Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't resolve a package version from private gitlab package index #9331

Open
rafalkrupinski opened this issue Nov 21, 2024 · 34 comments
Open

Comments

@rafalkrupinski
Copy link

I have a dependency managed with poetry, uploaded to a private gitlab package index.
In a dependant uv project I try to add it:

$ uv add --index ${GITLAB_INDEX} livity-airtable

× No solution found when resolving dependencies:
╰─▶ Because there are no versions of livity-airtable and your project depends on livity-airtable, we can conclude that your project's requirements are unsatisfiable.

hint: livity-airtable was found on ${GITLAB_INDEX}, but not at the requested version (all versions of livity-airtable). A compatible version may be available on a

The message doesn't make it easier (package found but couldn't match version, even though I didn't request any); running with -v doesn't give any useful information.
Both projects are pure python and have exactly the same Requires-Python: >=3.11,<3.12

$ uv --version
uv 0.5.4

@zanieb
Copy link
Member

zanieb commented Nov 21, 2024

Hm, I think we're just incorrectly displaying that hint. It sounds like your dependency isn't on the index though? Can you share the verbose output? Are you sure it's there?

@rafalkrupinski
Copy link
Author

It's there, I can see in it a browser and poetry can install it in another project

$ uv add --index https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple 'livity-airtable' -v
DEBUG uv 0.5.0
DEBUG Found project root: `$PROJECT`
DEBUG No workspace root found, using project root
DEBUG Using Python request `>=3.11` from `requires-python` metadata
DEBUG The virtual environment's Python version satisfies `>=3.11`
DEBUG Using request timeout of 30s
DEBUG Using request timeout of 30s
DEBUG Found static `pyproject.toml` for: enzo @ file:///${PROJECT}
DEBUG No workspace root found, using project root
DEBUG Ignoring existing lockfile due to mismatched `requires-dist` for: `enzo==1.2.2`
  Expected: {Requirement { name: PackageName("apscheduler"), extras: [ExtraName("sqlalchemy")], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "3.10.4" }]), index: None }, origin: None }, Requirement { name: PackageName("asyncclick"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "8.1.7.2" }]), index: None }, origin: None }, Requirement { name: PackageName("hubspot-api-client"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "10.0.0" }]), index: None }, origin: None }, Requirement { name: PackageName("livity-airtable"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([]), index: None }, origin: None }, Requirement { name: PackageName("phonenumbers"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "8.13.50" }]), index: None }, origin: None }, Requirement { name: PackageName("psycopg"), extras: [ExtraName("binary")], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "3.1.12" }]), index: None }, origin: None }, Requirement { name: PackageName("python-dotenv"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "1.0.1" }]), index: None }, origin: None }}
  Actual: {Requirement { name: PackageName("apscheduler"), extras: [ExtraName("sqlalchemy")], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "3.10.4" }]), index: None }, origin: None }, Requirement { name: PackageName("asyncclick"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "8.1.7.2" }]), index: None }, origin: None }, Requirement { name: PackageName("hubspot-api-client"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "10.0.0" }]), index: None }, origin: None }, Requirement { name: PackageName("phonenumbers"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "8.13.50" }]), index: None }, origin: None }, Requirement { name: PackageName("psycopg"), extras: [ExtraName("binary")], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "3.1.12" }]), index: None }, origin: None }, Requirement { name: PackageName("python-dotenv"), extras: [], marker: true, source: Registry { specifier: VersionSpecifiers([VersionSpecifier { operator: GreaterThanEqual, version: "1.0.1" }]), index: None }, origin: None }}
DEBUG Solving with installed Python version: 3.11.9
DEBUG Solving with target Python version: >=3.11
DEBUG Adding direct dependency: enzo*
DEBUG Searching for a compatible version of enzo @ file://${PROJECT (*)
DEBUG Adding transitive dependency for enzo==1.2.2: apscheduler>=3.10.4
DEBUG Adding transitive dependency for enzo==1.2.2: apscheduler[sqlalchemy]>=3.10.4
DEBUG Adding transitive dependency for enzo==1.2.2: asyncclick>=8.1.7.2
DEBUG Adding transitive dependency for enzo==1.2.2: enzo:dev==1.2.2
DEBUG Adding transitive dependency for enzo==1.2.2: hubspot-api-client>=10.0.0
DEBUG Adding transitive dependency for enzo==1.2.2: livity-airtable*
DEBUG Adding transitive dependency for enzo==1.2.2: phonenumbers>=8.13.50
DEBUG Adding transitive dependency for enzo==1.2.2: psycopg>=3.1.12
DEBUG Adding transitive dependency for enzo==1.2.2: psycopg[binary]>=3.1.12
DEBUG Adding transitive dependency for enzo==1.2.2: python-dotenv>=1.0.1
DEBUG Searching for a compatible version of enzo @ file://${PROJECT (==1.2.2)
DEBUG Adding transitive dependency for enzo==1.2.2: enzo==1.2.2
DEBUG Adding transitive dependency for enzo==1.2.2: enzo:dev==1.2.2
DEBUG Searching for a compatible version of enzo @ file:///${PROJECT} (==1.2.2)
DEBUG Adding transitive dependency for enzo==1.2.2: pytest>=8.3.3
DEBUG Adding transitive dependency for enzo==1.2.2: pytest-asyncio>=0.24.0
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/asyncclick/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/asyncclick/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/livity-airtable/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/livity-airtable/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/apscheduler/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/apscheduler/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dotenv/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dotenv/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/psycopg/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/psycopg/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/hubspot-api-client/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/hubspot-api-client/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/phonenumbers/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/phonenumbers/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest-asyncio/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest-asyncio/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dotenv/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/6a/3e/b68c118422ec867fa7ab88444e1274aa40681c606d59ac27de5a5588f082/python_dotenv-1.0.1-py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/6b/77/7440a06a8ead44c7757a64362dd22df5760f9b12dc5f11b6188cd2fc27a0/pytest-8.3.3-py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/hubspot-api-client/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytest-asyncio/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/8a/30/7f33074243ea5123657cce58a8f91a0b68c127e95c13743fee23ecf431ab/hubspot_api_client-10.0.0-py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/96/31/6607dab48616902f76885dfcf62c08d929796fc3b2d2318faf9fd54dbed9/pytest_asyncio-0.24.0-py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/psycopg/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/ce/21/534b8f5bd9734b7a2fcd3a16b1ee82ef6cad81a4796e95ebf4e0c6a24119/psycopg-3.2.3-py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/asyncclick/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/1e/6e/9acdbb25733e1de411663b59abe521bec738e72fe4e85843f6ff8b212832/asyncclick-8.1.7.2-py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/livity-airtable/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/apscheduler/
DEBUG Searching for a compatible version of apscheduler[sqlalchemy] (>=3.10.4)
DEBUG Selecting: apscheduler==3.10.4 [preference] (APScheduler-3.10.4-py3-none-any.whl)
DEBUG Adding transitive dependency for apscheduler==3.10.4: apscheduler==3.10.4
DEBUG Adding transitive dependency for apscheduler==3.10.4: apscheduler[sqlalchemy]==3.10.4
DEBUG Searching for a compatible version of apscheduler (==3.10.4)
DEBUG Selecting: apscheduler==3.10.4 [preference] (APScheduler-3.10.4-py3-none-any.whl)
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/13/b5/7af0cb920a476dccd612fbc9a21a3745fb29b1fcd74636078db8f7ba294c/APScheduler-3.10.4-py3-none-any.whl.metadata
DEBUG Adding transitive dependency for apscheduler==3.10.4: pytz*
DEBUG Adding transitive dependency for apscheduler==3.10.4: six>=1.4.0
DEBUG Adding transitive dependency for apscheduler==3.10.4: tzlocal>=2.0, <3.dev0 | >=4.dev0
DEBUG Searching for a compatible version of apscheduler[sqlalchemy] (==3.10.4)
DEBUG Selecting: apscheduler==3.10.4 [preference] (APScheduler-3.10.4-py3-none-any.whl)
DEBUG Adding transitive dependency for apscheduler==3.10.4: sqlalchemy>=1.4
DEBUG Searching for a compatible version of asyncclick (>=8.1.7.2)
DEBUG Selecting: asyncclick==8.1.7.2 [preference] (asyncclick-8.1.7.2-py3-none-any.whl)
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/phonenumbers/
DEBUG Adding transitive dependency for asyncclick==8.1.7.2: anyio*
DEBUG Adding transitive dependency for asyncclick==8.1.7.2: colorama{platform_system == 'Windows'}*
DEBUG Searching for a compatible version of hubspot-api-client (>=10.0.0)
DEBUG Selecting: hubspot-api-client==10.0.0 [preference] (hubspot_api_client-10.0.0-py3-none-any.whl)
DEBUG Adding transitive dependency for hubspot-api-client==10.0.0: certifi*
DEBUG Adding transitive dependency for hubspot-api-client==10.0.0: python-dateutil*
DEBUG Adding transitive dependency for hubspot-api-client==10.0.0: six>=1.10
DEBUG Adding transitive dependency for hubspot-api-client==10.0.0: urllib3>=1.15
DEBUG Searching for a compatible version of livity-airtable (*)
DEBUG No compatible version found for: livity-airtable
DEBUG Searching for a compatible version of enzo @ file:///${PROJECT} (<1.2.2 | >1.2.2)
DEBUG No compatible version found for: enzo
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytz/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytz/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/six/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/six/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/tzlocal/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/tzlocal/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/colorama/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/colorama/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/certifi/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/certifi/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/anyio/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/anyio/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dateutil/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dateutil/
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/urllib3/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/urllib3/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/eb/d4/2011babd77b9709dd80f89aa74611fdace859e0571cd9e79ba3f95902441/phonenumbers-8.13.50-py2.py3-none-any.whl.metadata
DEBUG Found stale response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/sqlalchemy/
DEBUG Sending revalidation request for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/sqlalchemy/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/pytz/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/urllib3/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/certifi/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/12/90/3c9ff0512038035f59d279fddeb79f5f1eccd8859f06d6163c58798b9487/certifi-2024.8.30-py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/11/c3/005fcca25ce078d2cc29fd559379817424e94885510568bc1bc53d7d5846/pytz-2024.2-py2.py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/ce/d9/5f4c13cecde62396b0d3fe530a50ccea91e7dfc1ccf0e09c228841bb5ba8/urllib3-2.2.3-py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/colorama/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/python-dateutil/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/sqlalchemy/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/ec/57/56b9bcc3c9c6a792fcbaf139543cee77261f3651ca9da0c93f5c1221264b/python_dateutil-2.9.0.post0-py2.py3-none-any.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/tzlocal/
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/anyio/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/97/3f/c4c51c55ff8487f2e6d0e618dba917e3c3ee2caae6cf0fbb59c9b1876f2e/tzlocal-5.2-py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/e4/f5/f2b75d2fc6f1a260f340f0e7c6a060f4dd2961cc16884ed851b0d18da06a/anyio-4.6.2.post1-py3-none-any.whl.metadata
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/00/4e/5a67963fd7cbc1beb8bd2152e907419f4c940ef04600b10151a751fe9e06/SQLAlchemy-2.0.36-cp311-cp311-macosx_10_9_x86_64.whl.metadata
DEBUG Found not-modified response for: https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple/six/
DEBUG Found fresh response for: https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl.metadata
  × No solution found when resolving dependencies:
  ╰─▶ Because there are no versions of livity-airtable and your project depends on livity-airtable, we can conclude that your project's requirements are unsatisfiable.

