It would be annoying if you see an error about setuptools, install it,
and only be greeted by another error telling you to install wheel.
So we combine the two into one.
The PEP 668 expects an override mechanism to ease the transition.
This provides an override.
---------
Co-authored-by: Pradyun Gedam <pradyunsg@gmail.com>
Refactored `_get_index_url()` to get integration tests for the subprocess backend working.
Keyring support via the 'subprocess' provider can only retrieve a password, not a username-password combo. The username therefor MUST come from the URL.
If the URL obtained from the index does not contain a username then the username from a matching index is used. `_get_index_url()` does that matching.
The problem this refactoring solves is that the URL where a wheel or sdist can be downloaded from does not always start with the index url. Azure DevOps Artifacts Feeds are an example since it replaces the friendly name of the Feed with the GUID of the Feed. Causing `url.startswith(prefix)` to evaluate as `False`.
The new behaviour is to return the index which matches the netloc and has the longest common prefix of the `path` property of the value returned by `urllib.parse.urlsplit()`. The behaviour for resolving ties is unspecified.
This adds a --use-feature=truststore flag that, when specified on Python
3.10+ with truststore installed, switches pip to use truststore to
provide HTTPS certificate validation, instead of certifi. This allows
pip to verify certificates against custom certificates in the system
store.
truststore is deliberately NOT vendored because it is expected the
library to be under active development in the short term, and this
prevents users having to wait for a pip release to get potentially vital
bug fixes needed to be made in truststore.
Supplying the use-feature flag without installing truststore beforehand,
or on Python versions prior to 3.10, results in a command error.
This fallback is only triggered if the project has a `setup.py` file.
Co-authored-by: Tzu-ping Chung <uranusjr@gmail.com>
Co-authored-by: Pradyun Gedam <pradyunsg@gmail.com>
Instead of a flag, make the option take an argument like this:
--root-user-action=ignore
This allows us to add more alternatives in the future, for example to
emit a hard error when a root user is detected.
Also re-label the news fragment to point to the issue instead of the PR
that introduced the option.
These were intended to help users transition when the default behaviour
changed to no longer perform out-of-tree builds. The transition is now
considered complete.
Implements the flag that allows to disable the root
warning when using `pip` to install packages. While there are
differing opinions on this, it seems that the final decision is
to lean forward to implement a long and not very easily
discoverable flag to accommodate the minority of users who know
what they are doing and using root installation to - for example
build optimized Dockerfiles.
The html5lib library isn't strictly required as the same functionality
can be achieved through the stdlib html.parser module.
The html5lib is one of the largest uses of the six library. By dropping
this unnecessary dependency, the pip project is closer to dropping the
six library.
Additionally, html5lib maintenance has slowed down and the project has
rejected pull requests to drop Python 2 support.
For now, the html5lib code remains, but is gated behind a command
line option: `--use-deprecated=html5lib`. After a sufficient amount of
time has passed without any reported bugs, the vendored library and this
flag can be removed completely.
This flag makes the main subroutine (cli.base_command.Command.run)
withold from intercepting unhandled exceptions. This means, that
debugging via "python -m pdb -m pip" is now possible.