Can't resolve a package version from private gitlab package index #9331
Comments
|
Hm, I think we're just incorrectly displaying that hint. It sounds like your dependency isn't on the index though? Can you share the verbose output? Are you sure it's there? |
|
It's there, I can see in it a browser and poetry can install it in another project $ uv add --index https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple 'livity-airtable' -v
DEBUG uv 0.5.0
DEBUG Found project root: `$PROJECT`
DEBUG No workspace root found, using project root
DEBUG Using Python request `>=3.11` from `requires-python` metadata
DEBUG The virtual environment's Python version satisfies `>=3.11`
DEBUG Using request timeout of 30s
DEBUG Using request timeout of 30s
DEBUG Found static `pyproject.toml` for: enzo @ file:///${PROJECT}
DEBUG No workspace root found, using project root
DEBUG Ignoring existing lockfile due to mismatched `requires-dist` for: `enzo==1.2.2`
Expected: {Requirement { name: PackageName("apscheduler"), extras: [ExtraName("sqlalchemy")], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "3.10.4" }]), index: None }, origin: None }, Requirement { name: PackageName("asyncclick"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "8.1.7.2" }]), index: None }, origin: None }, Requirement { name: PackageName("hubspot-api-client"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "10.0.0" }]), index: None }, origin: None }, Requirement { name: PackageName("livity-airtable"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([]), index: None }, origin: None }, Requirement { name: PackageName("phonenumbers"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "8.13.50" }]), index: None }, origin: None }, Requirement { name: PackageName("psycopg"), extras: [ExtraName("binary")], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "3.1.12" }]), index: None }, origin: None }, Requirement { name: PackageName("python-dotenv"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "1.0.1" }]), index: None }, origin: None }}
Actual: {Requirement { name: PackageName("apscheduler"), extras: [ExtraName("sqlalchemy")], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "3.10.4" }]), index: None }, origin: None }, Requirement { name: PackageName("asyncclick"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "8.1.7.2" }]), index: None }, origin: None }, Requirement { name: PackageName("hubspot-api-client"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "10.0.0" }]), index: None }, origin: None }, Requirement { name: PackageName("phonenumbers"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "8.13.50" }]), index: None }, origin: None }, Requirement { name: PackageName("psycopg"), extras: [ExtraName("binary")], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "3.1.12" }]), index: None }, origin: None }, Requirement { name: PackageName("python-dotenv"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "1.0.1" }]), index: None }, origin: None }}
DEBUG Solving with installed Python version: 3.11.9
DEBUG Solving with target Python version: >=3.11
DEBUG Adding direct dependency: enzo*
DEBUG Searching for a compatible version of enzo @ file://${PROJECT (*)
DEBUG Adding transitive dependency for enzo==1.2.2: apscheduler>=3.10.4
DEBUG Adding transitive dependency for enzo==1.2.2: apscheduler[sqlalchemy]>=3.10.4
DEBUG Adding transitive dependency for enzo==1.2.2: asyncclick>=8.1.7.2
DEBUG Adding transitive dependency for enzo==1.2.2: enzo:dev==1.2.2
DEBUG Adding transitive dependency for enzo==1.2.2: hubspot-api-client>=10.0.0
DEBUG Adding transitive dependency for enzo==1.2.2: livity-airtable*
DEBUG Adding transitive dependency for enzo==1.2.2: phonenumbers>=8.13.50
DEBUG Adding transitive dependency for enzo==1.2.2: psycopg>=3.1.12
DEBUG Adding transitive dependency for enzo==1.2.2: psycopg[binary]>=3.1.12
DEBUG Adding transitive dependency for enzo==1.2.2: python-dotenv>=1.0.1
DEBUG Searching for a compatible version of enzo @ file://${PROJECT (==1.2.2)
DEBUG Adding transitive dependency for enzo==1.2.2: enzo==1.2.2
DEBUG Adding transitive dependency for enzo==1.2.2: enzo:dev==1.2.2
DEBUG Searching for a compatible version of enzo @ file:///${PROJECT} (==1.2.2)
DEBUG Adding transitive dependency for enzo==1.2.2: pytest>=8.3.3
DEBUG Adding transitive dependency for enzo==1.2.2: pytest-asyncio>=0.24.0
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/asyncclick/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/asyncclick/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/livity-airtable/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/livity-airtable/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/apscheduler/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/apscheduler/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dotenv/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dotenv/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/psycopg/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/psycopg/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/hubspot-api-client/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/hubspot-api-client/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/phonenumbers/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/phonenumbers/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest-asyncio/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest-asyncio/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dotenv/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/6a/3e/b68c118422ec867fa7ab88444e1274aa40681c606d59ac27de5a5588f082/python_dotenv-1.0.1-py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/6b/77/7440a06a8ead44c7757a64362dd22df5760f9b12dc5f11b6188cd2fc27a0/pytest-8.3.3-py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/hubspot-api-client/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest-asyncio/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/8a/30/7f33074243ea5123657cce58a8f91a0b68c127e95c13743fee23ecf431ab/hubspot_api_client-10.0.0-py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/96/31/6607dab48616902f76885dfcf62c08d929796fc3b2d2318faf9fd54dbed9/pytest_asyncio-0.24.0-py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/psycopg/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/ce/21/534b8f5bd9734b7a2fcd3a16b1ee82ef6cad81a4796e95ebf4e0c6a24119/psycopg-3.2.3-py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/asyncclick/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/1e/6e/9acdbb25733e1de411663b59abe521bec738e72fe4e85843f6ff8b212832/asyncclick-8.1.7.2-py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/livity-airtable/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/apscheduler/
DEBUG Searching for a compatible version of apscheduler[sqlalchemy] (>=3.10.4)
DEBUG Selecting: apscheduler==3.10.4 [preference] (APScheduler-3.10.4-py3-none-any.whl)
DEBUG Adding transitive dependency for apscheduler==3.10.4: apscheduler==3.10.4
DEBUG Adding transitive dependency for apscheduler==3.10.4: apscheduler[sqlalchemy]==3.10.4
DEBUG Searching for a compatible version of apscheduler (==3.10.4)
DEBUG Selecting: apscheduler==3.10.4 [preference] (APScheduler-3.10.4-py3-none-any.whl)
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/13/b5/7af0cb920a476dccd612fbc9a21a3745fb29b1fcd74636078db8f7ba294c/APScheduler-3.10.4-py3-none-any.whl.metadata
DEBUG Adding transitive dependency for apscheduler==3.10.4: pytz*
DEBUG Adding transitive dependency for apscheduler==3.10.4: six>=1.4.0
DEBUG Adding transitive dependency for apscheduler==3.10.4: tzlocal>=2.0, <3.dev0 | >=4.dev0
DEBUG Searching for a compatible version of apscheduler[sqlalchemy] (==3.10.4)
DEBUG Selecting: apscheduler==3.10.4 [preference] (APScheduler-3.10.4-py3-none-any.whl)
DEBUG Adding transitive dependency for apscheduler==3.10.4: sqlalchemy>=1.4
DEBUG Searching for a compatible version of asyncclick (>=8.1.7.2)
DEBUG Selecting: asyncclick==8.1.7.2 [preference] (asyncclick-8.1.7.2-py3-none-any.whl)
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/phonenumbers/
DEBUG Adding transitive dependency for asyncclick==8.1.7.2: anyio*
DEBUG Adding transitive dependency for asyncclick==8.1.7.2: colorama{platform_system == 'Windows'}*
DEBUG Searching for a compatible version of hubspot-api-client (>=10.0.0)
DEBUG Selecting: hubspot-api-client==10.0.0 [preference] (hubspot_api_client-10.0.0-py3-none-any.whl)
DEBUG Adding transitive dependency for hubspot-api-client==10.0.0: certifi*
DEBUG Adding transitive dependency for hubspot-api-client==10.0.0: python-dateutil*
DEBUG Adding transitive dependency for hubspot-api-client==10.0.0: six>=1.10
DEBUG Adding transitive dependency for hubspot-api-client==10.0.0: urllib3>=1.15
DEBUG Searching for a compatible version of livity-airtable (*)
DEBUG No compatible version found for: livity-airtable
DEBUG Searching for a compatible version of enzo @ file:///${PROJECT} (<1.2.2 | >1.2.2)
DEBUG No compatible version found for: enzo