      hint: `livity-airtable` was found on https://gitlab.com/api/v4/groups/{ID}/-/packages/pypi/simple, but not at the requested version (all versions of livity-airtable). A compatible version may be available on a
      subsequent index (e.g., https://pypi.org/simple). By default, uv will only consider versions that are published on the first index that contains a given package, to avoid dependency confusion attacks. If all indexes are
      equally trusted, use `--index-strategy unsafe-best-match` to consider all versions from all indexes, regardless of the order in which they were defined.
  help: If you want to add the package regardless of the failed resolution, provide the `--frozen` flag to skip locking and syncing.

@rafalkrupinski
Copy link
Author

I also tried with explicit source index

@zanieb
Copy link
Member

zanieb commented Nov 21, 2024

Are you sure the credentials and index URL are configured correctly? e.g., I get this error with a dummy URL

❯ uv add --index https://gitlab.com/api/v4/groups/123242/-/packages/pypi/simple 'livity-airtable'
Using CPython 3.12.7
Creating virtual environment at: .venv
  × No solution found when resolving dependencies:
  ╰─▶ Because there are no versions of livity-airtable and your project depends on livity-airtable, we can conclude
      that your project's requirements are unsatisfiable.
  help: If you want to add the package regardless of the failed resolution, provide the `--frozen` flag to skip
        locking and syncing.

@rafalkrupinski
Copy link
Author

I've put the credentials in ~/.netrc, but I couldn't tell if uv reads them or whether they're defined properly. 🤷

@zanieb
Copy link
Member

zanieb commented Nov 21, 2024

If you set RUST_LOG=uv=trace there will be more verbose logs from our credential handler.

@rafalkrupinski
Copy link
Author

TRACE Request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/ is unauthenticated, checking cache
TRACE No credentials in cache for URL https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE Attempting unauthenticated request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
T

.netrc:

machine gitlab.com login ... password ...

@zanieb
Copy link
Member

zanieb commented Nov 21, 2024

We attempt an unauthenticated request before the authenticated one, generally, are those all the logs?

@rafalkrupinski
Copy link
Author

That's it from this server.

$ RUST_LOG=uv=trace uv  add --index https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple 'livity-airtable' -vn
DEBUG uv 0.5.4
DEBUG Found project root: `${PROJECT}`
DEBUG No workspace root found, using project root
DEBUG Using Python request `>=3.11` from `requires-python` metadata
TRACE Querying interpreter executable at ${PROJECT}/.venv/bin/python3
DEBUG The virtual environment's Python version satisfies `>=3.11`
DEBUG Using request timeout of 30s
DEBUG Using request timeout of 30s
DEBUG Ignoring existing lockfile due to mismatched source: `enzo` (expected: `editable`)
DEBUG Found static `pyproject.toml` for: enzo @ file://${PROJECT}
DEBUG No workspace root found, using project root
TRACE Performing lookahead for enzo @ file://${PROJECT}
DEBUG Solving with installed Python version: 3.12.7
DEBUG Solving with target Python version: >=3.11
DEBUG Adding direct dependency: enzo*
DEBUG Searching for a compatible version of enzo @ file://${PROJECT} (*)
DEBUG Adding transitive dependency for enzo==1.2.2: livity-airtable*
TRACE Fetching metadata for livity-airtable from https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE No cache entry exists for /tmp/.tmpJTHLJ1/simple-v14/index/4e9e82d5c88d0c17/livity-airtable.rkyv
DEBUG No cache entry for: https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE Sending fresh GET request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE Handling request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE Request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/ is unauthenticated, checking cache
TRACE No credentials in cache for URL https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE Attempting unauthenticated request for https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/
TRACE cached request https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple/livity-airtable/ is storable because its response has a 'public' cache-control directive
TRACE Received package metadata for: livity-airtable
TRACE Selecting candidate for livity-airtable with range * with 0 remote versions
TRACE Exhausted all candidates for package livity-airtable with range * after 0 steps
DEBUG Searching for a compatible version of livity-airtable (*)
TRACE Selecting candidate for livity-airtable with range * with 0 remote versions
TRACE Exhausted all candidates for package livity-airtable with range * after 0 steps
DEBUG No compatible version found for: livity-airtable
DEBUG Searching for a compatible version of enzo @ file://${PROJECT} (<1.2.2 | >1.2.2)
DEBUG No compatible version found for: enzo
DEBUG Reverting changes to `pyproject.toml`
DEBUG Reverting changes to `uv.lock`
  × No solution found when resolving dependencies:
TRACE Resolver derivation tree before reduction
  root==0a0.dev0 depends on enzo*
      enzo==1.2.2 depends on livity-airtable*
      no versions of livity-airtable*
    no versions of enzo<1.2.2 | >1.2.2
TRACE Resolver derivation tree after reduction
  enzo==1.2.2 depends on livity-airtable*
  no versions of livity-airtable*
  ╰─▶ Because there are no versions of livity-airtable and your project depends on livity-airtable, we can conclude that your project's requirements are unsatisfiable.

      hint: `livity-airtable` was found on https://gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple, but not at the requested version (all versions of livity-airtable). A compatible version may be available on a
      subsequent index (e.g., https://pypi.org/simple). By default, uv will only consider versions that are published on the first index that contains a given package, to avoid dependency confusion attacks. If all indexes are
      equally trusted, use `--index-strategy unsafe-best-match` to consider all versions from all indexes, regardless of the order in which they were defined.
  help: If you want to add the package regardless of the failed resolution, provide the `--frozen` flag to skip locking and syncing.

Perhaps I'll have a look at the .netrc code. I barely know rust, but maybe I get lucky ;)

@zanieb
Copy link
Member

zanieb commented Nov 21, 2024

Oh, I think because the request returns a 404 instead of a 403 we don't look for credentials to retry the request with. If you include the username on the index URL, e.g. https://<username>@gitlab.com/api/v4/groups/${ID}/-/packages/pypi/simple that should force retrieval of the password.

It's weird they return a 404 instead of a 403 (if that is indeed the case).

Thanks for your patience working through this!

@rafalkrupinski
Copy link
Author

rafalkrupinski commented Nov 21, 2024

That worked 👍 Thank you for your help!

I agree 404 from gitlab is not perfect. I'll report it, but I guess that on purpose - security by obscurity.

Any good reason for trying unauthenticated request first even when we provide credentials?

@Real-Gecko

This comment was marked as off-topic.

@Real-Gecko

This comment was marked as off-topic.

@zanieb

This comment was marked as off-topic.

@Real-Gecko

This comment was marked as off-topic.

@zanieb

This comment was marked as off-topic.

@Real-Gecko

This comment was marked as off-topic.

@Real-Gecko

This comment was marked as off-topic.

@zanieb

This comment was marked as off-topic.

@Real-Gecko

This comment was marked as off-topic.

@rafalkrupinski

This comment was marked as off-topic.

@rafalkrupinski
Copy link
Author

rafalkrupinski commented Nov 22, 2024

@zanieb can you tell me why uv tries to make unauthenticated requests to servers with configured credentials? It might help with the issue report to gitlab. Thanks!

@zanieb

This comment was marked as off-topic.

@zanieb
Copy link
Member

zanieb commented Nov 22, 2024

@rafalkrupinski working on tracking down the discussion about it. If I remember correctly, this is necessary to avoid sending credentials to servers that will fail without them. I think GitHub will return a 403 to a public repository if you attach credentials if you are setting up authentication some other repository, attaching credentials eagerly causes problems.

@Real-Gecko

This comment was marked as off-topic.

@zanieb
Copy link
Member

zanieb commented Nov 22, 2024

@rafalkrupinski The change was in #3130

@Real-Gecko

This comment was marked as off-topic.

@rafalkrupinski
Copy link
Author

@zanieb

this is necessary to avoid sending credentials to servers that will fail without them.

You can't make everyone happy...
You mean servers that will fail with them?

@zanieb
Copy link
Member

zanieb commented Nov 22, 2024

Sorry yeah.. "that will fail with them".

We have an awkward problem here where server behavior is inconsistent and it's very hard to have good behavior across all of them.

@rafalkrupinski
Copy link
Author

So I understand this is a WONTFIX, because of how github handles authenticated requests, unless you want to add workarounds for quirks specific to servers (github, gitlab, etc).

Another thing would be adding gitlab idiosyncrasies to the index section in the docs.

@rafalkrupinski
Copy link
Author

I mean I'm happy that there's a workaround :)

@rafalkrupinski rafalkrupinski changed the title Can't resolve a package version [private gitlab index, poetry managed dependency] Can't resolve a package version from private gitlab package index Nov 22, 2024
@zanieb
Copy link
Member

zanieb commented Nov 22, 2024

I'm happy to review a pull request adding a note to the documentation.

I think it'd be nice if both GitHub and GitLab had better behavior here :)

We could add a specific workaround for GitLab, it might not work in all cases (e.g., if there's a proxy that changes the domain) but it seems reasonable. It also might be bad for performance if we try to retrieve credentials whenever there's a missing package.

@rafalkrupinski
Copy link
Author

rafalkrupinski commented Nov 22, 2024

I'm happy to review a pull request adding a note to the documentation.

This much I can do ;)

The rest I'll leave for you to decide.

@FishAlchemist
Copy link
Contributor

FishAlchemist commented Nov 23, 2024

We could add a specific workaround for GitLab

Since GitLab supports self-managed instances, it's not possible to identify a GitLab instance solely based on its domain, except for the official ones.

Therefore, unless we can determine if the other end is a GitLab instance during transmission, additional support may require informing the UV that the other end is indeed GitLab.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants