Home > Net >  Pip install from Github broken after Github keys policy update
Pip install from Github broken after Github keys policy update

Time:03-20

I would normally install a Python repository from Github using (for example):

pip install git git://github.com/Artory/drf-hal-json@master

And concordantly, my "requirements.txt" would have git git://github.com/Artory/drf-hal-json@master in it somewhere.

This failed today. The full traceback is below, but the relevant part is:

The unauthenticated git protocol on port 9418 is no longer supported.

Thanks Microsoft. The traceback points to this link about the update. Most of the page at the link talks about how the update is unlikely to affect many people (thanks again Microsoft), and the rest of it involves cryptography that I'm far too noob to understand. The section titled "git://" simply reads:

On the Git protocol side, unencrypted git:// offers no integrity or authentication, making it subject to tampering. We expect very few people are still using this protocol, especially given that you can’t push (it’s read-only on GitHub). We’ll be disabling support for this protocol.

This doesn't help me understand how to update my requirements.txt to make it work again. Can you tell me how to update my requirements.txt to make it work again? Full traceback below:

(venv) neil~/Documents/Code/web_app$ pip install git git://github.com/Artory/drf-hal-json@master
Collecting git git://github.com/Artory/drf-hal-json@master
  Cloning git://github.com/Artory/drf-hal-json (to revision master) to /tmp/pip-req-build-zowfe130
  Running command git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130
  fatal: remote error:
    The unauthenticated git protocol on port 9418 is no longer supported.
  Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
WARNING: Discarding git git://github.com/Artory/drf-hal-json@master. Command errored out with exit status 128: git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130 Check the logs for full command output.
ERROR: Command errored out with exit status 128: git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130 Check the logs for full command output.
WARNING: You are using pip version 21.2.4; however, version 22.0.4 is available.
You should consider upgrading via the '/home/neil/Documents/Code/web_app/venv/bin/python -m pip install --upgrade pip' command.

CodePudding user response:

In the URL you give to pip, the git git says to access a Git repository (the first git) over the unauthenticated git protocol (the second git). Assuming you want to continue to use anonymous access here, you can simply rewrite the command to use git https instead, which access a Git repository over the secure HTTPS protocol.

So your command would look like this:

$ pip install git https://github.com/Artory/drf-hal-json@master

I just tested in a VM, and that appears to work. If you have other such URLs, changing the same way should be effective.

Page link:https//www.codepudding.com/net/341478.html

Prev:Default .yml file from GitHub from does not work
Next:Why does Class.getPermittedSubclasses() return Class<?>[] and not Class<? extends T>[]
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding