diff --git a/Cargo.lock b/Cargo.lock index ab5cdc1d0c20..a1b532b67eea 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4736,7 +4736,9 @@ dependencies = [ "schemars", "serde", "serde_json", + "thiserror", "tracing", + "url", "uv-auth", "uv-cache", "uv-normalize", diff --git a/crates/uv-cli/src/lib.rs b/crates/uv-cli/src/lib.rs index f121f8cb5cc9..46a5ba112bc8 100644 --- a/crates/uv-cli/src/lib.rs +++ b/crates/uv-cli/src/lib.rs @@ -9,10 +9,10 @@ use clap::{Args, Parser, Subcommand}; use distribution_types::{FlatIndexLocation, IndexUrl}; use pep508_rs::Requirement; use pypi_types::VerbatimParsedUrl; -use url::Url; use uv_cache::CacheArgs; use uv_configuration::{ ConfigSettingEntry, IndexStrategy, KeyringProviderType, PackageNameSpecifier, TargetTriple, + TrustedHost, }; use uv_normalize::{ExtraName, PackageName}; use uv_python::{PythonDownloads, PythonPreference, PythonVersion}; @@ -679,12 +679,12 @@ fn parse_index_url(input: &str) -> Result, String> { } /// Parse a string into an [`Url`], mapping the empty string to `None`. -fn parse_maybe_url(input: &str) -> Result, String> { +fn parse_trusted_host(input: &str) -> Result, String> { if input.is_empty() { Ok(Maybe::None) } else { - match Url::parse(input) { - Ok(url) => Ok(Maybe::Some(url)), + match TrustedHost::from_str(input) { + Ok(host) => Ok(Maybe::Some(host)), Err(err) => Err(err.to_string()), } } @@ -1571,7 +1571,10 @@ pub struct PipUninstallArgs { #[arg(long, value_enum, env = "UV_KEYRING_PROVIDER")] pub keyring_provider: Option, - /// A list of trusted hostnames for SSL connections. + /// A list of trusted hosts for SSL connections. + /// + /// Expects to receive either a hostname (e.g., `localhost`) or a host-port pair + /// (e.g., `localhost:8080`). /// /// WARNING: Hosts included in this list will not be verified against the system's certificate /// store. @@ -1579,9 +1582,9 @@ pub struct PipUninstallArgs { long, env = "UV_TRUSTED_HOST", value_delimiter = ' ', - value_parser = parse_maybe_url, + value_parser = parse_trusted_host, )] - pub trusted_host: Option>>, + pub trusted_host: Option>>, /// Use the system Python to uninstall packages. /// @@ -2009,7 +2012,10 @@ pub struct VenvArgs { #[arg(long, value_enum, env = "UV_KEYRING_PROVIDER")] pub keyring_provider: Option, - /// A list of trusted hostnames for SSL connections. + /// A list of trusted hosts for SSL connections. + /// + /// Expects to receive either a hostname (e.g., `localhost`) or a host-port pair + /// (e.g., `localhost:8080`). /// /// WARNING: Hosts included in this list will not be verified against the system's certificate /// store. @@ -2017,9 +2023,9 @@ pub struct VenvArgs { long, env = "UV_TRUSTED_HOST", value_delimiter = ' ', - value_parser = parse_maybe_url, + value_parser = parse_trusted_host, )] - pub trusted_host: Option>>, + pub trusted_host: Option>>, /// Limit candidate packages to those that were uploaded prior to the given date. /// @@ -3360,7 +3366,10 @@ pub struct InstallerArgs { )] pub keyring_provider: Option, - /// A list of trusted hostnames for SSL connections. + /// A list of trusted hosts for SSL connections. + /// + /// Expects to receive either a hostname (e.g., `localhost`) or a host-port pair + /// (e.g., `localhost:8080`). /// /// WARNING: Hosts included in this list will not be verified against the system's certificate /// store. @@ -3368,10 +3377,10 @@ pub struct InstallerArgs { long, env = "UV_TRUSTED_HOST", value_delimiter = ' ', - value_parser = parse_maybe_url, + value_parser = parse_trusted_host, help_heading = "Index options" )] - pub trusted_host: Option>>, + pub trusted_host: Option>>, /// Settings to pass to the PEP 517 build backend, specified as `KEY=VALUE` pairs. #[arg( @@ -3515,7 +3524,10 @@ pub struct ResolverArgs { )] pub keyring_provider: Option, - /// A list of trusted hostnames for SSL connections. + /// A list of trusted hosts for SSL connections. + /// + /// Expects to receive either a hostname (e.g., `localhost`) or a host-port pair + /// (e.g., `localhost:8080`). /// /// WARNING: Hosts included in this list will not be verified against the system's certificate /// store. @@ -3523,10 +3535,10 @@ pub struct ResolverArgs { long, env = "UV_TRUSTED_HOST", value_delimiter = ' ', - value_parser = parse_maybe_url, + value_parser = parse_trusted_host, help_heading = "Index options" )] - pub trusted_host: Option>>, + pub trusted_host: Option>>, /// The strategy to use when selecting between the different compatible versions for a given /// package requirement. @@ -3700,7 +3712,10 @@ pub struct ResolverInstallerArgs { )] pub keyring_provider: Option, - /// A list of trusted hostnames for SSL connections. + /// A list of trusted hosts for SSL connections. + /// + /// Expects to receive either a hostname (e.g., `localhost`) or a host-port pair + /// (e.g., `localhost:8080`). /// /// WARNING: Hosts included in this list will not be verified against the system's certificate /// store. @@ -3708,10 +3723,10 @@ pub struct ResolverInstallerArgs { long, env = "UV_TRUSTED_HOST", value_delimiter = ' ', - value_parser = parse_maybe_url, + value_parser = parse_trusted_host, help_heading = "Index options" )] - pub trusted_host: Option>>, + pub trusted_host: Option>>, /// The strategy to use when selecting between the different compatible versions for a given /// package requirement. diff --git a/crates/uv-client/src/base_client.rs b/crates/uv-client/src/base_client.rs index 4c611f44389a..d56b2c00ca9b 100644 --- a/crates/uv-client/src/base_client.rs +++ b/crates/uv-client/src/base_client.rs @@ -15,7 +15,7 @@ use reqwest_retry::{ use tracing::debug; use url::Url; use uv_auth::AuthMiddleware; -use uv_configuration::KeyringProviderType; +use uv_configuration::{KeyringProviderType, TrustedHost}; use uv_fs::Simplified; use uv_version::version; use uv_warnings::warn_user_once; @@ -29,7 +29,7 @@ use crate::Connectivity; #[derive(Debug, Clone)] pub struct BaseClientBuilder<'a> { keyring: KeyringProviderType, - trusted_host: Vec, + trusted_host: Vec, native_tls: bool, retries: u32, pub connectivity: Connectivity, @@ -67,7 +67,7 @@ impl<'a> BaseClientBuilder<'a> { } #[must_use] - pub fn trusted_host(mut self, trusted_host: Vec) -> Self { + pub fn trusted_host(mut self, trusted_host: Vec) -> Self { self.trusted_host = trusted_host; self } @@ -175,10 +175,10 @@ impl<'a> BaseClientBuilder<'a> { BaseClient { connectivity: self.connectivity, + trusted_host: self.trusted_host.clone(), client, dangerous_client, timeout, - trusted_host: vec![], } } @@ -265,7 +265,7 @@ pub struct BaseClient { /// Configured client timeout, in seconds. timeout: u64, /// The host that is trusted to use the insecure client. - trusted_host: Vec, + trusted_host: Vec, } #[derive(Debug, Clone, Copy)] @@ -287,7 +287,7 @@ impl BaseClient { if self .trusted_host .iter() - .any(|trusted| url.host() == trusted.host()) + .any(|trusted_host| trusted_host.matches(url)) { &self.dangerous_client } else { diff --git a/crates/uv-client/src/registry_client.rs b/crates/uv-client/src/registry_client.rs index f647a257f8ff..e59004d8718f 100644 --- a/crates/uv-client/src/registry_client.rs +++ b/crates/uv-client/src/registry_client.rs @@ -22,8 +22,8 @@ use pep508_rs::MarkerEnvironment; use platform_tags::Platform; use pypi_types::{Metadata23, SimpleJson}; use uv_cache::{Cache, CacheBucket, CacheEntry, WheelCache}; -use uv_configuration::IndexStrategy; use uv_configuration::KeyringProviderType; +use uv_configuration::{IndexStrategy, TrustedHost}; use uv_normalize::PackageName; use crate::base_client::BaseClientBuilder; @@ -73,7 +73,7 @@ impl<'a> RegistryClientBuilder<'a> { } #[must_use] - pub fn trusted_host(mut self, trusted_host: Vec) -> Self { + pub fn trusted_host(mut self, trusted_host: Vec) -> Self { self.base_client_builder = self.base_client_builder.trusted_host(trusted_host); self } diff --git a/crates/uv-configuration/Cargo.toml b/crates/uv-configuration/Cargo.toml index