Skip to content

🐛 fix(env): prevent pip credential hang with private indexes#1030

Merged
gaborbernat merged 3 commits intopypa:mainfrom
gaborbernat:409
Apr 10, 2026
Merged

🐛 fix(env): prevent pip credential hang with private indexes#1030
gaborbernat merged 3 commits intopypa:mainfrom
gaborbernat:409

Conversation

@gaborbernat
Copy link
Copy Markdown
Collaborator

@gaborbernat gaborbernat commented Apr 10, 2026

Running python -m build against a private PyPI index that requires authentication causes the process to appear frozen. 🔒 pip prompts for credentials interactively, but since build captures subprocess output, the prompt is invisible and there is no way for the user to respond.

All pip subprocess calls now include --no-input, converting the silent hang into a clear authentication error. When the keyring CLI is available on PATH, build sets PIP_KEYRING_PROVIDER=subprocess (or UV_KEYRING_PROVIDER=subprocess for the uv installer) in the subprocess environment so the installer delegates credential lookups to the system keyring binary rather than trying to import keyring (which is unavailable inside the isolated build venv). This respects any user-set provider env var and is silently ignored by older pip versions that predate the flag. A build[keyring] optional extra is provided for convenience.

The corporate environments documentation is rewritten to reflect actual behavior: how keyring auto-detection works for both pip and uv installers, how to install keyring system-wide via pipx, and how to configure the keyring provider explicitly for CI or non-standard setups.

Fixes #409

@henryiii
Copy link
Copy Markdown
Contributor

🤖

I might steal the little robot. :)

@gaborbernat gaborbernat changed the title fix: prevent pip credential prompt hang in isolated builds 🐛 fix(env): prevent pip credential hang with private indexes Apr 10, 2026
Comment thread docs/how-to/corporate-environments.rst Outdated
@henryiii
Copy link
Copy Markdown
Contributor

henryiii commented Apr 10, 2026

Haven't used Claude Code, but pretty sure Claude Code has a configuration mechanism to force it to always run prek/pre-commit. Ah, yes, it's hooks: https://code.claude.com/docs/en/hooks-guide

Edit: ahh, this is a mergabilty check, never mind.

When a private PyPI index requires authentication, pip prompts for
credentials interactively. Since build captures subprocess output, the
prompt is invisible and the process appears stuck (issue pypa#409).

Pass --no-input to all pip invocations so pip fails fast with a clear
error instead of hanging. When the keyring CLI is on PATH, automatically
set PIP_KEYRING_PROVIDER=subprocess so pip delegates credential lookups
to the system keyring without needing it installed inside the isolated
build environment. Respect any user-set PIP_KEYRING_PROVIDER. Add a
keyring optional dependency for convenience (pip install build[keyring]).
The uv backend also supports keyring via UV_KEYRING_PROVIDER. When the
keyring CLI is on PATH and UV_KEYRING_PROVIDER is not already set, build
now sets it to subprocess for the uv installer too.
@gaborbernat gaborbernat marked this pull request as ready for review April 10, 2026 21:07
@gaborbernat gaborbernat enabled auto-merge (squash) April 10, 2026 21:12
@gaborbernat gaborbernat requested a review from henryiii April 10, 2026 21:12
Copy link
Copy Markdown
Contributor

@henryiii henryiii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really familiar with keyring, but this looks reasonable.

@gaborbernat gaborbernat merged commit d407530 into pypa:main Apr 10, 2026
65 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Build CLI stuck / pip prompt not working with private pypi index

2 participants