Github 密钥策略更新后 Github 的 Pip 安装损坏
Pip install from Github broken after Github keys policy update
我通常会使用(例如)从 Github 安装 Python 存储库:
pip install git+git://github.com/Artory/drf-hal-json@master
并且一致地,我的“requirements.txt”会在某处包含 git+git://github.com/Artory/drf-hal-json@master。
今天失败了。完整的回溯如下,但相关部分是:
The unauthenticated git protocol on port 9418 is no longer supported.
感谢微软。回溯指向 this link 关于更新。 link 上的大部分页面都在谈论更新不太可能影响很多人(再次感谢微软),其余部分涉及我太菜鸟无法理解的密码学。标题为“git://”的部分简单地写着:
On the Git protocol side, unencrypted git:// offers no integrity or
authentication, making it subject to tampering. We expect very few
people are still using this protocol, especially given that you can’t
push (it’s read-only on GitHub). We’ll be disabling support for this
protocol.
这并不能帮助我理解如何更新我的 requirements.txt 以使其再次工作。你能告诉我如何更新我的 requirements.txt 以使其再次工作吗?完整回溯如下:
(venv) neil~/Documents/Code/web_app$ pip install git+git://github.com/Artory/drf-hal-json@master
Collecting git+git://github.com/Artory/drf-hal-json@master
Cloning git://github.com/Artory/drf-hal-json (to revision master) to /tmp/pip-req-build-zowfe130
Running command git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130
fatal: remote error:
The unauthenticated git protocol on port 9418 is no longer supported.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
WARNING: Discarding git+git://github.com/Artory/drf-hal-json@master. Command errored out with exit status 128: git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130 Check the logs for full command output.
ERROR: Command errored out with exit status 128: git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130 Check the logs for full command output.
WARNING: You are using pip version 21.2.4; however, version 22.0.4 is available.
You should consider upgrading via the '/home/neil/Documents/Code/web_app/venv/bin/python -m pip install --upgrade pip' command.
在您给 pip 的 URL 中,git+git 表示要通过未经身份验证的 Git 存储库(第一个 git) =13=] 协议(第二个 git)。假设您想在这里继续使用匿名访问,您可以简单地重写命令以使用 git+https,它通过安全 HTTPS 协议访问 Git 存储库。
因此您的命令将如下所示:
$ pip install git+https://github.com/Artory/drf-hal-json@master
我刚刚在 VM 中进行了测试,似乎可以正常工作。如果你还有其他这样的URL,按照同样的方法改一下应该有效。
我通常会使用(例如)从 Github 安装 Python 存储库:
pip install git+git://github.com/Artory/drf-hal-json@master
并且一致地,我的“requirements.txt”会在某处包含 git+git://github.com/Artory/drf-hal-json@master。
今天失败了。完整的回溯如下,但相关部分是:
The unauthenticated git protocol on port 9418 is no longer supported.
感谢微软。回溯指向 this link 关于更新。 link 上的大部分页面都在谈论更新不太可能影响很多人(再次感谢微软),其余部分涉及我太菜鸟无法理解的密码学。标题为“git://”的部分简单地写着:
On the Git protocol side, unencrypted git:// offers no integrity or authentication, making it subject to tampering. We expect very few people are still using this protocol, especially given that you can’t push (it’s read-only on GitHub). We’ll be disabling support for this protocol.
这并不能帮助我理解如何更新我的 requirements.txt 以使其再次工作。你能告诉我如何更新我的 requirements.txt 以使其再次工作吗?完整回溯如下:
(venv) neil~/Documents/Code/web_app$ pip install git+git://github.com/Artory/drf-hal-json@master
Collecting git+git://github.com/Artory/drf-hal-json@master
Cloning git://github.com/Artory/drf-hal-json (to revision master) to /tmp/pip-req-build-zowfe130
Running command git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130
fatal: remote error:
The unauthenticated git protocol on port 9418 is no longer supported.
Please see https://github.blog/2021-09-01-improving-git-protocol-security-github/ for more information.
WARNING: Discarding git+git://github.com/Artory/drf-hal-json@master. Command errored out with exit status 128: git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130 Check the logs for full command output.
ERROR: Command errored out with exit status 128: git clone -q git://github.com/Artory/drf-hal-json /tmp/pip-req-build-zowfe130 Check the logs for full command output.
WARNING: You are using pip version 21.2.4; however, version 22.0.4 is available.
You should consider upgrading via the '/home/neil/Documents/Code/web_app/venv/bin/python -m pip install --upgrade pip' command.
在您给 pip 的 URL 中,git+git 表示要通过未经身份验证的 Git 存储库(第一个 git) =13=] 协议(第二个 git)。假设您想在这里继续使用匿名访问,您可以简单地重写命令以使用 git+https,它通过安全 HTTPS 协议访问 Git 存储库。
因此您的命令将如下所示:
$ pip install git+https://github.com/Artory/drf-hal-json@master
我刚刚在 VM 中进行了测试,似乎可以正常工作。如果你还有其他这样的URL,按照同样的方法改一下应该有效。