a02c1d76b41b..34188c22b0d7 100644 --- a/crates/uv-configuration/Cargo.toml +++ b/crates/uv-configuration/Cargo.toml @@ -26,7 +26,9 @@ rustc-hash = { workspace = true } schemars = { workspace = true, optional = true } serde = { workspace = true } serde_json = { workspace = true } +thiserror = { workspace = true } tracing = { workspace = true } +url = { workspace = true } [dev-dependencies] anyhow = { workspace = true } diff --git a/crates/uv-configuration/src/lib.rs b/crates/uv-configuration/src/lib.rs index c5a4a9e63679..712929316a74 100644 --- a/crates/uv-configuration/src/lib.rs +++ b/crates/uv-configuration/src/lib.rs @@ -11,6 +11,7 @@ pub use package_options::*; pub use preview::*; pub use sources::*; pub use target_triple::*; +pub use trusted_host::*; mod authentication; mod build_options; @@ -25,3 +26,4 @@ mod package_options; mod preview; mod sources; mod target_triple; +mod trusted_host; diff --git a/crates/uv-configuration/src/trusted_host.rs b/crates/uv-configuration/src/trusted_host.rs new file mode 100644 index 000000000000..37c206d4c13b --- /dev/null +++ b/crates/uv-configuration/src/trusted_host.rs @@ -0,0 +1,69 @@ +use serde::{Deserialize, Serialize}; + +use url::Url; + +/// A trusted host, which could be a host or a host-port pair. +#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] +pub enum TrustedHost { + Host(String), + HostPort(String, u16), +} + +impl TrustedHost { + pub fn matches(&self, url: &Url) -> bool { + match self { + Self::Host(host) => url.host_str() == Some(host.as_str()), + Self::HostPort(host, port) => { + url.host_str() == Some(host.as_str()) && url.port() == Some(*port) + } + } + } +} + +#[derive(Debug, thiserror::Error)] +pub enum TrustedHostError { + #[error("missing host for `--trusted-host`: `{0}`")] + MissingHost(String), + #[error("invalid port for `--trusted-host`: `{0}`")] + InvalidPort(String), +} + +impl std::str::FromStr for TrustedHost { + type Err = TrustedHostError; + + fn from_str(s: &str) -> Result { + let mut parts = s.splitn(2, ':'); + let host = parts + .next() + .ok_or_else(|| TrustedHostError::MissingHost(s.to_string()))?; + let port = parts + .next() + .map(str::parse) + .transpose() + .map_err(|_| TrustedHostError::InvalidPort(s.to_string()))?; + + match port { + Some(port) => Ok(TrustedHost::HostPort(host.to_string(), port)), + None => Ok(TrustedHost::Host(host.to_string())), + } + } +} + +#[cfg(feature = "schemars")] +impl schemars::JsonSchema for TrustedHost { + fn schema_name() -> String { + "TrustedHost".to_string() + } + + fn json_schema(_gen: &mut schemars::gen::SchemaGenerator) -> schemars::schema::Schema { + schemars::schema::SchemaObject { + instance_type: Some(schemars::schema::InstanceType::String.into()), + metadata: Some(Box::new(schemars::schema::Metadata { + description: Some("A host or host-port pair.".to_string()), + ..schemars::schema::Metadata::default() + })), + ..schemars::schema::SchemaObject::default() + } + .into() + } +} diff --git a/crates/uv-settings/src/settings.rs b/crates/uv-settings/src/settings.rs index ba67c1503241..8402e5277bc7 100644 --- a/crates/uv-settings/src/settings.rs +++ b/crates/uv-settings/src/settings.rs @@ -6,9 +6,9 @@ use distribution_types::{FlatIndexLocation, IndexUrl}; use install_wheel_rs::linker::LinkMode; use pep508_rs::Requirement; use pypi_types::VerbatimParsedUrl; -use url::Url; use uv_configuration::{ ConfigSettings, IndexStrategy, KeyringProviderType, PackageNameSpecifier, TargetTriple, + TrustedHost, }; use uv_macros::{CombineOptions, OptionsMetadata}; use uv_normalize::{ExtraName, PackageName}; @@ -216,7 +216,7 @@ pub struct InstallerOptions { pub find_links: Option>, pub index_strategy: Option, pub keyring_provider: Option, - pub trusted_host: Option>, + pub trusted_host: Option>, pub config_settings: Option, pub exclude_newer: Option, pub link_mode: Option, @@ -243,7 +243,7 @@ pub struct ResolverOptions { pub find_links: Option>, pub index_strategy: Option, pub keyring_provider: Option, - pub trusted_host: Option>, + pub trusted_host: Option>, pub resolution: Option, pub prerelease: Option, pub config_settings: Option, @@ -355,7 +355,8 @@ pub struct ResolverInstallerOptions { "# )] pub keyring_provider: Option, - /// A list of trusted hostnames for SSL connections. + /// A list of trusted hosts for SSL connections. Expects to receive either a hostname (e.g., + /// `localhost`) or a host-port pair (e.g., `localhost:8080`). /// /// WARNING: Hosts included in this list will not be verified against the system's certificate /// store. @@ -366,7 +367,7 @@ pub struct ResolverInstallerOptions { trusted-host = ["localhost:8080"] "# )] - pub trusted_host: Option>, + pub trusted_host: Option>, /// The strategy to use when selecting between the different compatible versions for a given /// package requirement. /// @@ -738,7 +739,8 @@ pub struct PipOptions { "# )] pub keyring_provider: Option, - /// A list of trusted hostnames for SSL connections. + /// A list of trusted hosts for SSL connections. Expects to receive either a hostname (e.g., + /// `localhost`) or a host-port pair (e.g., `localhost:8080`). /// /// WARNING: Hosts included in this list will not be verified against the system's certificate /// store. @@ -749,7 +751,7 @@ pub struct PipOptions { trusted-host = ["localhost:8080"] "# )] - pub trusted_host: Option>, + pub trusted_host: Option>, /// Don't build source distributions. /// /// When enabled, resolving will not run arbitrary Python code. The cached wheels of @@ -1298,7 +1300,7 @@ pub struct ToolOptions { pub find_links: Option>, pub index_strategy: Option, pub keyring_provider: Option, - pub trusted_host: Option>, + pub trusted_host: Option>, pub resolution: Option, pub prerelease: Option, pub config_settings: Option, diff --git a/crates/uv/src/commands/pip/compile.rs b/crates/uv/src/commands/pip/compile.rs index 684eba3043d8..039c072ae9f4 100644 --- a/crates/uv/src/commands/pip/compile.rs +++ b/crates/uv/src/commands/pip/compile.rs @@ -5,19 +5,19 @@ use std::path::Path; use anstream::{eprint, AutoStream}; use anyhow::{anyhow, Result}; -use distribution_types::{IndexLocations, UnresolvedRequirementSpecification, Verbatim}; -use install_wheel_rs::linker::LinkMode; use itertools::Itertools; use owo_colors::OwoColorize; -use pypi_types::Requirement; use tracing::debug; -use url::Url; + +use distribution_types::{IndexLocations, UnresolvedRequirementSpecification, Verbatim}; +use install_wheel_rs::linker::LinkMode; +use pypi_types::Requirement; use uv_auth::store_credentials_from_url; use uv_cache::Cache; use uv_client::{BaseClientBuilder, Connectivity, FlatIndexClient, RegistryClientBuilder}; use uv_configuration::{ BuildOptions, Concurrency, ConfigSettings, ExtrasSpecification, IndexStrategy, NoBinary, - NoBuild, Reinstall, SourceStrategy, Upgrade, + NoBuild, Reinstall, SourceStrategy, TrustedHost, Upgrade, }; use uv_configuration::{KeyringProviderType, TargetTriple}; use uv_dispatch::BuildDispatch; @@ -74,7 +74,7 @@ pub(crate) async fn pip_compile( index_locations: IndexLocations, index_strategy: IndexStrategy, keyring_provider: KeyringProviderType, - trusted_host: Vec, + trusted_host: Vec, config_settings: ConfigSettings, connectivity: Connectivity, no_build_isolation: bool, diff --git a/crates/uv/src/commands/pip/install.rs b/crates/uv/src/commands/pip/install.rs index e75bfefea405..2cd59f311dcf 100644 --- a/crates/uv/src/commands/pip/install.rs +++ b/crates/uv/src/commands/pip/install.rs @@ -1,20 +1,20 @@ use std::fmt::Write; use anstream::eprint; -use distribution_types::{IndexLocations, Resolution, UnresolvedRequirementSpecification}; -use install_wheel_rs::linker::LinkMode; use itertools::Itertools; use owo_colors::OwoColorize; +use tracing::{debug, enabled, Level}; + +use distribution_types::{IndexLocations, Resolution, UnresolvedRequirementSpecification}; +use install_wheel_rs::linker::LinkMode; use pep508_rs::PackageName; use pypi_types::Requirement; -use