Thursday, May 9, 2019

How to install pip when you are behind corporate MITM proxy?

How to install pip when you are behind corporate MITM proxy?

1) Execute this to download get-pip.py
curl -k https://bootstrap.pypa.io/get-pip.py -o get-pip.py

2) Open the get-pip.py file and change this line.
shutil.rmtree(tmpdir, ignore_errors=True)
to this line:
print ("Pip extracted to " + tmpdir)#shutil.rmtree(tmpdir, ignore_errors=True)

3) Execute this:
python get-pip.py
 It will error out but print name of the host it is trying to contact and also create a tmp folder and extract pip into that folder. Look at the output and notice last line:
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting pip
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /simple/pip/
  Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)) - skipping
  ERROR: Could not find a version that satisfies the requirement pip (from versions: none)
ERROR: No matching distribution found for pip
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)) - skipping
Pip extracted to /tmp/tmpKGoLfQ

 4) Now go to the tmp folder (something like tmpKGoLfQ) and add it to the path.
cd /tmp/tmpKGoLfQ
export PATH=$PATH:`pwd`

5) Execute this from tmp folder (/tmp/tmpKGoLfQ):

sudo python -m pip install pip --trusted-host pypi.org --trusted-host files.pythonhosted.org
 if you find another mirror is being used then add that as another trusted host.
 It will install pip and now you can use it normally. If you need to install another package you can add --trusted-host option as shown above or the better choice, install your corporation's root CA cert in python's cert store as displayed by:
python -c "import ssl; print(ssl.get_default_verify_paths())"


No comments: