20

I have my pip.conf file as follows:

[global]
trusted-host = <private IP>
extra-index-url = http://<private IP>/pypi

However, whenever I try to install a package (just a test package) from the private pypi repo, I receive an error that instructs me to add --trusted-host <private IP>. If I do, I can successfully install the package, so I know that pip is reading the pip.conf file. Why isn't it respecting the trusted-host config? I've triple checked that the IPs match in the config file.

Several blogs and cursory searches of Google seem to suggest that it should. (https://pseudoscripter.wordpress.com/2016/05/07/pip-the-repository-located-at-some-ip-is-not-a-trusted-or-secure-host-and-is-being-ignored/)

celestialorb
  • 1,901
  • 7
  • 29
  • 50
  • For troubleshooting, you should first try specifying the path to your `pip.conf` explicitly with the `PIP_CONFIG_FILE` environment variable. If that works, then it is just a precedence related problem. Also examine `pip config list`. – Amit Naidu Oct 15 '19 at 02:35

4 Answers4

6

Couldn't this be a problem of different pip.conf having different configurations?According to the official docs:

The names and locations of the configuration files vary slightly across platforms. You may have per-user, per-virtualenv or site-wide (shared amongst all users) configuration.

  • On Unix the default configuration file is: $HOME/.config/pip/pip.conf which respects the XDG_CONFIG_HOME environment variable.
  • There is also a legacy per-user configuration file which is also respected, and is located at $HOME/.pip/pip.conf on Unix and macOS.
  • Inside a virtualenv, on Unix and macOS the file is $VIRTUAL_ENV/pip.conf
  • Site-wide, on Unix the file may be located in /etc/pip.conf. Alternatively it may be in a "pip" subdirectory of any of the paths set in the environment variable XDG_CONFIG_DIRS (if it exists), for example /etc/xdg/pip/pip.conf.
gmauch
  • 1,316
  • 4
  • 25
  • 39
2

Copied my pip.conf from $HOME/.pip/pip.conf to /etc/pip.conf and it worked!

celestialorb
  • 1,901
  • 7
  • 29
  • 50
  • hi i did the same thing but no luck, did you put it in the same section `[global]` ? i put both the `proxy` and `trusted-host` configs in this file. and pip is clearly taking the `proxy` config but ignoring `trusted-host` – Mheni Aug 28 '18 at 14:13
  • @Mheni No, I put it under its own section, not under `[global]`. – celestialorb Aug 31 '18 at 13:54
1

To check which config file is being looked at run: pip config --editor pathtoeditorofyourchoice edit, this will open the linked ini file. If it doesnt exist, the Editor (notepad++) will state that there is no file at a specific path <-- and there is your path where you should place the file then.

Also consider as stated here (https://pip.pypa.io/en/stable/user_guide):

If multiple configuration files are found by pip then they are combined in the following order:

The site-wide file is read
The per-user file is read
The virtualenv-specific file is read

Each file read overrides any values read from previous files, so if the global timeout is specified in both the site-wide file and the per-user file then the latter value will be used.

The docs also say:

You can set a custom path location for this config file using the environment variable PIP_CONFIG_FILE.

However, running the upper command with this environment variable set up lead to a 

Fatal Internal error [id=2]. Please report as a bug.
planteater
  • 69
  • 6
0

You might be using an old version of PIP. Try upgrading using:

python -m pip install --upgrade pip
Nitay
  • 4,193
  • 6
  • 33
  • 42