tracing::{debug, enabled, Level}; -use url::Url; use uv_auth::store_credentials_from_url; use uv_cache::Cache; use uv_client::{BaseClientBuilder, Connectivity, FlatIndexClient, RegistryClientBuilder}; use uv_configuration::{ BuildOptions, Concurrency, ConfigSettings, ExtrasSpecification, HashCheckingMode, - IndexStrategy, Reinstall, SourceStrategy, Upgrade, + IndexStrategy, Reinstall, SourceStrategy, TrustedHost, Upgrade, }; use uv_configuration::{KeyringProviderType, TargetTriple}; use uv_dispatch::BuildDispatch; @@ -53,7 +53,7 @@ pub(crate) async fn pip_install( index_locations: IndexLocations, index_strategy: IndexStrategy, keyring_provider: KeyringProviderType, - trusted_host: Vec, + trusted_host: Vec, reinstall: Reinstall, link_mode: LinkMode, compile: bool, diff --git a/crates/uv/src/commands/pip/sync.rs b/crates/uv/src/commands/pip/sync.rs index ff9a0ddfcfd7..d688d7840c1b 100644 --- a/crates/uv/src/commands/pip/sync.rs +++ b/crates/uv/src/commands/pip/sync.rs @@ -2,18 +2,18 @@ use std::fmt::Write; use anstream::eprint; use anyhow::Result; +use owo_colors::OwoColorize; +use tracing::debug; + use distribution_types::{IndexLocations, Resolution}; use install_wheel_rs::linker::LinkMode; -use owo_colors::OwoColorize; use pep508_rs::PackageName; -use tracing::debug; -use url::Url; use uv_auth::store_credentials_from_url; use uv_cache::Cache; use uv_client::{BaseClientBuilder, Connectivity, FlatIndexClient, RegistryClientBuilder}; use uv_configuration::{ BuildOptions, Concurrency, ConfigSettings, ExtrasSpecification, HashCheckingMode, - IndexStrategy, Reinstall, SourceStrategy, Upgrade, + IndexStrategy, Reinstall, SourceStrategy, TrustedHost, Upgrade, }; use uv_configuration::{KeyringProviderType, TargetTriple}; use uv_dispatch::BuildDispatch; @@ -48,7 +48,7 @@ pub(crate) async fn pip_sync( index_locations: IndexLocations, index_strategy: IndexStrategy, keyring_provider: KeyringProviderType, - trusted_host: Vec, + trusted_host: Vec, allow_empty_requirements: bool, connectivity: Connectivity, config_settings: &ConfigSettings, diff --git a/crates/uv/src/commands/pip/uninstall.rs b/crates/uv/src/commands/pip/uninstall.rs index 63df313b77be..aab47e14f144 100644 --- a/crates/uv/src/commands/pip/uninstall.rs +++ b/crates/uv/src/commands/pip/uninstall.rs @@ -1,17 +1,17 @@ use std::fmt::Write; use anyhow::Result; -use distribution_types::{InstalledMetadata, Name, UnresolvedRequirement}; use itertools::{Either, Itertools}; use owo_colors::OwoColorize; +use tracing::debug; + +use distribution_types::{InstalledMetadata, Name, UnresolvedRequirement}; use pep508_rs::UnnamedRequirement; use pypi_types::Requirement; use pypi_types::VerbatimParsedUrl; -use tracing::debug; -use url::Url; use uv_cache::Cache; use uv_client::{BaseClientBuilder, Connectivity}; -use uv_configuration::KeyringProviderType; +use uv_configuration::{KeyringProviderType, TrustedHost}; use uv_fs::Simplified; use uv_python::EnvironmentPreference; use uv_python::PythonRequest; @@ -33,7 +33,7 @@ pub(crate) async fn pip_uninstall( connectivity: Connectivity, native_tls: bool, keyring_provider: KeyringProviderType, - trusted_host: Vec, + trusted_host: Vec, printer: Printer, ) -> Result { let start = std::time::Instant::now(); diff --git a/crates/uv/src/commands/venv.rs b/crates/uv/src/commands/venv.rs index f2782eb5d00b..874a5ecbbbd4 100644 --- a/crates/uv/src/commands/venv.rs +++ b/crates/uv/src/commands/venv.rs @@ -5,19 +5,19 @@ use std::vec; use anstream::eprint; use anyhow::Result; -use distribution_types::IndexLocations; -use install_wheel_rs::linker::LinkMode; use miette::{Diagnostic, IntoDiagnostic}; use owo_colors::OwoColorize; -use pypi_types::Requirement; use thiserror::Error; -use url::Url; + +use distribution_types::IndexLocations; +use install_wheel_rs::linker::LinkMode; +use pypi_types::Requirement; use uv_auth::store_credentials_from_url; use uv_cache::Cache; use uv_client::{BaseClientBuilder, Connectivity, FlatIndexClient, RegistryClientBuilder}; use uv_configuration::{ BuildOptions, Concurrency, ConfigSettings, IndexStrategy, KeyringProviderType, NoBinary, - NoBuild, SourceStrategy, + NoBuild, SourceStrategy, TrustedHost, }; use uv_dispatch::BuildDispatch; use uv_fs::{Simplified, CWD}; @@ -49,7 +49,7 @@ pub(crate) async fn venv( index_locations: &IndexLocations, index_strategy: IndexStrategy, keyring_provider: KeyringProviderType, - trusted_host: Vec, + trusted_host: Vec, prompt: uv_virtualenv::Prompt, system_site_packages: bool, connectivity: Connectivity, @@ -124,7 +124,7 @@ async fn venv_impl( index_locations: &IndexLocations, index_strategy: IndexStrategy, keyring_provider: KeyringProviderType, - trusted_host: Vec, + trusted_host: Vec, prompt: uv_virtualenv::Prompt, system_site_packages: bool, connectivity: Connectivity, diff --git a/crates/uv/src/settings.rs b/crates/uv/src/settings.rs index 710e52c0989b..5356668fd4ef 100644 --- a/crates/uv/src/settings.rs +++ b/crates/uv/src/settings.rs @@ -7,7 +7,6 @@ use std::num::NonZeroUsize; use std::path::PathBuf; use std::process; use std::str::FromStr; -use url::Url; use uv_cache::{CacheArgs, Refresh}; use uv_cli::{ options::{flag, resolver_installer_options, resolver_options}, @@ -24,7 +23,7 @@ use uv_client::Connectivity; use uv_configuration::{ BuildOptions, Concurrency, ConfigSettings, ExtrasSpecification, HashCheckingMode, IndexStrategy, KeyringProviderType, NoBinary, NoBuild, PreviewMode, Reinstall, SourceStrategy, - TargetTriple, Upgrade, + TargetTriple, TrustedHost, Upgrade, }; use uv_normalize::PackageName; use uv_python::{Prefix, PythonDownloads, PythonPreference, PythonVersion, Target}; @@ -1598,7 +1597,7 @@ pub(crate) struct InstallerSettingsRef<'a> { pub(crate) index_locations: &'a IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) trusted_host: &'a [Url], + pub(crate) trusted_host: &'a [TrustedHost], pub(crate) config_setting: &'a ConfigSettings, pub(crate) no_build_isolation: bool, pub(crate) exclude_newer: Option, @@ -1619,7 +1618,7 @@ pub(crate) struct ResolverSettings { pub(crate) index_locations: IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) trusted_host: Vec, + pub(crate) trusted_host: Vec, pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) config_setting: ConfigSettings, @@ -1637,7 +1636,7 @@ pub(crate) struct ResolverSettingsRef<'a> { pub(crate) index_locations: &'a IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) trusted_host: &'a [Url], + pub(crate) trusted_host: &'a [TrustedHost], pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) config_setting: &'a ConfigSettings, @@ -1725,7 +1724,7 @@ pub(crate) struct ResolverInstallerSettingsRef<'a> { pub(crate) index_locations: &'a IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) trusted_host: &'a [Url], + pub(crate) trusted_host: &'a [TrustedHost], pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) config_setting: &'a ConfigSettings, @@ -1752,7 +1751,7 @@ pub(crate) struct ResolverInstallerSettings { pub(crate) index_locations: IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) trusted_host: Vec, + pub(crate) trusted_host: Vec, pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) config_setting: ConfigSettings, @@ -1863,7 +1862,7 @@ pub(crate) struct PipSettings { pub(crate) prefix: Option, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) trusted_host: Vec, + pub(crate) trusted_host: Vec, pub(crate) no_build_isolation: bool, pub(crate) no_build_isolation_package: Vec, pub(crate) build_options: BuildOptions, diff --git a/docs/reference/cli.md b/docs/reference/cli.md index f139947f23c6..9db0d420ed48 100644 --- a/docs/reference/cli.md +++ b/docs/reference/cli.md @@ -308,7 +308,9 @@ uv run [OPTIONS]
  • lowest-direct: Resolve the lowest compatible version of any direct dependencies, and the highest compatible version of any transitive dependencies
    • -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -729,7 +731,9 @@ uv add [OPTIONS] >
    --tag tag

    Tag to use when adding a dependency from Git

    -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -993,7 +997,9 @@ uv remove [OPTIONS] ...

    If provided, uv will remove the dependency from the script’s inline metadata table, in adhere with PEP 723.

    -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -1275,7 +1281,9 @@ uv sync [OPTIONS]
  • lowest-direct: Resolve the lowest compatible version of any direct dependencies, and the highest compatible version of any transitive dependencies
    • -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -1507,7 +1515,9 @@ uv lock [OPTIONS]
  • lowest-direct: Resolve the lowest compatible version of any direct dependencies, and the highest compatible version of any transitive dependencies
    • -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -1791,7 +1801,9 @@ uv tree [OPTIONS]
  • lowest-direct: Resolve the lowest compatible version of any direct dependencies, and the highest compatible version of any transitive dependencies
    • -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -2069,7 +2081,9 @@ uv tool run [OPTIONS] [COMMAND]
  • lowest-direct: Resolve the lowest compatible version of any direct dependencies, and the highest compatible version of any transitive dependencies
    • -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -2313,7 +2327,9 @@ uv tool install [OPTIONS]
  • lowest-direct: Resolve the lowest compatible version of any direct dependencies, and the highest compatible version of any transitive dependencies
    • -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -2547,7 +2563,9 @@ uv tool upgrade [OPTIONS]
  • lowest-direct: Resolve the lowest compatible version of any direct dependencies, and the highest compatible version of any transitive dependencies
    • -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -3940,7 +3958,9 @@ uv pip compile [OPTIONS] ...

    By default, uv uses the virtual environment in the current working directory or any parent directory, falling back to searching for a Python executable in PATH. The --system option instructs uv to avoid using a virtual environment Python and restrict its search to the system path.

    -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -4241,7 +4261,9 @@ uv pip sync [OPTIONS] ...
    --target target

    Install packages into the specified directory, rather than into the virtual or system Python environment. The packages will be installed at the top-level of the directory

    -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -4594,7 +4616,9 @@ uv pip install [OPTIONS] |--editable
    --target target

    Install packages into the specified directory, rather than into the virtual or system Python environment. The packages will be installed at the top-level of the directory

    -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -4728,7 +4752,9 @@ uv pip uninstall [OPTIONS] >
    --target target

    Uninstall packages from the specified --target directory

    -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    @@ -5438,7 +5464,9 @@ uv venv [OPTIONS] [NAME]

    Unlike pip, when a virtual environment is created with --system-site-packages, uv will not take system site packages into account when running commands like uv pip list or uv pip install. The --system-site-packages flag will provide the virtual environment with access to the system site packages directory at runtime, but will not affect the behavior of uv commands.

    -
    --trusted-host trusted-host

    A list of trusted hostnames for SSL connections.

    +
    --trusted-host trusted-host

    A list of trusted hosts for SSL connections.

    + +

    Expects to receive either a hostname (e.g., localhost) or a host-port pair (e.g., localhost:8080).

    WARNING: Hosts included in this list will not be verified against the system’s certificate store.

    diff --git a/docs/reference/settings.md b/docs/reference/settings.md index 06b22065f1de..361a6770c24d 100644 --- a/docs/reference/settings.md +++ b/docs/reference/settings.md @@ -977,7 +977,8 @@ By default, uv will use the latest compatible version of each package (`highest` #### [`trusted-host`](#trusted-host) {: #trusted-host } -A list of trusted hostnames for SSL connections. +A list of trusted hosts for SSL connections. Expects to receive either a hostname (e.g., +`localhost`) or a host-port pair (e.g., `localhost:8080`). WARNING: Hosts included in this list will not be verified against the system's certificate store. @@ -2470,7 +2471,8 @@ environment. The packages will be installed at the top-level of the directory. #### [`trusted-host`](#pip_trusted-host) {: #pip_trusted-host } -A list of trusted hostnames for SSL connections. +A list of trusted hosts for SSL connections. Expects to receive either a hostname (e.g., +`localhost`) or a host-port pair (e.g., `localhost:8080`). WARNING: Hosts included in this list will not be verified against the system's certificate store. diff --git a/uv.schema.json b/uv.schema.json index 6fecfe994845..9353bd6154b8 100644 --- a/uv.schema.json +++ b/uv.schema.json @@ -352,14 +352,13 @@ } }, "trusted-host": { - "description": "A list of trusted hostnames for SSL connections.\n\nWARNING: Hosts included in this list will not be verified against the system's certificate store.", + "description": "A list of trusted hosts for SSL connections. Expects to receive either a hostname (e.g., `localhost`) or a host-port pair (e.g., `localhost:8080`).\n\nWARNING: Hosts included in this list will not be verified against the system's certificate store.", "type": [ "array", "null" ], "items": { - "type": "string", - "format": "uri" + "$ref": "#/definitions/TrustedHost" } }, "upgrade": { @@ -955,14 +954,13 @@ ] }, "trusted-host": { - "description": "A list of trusted hostnames for SSL connections.\n\nWARNING: Hosts included in this list will not be verified against the system's certificate store.", + "description": "A list of trusted hosts for SSL connections. Expects to receive either a hostname (e.g., `localhost`) or a host-port pair (e.g., `localhost:8080`).\n\nWARNING: Hosts included in this list will not be verified against the system's certificate store.", "type": [ "array", "null" ], "items": { - "type": "string", - "format": "uri" + "$ref": "#/definitions/TrustedHost" } }, "universal": { @@ -1447,6 +1445,10 @@ } }, "additionalProperties": false + }, + "TrustedHost": { + "description": "A host or host-port pair.", + "type": "string" } } } \ No newline at end of file