Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pypi.py: Use HTTPS for PyPi. #36

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

pypi.py: Use HTTPS for PyPi. #36

wants to merge 1 commit into from

Conversation

vinsonlee
Copy link

PyPi now requires HTTPS after CVE-2016-5699.

http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html

This patch fixes this error on Fedora.

$ yolk --version
Traceback (most recent call last):
File "/usr/bin/yolk", line 9, in
load_entry_point('yolk==0.4.3', 'console_scripts', 'yolk')()
File "/usr/lib/python2.7/site-packages/yolk/cli.py", line 1090, in main
my_yolk.run()
File "/usr/lib/python2.7/site-packages/yolk/cli.py", line 180, in run
self.pypi = CheeseShop(self.options.debug)
File "/usr/lib/python2.7/site-packages/yolk/pypi.py", line 109, in init
self.get_cache()
File "/usr/lib/python2.7/site-packages/yolk/pypi.py", line 127, in get_cache
self.fetch_pkg_list()
File "/usr/lib/python2.7/site-packages/yolk/pypi.py", line 184, in fetch_pkg_list
package_list = self.list_packages()
File "/usr/lib/python2.7/site-packages/yolk/pypi.py", line 202, in list_packages
return self.xmlrpc.list_packages()
File "/usr/lib64/python2.7/xmlrpclib.py", line 1240, in call
return self.__send(self.__name, args)
File "/usr/lib64/python2.7/xmlrpclib.py", line 1599, in __request
verbose=self.__verbose
File "/usr/lib/python2.7/site-packages/yolk/pypi.py", line 64, in request
fhandle = opener.open(request)
File "/usr/lib64/python2.7/urllib2.py", line 437, in open
response = meth(req, response)
File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response
'http', request, response, code, msg, hdrs)
File "/usr/lib64/python2.7/urllib2.py", line 475, in error
return self._call_chain(_args)
File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
result = func(_args)
File "/usr/lib64/python2.7/urllib2.py", line 558, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 403: Must access using HTTPS instead of HTTP

Signed-off-by: Vinson Lee vlee@freedesktop.org

@vinsonlee
pypi.py: Use HTTPS for PyPi.
3f6d52e 
PyPi now requires HTTPS after CVE-2016-5699.

http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html

This patch fixes this error on Fedora.

$ yolk --version
Traceback (most recent call last):
  File "/usr/bin/yolk", line 9, in <module>
    load_entry_point('yolk==0.4.3', 'console_scripts', 'yolk')()
  File "/usr/lib/python2.7/site-packages/yolk/cli.py", line 1090, in main
    my_yolk.run()
  File "/usr/lib/python2.7/site-packages/yolk/cli.py", line 180, in run
    self.pypi = CheeseShop(self.options.debug)
  File "/usr/lib/python2.7/site-packages/yolk/pypi.py", line 109, in __init__
    self.get_cache()
  File "/usr/lib/python2.7/site-packages/yolk/pypi.py", line 127, in get_cache
    self.fetch_pkg_list()
  File "/usr/lib/python2.7/site-packages/yolk/pypi.py", line 184, in fetch_pkg_list
    package_list = self.list_packages()
  File "/usr/lib/python2.7/site-packages/yolk/pypi.py", line 202, in list_packages
    return self.xmlrpc.list_packages()
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1240, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1599, in __request
    verbose=self.__verbose
  File "/usr/lib/python2.7/site-packages/yolk/pypi.py", line 64, in request
    fhandle = opener.open(request)
  File "/usr/lib64/python2.7/urllib2.py", line 437, in open
    response = meth(req, response)
  File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib64/python2.7/urllib2.py", line 475, in error
    return self._call_chain(*args)
  File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib64/python2.7/urllib2.py", line 558, in http_error_default
    raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 403: Must access using HTTPS instead of HTTP

Signed-off-by: Vinson Lee <vlee@freedesktop.org>
@jhermann
Copy link

jhermann commented Jul 3, 2016

Please read the other issues first! This project is dead, go to yolk3k.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vinsonlee @jhermann