Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document how to disable keyring for users who might want to #6773

Open
pradyunsg opened this issue Jul 23, 2019 · 22 comments
Open

Document how to disable keyring for users who might want to #6773

pradyunsg opened this issue Jul 23, 2019 · 22 comments
Labels
type: docs Documentation related

Comments

@pradyunsg
Copy link
Member

It'd probably be useful to add something like the following to our documentation. Borrowing from twine:

Disabling Keyring
^^^^^^^^^^^^^^^^^

In some cases, the presence of keyring may be problemmatic. To disable
keyring and defer to a prompt for passwords, uninstall ``keyring``
or if that's not an option, you can also configure keyring to be disabled.

See `twine 338 <https://github.com/pypa/twine/issues/338>`_ for a
discussion on ways to do that.
@pradyunsg pradyunsg added type: docs Documentation related good first issue A good item for first time contributors to work on labels Jul 23, 2019
@pfmoore
Copy link
Member

pfmoore commented Jul 23, 2019

+1, although I'd prefer it if we documented "how to disable keyring" rather than linking to an ongoing discussion. Let's wait for the discussion to complete and document the conclusions it comes to.

@pradyunsg
Copy link
Member Author

pradyunsg commented Jul 24, 2019

I prefer that too, though I think we can follow up with prose describing the final conclusions later -- it needs someone to convert the discussion there to prose. Until then, linking to the issue is better than doing nothing. :)

@SharatChandar
Copy link

Hi, Can i take this up ?

@pradyunsg
Copy link
Member Author

@SharatChandar Sure! We'd probably start by adding the above text to the user guide (the relevant file is in docs/html).

I'll leave it to your judgment to determine where in the file/document, to add this section.

Feel free to mention me if you need any help. :)

@SharatChandar
Copy link

@pradyunsg I have a query. Should i document the entire twine discussion or provide a link to the discussion like twine ? Also check this jaraco/keyring#340 and let me know if i should include these.

@pradyunsg
Copy link
Member Author

Documenting the ways to disable would be ideal.

Providing a link to the discussion would work too, but someone would have to come and change that into a discussion later. If you're willing to write a discussion, that'd be great!

The keyring PR seems like a great approach to disable keyring. We should definitely document that.

@SharatChandar
Copy link

Keyring in certain cases can prevent the installing of certain packages and modules due to authentication errors. In such cases disabling the keyring is recommended.Keyring can be manually uninstalled but doing so may invalidate other packages that depends on Keyring.

How to disable the keyring
Method 1 :
Set the default keyring password to blank. This will make the keyring accessible without a password.

Method 2 :
keyring could also be disabled by removing the exceute permission from the daemon

@pradyunsg Should i include some other methods too or will this do ?

@pfmoore
Copy link
Member

pfmoore commented Jul 26, 2019

@SharatChandar You should probably consider cross-platform here. I'm not aware of a keyring "daemon" on Windows (or a service, which would be the equivalent there), so your "Method 2" would make no sense to a Windows user.

@SharatChandar
Copy link

@pfmoore Oh Sorry am new to this. I ll keep a cross platform approach going forward.

@pfmoore
Copy link
Member

pfmoore commented Jul 26, 2019

No problem, no-one can think of all this stuff, that's why it's worth asking for feedback the way you did :-)

@pradyunsg
Copy link
Member Author

@SharatChandar I think we should suggest to users to set environment variable PYTHON_KEYRING_BACKEND to keyring.backends.null.Keyring. That disables keyring (the Python package).

We don't want users disabling the OS keyring password, since that is less secure.

@pradyunsg
Copy link
Member Author

To see more about why I suggest that, see the documentation in the commit that closed jaraco/keyring#340 -- jaraco/keyring@5a887c1.

@SharatChandar
Copy link

SharatChandar commented Jul 29, 2019

Python keyring by default is set to null.

keyring can be disabled via command line using '--disable'.

Environments may disable keyring by setting PYTHON_KEYRING_BACKEND to keyring.backends.null.Keyring in the config file.

@pradyunsg these are the methods provided by jaraco to disable keyring. Will it be sufficient to document these ?

@pradyunsg
Copy link
Member Author

Yep yep.

Also, I prefer that you don't address me as "bro".

@SharatChandar
Copy link

@pradyunsg Sorry, Didn't mean to offend you. I ll address you formally.

Suniti13 added a commit to Suniti13/pip that referenced this issue Oct 14, 2019
Added documentation about how to disable keyring. Refered pypa/twine#338 for it.
Suniti13 added a commit to Suniti13/pip that referenced this issue Oct 14, 2019
Added documentation about how to disable keyring. Refered pypa/twine#338 for it.
Suniti13 added a commit to Suniti13/pip that referenced this issue Oct 14, 2019
Suniti13 added a commit to Suniti13/pip that referenced this issue Oct 17, 2019
Added NEWS entry for the issue pypa#6773. Added documentation on how to disable keyring.
@brainwane brainwane removed the good first issue A good item for first time contributors to work on label Jan 27, 2020
@pradyunsg
Copy link
Member Author

@jaraco Would it be possible to add a section about "how to disable keyring" to keyring's documentation? (see #8019 (comment) for context)

Or is it documented somewhere and I can't find it?

@actionless
Copy link

i think instead of adding a documentation for workaround, would be better to make a proper fix, which will make pip calling keyring only if it's needed, not on every install command

jaraco added a commit to jaraco/keyring that referenced this issue Apr 27, 2020
@jaraco
Copy link
Member

jaraco commented Apr 27, 2020

Readme now has a section on disabling.

@deveshks
Copy link
Contributor

Readme now has a section on disabling.

Since now there is a separate section in keyring docs we can refer back to, where should the link go? I was thinking somewhere in https://pip.pypa.io/en/latest/user_guide/#basic-authentication-credentials might be a good idea. (Since I think that keyring provides you another way to authenticate to pypi)

If that is the case, I can go ahead and create a documentation PR which will add the above link to our docs

clrpackages pushed a commit to clearlinux-pkgs/keyring that referenced this issue May 5, 2020
…21.2.1

Jason R. Coombs (16):
      Suppress warnings in pytest-flake8, pytest-black, and pytest-checkdocs.
      Prefer pytest-black to pytest-black-multipy
      Test against Windows and Mac
      Define a default pool_vm_image
      Remove tox-venv and tox-pip-version. Tox-venv is discouraged (tox-dev/tox-venv#48 (comment)) and tox-pip-version was only there to support tox-venv. venv is dead; long live virtualenv.
      Add section on disabling keyring. Ref pypa/pip#6773
      Replace use of pkg_resources in test_packaging.
      Add test capturing expectation that keyring should load degenerately if no metadata is present. Ref #426.
      Allow keyring to be imported in environments missing the metadata. Restores expectation lost in 19.3.0. Fixes #426. Alternative to #422.
      Update changelog. Ref #426.
      Add test capturing expectation that it should be possible to limit to recommended backends. Ref #423.
      Ensure ChainerBackend is excluded early to avoid recursion errors when evaluating limits on backends. Fixes #423.
      Update changelog. Ref #423.
      Rename tests to aid pytest with discovery.
      xfail the tests. Ref #436.
      Add test to trigger the undesirable behavior. Ref #355.
@hl037
Copy link

hl037 commented Sep 7, 2020

Wait... IMHO No solution proposed here is likeable ! in my case 👍

  1. I want to be able to use pip without having to type a password (to install / uninstall packages etc.) when clearly not necessary
  2. I certainly don't want my keyring password to be blank...
  3. I have some modules / app that are using "rightfully" the keyring.

Why is not pip asking for the keyring only when required ? (i.e. when using a private repo, for what this feature has been introduced)... And providing a way to bypass the keyring ?

...This feature will just waste 20 minute or so to many developper either not using keyrings or not understanding why pip behaviour changed...

@pradyunsg
Copy link
Member Author

See #8687 and #8719.

@skrat
Copy link

skrat commented Jan 5, 2021

@SharatChandar I think we should suggest to users to set environment variable PYTHON_KEYRING_BACKEND to keyring.backends.null.Keyring. That disables keyring (the Python package).

We don't want users disabling the OS keyring password, since that is less secure.

@pradyunsg this is no solution, this will naturally lead users to set that var in their profiles, bashrc, etc. BUT this is affecting behavior of keyring package, not pip. It's sound to assume that people want to continue using their other python apps depending on keyring. So, really, don't defer this to keyring's conf. and come up with a way to configure pip.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: docs Documentation related
Projects
None yet
9 participants