This package depends on dotnet-sdk but installation of dotnet on Linux can be finnicky.

Various users of mine have had difficulty installing the dotnet requirement and I want to make it as easy as possible for them to authenticate with, and consume from, my ADO Python feed. It is also a requirement of Docker images my package consumers are using (bloat) - or is difficult to install in running Docker containers.

See this item from Visual Studio develop community for details of my use case.

Why does this package have a dependency on dotnet-sdk, and what'd be involved to remove this dependency?

Issue seems to be related to this bug in pip: pypa/pip#8103 (comment)
While that bug seems to have been fixed, whatever changed made there did not fix the problem with artifacts-keyring

If --extra-index-url is only in the requirements.txt artifacts-keyring won't try to get the credential. But if I include it in the command arguments it works as expected.

I had a clean Manjaro install and needed to use packages from Azure Artifacts.

After installing Dotnet 6.0 netstandard-targeting-pack-6.0.0.sdk100-2 dotnet-host-6.0.0.sdk100-2 dotnet-runtime-6.0.0.sdk100-2 dotnet-sdk-6.0.0.sdk100-2 dotnet-targeting-pack-6.0.0.sdk100-2
I got the following error when running this command (Sensitive info redacted)

pip install example-pkg-christian --index-url https://pkgs.dev.azure.com/redacted/redacted/_packaging/redacted/pypi/simple/

Unhandled exception. System.IO.FileNotFoundException: Could not load file or assembly 'System.Security.Cryptography.ProtectedData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'. The system cannot find the file specified.

File name: 'System.Security.Cryptography.ProtectedData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'
   at NuGetCredentialProvider.Util.EncryptedFile.ReadFileBytes(String filePath, Boolean readUnencrypted)
   at NuGetCredentialProvider.Util.SessionTokenCache.ReadFileBytes()
   at NuGetCredentialProvider.Util.SessionTokenCache.get_Cache()
   at NuGetCredentialProvider.Util.SessionTokenCache.TryGetValue(Uri key, String& value)
   at NuGetCredentialProvider.RequestHandlers.GetAuthenticationCredentialsRequestHandler.TryCache(GetAuthenticationCredentialsRequest request, String& cachedToken)
   at NuGetCredentialProvider.RequestHandlers.GetAuthenticationCredentialsRequestHandler.HandleRequestAsync(GetAuthenticationCredentialsRequest request)
   at NuGetCredentialProvider.Program.Main(String[] args)
   at NuGetCredentialProvider.Program.<Main>(String[] args)
WARNING: Keyring is skipped due to an exception: Failed to get credentials: process with PID 193656 exited with code -6; additional error message:
User for pkgs.dev.azure.com:

So instead I tried installing following packages
dotnet-host-6.0.0.sdk100-2 dotnet-runtime-3.1-3.1.20.sdk120-1 dotnet-targeting-pack-3.1-3.1.20.sdk120-1 netstandard-targeting-pack-6.0.0.sdk100-2 dotnet-sdk-3.1-3.1.20.sdk120-1

and now it worked.

[Minimal] [CredentialProvider]ATTENTION: User interaction required.

    **********************************************************************

    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code REDACTED to authenticate.

    **********************************************************************

PS. @microsoft please don't move the possibility to raise issues on your open-source code away from Github and into your awful developer portal.

Hello,
according to the readme of this project the requirement should include a dotnet runtime not a dotnet SDK.
The following lines check for the installation of a full SDK rather than a runtime

According to this issue the proper command should be

dotnet --info

and not

dotnet --version

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

I'm trying to install this package on ubuntu in a docker container and get the following error.

pip install artifacts-keyring
Collecting artifacts-keyring
  Downloading artifacts_keyring-0.2.9-py2.py3-none-any.whl (4.8 MB)
     |████████████████████████████████| 4.8 MB 1.3 MB/s 
Collecting keyring>=16.0
  Downloading keyring-21.1.0-py2.py3-none-any.whl (31 kB)
ERROR: Could not find a version that satisfies the requirement dotnetcore2; sys_platform != "win32" and python_version >= "3.0" (from artifacts-keyring) (from versions: none)
ERROR: No matching distribution found for dotnetcore2; sys_platform != "win32" and python_version >= "3.0" (from artifacts-keyring)

it seems that the package requires dot net. and there are no available versions. any help on how i can fix this would be appreciated as we need to download a python package from a devops feed. This was working before Christmas but one of the more recent commits has broken it for me.

dotnet is not an obvious dependency of artifacts-keyring.

As a developer on Azure, you will be met with instructions on portal.azure.com and dev.azure.com to pip install keyring artifacts-keyring in order to access feeds in Azure Artifacts.

The same goes for many guides posted by Microsoft and throughout documentation. Dotnet is a pretty substantial dependency and while this package can't be responsible for how the rest of Microsoft advertises its usage, it should fail early, at install time, when dependencies are not met.

Running pip install keyring artifacts-keyring should either install all dependencies or fail, with an error message that is understandable to most Python developers.

As of now, artifacts-keyring will successfully install without installing all dependencies. If necessary dependencies cannot be resolved by pip nor setup.py, I think it is best that the package fails to install.

You used to be able to pip install artifacts-keyring it will install successfully and work.

Now it will install successfully and fail at runtime saying that dotnet isn't available.

There are no documentation changes on how to install it. Looking around, I wonder if I need to manually download and install the entire .Net core runtime just to be able to authenticate with Azure's package repository.

We have multiple feeds for our company.
We use the same authentication for both, but the following code will ask the user to authenticate twice.

Is this intended?
It does not create a user friendly experience

from artifacts_keyring import CredentialProvider
feeds = ["feed1", "feed2"]

for f in feeds:
    CredentialProvider().get_credentials(url=f"https://pkgs.dev.azure.com/COMPANY/PROJECT/_packaging/{f}/pypi/simple/")

This does however work for twine uploading. Have set a personal access token for myself and set TWINE_USERNAME, TWINE_PASSWORD and TWINE_REPOSITORY_URL. Packages can be successfully uploaded (package is already uploaded hence the error):

$ twine upload dist/*
Uploading distributions to https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/upload
Uploading <name>-0.2.0.dev1-py3-none-any.whl
100%|████████████████████████████████████████████████████████████████████████| 59.6k/59.6k [00:00<00:00, 73.7kB/s]
NOTE: Try --verbose to see response content.
HTTPError: 409 Client Error: Conflict - The feed '<feed>' already contains file '<name>-0.2.0.dev1-py3-none-any.whl' in package '<name> 0.2.0.dev1'. (DevOps Activity ID: ***-***-***-***-***) for url: https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/upload

However, I want to install the same package using pip non-interactively and have set the environment variable ARTIFACTS_KEYRING_NONINTERACTIVE_MODE to true. This fails the pip installation as can be seen below:

$ ARTIFACTS_KEYRING_NONINTERACTIVE_MODE=true
$ export ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
$ printenv ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
true
$ pip install --extra-index-url https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
 --no-cache-dir <name>==0.2.0.dev1
Looking in indexes: https://pypi.org/simple, https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>
/pypi/simple/
ERROR: Could not find a version that satisfies the requirement <name>==0.2.0.dev1 (from versions: none)
ERROR: No matching distribution found for <name>==0.2.0.dev1

Setting it to false outputs the prompt to open the browser and give permission:

$ ARTIFACTS_KEYRING_NONINTERACTIVE_MODE=false
$ export ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
$ printenv ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
false
$ pip install --extra-index-url https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
 --no-cache-dir <name>==0.2.0.dev1
Looking in indexes: https://pypi.org/simple, https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
[Minimal] [CredentialProvider]DeviceFlow: https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
[Minimal] [CredentialProvider]ATTENTION: User interaction required. 

    **********************************************************************

    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code *** to authenticate.

    **********************************************************************

Any help would be much appreciated!

Notes:

• I would specifically like to use pip and possibly env vars to solve this issue
• I am running Ubuntu 19.10

This does however work for twine uploading. Have set a personal access token for myself and set TWINE_USERNAME, TWINE_PASSWORD and TWINE_REPOSITORY_URL. Packages can be successfully uploaded (package is already uploaded hence the error):

$ twine upload dist/*
Uploading distributions to https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/upload
Uploading <name>-0.2.0.dev1-py3-none-any.whl
100%|████████████████████████████████████████████████████████████████████████| 59.6k/59.6k [00:00<00:00, 73.7kB/s]
NOTE: Try --verbose to see response content.
HTTPError: 409 Client Error: Conflict - The feed '<feed>' already contains file '<name>-0.2.0.dev1-py3-none-any.whl' in package '<name> 0.2.0.dev1'. (DevOps Activity ID: ***-***-***-***-***) for url: https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/upload

However, I want to install the same package using pip non-interactively and have set the environment variable ARTIFACTS_KEYRING_NONINTERACTIVE_MODE to true. This fails the pip installation as can be seen below:

$ ARTIFACTS_KEYRING_NONINTERACTIVE_MODE=true
$ export ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
$ printenv ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
true
$ pip install --extra-index-url https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
 --no-cache-dir <name>==0.2.0.dev1
Looking in indexes: https://pypi.org/simple, https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>
/pypi/simple/
ERROR: Could not find a version that satisfies the requirement <name>==0.2.0.dev1 (from versions: none)
ERROR: No matching distribution found for <name>==0.2.0.dev1

Setting it to false outputs the prompt to open the browser and give permission:

$ ARTIFACTS_KEYRING_NONINTERACTIVE_MODE=false
$ export ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
$ printenv ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
false
$ pip install --extra-index-url https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
 --no-cache-dir <name>==0.2.0.dev1
Looking in indexes: https://pypi.org/simple, https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
[Minimal] [CredentialProvider]DeviceFlow: https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
[Minimal] [CredentialProvider]ATTENTION: User interaction required. 

    **********************************************************************

    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code *** to authenticate.

    **********************************************************************

Any help would be much appreciated!

Notes:

• I would specifically like to use pip and possibly env vars to solve this issue
• I am running Ubuntu 19.10

Hi,
Thanks for this great package.
Following the instructions provided in the Readme file, I can install a Python package from its private artifact in Azure Devops. However, when I try to repeat the operation from within a virtual environment, I get the following error:

ERROR: Could not find a version that satisfies the requirement my_package (from versions: none)
ERROR: No matching distribution found for my_package

I am on Windows 10. I use Python 3.6.5 and pip 19.2.2.
I created the virtual environment with the built-in "venv" command as follows:

> python -m venv my_virtual_env

Any idea where the error is coming from?
Best,
Pierre-Julien

setup.py packages everything in src directory which includes tests directory. tests is now polluting PYTHONPATH.

Example:

$ python3.7 -m venv env
$ . env/bin/activate
$ ls env/lib/python3.7/site-packages/tests
ls: env/lib/python3.7/site-packages/tests: No such file or directory
$ pip install artifacts-keyring
$ ls env/lib/python3.7/site-packages/tests
__init__.py     __pycache__     test_backend.py

We have two security updates that needs to be merged
985455-DotNet (Nuget) Security Update for Newtonsoft.Json (GHSA-5crp-9r3c-p9vr)
988976-DotNet (Nuget) Security Update for NuGet.CommandLine (GHSA-g3q9-xf95-8hp5)

I sometimes get the following error, when using artifacts-keyring on WSL.

Unhandled exception. System.PlatformNotSupportedException: Wait operations on multiple wait handles including a named synchronization primitive are not supported on this platform.
   at System.Threading.WaitHandle.WaitMultipleIgnoringSyncContext(IntPtr* waitHandles, Int32 numHandles, Boolean waitAll, Int32 millisecondsTimeout)
   at System.Threading.WaitHandle.WaitMultiple(ReadOnlySpan`1 waitHandles, Boolean waitAll, Int32 millisecondsTimeout)
   at System.Threading.WaitHandle.WaitMultiple(WaitHandle[] waitHandles, Boolean waitAll, Int32 millisecondsTimeout)
   at System.Threading.WaitHandle.WaitAny(WaitHandle[] waitHandles, Int32 millisecondsTimeout)
   at NuGetCredentialProvider.Util.SessionTokenCache.get_Cache()
   at NuGetCredentialProvider.Util.SessionTokenCache.TryGetValue(Uri key, String& value)
   at NuGetCredentialProvider.RequestHandlers.GetAuthenticationCredentialsRequestHandler.TryCache(GetAuthenticationCredentialsRequest request, String& cachedToken)
   at NuGetCredentialProvider.RequestHandlers.GetAuthenticationCredentialsRequestHandler.HandleRequestAsync(GetAuthenticationCredentialsRequest request)

Retrying usually helps, so no biggy, but feels like a difficult bug.

Steps to reproduce:

1. Run Ubuntu on WSL on Windows
2. Install Poetry
3. Add artifacts keyring (poetry self add artifacts-keyring)
4. Try running poetry install on project that has Azure Artifacts as default source

I'm using Poetry, but I wonder if that is the problem?

This does however work for twine uploading. Have set a personal access token for myself and set TWINE_USERNAME, TWINE_PASSWORD and TWINE_REPOSITORY_URL. Packages can be successfully uploaded (package is already uploaded hence the error):

$ twine upload dist/*
Uploading distributions to https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/upload
Uploading <name>-0.2.0.dev1-py3-none-any.whl
100%|████████████████████████████████████████████████████████████████████████| 59.6k/59.6k [00:00<00:00, 73.7kB/s]
NOTE: Try --verbose to see response content.
HTTPError: 409 Client Error: Conflict - The feed '<feed>' already contains file '<name>-0.2.0.dev1-py3-none-any.whl' in package '<name> 0.2.0.dev1'. (DevOps Activity ID: ***-***-***-***-***) for url: https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/upload

However, I want to install the same package using pip non-interactively and have set the environment variable ARTIFACTS_KEYRING_NONINTERACTIVE_MODE to true. This fails the pip installation as can be seen below:

$ ARTIFACTS_KEYRING_NONINTERACTIVE_MODE=true
$ export ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
$ printenv ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
true
$ pip install --extra-index-url https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
 --no-cache-dir <name>==0.2.0.dev1
Looking in indexes: https://pypi.org/simple, https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>
/pypi/simple/
ERROR: Could not find a version that satisfies the requirement <name>==0.2.0.dev1 (mfrom versions: none)
ERROR: No matching distribution found for <name>==0.2.0.dev1

Setting it to false outputs the prompt to open the browser and give permission:

$ ARTIFACTS_KEYRING_NONINTERACTIVE_MODE=false
$ export ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
$ printenv ARTIFACTS_KEYRING_NONINTERACTIVE_MODE
false
$ pip install --extra-index-url https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
 --no-cache-dir <name>==0.2.0.dev1
Looking in indexes: https://pypi.org/simple, https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
[Minimal] [CredentialProvider]DeviceFlow: https://pkgs.dev.azure.com/<org>/test/_packaging/<feed>/pypi/simple/
[Minimal] [CredentialProvider]ATTENTION: User interaction required. 

    **********************************************************************

    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code *** to authenticate.

    **********************************************************************

Any help would be much appreciated!

Notes:

• I would specifically like to use pip and possibly env vars to solve this issue
• I am running Ubuntu 19.10

Fails with error message in title.

Environment:

• latest linux mint
• python 3.11.2
• pip install artifacts-keyring

pip install <whatever> --index-url=<our_azure_devops_package_feed_url>

Fails and the warning is generated. Any information on what might be the issue is missing due to no message.

Hei, could you please add to the readme how to use the package to add private packages to poetry evironment via pyproject.toml [[tool.poetry.source]] ).

Given that there is no username/password or explicit certificates, this is not obvious thanks!

Hi,

I’m trying to install a python package using private index from Azure Artifacts feed, and get the error message:

It’s strange that several members of our team use this method, but some succeed and some fail. Is this because we have different access rights？

Note: I tried to add ALL FTE and a specified user as contributor in Permission tab of Feed, but still got the same error…

Environment

Windows 2004, WSL2, Ubuntu 20.04, python3.8

How to reproduce

(virtual) ➜  ~pip install keyring artifacts-keyring
Collecting keyring
  Downloading keyring-21.2.1-py3-none-any.whl (31 kB)
Collecting artifacts-keyring
  Using cached artifacts_keyring-0.2.9-py2.py3-none-any.whl (4.8 MB)
Collecting jeepney>=0.4.2; sys_platform == "linux"
  Downloading jeepney-0.4.3-py3-none-any.whl (21 kB)
Collecting SecretStorage>=3; sys_platform == "linux"
  Downloading SecretStorage-3.1.2-py3-none-any.whl (14 kB)
Collecting dotnetcore2; sys_platform != "win32" and python_version >= "3.0"
  Using cached dotnetcore2-2.1.14-py3-none-manylinux1_x86_64.whl (29.3 MB)
Collecting requests>=2.20.0
  Downloading requests-2.23.0-py2.py3-none-any.whl (58 kB)
     |████████████████████████████████| 58 kB 519 kB/s
Collecting cryptography
  Downloading cryptography-2.9.2-cp35-abi3-manylinux2010_x86_64.whl (2.7 MB)
     |████████████████████████████████| 2.7 MB 1.0 MB/s
Collecting distro>=1.2.0
  Using cached distro-1.5.0-py2.py3-none-any.whl (18 kB)
Collecting idna<3,>=2.5
  Downloading idna-2.9-py2.py3-none-any.whl (58 kB)
     |████████████████████████████████| 58 kB 3.8 MB/s
Collecting chardet<4,>=3.0.2
  Downloading chardet-3.0.4-py2.py3-none-any.whl (133 kB)
     |████████████████████████████████| 133 kB 24.4 MB/s
Collecting urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1
  Downloading urllib3-1.25.9-py2.py3-none-any.whl (126 kB)
     |████████████████████████████████| 126 kB 19.0 MB/s
Collecting certifi>=2017.4.17
  Downloading certifi-2020.4.5.2-py2.py3-none-any.whl (157 kB)
     |████████████████████████████████| 157 kB 21.0 MB/s
Collecting cffi!=1.11.3,>=1.8
  Downloading cffi-1.14.0-cp38-cp38-manylinux1_x86_64.whl (409 kB)
     |████████████████████████████████| 409 kB 30.2 MB/s
Collecting six>=1.4.1
  Downloading six-1.15.0-py2.py3-none-any.whl (10 kB)
Collecting pycparser
  Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)
     |████████████████████████████████| 112 kB 29.0 MB/s
Installing collected packages: jeepney, pycparser, cffi, six, cryptography, SecretStorage, keyring, distro, dotnetcore2, idna, chardet, urllib3, certifi, requests, artifacts-keyring
Successfully installed SecretStorage-3.1.2 artifacts-keyring-0.2.9 certifi-2020.4.5.2 cffi-1.14.0 chardet-3.0.4 cryptography-2.9.2 distro-1.5.0 dotnetcore2-2.1.14 idna-2.9 jeepney-0.4.3 keyring-21.2.1 pycparser-2.20 requests-2.23.0 six-1.15.0 urllib3-1.25.9

Then i try to download the package

(virtual) ➜  ~ pip install xxxx --index-url=https://msasg.pkgs.visualstudio.com/xxxxx
Looking in indexes: https://msasg.pkgs.visualstudio.com/xxxxxx
No usable version of the libssl was found
WARNING: Keyring is skipped due to an exception: Failed to get credentials: process with PID 29331 exited with code -6; additional error message:
User for msasg.pkgs.visualstudio.com:

The keyring doesn't seem to be working correctly, and it tell me No usable version of the libssl was found, but i found my libssl at here:

➜  /usr find /usr -name "libssl*"
/usr/lib/x86_64-linux-gnu/libssl.so.1.1
/usr/share/doc/libssl1.1

How could i slove this problem?

The login UI doesn't work under pipenv (the officially recommended application dependency management tool).

I think it has to do with Pipenv running pip in subprocesses and hiding the stdout/stderr streams. This broke our development workflow.

Workaround

• generate a Personal Access Token with Packaging Read permission manually
• store in OS keyring (secret service on ubuntu, keyring on macos, credential manager on windows)
• use a shell script with-artifacts.sh|.ps1 to load the PAT from the keyring and expose it as an environment variable ARTIFACTS_TOKEN for the duration of a single command invocation
• use environment variable interpolation in your Pipfile to load the PAT from the environment when calling with-artifacts pipenv lock|sync

[[source]]
url = "https://azure:${ARTIFACTS_TOKEN}@pkgs.dev.azure.com/<organization>/_packaging/<feed>/pypi/simple"
verify_ssl = true
name = "artifacts"

Hello.

I am trying to upload / install python packages from my local machine to an Artifacts feed.

I have followed the twine / artifacts-keyring instructions on Azure Devops.

When I go to upload my package

twine upload -r [hidden pypi name] dist/*

I always get the warning:

No usable version of the libssl was found
/home/---/anaconda3/envs/---/lib/python3.7/site-packages/twine/auth.py:61: UserWarning: Failed to get credentials: process with PID 20951 exited with code -6; additional error message: 

Then when I try to use my username and password credentials, they do not work.

I am running these packages with python 3.7.7 on pop_os! 19.10.

Thanks in advance.

I have a package that depends on a package that requires authentication to be consumed from an Azure Artifacts feed.

I was wondering how the authentication scheme of artifacts-keyring interplay with defining a package installation through setuptools.setup. Since installing my dependency package requires artifacts and artifacts-keyring, then these packages cannot simply be defined in the install_requires keyword and does not seem to work when defined through setup_requires either.

Does there exist any advice from the side of this project on how I can define my setuptools.setup so that I can install my new package only through:

pip install <package name> --index-url https://pkgs.dev.azure.com/<org_name>/_packaging/<feed_name>/pypi/simple

or would I have to enforce installation as a two step process?

While trying to use this in WSL 1 (Ubuntu 18.04 LTS), I was running into the following issue when attempting to install a package from my artifact feed after installing artifacts-keyring:

Unhandled Exception: System.ComponentModel.Win32Exception: GSSAPI operation failed with error - An invalid status code was supplied (Unknown error). 
   at System.Net.Security.NegotiateStreamPal.AcquireCredentialsHandle(String package, Boolean isServer, NetworkCredential credential)
   at System.Net.NTAuthentication.Initialize(Boolean isServer, String package, NetworkCredential credential, String spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding)
   at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, HttpConnectionPool connectionPool, CancellationToken can
cellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithNtConnectionAuthAsync(HttpConnection connection, HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, Cancellation
Token cancellationToken)
   at System.Net.Http.HttpConnectionPool.EstablishProxyTunnel(CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at NuGetCredentialProvider.CredentialProviders.Vsts.AuthUtil.GetResponseHeadersAsync(Uri uri, CancellationToken cancellationToken)
   at NuGetCredentialProvider.CredentialProviders.Vsts.AuthUtil.IsVstsUriAsync(Uri uri)
   at NuGetCredentialProvider.CredentialProviders.Vsts.VstsCredentialProvider.CanProvideCredentialsAsync(Uri uri)
   at NuGetCredentialProvider.RequestHandlers.GetAuthenticationCredentialsRequestHandler.HandleRequestAsync(GetAuthenticationCredentialsRequest request)
   at NuGetCredentialProvider.Program.Main(String[] args)
   at NuGetCredentialProvider.Program.<Main>(String[] args)
WARNING: Keyring is skipped due to an exception: Failed to get credentials: process with PID 17938 exited with code -6; additional error message: 

Doing some searching I found https://stackoverflow.com/questions/50276060/a-call-to-sspi-failed-gssapi-operation-failed-with-error-an-invalid-status-cod for an unrelated issue with running WCF based .NET core code on Linux, but had a similar error as mine, which ended up fixing my problem.

For WSL/Linux users running into as GSSAPI error, they may need to run the following (example given for debian):

sudo apt-get update && sudo apt-get install -y --no-install-recommends gss-ntlmssp

Should this information be added to the docs or readme?

I'm running arch-linux and it seems I'm not missing any dependencies.

pip install -U --extra-index-url PRIVATE PRIVATE         (pt6) 

Looking in indexes: https://pypi.org/simple, https://pkgs.dev.azure.com/maluuba/philly-tools/_packaging/pt/pypi/simple/
/home/guillaume/anaconda3/envs/pt6/lib/python3.7/site-packages/artifacts_keyring/plugin.py:58: UserWarning: Choosing system dotnet over dotnetcore2 one since it is newer.
  warnings.warn("Choosing system dotnet over dotnetcore2 one since it is newer.")
[Minimal] [CredentialProvider]DeviceFlow: https://pkgs.dev.azure.com/maluuba/philly-tools/_packaging/pt/pypi/simple/
[Minimal] [CredentialProvider]ATTENTION: User interaction required. 

    **********************************************************************

    To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code PRIVATE to authenticate.

    **********************************************************************

[Information] [CredentialProvider]VstsCredentialProvider - Acquired bearer token using 'ADAL Device Code'
[Information] [CredentialProvider]VstsCredentialProvider - Attempting to exchange the bearer token for an Azure DevOps session token.
WARNING: Keyring is skipped due to an exception: Failed to get credentials: process with PID 706875 exited with code 2; additional error message: 

I get a valid code and I'm able to authenticate on the browser but it fails immediately after with no error. Then, its asks for the password as if artifacts-keyring was not installed. Is there somewhere I can find logs or anything that I could use to troubleshoot that?

I am trying to consume artifacts when building Docker locally, i.e. there are no Azure pipelines involved. And I just can't make it work. If I go the official documentation way and use an extra index url from my feed, then I can install packages after I authenticate through browser. However, if I build a docker image, then I can't use browser.
I tried to use PAT inside index url, but this just doesn't work or I do it wrongly. I've just read that PAT can't be used with corporate accounts. Could it be the case? My feed URL is like this:

https://<organization>.pkgs.visualstudio.com/<guid>/_packaging/<feed>/pypi/simple/

Whenever I try to make this url like

https://<username>:<token>@<organization>.pkgs.visualstudio.com/<guid>/_packaging/<feed>/pypi/simple/

I am asked for a username and password.

As a side note I do not really know what to use as my username, as my account is part of the organization and it's seems like the username is [email protected], i.e. with @ symbol in it.

At least when using the library with pip/vscode/azure initially artifacts-keyring ignores the pip.ini proxy settings leading to some confusing behavior, setting global proxy seems to fix the issue

artifacts-keyring always worked on linux for me but recent pip installs don't work with this message

WARNING: Keyring is skipped due to an exception: Unable to find dependency dotnet, please manually install the .NET Core runtime and ensure 'dotnet' is in your PATH. Error: [Errno 2] No such file or directory: 'dotnet': 'dotnet'

This happens on linux both with and without dotnet runtime installed. In the past it would work in both cases and now fails in both.

The issue seems to be coming from this change #31 it no longer works. Specifically, this

sys_version = tuple(int(i) for i in subprocess.check_output(["dotnet", "--version"]).decode().strip().partition("-")[0].split("."))

fails because dotnet --version does not work on linux even when dotnet runtimes are installed.

I am receiving error the following error when trying to connect to our Azure Artifacts instance via pip while behind my corporate firewall. I know that we use decryption in our firewalls and we need to trust our internal CA authority for connectivity. Is there a solution for that in either this package or Credential provider?

I am using python 3.10.11 and pip version 23.3.1 on Windows 10 21H2
Error - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1007)'

I receive the error when using either of the following commands

pip install azure-mgmt-search==9.1.0 --use-feature=truststore
pip install azure-mgmt-search==9.1.0

How to build a docker image that require an Azure private feed?

I'm trying to publish wheels to a DevOps Artifact feed from a GitHub action with twine. I have a Service Principal with access, based on the steps in MicrosoftDocs/azure-devops-docs#8141 (comment), but in the past we've always used PATs with artifacts-keyring (typically through VSS_NUGET_EXTERNAL_FEED_ENDPOINTS). You can't create a PAT for a Service Principal, so I'm trying to determine if there is any alternative available. Thanks!

Hi,

This tool depends on dotnetcore2, which distributes binary blob that does not support the new Mac OS 11.0 beta.

https://pypi.org/simple/dotnetcore2/

So installing this tool on a new Mac OS will result in No matching distribution found for dotnetcore2

Collecting keyring==19.2.0
  Using cached keyring-19.2.0-py2.py3-none-any.whl (34 kB)
Collecting artifacts-keyring==0.2.8rc0
  Using cached artifacts_keyring-0.2.8rc0-py2.py3-none-any.whl (4.0 MB)
Collecting entrypoints
  Using cached entrypoints-0.3-py2.py3-none-any.whl (11 kB)
Collecting requests>=2.20.0
  Using cached requests-2.24.0-py2.py3-none-any.whl (61 kB)
ERROR: Could not find a version that satisfies the requirement dotnetcore2; sys_platform != "win32" (from artifacts-keyring==0.2.8rc0) (from versions: none)
ERROR: No matching distribution found for dotnetcore2; sys_platform != "win32" (from artifacts-keyring==0.2.8rc0)

Since our development tool depends on artifacts-keyring, we will no longer be able to use future MacOS betas early.

Any idea or plan for this?

I am trying to install package from azure repo with the index url https://pkgs.dev.azure.com/****/_packaging/****/pypi/simple/ but I am getting below issue:
Looking in indexes: https://pkgs.dev.azure.com/****/_packaging/****/pypi/simple/

Unhandled Exception: System.IO.FileNotFoundException: Could not load file or assembly 'Microsoft.IdentityModel.Clients.ActiveDirectory, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
at NuGetCredentialProvider.Program.

Started getting the title error message on a previously working artifact-keyring installation.
I am trying to connect to a python Azure artifact feed via pip.

I tried clearing my pip cache and doing a fresh install of artifact-keyring as specified in the documentation but am still having the same issues.

On a fresh install of Ubuntu 22.04 with dotnet installed, the --version option is not supported anymore:

ros@d665bfb9c57c:/$ dotnet --version
The command could not be loaded, possibly because:
  * You intended to execute a .NET application:
      The application '--version' does not exist.
  * You intended to execute a .NET SDK command:
      No .NET SDKs were found.

Download a .NET SDK:
https://aka.ms/dotnet-download

Learn about SDK resolution:
https://aka.ms/dotnet/sdk-not-found
ros@d665bfb9c57c:/$ dotnet

Usage: dotnet [options]
Usage: dotnet [path-to-application]

Options:
  -h|--help         Display help.
  --info            Display .NET information.
  --list-sdks       Display the installed SDKs.
  --list-runtimes   Display the installed runtimes.

path-to-application:
  The path to an application .dll file to execute.

Having set up index-url to point to a Azure artifact, I get the following output when attempting to run pip install:

ros@d665bfb9c57c:/$ pip install foo
Defaulting to user installation because normal site-packages is not writeable
Looking in indexes: <removed-the-path>
The command could not be loaded, possibly because:
  * You intended to execute a .NET application:
      The application '--version' does not exist.
  * You intended to execute a .NET SDK command:
      No .NET SDKs were found.

Download a .NET SDK:
https://aka.ms/dotnet-download

Learn about SDK resolution:
https://aka.ms/dotnet/sdk-not-found
WARNING: Keyring is skipped due to an exception: Unable to find dependency dotnet, please manually install the .NET SDK and ensure 'dotnet' is in your PATH. Error: Command '['dotnet', '--version']' returned non-zero exit status 145.
User for pkgs.dev.azure.com:

It seems like the --version option is only used to check that dotnet is installed (sys_version is not used anywhere) - could it simply be replaced with dotnet or dotnet --help?

According to this page, "artifacts-keyring is not supported on newer versions of Ubuntu". This seems to mean that Ubuntu 18.04 LTS is not supported. This is a shame, as many Azure services such as Azure Machine Learning compute instances use this as their distribution of choice.

Any plans to update this package to support Ubuntu 18.04 LTS? Or should this service work in that version?

Hello!

I've been using the artifacts-keyring for a while now to share python packages with colleagues from my private artifact feed and I think its great!

Something that I think would improve usability (at least based on our experience) would be adding an option (as an alternative to the current device code flow) to authenticate automatically by opening the interactive login url and let the users login that way (like what the InteractiveBrowserCredential does in the azure-identity package). The copy and paste of url and then the code into the browser does get a bit tedious (especially with a high frequency of package updates).

Also having the user credentials cached on the computer would also be a great (like what has been implemented in azure-identity>=1.4.0b3)

My apologies if both or any of these functionalities already exists and I haven't found it. But if that is the case, maybe the docs could be updated with the necessary steps to enable this? Anyways Let me know if I can help in any way on advancing this issue?

Best Regards
Kristoffer

I try to install my pacakge from azure devops. It was working previously but now refuses to prompt for devicecode.

Looking in indexes: https://pypi.org/simple, https://pkgs.dev.azure.com/*/pypi/simple/
WARNING: Keyring is skipped due to an exception: Failed to create the collection: Prompt dismissed..
User for pkgs.dev.azure.com:

Is this repository still maintained?

artifacts-keyring pypi's documentation says that one of its prerequisites is dotnet runtime:

After installing dotnet runtime on my .devcontainer (python-3.8-slim) the command twine upload was still warning me that dotnet was not found:

Only after installing dotnet SDK the twine upload ran correctly.

I've tried to use artifacts-keyring according to the documentation provided on Azure DevOps + docs.microsoft.com and various other sources and haven't found a way to use Azure Artifacts reliably, either in our outside of the corporate environment.

Things that are broken:

• Breaks several python tools by interjecting user/password prompts (sometimes without a prompt - just waiting for input and crashing if the user doesn't correctly guess what he needs to enter in the empty prompt).
• It asks for User for pkgs.dev.azure.com during pip commands - it's not possible to enter anything useful there
• Entering correct AAD login information doesn't seem to work
• When it works, it's completely opaque why it works
• Doesn't seem to react to ARTIFACTS_KEYRING_NONINTERACTIVE_MODE

I think either the documentation needs a major improvement or the whole thing needs to be fixed.

As a first example:

ARTIFACTS_KEYRING_NONINTERACTIVE_MODE: Controls whether the underlying credential provider can issue interactive prompts.

How? What happens, if I set it to different values? What, if it is not set? Why haven't I read about this variable anywhere on docs.microsoft.com? Does Microsoft expect that paying users read the source code of various packages hosted somewhere on Github to figure out how to use a service they are paying for?

Hello,
Artifacts keyring is not directing me to sign online as it used to when using pip install on a package hosted in an Azure Feed.

In a new python environment, after running:

pip install -U keyring artifacts-keyring

Then adding a pip.ini file to direct pip to install from an Azure Feeds, pip install asks for my password on the command line, whereas it used to direct me to the online login system.

> pip install MYPKG
Looking in indexes: https://pkgs.dev.azure.com/<COMP>/<REPO>/_packaging/<NAME>/pypi/simple/
User for pkgs.dev.azure.com: ...
Password: ...
Save credentials to keyring [y/N]: y
WARNING: 401 Error, Credentials not correct for https://pkgs.dev.azure.com/<COMP>/<REPO>/_packaging/<NAME>/pypi/simple/MYPKG\
ERROR: Could not find a version that satisfies the requirement MYPKG(from versions: none)
ERROR: No matching distribution found for MYPKG

However the package exists in the Feed and I have the right credentials.

How can I reset my keyring / artifacts-keyring setup ?

I tried to look online how to reset keyring but with no success. I recreated the environment from scratch as well with no success.