I would normally install a Python repository from Github using (for example):
pip install git git://github.com/Artory/drf-hal-json@master
And concordantly, my "requirements.txt" would have git git://github.com/Artory/drf-hal-json@master
in it somewhere.
This failed today. The full traceback is below, but the relevant part is:
The unauthenticated git protocol on port 9418 is no longer supported.
Thanks Microsoft. The traceback points to this link about the update. Most of the page at the link talks about how the update is unlikely to affect many people (thanks again Microsoft), and the rest of it involves cryptography that I'm far too noob to understand. The section titled "git://" simply reads:
On the Git protocol side, unencrypted git:// offers no integrity or authentication, making it subject to tampering. We expect very few people are still using this protocol, especially given that you can’t push (it’s read-only on GitHub). We’ll be disabling support for this protocol.
This doesn't help me understand how to update my requirements.txt to make it work again. Can you tell me how to update my requirements.txt to make it work again? Full traceback below:
(venv) neil~/Documents/Code/web_app$ pip install git git://github.com/Artory/drf-hal-json@master
Collecting git git://github.com/Artory/drf-hal-json@master
Cloning git://github.com/Artory/drf-hal-json (to revision master) to /tmp/pip-req-build-zowfe130
Running command git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130
fatal: remote error:
The unauthenticated git protocol on port 9418 is no longer supported.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
WARNING: Discarding git git://github.com/Artory/drf-hal-json@master. Command errored out with exit status 128: git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130 Check the logs for full command output.
ERROR: Command errored out with exit status 128: git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130 Check the logs for full command output.
WARNING: You are using pip version 21.2.4; however, version 22.0.4 is available.
You should consider upgrading via the '/home/neil/Documents/Code/web_app/venv/bin/python -m pip install --upgrade pip' command.
CodePudding user response:
In the URL you give to pip
, the git git
says to access a Git repository (the first git
) over the unauthenticated git
protocol (the second git
). Assuming you want to continue to use anonymous access here, you can simply rewrite the command to use git https
instead, which access a Git repository over the secure HTTPS protocol.
So your command would look like this:
$ pip install git https://github.com/Artory/drf-hal-json@master
I just tested in a VM, and that appears to work. If you have other such URLs, changing the same way should be effective.