-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keyring errors during non-publishing operations #1917
Comments
Do you have private repositories present in your I think you are affected by the issue that is fixed by #1892. The fix will be available in the next bug fix release. |
I was affected by something similar on the latest release (1.0.5), but I'm not sure if it's entirely the same. The keyring will be hit for private repos if there is an I believe the relevant code is here. In this case, In our case, the "fix" was to remove any leftover I was wondering your thoughts on adding a config variable that would prevent any keyring hits altogether (by e.g. unconditionally marking the keyring as unavailable). This would have largely the same effect as @wahuneke's workaround, but might be a bit cleaner for CI pipelines and such. |
+1 to this. I am facing similar issue while integrating poetry with Jenkins. Even though private repo credentials were provided via environment variables, poetry still tries to look into keyring for credentials. |
+1 running into this issue while working over ssh |
fwiw, I came across this issue and agree with the concerns mentioned above. But fwiw, I came here due to a issue with my distro that shows a dependency mismatch on keyring. keyring==18 is required (circa 2019), where as my distro has keyring-21.2 available, not sure without looking on the compatibility issues, but thought I'd mention if in case that can be relaxed....
|
I'm seeing this issue in poetry 1.1.6 My setup: [[tool.poetry.source]]
name = "foo"
url = "http://localhost/simple/"
secondary = true $ poetry config --list
cache-dir = "..."
experimental.new-installer = true
installer.parallel = true
repositories.foo.url = "http://localhost"
virtualenvs.create = true
virtualenvs.in-project = null
virtualenvs.path = "{cache-dir}/virtualenvs" $ cat auth.toml
[http-basic]
[http-basic.foo]
username = "kakarukeys" The commands that poetry asked for keyring access: if you need the installation scripts for the local private pypi let me know |
+1 this |
Poetry searches for a package in all package sources by default. Additionally you might want to add the publishing repository with a different name, if the source uses the same name authenticator will load the credentials. |
Poetry 1.2 now hits the keyring for most operations (add, update, install, self update, etc) rendering it unusable for me. I can "fix" the problem by exporting |
I tried poetry for the first time today.
What a horrible experience. If there isn't a keyring, assume it doesn't exist and continue. Why hard fail at this stage? It's not even like I don't have a keyring. I use KeePassXC's freedesktop.org Secrets integration. It works fine system-wide. |
@txtsd Keyring support is a new feature, and this is a complex interaction across the matrix of possible platforms, configurations, versions, and backends that a user may invoke Poetry in. Many of these sharp edges simply haven't been filed off because of how large that matrix is and how dependent on external factors keychain interactions are. MRs improving the authentication experience or docs are welcome -- we're going to have to gradually file down these rough edges as keychain support matures. |
Had the same issue. Had to change the keyring package config to point to the OS = Arch Linux |
Okay, I created this file
Then I unset
Different error now. |
There's some busted keyring behavior with your particular backends that seem to
Some more insight into your system (what backend should be available, OS version, package versions), etc would be helpful for those that attempt to address yours/similar issues @txtsd. In the meantime, you can revert to 1.1-style writing to disk using the |
@neersighted
I set the config to use |
Required for poetry 1.2 until #1917 is fixed python-poetry/poetry#1917 Signed-off-by: Leonidas Spyropoulos <[email protected]>
Happened to me today for the first time. I used Poetry until last month without any issues, but today I saw same error. |
I'm seeing the same error on Windows with libsecret installed:
|
Poetry tries to use the keyring even on systems were no keyring agent is running. See python-poetry/poetry#1917
you can use this in your dev environment to work around the issue on Debian/Ubuntu machines
you'll have to apt install the gnome-keyring package But, it is troublesome. |
Another workaround in the case you don't need the keyring at all
If you are also running
|
See: python-poetry/poetry#1917 Prior duplicate with exact matching error message: python-poetry/poetry#7032 Encountered a poetry bug: "Failed to unlock the collection" Unsure if this bug is per-project. If it recurs: Temporary fix: ```PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring``` Or switch to a working backend. Permanent fix (disables Python keyring facilities): ```python3 -m keyring --disable``` I am uncertain if this bug is elicited by particular project settings, but it is by particular environments.
The same issue for the latest version. A big bong bug not fixed for 3 years? |
I'm just dealing with this myself, on the latest version (1.6.1).
but it is not ideal. I handle the environment of many devs on a company, I can't ask them all to run this command. |
Because
In fairness to them, it doesn't happen in most desktop environments. However companies in various fashion have moved many devs to "use an ssh terminal and be stuck with it." or something of the like. Which is sometimes a necessity, but isn't what open source devs "target" in terms of usability testing (if they do usability testing at all). Similarly in fairness, after doing some evil hack to avoid this issue once, it's not a recurring problem. |
"this is open source software" is a terrible excuse, the community has provided many patches that have all been ignored. |
I don't disagree, it's just the excuse always given to me by every project I've made a similar comment on 🙃 It may be possible that the maintainers don't have enough time to go through the issues / prs at this point (there are quite a few, after all). It may be possible that they've stopped caring. It may be possible that they don't accept the patches made in various fashion. In fact, yours, explicitly was asked for tests and it doesn't appear as if you've written them; so, bit odd to complain about ignored patches. And in that there is a reference (without response from the author) about #6612 which has been superseded (and relatively recent) by #8078 I can understand the frustration, but it's not as if things aren't moving and it's not as if the fault is purely on maintainers for not merging any one person's PR. |
Just came across this multi-year-old issue for the first time only to find that it was just merged into the master branch. Hurray! For anyone else in a similar position who comes across this issue and is looking for the fix, you can install the current master branch via the following (taken from the installation docs here). Looking forward to this being in the stable version.
|
For now I'm using the workaround mentioned before
Bad timing that I just got to use poetry for the first time and got hit by a flood of error messages. Looks like it has been fixed so I hope this will not be an issue in the future. |
Installing the latest version from the master branch as suggested above did the job yesterday, but I now ran into What I found to really solve the problem for me was clearing the cache: curl -sSL https://install.python-poetry.org | python3 - --uninstall # uninstall poetry
rm -r $HOME/.cache/pypoetry # clear cache
curl -sSL https://install.python-poetry.org | python3 - # install latest release Could someone add clearing the cache as an option during uninstall or at least mention it in the documentation? |
When using poetry I recently ran into an issue as described here: python-poetry/poetry#1917 It seems that the poetry authors enabled the automatic support of keyring. This does not check if keyring is actually used. I decided to apply this fix here, since I think of poetry as a useful tool to steer my python projects. Maybe this is fixed within the next poetry release anyhow. Then I'll just remove it. Otherwise this fix is useful across this system, since I don't use keyring up to now that much. Worst case I can deactivate it on specific systems.
I installed Removing the cache as suggested by the previous comment did not help. The workaround of See some more details in https://gist.github.com/ilyagr/1bebabebc93e6662d139009d19ed8c1b; I'll probably file a proper bug later. Update: Filed #8623. |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
I gather that keyring integration was added as a convenience feature so that you can publish packages using keys stored in your keyring. This ticket describes that feature:
#210
But it appears that poetry tries to access the keyring even for install operations. In one of my first times using poetry - I, as a security paranoid person, decided to abort installation of a py package I wanted because the installation process seemed to be wanting to access my keyring.
I think people should be careful about granting programs access to things they should not need to access. This behavior is an example of a problem that makes that hard to achieve.
For me, I worked around the problem by pip uninstalling the 'keyring' package from that virt env.
In the future, I think it would be beneficial to poetry's adoption and to its users, if users are not prompted for keyring unless keys should actually be needed (for a 'publish' operation).
Thanks! I'm happy to be trying out poetry.
The text was updated successfully, but these errors were encountered: