Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Poetry hangs resolving ssh dependencies from unknown hosts #9618

Open
Yarn opened this issue Aug 10, 2024 · 5 comments · May be fixed by #9638
Open

Poetry hangs resolving ssh dependencies from unknown hosts #9618

Yarn opened this issue Aug 10, 2024 · 5 comments · May be fixed by #9638
Labels
area/installer Related to the dependency installer area/sources Releated to package sources/indexes/repositories kind/bug Something isn't working as expected status/triage This issue needs to be triaged

Comments

@Yarn
Copy link

Yarn commented Aug 10, 2024

Description

Running poetry lock will hang forever without any indication of why.

Running poetry lock -vvv shows ssh's interactive prompt, e.g.

The authenticity of host 'github.com (140.82.116.4)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

This prompt can be accepted and future runs can succeed.

Workarounds

Run poetry lock -vvv and interact with the ssh prompt

Poetry Installation Method

pip

Operating System

Arch

Poetry Version

1.8.3

Poetry Configuration

cache-dir = "/home/ryan/.cache/pypoetry"
experimental.system-git-client = false
installer.max-workers = null
installer.modern-installation = true
installer.no-binary = null
installer.parallel = true
keyring.enabled = true
solver.lazy-wheel = true
virtualenvs.create = true
virtualenvs.in-project = null
virtualenvs.options.always-copy = false
virtualenvs.options.no-pip = false
virtualenvs.options.no-setuptools = false
virtualenvs.options.system-site-packages = false
virtualenvs.path = "{cache-dir}/virtualenvs"  # /home/ryan/.cache/pypoetry/virtualenvs
virtualenvs.prefer-active-python = false
virtualenvs.prompt = "{project_name}-py{python_version}"
warnings.export = true

Python Sysconfig

No response

Example pyproject.toml

No response

Poetry Runtime Logs

issue does not occur with `-vvv`
@Yarn Yarn added kind/bug Something isn't working as expected status/triage This issue needs to be triaged labels Aug 10, 2024
@dimbleby
Copy link
Contributor

dimbleby commented Aug 10, 2024

Too bad, probably. I don't know any way to tell ssh always to fail non-interactively here.

If it shows up in verbose mode, that'll probably have to be good enough

You provided no way to reproduce this.

@Yarn
Copy link
Author

Yarn commented Aug 17, 2024

After writing the below I noticed -o BatchMode=yes which should disable any interactive prompts.

https://man.archlinux.org/man/ssh_config.5.en#BatchMode


I think -o StrictHostKeyChecking=yes would make this specific case fail non-interactively.

-o PasswordAuthentication=no I think would cover #9626

https://man.archlinux.org/man/ssh_config.5.en#StrictHostKeyChecking
https://man.archlinux.org/man/ssh_config.5.en#PasswordAuthentication

@Yarn
Copy link
Author

Yarn commented Aug 17, 2024

to reproduce the issue comment out any entries for github.com in ~/.ssh/known_hosts and ensure no system level ssh configuration disables host key checking for that host then use the following pyproject.toml

[tool.poetry]
name = "test"
version = "0.1.0"
description = ""
authors = [""]

[tool.poetry.dependencies]
poetry = { "git" = "[email protected]:python-poetry/poetry.git" }

@dimbleby
Copy link
Contributor

poetry uses dulwich for git clones, so next step is to persuade dulwich to use that parameter then

suggest you experiment with something like

diff --git a/src/poetry/vcs/git/backend.py b/src/poetry/vcs/git/backend.py
index 0fc00f0b..b3b28026 100644
--- a/src/poetry/vcs/git/backend.py
+++ b/src/poetry/vcs/git/backend.py
@@ -194,7 +194,7 @@ class Git:
         client: GitClient
         path: str

-        kwargs: dict[str, str] = {}
+        kwargs = {"ssh_command": "ssh -o BatchMode=yes"}
         credentials = get_default_authenticator().get_credentials_for_git_url(url=url)

         if credentials.password and credentials.username:

and submit a merge request if you can get it to work satisfactorily

@Yarn Yarn linked a pull request Aug 17, 2024 that will close this issue
2 tasks
@Secrus Secrus added area/installer Related to the dependency installer area/sources Releated to package sources/indexes/repositories labels Oct 13, 2024
@tplunket
Copy link

tplunket commented Dec 4, 2024

That isn't the only "failure case" for this though, the bug is that the "Resolving dependencies" message erases messages from the SSH client. E.g. if you are prompted to type in your passphrase to unlock your ssh key, that message gets erased and unless you notice the message flash for an instant and realize what it is, you'll spend hours trying to figure out why adding a git+ssh dependency suddenly starts making dependency resolution take forever. In other words, the messaging that it's resolving dependencies isn't actually accurate and overwriting the prompt that would allow it to proceed obscures what the user needs to do.

(In other words, dulwich seems to be doing the right thing, if only Poetry didn't overwrite the prompts.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/installer Related to the dependency installer area/sources Releated to package sources/indexes/repositories kind/bug Something isn't working as expected status/triage This issue needs to be triaged
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants