Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

don't prompt to unlock keychain unless it's needed #208

Closed
duckinator opened this issue Oct 28, 2020 · 6 comments
Closed

don't prompt to unlock keychain unless it's needed #208

duckinator opened this issue Oct 28, 2020 · 6 comments
Labels
blocked Needs something else done first. bug Something isn't working upstream This is related to an upstream dependency

Comments

@duckinator
Copy link
Owner

i suspect this automagically happens upon importing stuff from twine, but i'm not sure. if that is the case, we can just do a non-top-level import in bork.pypi.upload(...).
@duckinator duckinator added the bug Something isn't working label Oct 28, 2020
@duckinator
Copy link
Owner Author

I can't remember who told me they were encountering this, but I can't reproduce it on Fedora 31 using KDE. I'll need to figure out who encountered it and ask for more information about their environment.

@nbraud
Copy link
Collaborator

nbraud commented Dec 28, 2020
edited
Loading

@duckinator I encountered it too, but even on non-bork things (like pip install) so I suspect some commonplace package hecked up really hard.

You can get hints that something is trying to use the keyring, by putting some garbage in ~/.config/python_keyring/keyringrc.cfg and looking for this warning:

WARNING: Keyring config file contains incorrect values.
Config file: ${HOME}/.config/python_keyring/keyringrc.cfg

I guess one could also use the kernel's audit capabilities or somesuch, to log accesses to that file.

@duckinator
Copy link
Owner Author

It looks like https://github.com/pypa/pep517/blob/master/pep517/envbuild.py#L92 is the last thing called before it happens, so I'm wondering if it's a pip thing.

$ bork build --verbose                                                              
pep517.envbuild INFO Temporary build environment: /tmp/pep517-build-env-2r4_fyn7
pep517.envbuild INFO Calling pip to install ['setuptools > 42', 'wheel']  
pep517.envbuild ERROR Keyring is skipped due to an exception: File contains no section headers.                        
pep517.envbuild ERROR file: '/home/puppy/.config/python_keyring/keyringrc.cfg', line: 1                                
pep517.envbuild ERROR 'xxxx\n'

@duckinator
Copy link
Owner Author

Yes, it is:

$ mkdir x; python3 -m pip install --ignore-installed --prefix x 'setuptools > 42' 'wheel'
Keyring is skipped due to an exception: File contains no section headers.
file: '/home/puppy/.config/python_keyring/keyringrc.cfg', line: 1
'xxxx\n'

@nbraud
Copy link
Collaborator

nbraud commented Jan 6, 2021

Yeah, just found a plethora of pip issues about keyring support.

Looks like there is consensus on making keyring opt-in but nobody actually implemented anything.
I think that pip should additionally be patched not to interact with the keyring unless auth is required, though

@duckinator duckinator added upstream This is related to an upstream dependency blocked Needs something else done first. labels Nov 22, 2022
@duckinator
Copy link
Owner Author

duckinator commented Apr 12, 2023
edited
Loading

We don't use pep517 to build anymore, we use build. I think this got fixed when that happened, since I can't reproduce it anymore.

If anyone encounters this again, please open a new issue for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
blocked Needs something else done first. bug Something isn't working upstream This is related to an upstream dependency
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@duckinator @nbraud