Skip to content

Commit 00c6633

Browse files
committed
pip: Fix regression in downloader authentication logic
Commit b3a6c05 added support for bearer token auth support by forcing header based authentication across the code base (primarily for the generic backend). This broke the current proxy logic in the pip backend because it tried to build a per-URL header for each artifact too soon, i.e. it dereferenced the .url attribute of PipRequirement objects of `kind == "pypi"` which explicitly raises an exception for anything other than `kind == "url"` or `kind == "vcs"`. The URLs for `kind == "pypi"` are only available after resolution, i.e. once we fetch all distribution package infos from the index. This fix moves the auth headers construction one level deeper to the actual downloader which loops over dpis where these URLs are actually available. Fixes: b3a6c05 Assisted-by: Claude Signed-off-by: Erik Skultety <eskultet@redhat.com>
1 parent b791600 commit 00c6633

1 file changed

Lines changed: 6 additions & 7 deletions

File tree

  • hermeto/core/package_managers/pip

hermeto/core/package_managers/pip/main.py

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
import zipfile
77
from collections.abc import Callable, Iterable, Iterator
88
from pathlib import Path
9-
from typing import Any, Mapping, NamedTuple
9+
from typing import Any, NamedTuple
1010
from urllib import parse as urlparse
1111

1212
import aiohttp
@@ -245,10 +245,13 @@ def _download_pypi_packages(
245245
pypi_artifacts: list[_PyPIArtifact],
246246
index_url: str,
247247
proxy_url: str | None = None,
248-
headers: Mapping[str, dict[str, str]] | None = None,
248+
auth: str | None = None,
249249
) -> list[PyPIPackage]:
250250
files = {dpi.url: dpi.path for _, dpi in pypi_artifacts if not dpi.path.exists()}
251251
if files:
252+
headers = None
253+
if auth is not None:
254+
headers = {url: {"Authorization": auth} for url in files}
252255
log.info("Downloading %d PyPI artifacts", len(files))
253256
asyncio.run(
254257
async_download_files(files, get_config().runtime.concurrency_limit, headers=headers)
@@ -415,17 +418,13 @@ def _resolve_and_download_pypi_packages(
415418
# If a standard PyPI index is used with proxy URL then proxy URL must be reported,
416419
# if a custom index is used then proxy URL must not be reported even if set.
417420
proxy_to_report = proxy_url if (proxy_url is not None and (proxy_url != index_url)) else None
418-
headers = None
419-
if aiohttp_auth is not None:
420-
value = {"Authorization": str(aiohttp_auth)}
421-
headers = {req.url: value for req in pypi_reqs}
422421
return _download_pypi_packages(
423422
requirements_file,
424423
pip_deps_dir,
425424
pypi_artifacts,
426425
index_url=index_url,
427426
proxy_url=proxy_to_report,
428-
headers=headers,
427+
auth=aiohttp_auth,
429428
)
430429

431430

0 commit comments

Comments
 (0)