Skip to content

Commit

Permalink
pip >= 1.5 needs --allow-all-external
Browse files Browse the repository at this point in the history 
Starting from version 1.5, pip stopped downloading packages hosted in an
external site, even if there's a checksum in PyPI that we can check the
resulting package against. This breaks when downloading argparse==1.2.1 with
Python 2.6.

Here we allow all external downloads. It shouldn't be a security issue, as
we're still checking the package's hash against PyPI.

For more info, check
http://stackoverflow.com/questions/21021326/security-considerations-of-pip-allow-external
  • Loading branch information
@vitorbaptista
vitorbaptista committed Feb 13, 2014
1 parent d3e744e commit a5402f8
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions bin/travis-install-dependencies
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ sudo -u postgres psql -c 'CREATE DATABASE ckan_test WITH OWNER ckan_default;'
sudo -u postgres psql -c 'CREATE DATABASE datastore_test WITH OWNER ckan_default;'

export PIP_USE_MIRRORS=true
pip install -r requirements.txt
pip install -r dev-requirements.txt
pip install -r requirements.txt --allow-all-external
pip install -r dev-requirements.txt --allow-all-external

python setup.py develop

Expand Down

0 comments on commit a5402f8

Please sign in to comment.