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytz/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytz/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/six/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/six/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/tzlocal/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/tzlocal/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/colorama/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/colorama/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/certifi/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/certifi/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/anyio/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/anyio/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dateutil/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dateutil/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/urllib3/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/urllib3/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/eb/d4/2011babd77b9709dd80f89aa74611fdace859e0571cd9e79ba3f95902441/phonenumbers-8.13.50-py2.py3-none-any.whl.metadata
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/sqlalchemy/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/sqlalchemy/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytz/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/urllib3/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/certifi/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/12/90/3c9ff0512038035f59d279fddeb79f5f1eccd8859f06d6163c58798b9487/certifi-2024.8.30-py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/11/c3/005fcca25ce078d2cc29fd559379817424e94885510568bc1bc53d7d5846/pytz-2024.2-py2.py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/ce/d9/5f4c13cecde62396b0d3fe530a50ccea91e7dfc1ccf0e09c228841bb5ba8/urllib3-2.2.3-py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/colorama/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dateutil/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/sqlalchemy/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/ec/57/56b9bcc3c9c6a792fcbaf139543cee77261f3651ca9da0c93f5c1221264b/python_dateutil-2.9.0.post0-py2.py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/tzlocal/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/anyio/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/97/3f/c4c51c55ff8487f2e6d0e618dba917e3c3ee2caae6cf0fbb59c9b1876f2e/tzlocal-5.2-py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/e4/f5/f2b75d2fc6f1a260f340f0e7c6a060f4dd2961cc16884ed851b0d18da06a/anyio-4.6.2.post1-py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/00/4e/5a67963fd7cbc1beb8bd2152e907419f4c940ef04600b10151a751fe9e06/SQLAlchemy-2.0.36-cp311-cp311-macosx_10_9_x86_64.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/six/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl.metadata
× No solution found when resolving dependencies:
╰─▶ Because there are no versions of livity-airtable and your project depends on livity-airtable, we can conclude that your project's requirements are unsatisfiable.
hint: `livity-airtable` was found on https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple, but not at the requested version (all versions of livity-airtable). A compatible version may be available on a
subsequent index (e.g., https://pypi.org/simple). By default, uv will only consider versions that are published on the first index that contains a given package, to avoid dependency confusion attacks. If all indexes are
equally trusted, use `--index-strategy unsafe-best-match` to consider all versions from all indexes, regardless of the order in which they were defined.
help: If you want to add the package regardless of the failed resolution, provide the `--frozen` flag to skip locking and syncing. |
|
I also tried with explicit source index |
|
Are you sure the credentials and index URL are configured correctly? e.g., I get this error with a dummy URL |
|
I've put the credentials in ~/.netrc, but I couldn't tell if uv reads them or whether they're defined properly. 🤷 |
|
If you set |
TRACE Request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/ is unauthenticated, checking cache
TRACE No credentials in cache for URL https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE Attempting unauthenticated request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
T.netrc: machine gitlab.com login ... password ... |
|
We attempt an unauthenticated request before the authenticated one, generally, are those all the logs? |
|
That's it from this server. $ RUST_LOG=uv=trace uv add --index https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple 'livity-airtable' -vn
DEBUG uv 0.5.4
DEBUG Found project root: `${PROJECT}`
DEBUG No workspace root found, using project root
DEBUG Using Python request `>=3.11` from `requires-python` metadata
TRACE Querying interpreter executable at ${PROJECT}/.venv/bin/python3
DEBUG The virtual environment's Python version satisfies `>=3.11`
DEBUG Using request timeout of 30s
DEBUG Using request timeout of 30s
DEBUG Ignoring existing lockfile due to mismatched source: `enzo` (expected: `editable`)
DEBUG Found static `pyproject.toml` for: enzo @ file://${PROJECT}
DEBUG No workspace root found, using project root
TRACE Performing lookahead for enzo @ file://${PROJECT}
DEBUG Solving with installed Python version: 3.12.7
DEBUG Solving with target Python version: >=3.11
DEBUG Adding direct dependency: enzo*
DEBUG Searching for a compatible version of enzo @ file://${PROJECT} (*)
DEBUG Adding transitive dependency for enzo==1.2.2: livity-airtable*
TRACE Fetching metadata for livity-airtable from https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE No cache entry exists for /tmp/.tmpJTHLJ1/simple-v14/index/4e9e82d5c88d0c17/livity-airtable.rkyv
DEBUG No cache entry for: https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE Sending fresh GET request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE Handling request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE Request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/ is unauthenticated, checking cache
TRACE No credentials in cache for URL https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE Attempting unauthenticated request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE cached request https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/ is storable because its response has a 'public' cache-control directive
TRACE Received package metadata for: livity-airtable
TRACE Selecting candidate for livity-airtable with range * with 0 remote versions
TRACE Exhausted all candidates for package livity-airtable with range * after 0 steps
DEBUG Searching for a compatible version of livity-airtable (*)
TRACE Selecting candidate for livity-airtable with range * with 0 remote versions
TRACE Exhausted all candidates for package livity-airtable with range * after 0 steps
DEBUG No compatible version found for: livity-airtable
DEBUG Searching for a compatible version of enzo @ file://${PROJECT} (<1.2.2 | >1.2.2)
DEBUG No compatible version found for: enzo
DEBUG Reverting changes to `pyproject.toml`
DEBUG Reverting changes to `uv.lock`
× No solution found when resolving dependencies:
TRACE Resolver derivation tree before reduction
root==0a0.dev0 depends on enzo*
enzo==1.2.2 depends on livity-airtable*
no versions of livity-airtable*
no versions of enzo<1.2.2 | >1.2.2
TRACE Resolver derivation tree after reduction
enzo==1.2.2 depends on livity-airtable*
no versions of livity-airtable*
╰─▶ Because there are no versions of livity-airtable and your project depends on livity-airtable, we can conclude that your project's requirements are unsatisfiable.
hint: `livity-airtable` was found on https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple, but not at the requested version (all versions of livity-airtable). A compatible version may be available on a
subsequent index (e.g., https://pypi.org/simple). By default, uv will only consider versions that are published on the first index that contains a given package, to avoid dependency confusion attacks. If all indexes are
equally trusted, use `--index-strategy unsafe-best-match` to consider all versions from all indexes, regardless of the order in which they were defined.
help: If you want to add the package regardless of the failed resolution, provide the `--frozen` flag to skip locking and syncing.Perhaps I'll have a look at the .netrc code. I barely know rust, but maybe I get lucky ;) |
|
Oh, I think because the request returns a 404 instead of a 403 we don't look for credentials to retry the request with. If you include the username on the index URL, e.g. It's weird they return a 404 instead of a 403 (if that is indeed the case). Thanks for your patience working through this! |
|
That worked 👍 Thank you for your help! I agree 404 from gitlab is not perfect. I'll report it, but I guess that on purpose - security by obscurity. Any good reason for trying unauthenticated request first even when we provide credentials? |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
|
@zanieb can you tell me why uv tries to make unauthenticated requests to servers with configured credentials? It might help with the issue report to gitlab. Thanks! |
This comment was marked as off-topic.
This comment was marked as off-topic.
|
@rafalkrupinski working on tracking down the discussion about it. If I remember correctly, this is necessary to avoid sending credentials to servers that will fail without them. I think GitHub will return a 403 to a public repository if you attach credentials if you are setting up authentication some other repository, attaching credentials eagerly causes problems. |
This comment was marked as off-topic.
This comment was marked as off-topic.
|
@rafalkrupinski The change was in #3130 |
This comment was marked as off-topic.
This comment was marked as off-topic.
You can't make everyone happy... |
|
Sorry yeah.. "that will fail with them". We have an awkward problem here where server behavior is inconsistent and it's very hard to have good behavior across all of them. |
|
We could also have a bool "authenticated" which forces us to fetch authentication instead of trying an unauthenticated request first. Hm. This could be broadly helpful for erroring early when we can't find credentials. |
|
Sounds reasonable, but I would find the name confusing, since uv would still try authenticated request with "false". What we actually want to configure is trying unauthenticated request when credentials are present. "Prevent-unauthenticated" or "try-unauthenticated" or something along these lines. I find github's quirk more unreasonable than gitlab's, so that's the server that should need an extra option, IMO |
I mean, we don't have to :) If you mark an index as unauthenticated I would say it's critical that we do not send credentials to it. The default could be |
|
It's still not work for me, the package, utensils, I'm pretty sure it's in my private repository, I tried three strategies of uv and tried to specify the version of the package, but it still didn't work. Anyone give me some advice please 😭 RUST_LOG=uv=trace uv add utensils==0.1.58 --index-url=https://pypi.org/simple --extra-index-url=https://username:password@100.64.0.1:8000/simple --allow-insecure-host=100.64.0.1 --index-strategy unsafe-best-match -vn
TRACE Received package metadata for: greenlet
TRACE Using preference greenlet 3.1.1
TRACE No cache entry exists for /var/folders/zj/82cyd56j3t7cdf54m857wsgw0000gn/T/.tmpDV0OtY/wheels-v3/index/e367fd55faf540ee/greenlet/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.msgpack
DEBUG No cache entry for: https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl
TRACE Sending fresh HEAD request for https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl
TRACE Handling request for https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl
TRACE Request for https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl is unauthenticated, checking cache
TRACE No credentials in cache for URL https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl
TRACE Attempting unauthenticated request for https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl
TRACE cached request https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl is storable because its response has a heuristically cacheable status code 200
TRACE Getting metadata for greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl by range request
TRACE Handling request for https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl
TRACE Request for https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl is unauthenticated, checking cache
TRACE No credentials in cache for URL https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl
TRACE Attempting unauthenticated request for https://pypi.org/simple/pypi/web/packages/7d/ec/bad1ac26764d26aa1353216fcbfa4670050f66d445448aafa227f8b16e80/greenlet-3.1.1-cp312-cp312-macosx_11_0_universal2.whl
TRACE Received built distribution metadata for: greenlet==3.1.1
× No solution found when resolving dependencies for split (python_full_version == '3.12.*'):
TRACE Resolver derivation tree before reduction
root==0a0.dev0 depends on shredder-demo*
shredder-demo==0.1.0 depends on utensils==0.1.58
no versions of utensils==0.1.58
no versions of shredder-demo<0.1.0 | >0.1.0
TRACE Resolver derivation tree after reduction
shredder-demo==0.1.0 depends on utensils==0.1.58
no versions of utensils==0.1.58
╰─▶ Because there is no version of utensils==0.1.58 and your project depends on utensils==0.1.58, we can conclude that your project's requirements are unsatisfiable.
help: If you want to add the package regardless of the failed resolution, provide the `--frozen` flag to skip locking and syncing. |
|
Can you share the full verbose logs? Are you certain that your server is authenticating correctly? |
|
|
What's going on with the files in your registry? They appear to be have strange names: |
|
I don't understand what you mean. The private repo is built by our ops. I don't know much about it. This package name has the same name as the one in the pypi repo. |
|
Does |
It's works for me, but I want to use uv instead of pip |
uv pip install ... can also |
|
What version does |
My bad, I remembered it wrong, uv pip doesn't work |
|
uv pip install the package(1.0.1) from pypi repo |
|
It looks like you have dependencies in the project that end up requiring a different version of |
Pip install works for me(prove that there are no dependency conflicts), and my project does not depend on utensils==1.0.1, OPS said that our private repo has no metadata, I don't know if it will have any impact |
|
Unfortunately I'm not fully following. Are you able to install 0.1.58 via pip install or uv pip install? That's the version you're requesting. |
just pip install |
how about
A 3-value boolean? Please no ;D |
|
@rafalkrupinski I don't really want to special-case gitlab and github — these issues exist for other indexes too. It's very common for us to have a "default" automatic behavior that can be overridden to an explicit true or false. |
|
I'm just not sure these three values are all we'll ever need and I find such usage unintuitive. Anyway, I should stop arguing, I don't commit or contribute in this project. I'll just drop this Cheers edit: I don't commit or contribute, other than that documentation I intend to do |
rafalkrupinski
pushed a commit
to rafalkrupinski/uv
that referenced
this issue
Dec 2, 2024
|
@zanieb @samypr100
I guess I need a username variable, or do I? EDIT: |
|
I think we ought to support |
|
@zanieb Sounds good, but what's the immediate solution? It's manual edit, isn't it? |
|
Yeah, either manual edit or repeat the URL. |
|
In 0.6.6, this can be solved by setting |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a dependency managed with poetry, uploaded to a private gitlab package index.
In a dependant uv project I try to add it:
The message doesn't make it easier (package found but couldn't match version, even though I didn't request any); running with
-vdoesn't give any useful information.Both projects are pure python and have exactly the same
Requires-Python: >=3.11,<3.12The text was updated successfully, but these errors were encountered: