mirror of https://github.com/pypa/pip
Rename --allow-insecure to --allow-unverified
This commit is contained in:
Donald Stufft
parent
00a324f91f
commit
616ce39061
|
|
@ -217,6 +217,7 @@ allow_all_external = OptionMaker(
|
|||
help="Allow the installation of all externally hosted files",
|
||||
)
|
||||
|
||||
# Remove after 1.7
|
||||
no_allow_external = OptionMaker(
|
||||
"--no-allow-external",
|
||||
dest="allow_all_external",
|
||||
|
|
@ -225,15 +226,17 @@ no_allow_external = OptionMaker(
|
|||
help=SUPPRESS_HELP,
|
||||
)
|
||||
|
||||
# Remove --allow-insecure after 1.7
|
||||
allow_unsafe = OptionMaker(
|
||||
"--allow-insecure",
|
||||
dest="allow_insecure",
|
||||
"--allow-unverified", "--allow-insecure",
|
||||
dest="allow_unverified",
|
||||
action="append",
|
||||
default=[],
|
||||
metavar="PACKAGE",
|
||||
help="Allow the installation of insecure and unverifiable files",
|
||||
)
|
||||
|
||||
# Remove after 1.7
|
||||
no_allow_unsafe = OptionMaker(
|
||||
"--no-allow-insecure",
|
||||
dest="allow_all_insecure",
|
||||
|
|
|
|||
|
|
@ -161,7 +161,7 @@ class InstallCommand(Command):
|
|||
index_urls=index_urls,
|
||||
use_wheel=options.use_wheel,
|
||||
allow_external=options.allow_external,
|
||||
allow_insecure=options.allow_insecure,
|
||||
allow_unverified=options.allow_unverified,
|
||||
allow_all_external=options.allow_all_external,
|
||||
allow_all_prereleases=options.pre,
|
||||
session=session,
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ class ListCommand(Command):
|
|||
return PackageFinder(find_links=options.find_links,
|
||||
index_urls=index_urls,
|
||||
allow_external=options.allow_external,
|
||||
allow_insecure=options.allow_insecure,
|
||||
allow_unverified=options.allow_unverified,
|
||||
allow_all_external=options.allow_all_external,
|
||||
allow_all_prereleases=options.pre,
|
||||
session=session,
|
||||
|
|
|
|||
|
|
@ -115,7 +115,7 @@ class WheelCommand(Command):
|
|||
index_urls=index_urls,
|
||||
use_wheel=options.use_wheel,
|
||||
allow_external=options.allow_external,
|
||||
allow_insecure=options.allow_insecure,
|
||||
allow_unverified=options.allow_unverified,
|
||||
allow_all_external=options.allow_all_external,
|
||||
allow_all_prereleases=options.pre,
|
||||
session=session,
|
||||
|
|
|
|||
17
pip/index.py
17
pip/index.py
|
|
@ -37,7 +37,7 @@ class PackageFinder(object):
|
|||
"""
|
||||
|
||||
def __init__(self, find_links, index_urls,
|
||||
use_wheel=False, allow_external=[], allow_insecure=[],
|
||||
use_wheel=False, allow_external=[], allow_unverified=[],
|
||||
allow_all_external=False, allow_all_insecure=False,
|
||||
allow_all_prereleases=False, session=None):
|
||||
self.find_links = find_links
|
||||
|
|
@ -53,7 +53,9 @@ class PackageFinder(object):
|
|||
self.allow_external = set(normalize_name(n) for n in allow_external)
|
||||
|
||||
# Which names are allowed to install insecure and unverifiable files?
|
||||
self.allow_insecure = set(normalize_name(n) for n in allow_insecure)
|
||||
self.allow_unverified = set(
|
||||
normalize_name(n) for n in allow_unverified
|
||||
)
