Ignore ssl certs for easy install python

Question

I have my lib which has setup as

setup.py

from setuptools import setup

setup(
    setup_requires=['pbr>=0.11.0'],
    pbr=True
)

setup.cfg

[metadata]
name = MyLib

[options]
zip_safe = False
include_package_data = True
install_requires =
    cython
    pyrex
    pymssql
    elementtree
    bleach
    BeautifulSoup4
    pytz
    MySQL_python
    retry
    elementtree
    Pyrex
dependency_links =
    https://pypi.mydomain.com/packages/

[files]
packages =
    MyLib
    MyLib.package1
    MyLib.package1.new1

[tool:wheel]
universal = 1

[flake8]
exclude =
    venv,
    .tox,
    .git,
    __pycache__,
    *.pyc,
    *.egg-info,
    .cache,
    .eggs,
max-line-length = 80

[tool:pytest]
testpaths=MyLib/tests
ignore=
    .tox
    .cache
    docs
    config.py
    venv

[coverage:run]
omit=
    MyLib/config.py

I am using this MyLib in my application requirements.txt

myapp/requirements.txt ... ... MyLib==1.2.3 ... ...

When I installed, with /usr/local/pyenv/versions/myapp/bin/pip install -i https://pypi.mydomain.com --trusted-host pypi.mydomain.com -r /opt/school/apps/myapp/requirements.txt, it was redirecting to pypi.python.org. Then I get that easy_install is using another config as ~/.pydistutils.cfg. I added as

~/.pydistutils.cfg

[easy_install]
index_url=https://pypi.mydomain.com/
find_links = https://pypi.mydomain.com/simple/
allow_hosts = pypi.mydomain.com

Now its not redirecting to pypi.python.org but it gives error for SSL.

/usr/local/pyenv/versions/myapp/bin/pip install -i https://pypi.mydomain.com --trusted-host pypi.mydomain.com -r /opt/school/apps/myapp/requirements.txt
Requirement already satisfied: appdirs==1.4.3 in /usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages (from -r /opt/school/apps/myapp/requirements.txt (line 1))
Requirement already satisfied: beautifulsoup4 in /usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages (from -r /opt/school/apps/myapp/requirements.txt (line 2))
Requirement already satisfied: bleach==2.0.0 in /usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages (from -r /opt/school/apps/myapp/requirements.txt (line 3))
Requirement already satisfied: click==6.7 in /usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages (from -r /opt/school/apps/myapp/requirements.txt (line 4))
Collecting MyLib==1.2.3 (from -r /opt/school/apps/myapp/requirements.txt (line 5))
  Downloading https://pypi.mydomain.com/packages/MyLib-1.2.3.tar.gz (221kB)
    100% |████████████████████████████████| 225kB 31.8MB/s
    Complete output from command python setup.py egg_info:
    Download error on https://pypi.mydomain.com/simple/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) -- Some packages may not be found!
    Download error on https://pypi.mydomain.com/pbr/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) -- Some packages may not be found!
    Couldn't find index page for 'pbr' (maybe misspelled?)
    Download error on https://pypi.mydomain.com/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) -- Some packages may not be found!
    No local packages or working download links found for pbr>=0.11.0
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-Lsc4UJ/MyLib/setup.py", line 5, in <module>
        pbr=True
      File "/usr/local/pyenv/versions/2.7.13/lib/python2.7/distutils/core.py", line 111, in setup
        _setup_distribution = dist = klass(attrs)
      File "/usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages/setuptools/dist.py", line 315, in __init__
        self.fetch_build_eggs(attrs['setup_requires'])
      File "/usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages/setuptools/dist.py", line 361, in fetch_build_eggs
        replace_conflicting=True,
      File "/usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages/pkg_resources/__init__.py", line 850, in resolve
        dist = best[req.key] = env.best_match(req, ws, installer)
      File "/usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1122, in best_match
        return self.obtain(req, installer)
      File "/usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1134, in obtain
        return installer(requirement)
      File "/usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages/setuptools/dist.py", line 429, in fetch_build_egg
        return cmd.easy_install(req)
      File "/usr/local/pyenv/versions/2.7.13/envs/myapp/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 659, in easy_install
        raise DistutilsError(msg)
    distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('pbr>=0.11.0')

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-Lsc4UJ/MyLib/

1. Is there any way to force dependency_links not to use ~/.pydistutils.cfg ?

If answer of 1 is NO, then how to ignore SSL for my pypi server?

Tried the solution given below.

# /usr/local/pyenv/versions/myapp/bin/python get-pip.py
Collecting pip
  Using cached https://files.pythonhosted.org/packages/5f/25/e52d3f31441505a5f3af41213346e5b6c221c9e086a166f3703d2ddaf940/pip-18.0-py2.py3-none-any.whl
Installing collected packages: pip
  Found existing installation: pip 9.0.1
    Uninstalling pip-9.0.1:
      Successfully uninstalled pip-9.0.1
Successfully installed pip-18.0

/usr/local/pyenv/versions/myapp/bin/pip install -i https://pypi.mydomain.com --trusted-host pypi.mydomain.com -r /opt/school/apps/myapp/requirements.txt
Looking in indexes: https://pypi.mydomain.com
Collecting MyLib==1.2.3 (from -r /opt/school/apps/myapp/requirements.txt (line 1))
  Downloading https://pypi.mydomain.com/packages/MyLib-1.2.3.tar.gz (221kB)
    100% |████████████████████████████████| 225kB 21.2MB/s
    Complete output from command python setup.py egg_info:
    Download error on https://pypi.mydomain.com/simple/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) -- Some packages may not be found!
    Download error on https://pypi.mydomain.com/pbr/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) -- Some packages may not be found!
    Couldn't find index page for 'pbr' (maybe misspelled?)
    Download error on https://pypi.mydomain.com/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) -- Some packages may not be found!
    No local packages or working download links found for pbr>=0.11.0
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-install-JD4AuE/MyLib/setup.py", line 5, in <module>
        pbr=True
      File "/usr/local/pyenv/versions/2.7.13/lib/python2.7/distutils/core.py", line 111, in setup
        _setup_distribution = dist = klass(attrs)
      File "/usr/local/pyenv/versions/cvcollect/lib/python2.7/site-packages/setuptools/dist.py", line 315, in __init__
        self.fetch_build_eggs(attrs['setup_requires'])
      File "/usr/local/pyenv/versions/cvcollect/lib/python2.7/site-packages/setuptools/dist.py", line 361, in fetch_build_eggs
        replace_conflicting=True,
      File "/usr/local/pyenv/versions/cvcollect/lib/python2.7/site-packages/pkg_resources/__init__.py", line 850, in resolve
        dist = best[req.key] = env.best_match(req, ws, installer)
      File "/usr/local/pyenv/versions/cvcollect/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1122, in best_match
        return self.obtain(req, installer)
      File "/usr/local/pyenv/versions/cvcollect/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1134, in obtain
        return installer(requirement)
      File "/usr/local/pyenv/versions/cvcollect/lib/python2.7/site-packages/setuptools/dist.py", line 429, in fetch_build_egg
        return cmd.easy_install(req)
      File "/usr/local/pyenv/versions/cvcollect/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 659, in easy_install
        raise DistutilsError(msg)
    distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('pbr>=0.11.0')

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-install-JD4AuE/MyLib/

Answer 1

The issue, as mentioned here is,

setuptools is trying to talk to PyPI, not pip, and that 3.6.0 on macOS does not have access to a CA Bundle by default and setuptools doesn't bundle one like pip does. You'll need to install something like certifi or raise an issue with setuptools.

You can force install new version of pip,

curl 'https://bootstrap.pypa.io/get-pip.py' > get-pip.py
sudo python get-pip.py

You can also try installing certifi as mentioned in the above issue,

pip install certifi

Certifi is a carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. It has been extracted from the Requests project.

TLS can be disabled using --trusted-host, but it is dangerous and not recommend at all.

pip install --trusted-host pypi.python.org pip --upgrade