Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

uv publish doesn't respect the --allow-insecure-host flag #8423

Closed
oriori1703 opened this issue Oct 21, 2024 · 4 comments · Fixed by #8440
Closed

uv publish doesn't respect the --allow-insecure-host flag #8423

oriori1703 opened this issue Oct 21, 2024 · 4 comments · Fixed by #8440
Assignees
@konstin
Labels
bug Something isn't working great writeup A wonderful example of a quality contribution 💜

Comments

@oriori1703
Copy link

oriori1703 commented Oct 21, 2024
edited
Loading

It seems like uv publish doesn't respect the --allow-insecure-host flag

steps to reproduce

uv command

uv publish --publish-url https://localhost --allow-insecure-host "localhost" --verbose --username="test" --password="test"

output:

DEBUG uv 0.4.25
warning: `uv publish` is experimental and may change without warning
Publishing 2 files https://localhost/
DEBUG Using request timeout of 900s
Uploading sigmatcher-1.3.1-py3-none-any.whl (14.1KiB)
DEBUG Using username/password basic auth
DEBUG Transient request failure for https://localhost/, retrying: error sending request for url (https://localhost/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
warning: Transient request failure for https://localhost/, retrying
DEBUG Using username/password basic auth
DEBUG Transient request failure for https://localhost/, retrying: error sending request for url (https://localhost/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
warning: Transient request failure for https://localhost/, retrying
DEBUG Using username/password basic auth
error: Failed to publish `dist/sigmatcher-1.3.1-py3-none-any.whl` to https://localhost/
  Caused by: Failed to send POST request
  Caused by: error sending request for url (https://localhost/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer

mock server

I used the following steps to create a mock https server with self signed certs that can reproduce the issue.

  1. generate the cert using:
openssl genrsa  -out server.key 2048
openssl req -new -key server.key -out server.csr -subj "/CN=localhost"
openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt
cat server.crt server.key > server.pem
  1. run this python script:
from http.server import HTTPServer, BaseHTTPRequestHandler
import ssl


httpd = HTTPServer(('localhost', 443), BaseHTTPRequestHandler)

context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain('server.pem', 'server.key')

httpd.socket = context.wrap_socket(httpd.socket, server_side=True)

httpd.serve_forever()
@j178
Copy link
Contributor

j178 commented Oct 22, 2024

Seems related to #6985

@oriori1703
Copy link
Author

Seems related to #6985

Are you sure? uv python install doesn't accept --allow-insecure-host at all, while uv publish does accept and uses it (but doesn't work).

konstin added a commit that referenced this issue Oct 22, 2024
@konstin
Respect allow insecure host in publish
2854563 
Switch to respecting the allow insecure host setting in all places where we use the client.

Fixes #8423
Part of #6985
Doesn't touch #6983
@konstin konstin added the bug Something isn't working label Oct 22, 2024
@konstin konstin self-assigned this Oct 22, 2024
@konstin konstin added the great writeup A wonderful example of a quality contribution 💜 label Oct 22, 2024
@konstin konstin mentioned this issue Oct 22, 2024
Merged
@konstin
Copy link
Member

konstin commented Oct 22, 2024

Thank you for the great reproducer!

@oriori1703
Copy link
Author

Thanks 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@konstin konstin

Labels
bug Something isn't working great writeup A wonderful example of a quality contribution 💜
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Respect allow insecure host in publish astral-sh/uv
3 participants
@konstin @j178 @oriori1703