)

Related Issues
=============
29065

Explanation
===========
I installed Python 3.6.0 on macOS Sierra, using the macOS binary installer from python.org.

Initially, I didn't install the necessary certificates by running the script /Applications/Python 3.6/Install Certificates.command.

When I wanted to install a module where PIP establishes an SSL connection during installation, I got an SSL: CERTIFICATE_VERIFY_FAILED error, as expected.

Command at step 3:

(virtualenv) user@host:~/Documents/virtualenv$ pip install -U channels
Collecting channels
  Downloading channels-0.17.3-py2.py3-none-any.whl (53kB)
    100% |████████████████████████████████| 61kB 299kB/s 
Requirement already up-to-date: Django>=1.8 in ./lib/python3.6/site-packages (from channels)
Collecting asgiref>=0.13 (from channels)
  Downloading asgiref-1.0.0-py2.py3-none-any.whl
Collecting daphne>=0.14.1 (from channels)
  Downloading daphne-0.15.0-py2.py3-none-any.whl
Collecting six (from asgiref>=0.13->channels)
  Using cached six-1.10.0-py2.py3-none-any.whl
Collecting twisted>=16.0 (from daphne>=0.14.1->channels)
  Downloading Twisted-16.6.0.tar.bz2 (3.0MB)
    100% |████████████████████████████████| 3.0MB 265kB/s 
    Complete output from command python setup.py egg_info:
    Download error on https://pypi.python.org/simple/incremental/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) -- Some packages may not be found!
    Couldn't find index page for 'incremental' (maybe misspelled?)
    Download error on https://pypi.python.org/simple/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) -- Some packages may not be found!
    No local packages or working download links found for incremental>=16.10.1
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/private/var/folders/45/r4yr9bbj29dfbtxqv75_785m0000gn/T/pip-build-o5qosaie/twisted/setup.py", line 21, in <module>
        setuptools.setup(**_setup["getSetupArgs"]())
      File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/distutils/core.py", line 108, in setup
        _setup_distribution = dist = klass(attrs)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/dist.py", line 316, in __init__
        self.fetch_build_eggs(attrs['setup_requires'])
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/dist.py", line 371, in fetch_build_eggs
        replace_conflicting=True,
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/pkg_resources/__init__.py", line 846, in resolve
        dist = best[req.key] = env.best_match(req, ws, installer)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/pkg_resources/__init__.py", line 1118, in best_match
        return self.obtain(req, installer)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/pkg_resources/__init__.py", line 1130, in obtain
        return installer(requirement)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/dist.py", line 439, in fetch_build_egg
        return cmd.easy_install(req)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/command/easy_install.py", line 668, in easy_install
        raise DistutilsError(msg)
    distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('incremental>=16.10.1')
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /private/var/folders/45/r4yr9bbj29dfbtxqv75_785m0000gn/T/pip-build-o5qosaie/twisted/

Command at step 4:

(virtualenv) user@host:~/Documents/virtualenv$ pip install -U --trusted-host pypi.python.org channels
Collecting channels
  Downloading channels-0.17.3-py2.py3-none-any.whl (53kB)
    100% |████████████████████████████████| 61kB 291kB/s 
Requirement already up-to-date: Django>=1.8 in ./lib/python3.6/site-packages (from channels)
Collecting asgiref>=0.13 (from channels)
  Downloading asgiref-1.0.0-py2.py3-none-any.whl
Collecting daphne>=0.14.1 (from channels)
  Downloading daphne-0.15.0-py2.py3-none-any.whl
Collecting six (from asgiref>=0.13->channels)
  Downloading six-1.10.0-py2.py3-none-any.whl
Collecting twisted>=16.0 (from daphne>=0.14.1->channels)
  Downloading Twisted-16.6.0.tar.bz2 (3.0MB)
    100% |████████████████████████████████| 3.0MB 359kB/s 
    Complete output from command python setup.py egg_info:
    Download error on https://pypi.python.org/simple/incremental/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) -- Some packages may not be found!
    Couldn't find index page for 'incremental' (maybe misspelled?)
    Download error on https://pypi.python.org/simple/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) -- Some packages may not be found!
    No local packages or working download links found for incremental>=16.10.1
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/private/var/folders/45/r4yr9bbj29dfbtxqv75_785m0000gn/T/pip-build-6fteuyi9/twisted/setup.py", line 21, in <module>
        setuptools.setup(**_setup["getSetupArgs"]())
      File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/distutils/core.py", line 108, in setup
        _setup_distribution = dist = klass(attrs)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/dist.py", line 316, in __init__
        self.fetch_build_eggs(attrs['setup_requires'])
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/dist.py", line 371, in fetch_build_eggs
        replace_conflicting=True,
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/pkg_resources/__init__.py", line 846, in resolve
        dist = best[req.key] = env.best_match(req, ws, installer)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/pkg_resources/__init__.py", line 1118, in best_match
        return self.obtain(req, installer)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/pkg_resources/__init__.py", line 1130, in obtain
        return installer(requirement)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/dist.py", line 439, in fetch_build_egg
        return cmd.easy_install(req)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/command/easy_install.py", line 668, in easy_install
        raise DistutilsError(msg)
    distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('incremental>=16.10.1')
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /private/var/folders/45/r4yr9bbj29dfbtxqv75_785m0000gn/T/pip-build-6fteuyi9/twisted/

Command at step 5:

(virtualenv) user@host:~/Documents/virtualenv$ pip --cert ~/cacert.pem install -U channels
Collecting channels
  Using cached channels-0.17.3-py2.py3-none-any.whl
Collecting asgiref>=0.13 (from channels)
  Using cached asgiref-1.0.0-py2.py3-none-any.whl
Collecting daphne>=0.14.1 (from channels)
  Using cached daphne-0.15.0-py2.py3-none-any.whl
Requirement already up-to-date: Django>=1.8 in ./lib/python3.6/site-packages (from channels)
Collecting six (from asgiref>=0.13->channels)
  Using cached six-1.10.0-py2.py3-none-any.whl
Collecting twisted>=16.0 (from daphne>=0.14.1->channels)
  Using cached Twisted-16.6.0.tar.bz2
    Complete output from command python setup.py egg_info:
    Download error on https://pypi.python.org/simple/incremental/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) -- Some packages may not be found!
    Couldn't find index page for 'incremental' (maybe misspelled?)
    Download error on https://pypi.python.org/simple/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749) -- Some packages may not be found!
    No local packages or working download links found for incremental>=16.10.1
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/private/var/folders/45/r4yr9bbj29dfbtxqv75_785m0000gn/T/pip-build-_c6zb9_v/twisted/setup.py", line 21, in <module>
        setuptools.setup(**_setup["getSetupArgs"]())
      File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/distutils/core.py", line 108, in setup
        _setup_distribution = dist = klass(attrs)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/dist.py", line 316, in __init__
        self.fetch_build_eggs(attrs['setup_requires'])
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/dist.py", line 371, in fetch_build_eggs
        replace_conflicting=True,
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/pkg_resources/__init__.py", line 846, in resolve
        dist = best[req.key] = env.best_match(req, ws, installer)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/pkg_resources/__init__.py", line 1118, in best_match
        return self.obtain(req, installer)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/pkg_resources/__init__.py", line 1130, in obtain
        return installer(requirement)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/dist.py", line 439, in fetch_build_egg
        return cmd.easy_install(req)
      File "/Users/user/Documents/virtualenv/lib/python3.6/site-packages/setuptools/command/easy_install.py", line 668, in easy_install
        raise DistutilsError(msg)
    distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('incremental>=16.10.1')
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /private/var/folders/45/r4yr9bbj29dfbtxqv75_785m0000gn/T/pip-build-_c6zb9_v/twisted/
msg283992 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2016-12-25 13:24
The issue here seems to be the way Twisted installs its dependencies.  It looks like Twisted is calling setuptools directly and thus probably "losing" the certificate-related arguments from the original pip call.  (It all works correctly if do you the default root certificates setup as suggested in the installer readme.)  If you want to pursue the issue, I suggest checking with the Twisted project (https://twistedmatrix.com/).
msg284000 - (view) Author: Donald Stufft (dstufft) * (Python committer) Date: 2016-12-25 16:11
Yea, this is from ``setup_requires`` keyword argument in ``setup.py``. I suspect we're going to see a lot of errors like this from people with 3.6 on the OSX Installers.
History
Date User Action Args
2016-12-25 16:11:09dstufftsetnosy: + dstufft
messages: + msg284000
2016-12-25 13:24:22ned.deilysetstatus: open -> closed
messages: + msg283992

assignee: christian.heimes ->
resolution: third party
stage: resolved
2016-12-25 07:38:55ugultopucreate