|
||||
|
||||
# Do we allow all (safe and verifiable) externally hosted files?
|
||||
self.allow_all_external = allow_all_external
|
||||
|
|
@ -268,7 +270,8 @@ class PackageFinder(object):
|
|||
|
||||
if self.need_warn_insecure:
|
||||
logger.warn("Some insecure and unverifiable files were ignored"
|
||||
" (use --allow-insecure %s to allow)." % req.name)
|
||||
" (use --allow-unverified %s to allow)." %
|
||||
req.name)
|
||||
|
||||
raise DistributionNotFound('No distributions at all found for %s' % req)
|
||||
installed_version = []
|
||||
|
|
@ -312,7 +315,8 @@ class PackageFinder(object):
|
|||
|
||||
if self.need_warn_insecure:
|
||||
logger.warn("Some insecure and unverifiable files were ignored"
|
||||
" (use --allow-insecure %s to allow)." % req.name)
|
||||
" (use --allow-unverified %s to allow)." %
|
||||
req.name)
|
||||
|
||||
raise DistributionNotFound('No distributions matching the version for %s' % req)
|
||||
if applicable_versions[0][1] is InfLink:
|
||||
|
|
@ -397,7 +401,7 @@ class PackageFinder(object):
|
|||
|
||||
if (link.trusted is not None
|
||||
and not link.trusted
|
||||
and not normalized in self.allow_insecure
|
||||
and not normalized in self.allow_unverified
|
||||
and not self.allow_all_insecure):
|
||||
logger.debug("Not searching %s for urls, it is an "
|
||||
"untrusted link and cannot produce safe or "
|
||||
|
|
@ -514,7 +518,8 @@ class PackageFinder(object):
|
|||
|
||||
if (link.verifiable is not None
|
||||
and not link.verifiable
|
||||
and not normalize_name(search_name).lower() in self.allow_insecure
|
||||
and not (normalize_name(search_name).lower()
|
||||
in self.allow_unverified)
|
||||
and not self.allow_all_insecure):
|
||||
# We have a link that we are sure we cannot verify it's integrity,
|
||||
# so we should skip it unless we are allowing unsafe installs
|
||||
|
|
|
|||
|
|
@ -1487,9 +1487,13 @@ def parse_requirements(filename, finder=None, comes_from=None, options=None,
|
|||
finder.allow_external = False
|
||||
elif line.startswith("--no-allow-insecure"):
|
||||
finder.allow_all_insecure = False
|
||||
# Remove after 1.7
|
||||
elif line.startswith("--allow-insecure"):
|
||||
line = line[len("--allow-insecure"):].strip().lstrip("=")
|
||||
finder.allow_insecure |= set([normalize_name(line).lower()])
|
||||
finder.allow_unverified |= set([normalize_name(line).lower()])
|
||||
elif line.startswith("--allow-unverified"):
|
||||
line = line[len("--allow-unverified"):].strip().lstrip("=")
|
||||
finder.allow_unverified |= set([normalize_name(line).lower()])
|
||||
else:
|
||||
comes_from = '-r %s (line %s)' % (filename, line_number)
|
||||
if line.startswith('-e') or line.startswith('--editable'):
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ def test_install_dev_version_from_pypi(script):
|
|||
"""
|
||||
result = script.pip('install', 'INITools==dev',
|
||||
'--allow-external', 'INITools',
|
||||
'--allow-insecure', 'INITools',
|
||||
'--allow-unverified', 'INITools',
|
||||
expect_error=True)
|
||||
assert (script.site_packages / 'initools') in result.files_created, str(result.stdout)
|
||||
|
||||
|
|
|
|||
|
|
@ -349,7 +349,7 @@ def test_finder_finds_external_links_without_hashes_per_project(data):
|
|||
# using a local index
|
||||
finder = PackageFinder([], [data.index_url("externals")],
|
||||
allow_external=["bar"],
|
||||
allow_insecure=["bar"],
|
||||
allow_unverified=["bar"],
|
||||
)
|
||||
link = finder.find_requirement(req, False)
|
||||
assert link.filename == "bar-3.0.tar.gz"
|
||||
|
|
@ -365,7 +365,7 @@ def test_finder_finds_external_links_without_hashes_all(data):
|
|||
# using a local index
|
||||
finder = PackageFinder([], [data.index_url("externals")],
|
||||
allow_all_external=True,
|
||||
allow_insecure=["bar"],
|
||||
allow_unverified=["bar"],
|
||||
)
|
||||
link = finder.find_requirement(req, False)
|
||||
assert link.filename == "bar-3.0.tar.gz"
|
||||
|
|
@ -380,7 +380,7 @@ def test_finder_finds_external_links_without_hashes_scraped_per_project(data):
|
|||
# using a local index
|
||||
finder = PackageFinder([], [data.index_url("externals")],
|
||||
allow_external=["bar"],
|
||||
allow_insecure=["bar"],
|
||||
allow_unverified=["bar"],
|
||||
)
|
||||
link = finder.find_requirement(req, False)
|
||||
assert link.filename == "bar-4.0.tar.gz"
|
||||
|
|
@ -396,7 +396,7 @@ def test_finder_finds_external_links_without_hashes_scraped_all(data):
|
|||
# using a local index
|
||||
finder = PackageFinder([], [data.index_url("externals")],
|
||||
allow_all_external=True,
|
||||
allow_insecure=["bar"],
|
||||
allow_unverified=["bar"],
|
||||
)
|
||||
link = finder.find_requirement(req, False)
|
||||
assert link.filename == "bar-4.0.tar.gz"
|
||||
|
|
|
|||
Loading…
Reference in New Issue