Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Index URL options do not parse "space separated" URLs as multiple options #1702

Closed
zanieb opened this issue Feb 19, 2024 · 3 comments · Fixed by #2140
Closed

Index URL options do not parse "space separated" URLs as multiple options #1702

zanieb opened this issue Feb 19, 2024 · 3 comments · Fixed by #2140
Assignees
@charliermarsh
Labels
compatibility Compatibility with a specification or another tool enhancement New feature or improvement to existing functionality good first issue Good for newcomers

Comments

@zanieb
Copy link
Member

zanieb commented Feb 19, 2024
edited
Loading

e.g. via UV_EXTRA_INDEX_URL or --extra-index-url if you pass https://foo/ https://bar we will treat this as a single URL but it should be split into two.

It's unclear if space separated URLs are the best option. It seems brittle to split the input.

Originally posted in #1688 (comment)
@zanieb zanieb added enhancement New feature or improvement to existing functionality compatibility Compatibility with a specification or another tool labels Feb 19, 2024
@zanieb zanieb mentioned this issue Feb 19, 2024
Closed
@notatallshaw
Copy link
Contributor

notatallshaw commented Feb 19, 2024
edited
Loading

I will again remind users that specifying multiple non-mirror indexes with no guarantee of which index is being sourced for any given package is a real security issue.

E.g. https://pytorch.org/blog/compromised-nightly-dependency/

@MarcSkovMadsen
Copy link

I'm the original reporter in #1688 . I don't know if UV_EXTRA_INDEX_URL is correct? I hope it will work with PIP_EXTRA_INDEX_URL for drop in replacement of uv with pip.

Very much looking forward to this fix. This seems to be the last bit holding me back from using uv in our pipelines. Thanks.

@charliermarsh
Copy link
Member

I think they do just split on a space: https://github.com/pypa/pip/blob/f4a543917eac822a3b06ab0fcc4df7c4e37e387a/src/pip/_internal/cli/parser.py#L249 and pypa/pip#10374.

@zanieb zanieb added the good first issue Good for newcomers label Feb 26, 2024
@charliermarsh charliermarsh self-assigned this Mar 3, 2024
@charliermarsh charliermarsh mentioned this issue Mar 3, 2024
Merged
charliermarsh added a commit that referenced this issue Mar 3, 2024
@charliermarsh
Use space as delimiter for UV_EXTRA_INDEX_URL (#2140)
6fa88f9 
## Summary

I was looking at something unrelated and saw this in the Clap docs.

Closes #1702.

## Test Plan

```shell
❯ UV_EXTRA_INDEX_URL="https://google.com https://foo.com" cargo run pip compile -
    Finished dev [unoptimized + debuginfo] target(s) in 0.14s
     Running `target/debug/uv pip compile -`
index: None
extra_index_url: [Url(VerbatimUrl { url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("google.com")), port: None, path: "/", query: None, fragment: None }, given: Some("https://google.com") }), Url(VerbatimUrl { url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("foo.com")), port: None, path: "/", query: None, fragment: None }, given: Some("https://foo.com") })]
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@charliermarsh charliermarsh

Labels
compatibility Compatibility with a specification or another tool enhancement New feature or improvement to existing functionality good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use space as delimiter for UV_EXTRA_INDEX_URL astral-sh/uv
4 participants
@charliermarsh @zanieb @notatallshaw @MarcSkovMadsen