diff --git a/crates/uv-cli/src/lib.rs b/crates/uv-cli/src/lib.rs index fbf13583e1034..79cb8e12fa1d0 100644 --- a/crates/uv-cli/src/lib.rs +++ b/crates/uv-cli/src/lib.rs @@ -205,6 +205,26 @@ pub struct GlobalArgs { #[arg(global = true, long, overrides_with("offline"), hide = true)] pub no_offline: bool, + /// Allow insecure connections to a host. + /// + /// Can be provided multiple times. + /// + /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., + /// `localhost:8080`), or a URL (e.g., `https://localhost`). + /// + /// WARNING: Hosts included in this list will not be verified against the system's certificate + /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it + /// bypasses SSL verification and could expose you to MITM attacks. + #[arg( + global = true, + long, + alias = "trusted-host", + env = EnvVars::UV_INSECURE_HOST, + value_delimiter = ' ', + value_parser = parse_insecure_host, + )] + pub allow_insecure_host: Option>>, + /// Whether to enable experimental, preview features. /// /// Preview features may change without warning. @@ -1771,25 +1791,6 @@ pub struct PipUninstallArgs { #[arg(long, value_enum, env = EnvVars::UV_KEYRING_PROVIDER)] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - )] - pub allow_insecure_host: Option>>, - /// Use the system Python to uninstall packages. /// /// By default, uv uninstalls from the virtual environment in the current working directory or @@ -2363,25 +2364,6 @@ pub struct VenvArgs { #[arg(long, value_enum, env = EnvVars::UV_KEYRING_PROVIDER)] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - )] - pub allow_insecure_host: Option>>, - /// Limit candidate packages to those that were uploaded prior to the given date. /// /// Accepts both RFC 3339 timestamps (e.g., `2006-12-02T02:07:43Z`) and local dates in the same @@ -4271,26 +4253,6 @@ pub struct InstallerArgs { )] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - help_heading = "Index options" - )] - pub allow_insecure_host: Option>>, - /// Settings to pass to the PEP 517 build backend, specified as `KEY=VALUE` pairs. #[arg( long, @@ -4433,26 +4395,6 @@ pub struct ResolverArgs { )] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - help_heading = "Index options" - )] - pub allow_insecure_host: Option>>, - /// The strategy to use when selecting between the different compatible versions for a given /// package requirement. /// @@ -4625,26 +4567,6 @@ pub struct ResolverInstallerArgs { )] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - help_heading = "Index options" - )] - pub allow_insecure_host: Option>>, - /// The strategy to use when selecting between the different compatible versions for a given /// package requirement. /// @@ -4847,25 +4769,6 @@ pub struct PublishArgs { #[arg(long, value_enum, env = EnvVars::UV_KEYRING_PROVIDER)] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - )] - pub allow_insecure_host: Option>>, - /// Check an index URL for existing files to skip duplicate uploads. /// /// This option allows retrying publishing that failed after only some, but not all files have diff --git a/crates/uv-cli/src/options.rs b/crates/uv-cli/src/options.rs index 4041297938567..7715859908355 100644 --- a/crates/uv-cli/src/options.rs +++ b/crates/uv-cli/src/options.rs @@ -40,7 +40,6 @@ impl From for PipOptions { upgrade_package, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, pre, @@ -58,12 +57,6 @@ impl From for PipOptions { upgrade_package: Some(upgrade_package), index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), resolution, prerelease: if pre { Some(PrereleaseMode::Allow) @@ -91,7 +84,6 @@ impl From for PipOptions { reinstall_package, index_strategy, keyring_provider, - allow_insecure_host, config_setting, no_build_isolation, build_isolation, @@ -107,12 +99,6 @@ impl From for PipOptions { reinstall_package: Some(reinstall_package), index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), config_settings: config_setting .map(|config_settings| config_settings.into_iter().collect::()), no_build_isolation: flag(no_build_isolation, build_isolation), @@ -137,7 +123,6 @@ impl From for PipOptions { reinstall_package, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, pre, @@ -159,12 +144,6 @@ impl From for PipOptions { reinstall_package: Some(reinstall_package), index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), resolution, prerelease: if pre { Some(PrereleaseMode::Allow) @@ -235,7 +214,6 @@ pub fn resolver_options( upgrade_package, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, pre, @@ -289,12 +267,6 @@ pub fn resolver_options( upgrade_package: Some(upgrade_package), index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), resolution, prerelease: if pre { Some(PrereleaseMode::Allow) @@ -331,7 +303,6 @@ pub fn resolver_installer_options( reinstall_package, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, pre, @@ -397,12 +368,6 @@ pub fn resolver_installer_options( }, index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), resolution, prerelease: if pre { Some(PrereleaseMode::Allow) diff --git a/crates/uv-settings/src/settings.rs b/crates/uv-settings/src/settings.rs index 5e0ee6051f0d7..bab2d0d1c02a8 100644 --- a/crates/uv-settings/src/settings.rs +++ b/crates/uv-settings/src/settings.rs @@ -246,6 +246,22 @@ pub struct GlobalOptions { "# )] pub concurrent_installs: Option, + /// Allow insecure connections to host. + /// + /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., + /// `localhost:8080`), or a URL (e.g., `https://localhost`). + /// + /// WARNING: Hosts included in this list will not be verified against the system's certificate + /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it + /// bypasses SSL verification and could expose you to MITM attacks. + #[option( + default = "[]", + value_type = "list[str]", + example = r#" + allow-insecure-host = ["localhost:8080"] + "# + )] + pub allow_insecure_host: Option>, } /// Settings relevant to all installer operations. @@ -258,7 +274,6 @@ pub struct InstallerOptions { pub find_links: Option>, pub index_strategy: Option, pub keyring_provider: Option, - pub allow_insecure_host: Option>, pub config_settings: Option, pub exclude_newer: Option, pub link_mode: Option, @@ -283,7 +298,6 @@ pub struct ResolverOptions { pub find_links: Option>, pub index_strategy: Option, pub keyring_provider: Option, - pub allow_insecure_host: Option>, pub resolution: Option, pub prerelease: Option, pub dependency_metadata: Option>, @@ -435,22 +449,6 @@ pub struct ResolverInstallerOptions { "# )] pub keyring_provider: Option, - /// Allow insecure connections to host. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[option( - default = "[]", - value_type = "list[str]", - example = r#" - allow-insecure-host = ["localhost:8080"] - "# - )] - pub allow_insecure_host: Option>, /// The strategy to use when selecting between the different compatible versions for a given /// package requirement. /// @@ -847,22 +845,6 @@ pub struct PipOptions { "# )] pub keyring_provider: Option, - /// Allow insecure connections to host. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[option( - default = "[]", - value_type = "list[str]", - example = r#" - allow-insecure-host = ["localhost:8080"] - "# - )] - pub allow_insecure_host: Option>, /// Don't build source distributions. /// /// When enabled, resolving will not run arbitrary Python code. The cached wheels of @@ -1374,7 +1356,6 @@ impl From for ResolverOptions { find_links: value.find_links, index_strategy: value.index_strategy, keyring_provider: value.keyring_provider, - allow_insecure_host: value.allow_insecure_host, resolution: value.resolution, prerelease: value.prerelease, dependency_metadata: value.dependency_metadata, @@ -1404,7 +1385,6 @@ impl From for InstallerOptions { find_links: value.find_links, index_strategy: value.index_strategy, keyring_provider: value.keyring_provider, - allow_insecure_host: value.allow_insecure_host, config_settings: value.config_settings, exclude_newer: value.exclude_newer, link_mode: value.link_mode, @@ -1438,7 +1418,6 @@ pub struct ToolOptions { pub find_links: Option>, pub index_strategy: Option, pub keyring_provider: Option, - pub allow_insecure_host: Option>, pub resolution: Option, pub prerelease: Option, pub dependency_metadata: Option>, @@ -1465,7 +1444,6 @@ impl From for ToolOptions { find_links: value.find_links, index_strategy: value.index_strategy, keyring_provider: value.keyring_provider, - allow_insecure_host: value.allow_insecure_host, resolution: value.resolution, prerelease: value.prerelease, dependency_metadata: value.dependency_metadata, @@ -1494,7 +1472,6 @@ impl From for ResolverInstallerOptions { find_links: value.find_links, index_strategy: value.index_strategy, keyring_provider: value.keyring_provider, - allow_insecure_host: value.allow_insecure_host, resolution: value.resolution, prerelease: value.prerelease, dependency_metadata: value.dependency_metadata, @@ -1656,6 +1633,8 @@ impl From for Options { concurrent_downloads, concurrent_builds, concurrent_installs, + // Used twice for backwards compatibility + allow_insecure_host: allow_insecure_host.clone(), }, top_level: ResolverInstallerOptions { index, @@ -1665,7 +1644,6 @@ impl From for Options { find_links, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, dependency_metadata, diff --git a/crates/uv/src/commands/build_frontend.rs b/crates/uv/src/commands/build_frontend.rs index 0aad44afd19b4..5a99f646e2ff6 100644 --- a/crates/uv/src/commands/build_frontend.rs +++ b/crates/uv/src/commands/build_frontend.rs @@ -58,6 +58,7 @@ pub(crate) async fn build_frontend( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -80,6 +81,7 @@ pub(crate) async fn build_frontend( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -120,6 +122,7 @@ async fn build_impl( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -128,7 +131,6 @@ async fn build_impl( index_locations, index_strategy, keyring_provider, - allow_insecure_host, resolution: _, prerelease: _, dependency_metadata, @@ -144,7 +146,8 @@ async fn build_impl( let client_builder = BaseClientBuilder::default() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // Determine the source to build. let src = if let Some(src) = src { diff --git a/crates/uv/src/commands/pip/compile.rs b/crates/uv/src/commands/pip/compile.rs index aa2c4de3b9028..ef898bfd18238 100644 --- a/crates/uv/src/commands/pip/compile.rs +++ b/crates/uv/src/commands/pip/compile.rs @@ -76,7 +76,7 @@ pub(crate) async fn pip_compile( index_strategy: IndexStrategy, dependency_metadata: DependencyMetadata, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, + allow_insecure_host: &[TrustedHost], config_settings: ConfigSettings, connectivity: Connectivity, no_build_isolation: bool, @@ -110,7 +110,7 @@ pub(crate) async fn pip_compile( .connectivity(connectivity) .native_tls(native_tls) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host); + .allow_insecure_host(allow_insecure_host.to_vec()); // Read all requirements from the provided sources. let RequirementsSpecification { diff --git a/crates/uv/src/commands/pip/install.rs b/crates/uv/src/commands/pip/install.rs index 01db485230c3a..609ba3d8ed60c 100644 --- a/crates/uv/src/commands/pip/install.rs +++ b/crates/uv/src/commands/pip/install.rs @@ -56,7 +56,6 @@ pub(crate) async fn pip_install( index_strategy: IndexStrategy, dependency_metadata: DependencyMetadata, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, reinstall: Reinstall, link_mode: LinkMode, compile: bool, @@ -79,6 +78,7 @@ pub(crate) async fn pip_install( prefix: Option, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: Cache, dry_run: bool, printer: Printer, @@ -89,7 +89,7 @@ pub(crate) async fn pip_install( .connectivity(connectivity) .native_tls(native_tls) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host); + .allow_insecure_host(allow_insecure_host.to_vec()); // Read all requirements from the provided sources. let RequirementsSpecification { diff --git a/crates/uv/src/commands/pip/sync.rs b/crates/uv/src/commands/pip/sync.rs index 87f40f750ba0b..ae1752f1e166d 100644 --- a/crates/uv/src/commands/pip/sync.rs +++ b/crates/uv/src/commands/pip/sync.rs @@ -48,7 +48,6 @@ pub(crate) async fn pip_sync( index_strategy: IndexStrategy, dependency_metadata: DependencyMetadata, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, allow_empty_requirements: bool, connectivity: Connectivity, config_settings: &ConfigSettings, @@ -67,6 +66,7 @@ pub(crate) async fn pip_sync( sources: SourceStrategy, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: Cache, dry_run: bool, printer: Printer, @@ -75,7 +75,7 @@ pub(crate) async fn pip_sync( .connectivity(connectivity) .native_tls(native_tls) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host); + .allow_insecure_host(allow_insecure_host.to_vec()); // Initialize a few defaults. let overrides = &[]; diff --git a/crates/uv/src/commands/pip/uninstall.rs b/crates/uv/src/commands/pip/uninstall.rs index d831eeb4a1329..462bfc749c21b 100644 --- a/crates/uv/src/commands/pip/uninstall.rs +++ b/crates/uv/src/commands/pip/uninstall.rs @@ -34,7 +34,7 @@ pub(crate) async fn pip_uninstall( connectivity: Connectivity, native_tls: bool, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, + allow_insecure_host: &[TrustedHost], printer: Printer, ) -> Result { let start = std::time::Instant::now(); @@ -43,7 +43,7 @@ pub(crate) async fn pip_uninstall( .connectivity(connectivity) .native_tls(native_tls) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host); + .allow_insecure_host(allow_insecure_host.to_vec()); // Read all requirements from the provided sources. let spec = RequirementsSpecification::from_simple_sources(sources, &client_builder).await?; diff --git a/crates/uv/src/commands/project/add.rs b/crates/uv/src/commands/project/add.rs index 3a5dfbf6b3d34..943d82b30bf1d 100644 --- a/crates/uv/src/commands/project/add.rs +++ b/crates/uv/src/commands/project/add.rs @@ -15,6 +15,7 @@ use uv_client::{BaseClientBuilder, Connectivity, FlatIndexClient, RegistryClient use uv_configuration::{ Concurrency, Constraints, DevGroupsManifest, DevGroupsSpecification, DevMode, EditableMode, ExtrasSpecification, GroupsSpecification, InstallOptions, LowerBound, SourceStrategy, + TrustedHost, }; use uv_dispatch::BuildDispatch; use uv_distribution::DistributionDatabase; @@ -74,6 +75,7 @@ pub(crate) async fn add( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -124,7 +126,8 @@ pub(crate) async fn add( let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // If we found a script, add to the existing metadata. Otherwise, create a new inline // metadata tag. @@ -217,6 +220,7 @@ pub(crate) async fn add( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -228,7 +232,8 @@ pub(crate) async fn add( let client_builder = BaseClientBuilder::new() .connectivity(connectivity) .native_tls(native_tls) - .keyring(settings.keyring_provider); + .keyring(settings.keyring_provider) + .allow_insecure_host(allow_insecure_host.to_vec()); // Read the requirements. let RequirementsSpecification { requirements, .. } = @@ -636,6 +641,7 @@ pub(crate) async fn add( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -696,6 +702,7 @@ async fn lock_and_sync( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result<(), ProjectError> { @@ -715,6 +722,7 @@ async fn lock_and_sync( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -832,6 +840,7 @@ async fn lock_and_sync( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -895,6 +904,7 @@ async fn lock_and_sync( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/project/environment.rs b/crates/uv/src/commands/project/environment.rs index c49711576174d..7a5eb8e17d724 100644 --- a/crates/uv/src/commands/project/environment.rs +++ b/crates/uv/src/commands/project/environment.rs @@ -10,7 +10,7 @@ use crate::settings::ResolverInstallerSettings; use uv_cache::{Cache, CacheBucket}; use uv_cache_key::{cache_digest, hash_digest}; use uv_client::Connectivity; -use uv_configuration::Concurrency; +use uv_configuration::{Concurrency, TrustedHost}; use uv_distribution_types::Resolution; use uv_python::{Interpreter, PythonEnvironment}; @@ -37,6 +37,7 @@ impl CachedEnvironment { connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -66,6 +67,7 @@ impl CachedEnvironment { connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -116,6 +118,7 @@ impl CachedEnvironment { connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/project/export.rs b/crates/uv/src/commands/project/export.rs index e00efc7b00b6a..c03fff53b3323 100644 --- a/crates/uv/src/commands/project/export.rs +++ b/crates/uv/src/commands/project/export.rs @@ -9,7 +9,7 @@ use uv_cache::Cache; use uv_client::Connectivity; use uv_configuration::{ Concurrency, DevGroupsSpecification, EditableMode, ExportFormat, ExtrasSpecification, - InstallOptions, LowerBound, + InstallOptions, LowerBound, TrustedHost, }; use uv_normalize::PackageName; use uv_python::{PythonDownloads, PythonPreference, PythonRequest}; @@ -48,6 +48,7 @@ pub(crate) async fn export( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], quiet: bool, cache: &Cache, printer: Printer, @@ -103,6 +104,7 @@ pub(crate) async fn export( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -130,6 +132,7 @@ pub(crate) async fn export( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/project/init.rs b/crates/uv/src/commands/project/init.rs index f0144b0706d15..3b3d1d1b9cf7e 100644 --- a/crates/uv/src/commands/project/init.rs +++ b/crates/uv/src/commands/project/init.rs @@ -9,7 +9,9 @@ use tracing::{debug, warn}; use uv_cache::Cache; use uv_cli::AuthorFrom; use uv_client::{BaseClientBuilder, Connectivity}; -use uv_configuration::{ProjectBuildBackend, VersionControlError, VersionControlSystem}; +use uv_configuration::{ + ProjectBuildBackend, TrustedHost, VersionControlError, VersionControlSystem, +}; use uv_fs::{Simplified, CWD}; use uv_git::GIT; use uv_pep440::Version; @@ -48,6 +50,7 @@ pub(crate) async fn init( python_downloads: PythonDownloads, connectivity: Connectivity, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -71,6 +74,7 @@ pub(crate) async fn init( no_pin_python, package, native_tls, + allow_insecure_host, ) .await?; @@ -126,6 +130,7 @@ pub(crate) async fn init( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -177,6 +182,7 @@ async fn init_script( no_pin_python: bool, package: bool, native_tls: bool, + allow_insecure_host: &[TrustedHost], ) -> Result<()> { if no_workspace { warn_user_once!("`--no-workspace` is a no-op for Python scripts, which are standalone"); @@ -192,7 +198,8 @@ async fn init_script( } let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let reporter = PythonDownloadReporter::single(printer); @@ -258,6 +265,7 @@ async fn init_project( python_downloads: PythonDownloads, connectivity: Connectivity, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result<()> { @@ -307,7 +315,8 @@ async fn init_project( let reporter = PythonDownloadReporter::single(printer); let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // Add a `requires-python` field to the `pyproject.toml` and return the corresponding interpreter. let (requires_python, python_request) = if let Some(request) = python.as_deref() { diff --git a/crates/uv/src/commands/project/lock.rs b/crates/uv/src/commands/project/lock.rs index e6eadcbd51b7c..b6db3f24eb292 100644 --- a/crates/uv/src/commands/project/lock.rs +++ b/crates/uv/src/commands/project/lock.rs @@ -11,7 +11,8 @@ use tracing::debug; use uv_cache::Cache; use uv_client::{Connectivity, FlatIndexClient, RegistryClientBuilder}; use uv_configuration::{ - BuildOptions, Concurrency, Constraints, ExtrasSpecification, LowerBound, Reinstall, Upgrade, + BuildOptions, Concurrency, Constraints, ExtrasSpecification, LowerBound, Reinstall, + TrustedHost, Upgrade, }; use uv_dispatch::BuildDispatch; use uv_distribution::DistributionDatabase; @@ -82,6 +83,7 @@ pub(crate) async fn lock( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> anyhow::Result { @@ -101,6 +103,7 @@ pub(crate) async fn lock( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -130,6 +133,7 @@ pub(crate) async fn lock( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -204,6 +208,7 @@ pub(super) async fn do_safe_lock( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -233,6 +238,7 @@ pub(super) async fn do_safe_lock( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -271,6 +277,7 @@ pub(super) async fn do_safe_lock( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -300,6 +307,7 @@ async fn do_lock( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -310,7 +318,6 @@ async fn do_lock( index_locations, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, dependency_metadata, diff --git a/crates/uv/src/commands/project/mod.rs b/crates/uv/src/commands/project/mod.rs index ca9c6edee0865..25eea4c8b47a0 100644 --- a/crates/uv/src/commands/project/mod.rs +++ b/crates/uv/src/commands/project/mod.rs @@ -9,7 +9,7 @@ use uv_cache::Cache; use uv_client::{BaseClientBuilder, Connectivity, FlatIndexClient, RegistryClientBuilder}; use uv_configuration::{ Concurrency, Constraints, DevGroupsSpecification, ExtrasSpecification, GroupsSpecification, - LowerBound, Reinstall, Upgrade, + LowerBound, Reinstall, TrustedHost, Upgrade, }; use uv_dispatch::BuildDispatch; use uv_distribution::DistributionDatabase; @@ -385,6 +385,7 @@ impl ProjectInterpreter { python_downloads: PythonDownloads, connectivity: Connectivity, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -459,7 +460,8 @@ impl ProjectInterpreter { let client_builder = BaseClientBuilder::default() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let reporter = PythonDownloadReporter::single(printer); @@ -520,6 +522,7 @@ pub(crate) async fn get_or_init_environment( python_downloads: PythonDownloads, connectivity: Connectivity, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -530,6 +533,7 @@ pub(crate) async fn get_or_init_environment( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -626,6 +630,7 @@ pub(crate) async fn resolve_names( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result, uv_requirements::Error> { @@ -650,7 +655,6 @@ pub(crate) async fn resolve_names( index_locations, index_strategy, keyring_provider, - allow_insecure_host, resolution: _, prerelease: _, dependency_metadata, @@ -680,7 +684,7 @@ pub(crate) async fn resolve_names( .index_urls(index_locations.index_urls()) .index_strategy(*index_strategy) .keyring(*keyring_provider) - .allow_insecure_host(allow_insecure_host.clone()) + .allow_insecure_host(allow_insecure_host.to_vec()) .markers(interpreter.markers()) .platform(interpreter.platform()) .build(); @@ -778,6 +782,7 @@ pub(crate) async fn resolve_environment<'a>( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -787,7 +792,6 @@ pub(crate) async fn resolve_environment<'a>( index_locations, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, dependency_metadata, @@ -953,6 +957,7 @@ pub(crate) async fn sync_environment( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> anyhow::Result { @@ -960,7 +965,6 @@ pub(crate) async fn sync_environment( index_locations, index_strategy, keyring_provider, - allow_insecure_host, dependency_metadata, config_setting, no_build_isolation, @@ -1106,6 +1110,7 @@ pub(crate) async fn update_environment( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> anyhow::Result { @@ -1115,7 +1120,6 @@ pub(crate) async fn update_environment( index_locations, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, dependency_metadata, @@ -1186,7 +1190,7 @@ pub(crate) async fn update_environment( .index_urls(index_locations.index_urls()) .index_strategy(*index_strategy) .keyring(*keyring_provider) - .allow_insecure_host(allow_insecure_host.clone()) + .allow_insecure_host(allow_insecure_host.to_vec()) .markers(interpreter.markers()) .platform(interpreter.platform()) .build(); diff --git a/crates/uv/src/commands/project/remove.rs b/crates/uv/src/commands/project/remove.rs index 7cbf0cf15e16c..b412d57675413 100644 --- a/crates/uv/src/commands/project/remove.rs +++ b/crates/uv/src/commands/project/remove.rs @@ -7,6 +7,7 @@ use uv_cache::Cache; use uv_client::Connectivity; use uv_configuration::{ Concurrency, DevGroupsManifest, EditableMode, ExtrasSpecification, InstallOptions, LowerBound, + TrustedHost, }; use uv_fs::Simplified; use uv_normalize::DEV_DEPENDENCIES; @@ -45,6 +46,7 @@ pub(crate) async fn remove( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -190,6 +192,7 @@ pub(crate) async fn remove( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -218,6 +221,7 @@ pub(crate) async fn remove( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -262,6 +266,7 @@ pub(crate) async fn remove( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/project/run.rs b/crates/uv/src/commands/project/run.rs index 609e6901214f3..214416db5ed18 100644 --- a/crates/uv/src/commands/project/run.rs +++ b/crates/uv/src/commands/project/run.rs @@ -18,7 +18,7 @@ use uv_cli::ExternalCommand; use uv_client::{BaseClientBuilder, Connectivity}; use uv_configuration::{ Concurrency, DevGroupsSpecification, EditableMode, ExtrasSpecification, GroupsSpecification, - InstallOptions, LowerBound, SourceStrategy, + InstallOptions, LowerBound, SourceStrategy, TrustedHost, }; use uv_distribution::LoweredRequirement; use uv_fs::which::is_executable; @@ -79,6 +79,7 @@ pub(crate) async fn run( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, env_file: Vec, @@ -224,7 +225,8 @@ pub(crate) async fn run( let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let interpreter = PythonInstallation::find_or_download( python_request.as_ref(), @@ -334,6 +336,7 @@ pub(crate) async fn run( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -542,7 +545,8 @@ pub(crate) async fn run( // base environment for the project. let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // Resolve the Python request and requirement for the workspace. let WorkspacePython { @@ -597,6 +601,7 @@ pub(crate) async fn run( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -658,6 +663,7 @@ pub(crate) async fn run( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -726,6 +732,7 @@ pub(crate) async fn run( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -741,7 +748,8 @@ pub(crate) async fn run( let interpreter = { let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // (1) Explicit request from user let python_request = if let Some(request) = python.as_deref() { @@ -803,7 +811,8 @@ pub(crate) async fn run( } else { let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let spec = RequirementsSpecification::from_simple_sources(&requirements, &client_builder).await?; @@ -853,6 +862,7 @@ pub(crate) async fn run( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -1277,6 +1287,7 @@ impl RunCommand { script: bool, connectivity: Connectivity, native_tls: bool, + allow_insecure_host: &[TrustedHost], ) -> anyhow::Result { let (target, args) = command.split(); let Some(target) = target else { @@ -1307,6 +1318,7 @@ impl RunCommand { let client = BaseClientBuilder::new() .connectivity(connectivity) .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()) .build(); let response = client.for_host(&url).get(url.clone()).send().await?; diff --git a/crates/uv/src/commands/project/sync.rs b/crates/uv/src/commands/project/sync.rs index 3f8e230ce1ca9..2ddbe676fc775 100644 --- a/crates/uv/src/commands/project/sync.rs +++ b/crates/uv/src/commands/project/sync.rs @@ -10,7 +10,7 @@ use uv_cache::Cache; use uv_client::{Connectivity, FlatIndexClient, RegistryClientBuilder}; use uv_configuration::{ Concurrency, Constraints, DevGroupsManifest, DevGroupsSpecification, EditableMode, - ExtrasSpecification, HashCheckingMode, InstallOptions, LowerBound, + ExtrasSpecification, HashCheckingMode, InstallOptions, LowerBound, TrustedHost, }; use uv_dispatch::BuildDispatch; use uv_distribution_types::{DirectorySourceDist, Dist, Index, ResolvedDist, SourceDist}; @@ -58,6 +58,7 @@ pub(crate) async fn sync( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -116,6 +117,7 @@ pub(crate) async fn sync( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -143,6 +145,7 @@ pub(crate) async fn sync( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -209,6 +212,7 @@ pub(crate) async fn sync( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -232,6 +236,7 @@ pub(super) async fn do_sync( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result<(), ProjectError> { @@ -251,7 +256,6 @@ pub(super) async fn do_sync( index_locations, index_strategy, keyring_provider, - allow_insecure_host, dependency_metadata, config_setting, no_build_isolation, diff --git a/crates/uv/src/commands/project/tree.rs b/crates/uv/src/commands/project/tree.rs index 0a9a22ff8ea4b..a86f95b0518ad 100644 --- a/crates/uv/src/commands/project/tree.rs +++ b/crates/uv/src/commands/project/tree.rs @@ -5,7 +5,9 @@ use anyhow::Result; use uv_cache::Cache; use uv_client::Connectivity; -use uv_configuration::{Concurrency, DevGroupsSpecification, LowerBound, TargetTriple}; +use uv_configuration::{ + Concurrency, DevGroupsSpecification, LowerBound, TargetTriple, TrustedHost, +}; use uv_pep508::PackageName; use uv_python::{PythonDownloads, PythonPreference, PythonRequest, PythonVersion}; use uv_resolver::TreeDisplay; @@ -43,6 +45,7 @@ pub(crate) async fn tree( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -70,6 +73,7 @@ pub(crate) async fn tree( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -101,6 +105,7 @@ pub(crate) async fn tree( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/publish.rs b/crates/uv/src/commands/publish.rs index c4c268cf884b5..3d37a4fe52104 100644 --- a/crates/uv/src/commands/publish.rs +++ b/crates/uv/src/commands/publish.rs @@ -25,7 +25,7 @@ pub(crate) async fn publish( publish_url: Url, trusted_publishing: TrustedPublishing, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, + allow_insecure_host: &[TrustedHost], username: Option, password: Option, check_url: Option, @@ -58,7 +58,7 @@ pub(crate) async fn publish( .retries(0) .keyring(keyring_provider) .native_tls(native_tls) - .allow_insecure_host(allow_insecure_host.clone()) + .allow_insecure_host(allow_insecure_host.to_vec()) // Don't try cloning the request to make an unauthenticated request first. .auth_integration(AuthIntegration::OnlyAuthenticated) // Set a very high timeout for uploads, connections are often 10x slower on upload than @@ -82,7 +82,7 @@ pub(crate) async fn publish( .connectivity(connectivity) .index_urls(index_urls) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host.clone()); + .allow_insecure_host(allow_insecure_host.to_vec()); Some(CheckUrlClient { index_url, registry_client_builder, diff --git a/crates/uv/src/commands/python/install.rs b/crates/uv/src/commands/python/install.rs index 6e7f8902d7e73..4cc03ba562f2e 100644 --- a/crates/uv/src/commands/python/install.rs +++ b/crates/uv/src/commands/python/install.rs @@ -13,6 +13,7 @@ use tracing::{debug, trace}; use uv_client::Connectivity; use uv_configuration::PreviewMode; +use uv_configuration::TrustedHost; use uv_fs::Simplified; use uv_python::downloads::{DownloadResult, ManagedPythonDownload, PythonDownloadRequest}; use uv_python::managed::{ @@ -111,6 +112,7 @@ pub(crate) async fn install( python_downloads: PythonDownloads, native_tls: bool, connectivity: Connectivity, + allow_insecure_host: &[TrustedHost], no_config: bool, preview: PreviewMode, printer: Printer, @@ -209,6 +211,7 @@ pub(crate) async fn install( let client = uv_client::BaseClientBuilder::new() .connectivity(connectivity) .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()) .build(); let reporter = PythonDownloadReporter::new(printer, downloads.len() as u64); let mut tasks = FuturesUnordered::new(); diff --git a/crates/uv/src/commands/tool/install.rs b/crates/uv/src/commands/tool/install.rs index adb6f884ef3e0..c838366f13a68 100644 --- a/crates/uv/src/commands/tool/install.rs +++ b/crates/uv/src/commands/tool/install.rs @@ -7,7 +7,7 @@ use tracing::{debug, trace}; use uv_cache::{Cache, Refresh}; use uv_cache_info::Timestamp; use uv_client::{BaseClientBuilder, Connectivity}; -use uv_configuration::{Concurrency, Upgrade}; +use uv_configuration::{Concurrency, TrustedHost, Upgrade}; use uv_distribution_types::UnresolvedRequirementSpecification; use uv_normalize::PackageName; use uv_pep440::{VersionSpecifier, VersionSpecifiers}; @@ -49,12 +49,14 @@ pub(crate) async fn install( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: Cache, printer: Printer, ) -> Result { let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let reporter = PythonDownloadReporter::single(printer); @@ -79,7 +81,8 @@ pub(crate) async fn install( let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // Parse the input requirement. let target = Target::parse(&package, from.as_deref()); @@ -111,6 +114,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -180,6 +184,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -229,6 +234,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -352,6 +358,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -377,6 +384,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -400,6 +408,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) diff --git a/crates/uv/src/commands/tool/run.rs b/crates/uv/src/commands/tool/run.rs index 33d31697724f4..5e471fd1bef6e 100644 --- a/crates/uv/src/commands/tool/run.rs +++ b/crates/uv/src/commands/tool/run.rs @@ -14,7 +14,7 @@ use uv_cache::{Cache, Refresh}; use uv_cache_info::Timestamp; use uv_cli::ExternalCommand; use uv_client::{BaseClientBuilder, Connectivity}; -use uv_configuration::Concurrency; +use uv_configuration::{Concurrency, TrustedHost}; use uv_distribution_types::{Name, UnresolvedRequirementSpecification}; use uv_installer::{SatisfiesResult, SitePackages}; use uv_normalize::PackageName; @@ -77,6 +77,7 @@ pub(crate) async fn run( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: Cache, printer: Printer, ) -> anyhow::Result { @@ -118,6 +119,7 @@ pub(crate) async fn run( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -402,12 +404,14 @@ async fn get_or_create_environment( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result<(Requirement, PythonEnvironment), ProjectError> { let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let reporter = PythonDownloadReporter::single(printer); @@ -475,6 +479,7 @@ async fn get_or_create_environment( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -487,7 +492,8 @@ async fn get_or_create_environment( let spec = { let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); RequirementsSpecification::from_simple_sources(with, &client_builder).await? }; @@ -504,6 +510,7 @@ async fn get_or_create_environment( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -580,6 +587,7 @@ async fn get_or_create_environment( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/tool/upgrade.rs b/crates/uv/src/commands/tool/upgrade.rs index e575a341ef726..962da42804181 100644 --- a/crates/uv/src/commands/tool/upgrade.rs +++ b/crates/uv/src/commands/tool/upgrade.rs @@ -7,7 +7,7 @@ use tracing::debug; use uv_cache::Cache; use uv_client::{BaseClientBuilder, Connectivity}; -use uv_configuration::Concurrency; +use uv_configuration::{Concurrency, TrustedHost}; use uv_normalize::PackageName; use uv_python::{ EnvironmentPreference, Interpreter, PythonDownloads, PythonInstallation, PythonPreference, @@ -40,6 +40,7 @@ pub(crate) async fn upgrade( python_downloads: PythonDownloads, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -68,7 +69,8 @@ pub(crate) async fn upgrade( let reporter = PythonDownloadReporter::single(printer); let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let python_request = python.as_deref().map(PythonRequest::parse); @@ -110,6 +112,7 @@ pub(crate) async fn upgrade( connectivity, concurrency, native_tls, + allow_insecure_host, ) .await; @@ -197,6 +200,7 @@ async fn upgrade_tool( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], ) -> Result { // Ensure the tool is installed. let existing_tool_receipt = match installed_tools.get_tool_receipt(name) { @@ -268,6 +272,7 @@ async fn upgrade_tool( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -284,6 +289,7 @@ async fn upgrade_tool( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -307,6 +313,7 @@ async fn upgrade_tool( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/venv.rs b/crates/uv/src/commands/venv.rs index b1b85ee503e20..60ab7a3535f71 100644 --- a/crates/uv/src/commands/venv.rs +++ b/crates/uv/src/commands/venv.rs @@ -50,7 +50,7 @@ pub(crate) async fn venv( index_strategy: IndexStrategy, dependency_metadata: DependencyMetadata, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, + allow_insecure_host: &[TrustedHost], prompt: uv_virtualenv::Prompt, system_site_packages: bool, connectivity: Connectivity, @@ -131,7 +131,7 @@ async fn venv_impl( index_strategy: IndexStrategy, dependency_metadata: DependencyMetadata, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, + allow_insecure_host: &[TrustedHost], prompt: uv_virtualenv::Prompt, system_site_packages: bool, connectivity: Connectivity, @@ -179,7 +179,8 @@ async fn venv_impl( let client_builder = BaseClientBuilder::default() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let reporter = PythonDownloadReporter::single(printer); @@ -291,7 +292,7 @@ async fn venv_impl( .index_urls(index_locations.index_urls()) .index_strategy(index_strategy) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host) + .allow_insecure_host(allow_insecure_host.to_vec()) .markers(interpreter.markers()) .platform(interpreter.platform()) .build(); diff --git a/crates/uv/src/lib.rs b/crates/uv/src/lib.rs index f038413b687b3..170d107d24a5b 100644 --- a/crates/uv/src/lib.rs +++ b/crates/uv/src/lib.rs @@ -150,6 +150,7 @@ async fn run(mut cli: Cli) -> Result { *script, settings.connectivity, settings.native_tls, + &settings.allow_insecure_host, ) .await?, ) @@ -353,7 +354,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.index_strategy, args.settings.dependency_metadata, args.settings.keyring_provider, - args.settings.allow_insecure_host, + &globals.allow_insecure_host, args.settings.config_setting, globals.connectivity, args.settings.no_build_isolation, @@ -421,7 +422,6 @@ async fn run(mut cli: Cli) -> Result { args.settings.index_strategy, args.settings.dependency_metadata, args.settings.keyring_provider, - args.settings.allow_insecure_host, args.settings.allow_empty_requirements, globals.connectivity, &args.settings.config_setting, @@ -440,6 +440,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.sources, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, cache, args.dry_run, printer, @@ -505,7 +506,6 @@ async fn run(mut cli: Cli) -> Result { args.settings.index_strategy, args.settings.dependency_metadata, args.settings.keyring_provider, - args.settings.allow_insecure_host, args.settings.reinstall, args.settings.link_mode, args.settings.compile_bytecode, @@ -528,6 +528,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.prefix, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, cache, args.dry_run, printer, @@ -565,7 +566,7 @@ async fn run(mut cli: Cli) -> Result { globals.connectivity, globals.native_tls, args.settings.keyring_provider, - args.settings.allow_insecure_host, + &globals.allow_insecure_host, printer, ) .await @@ -728,6 +729,7 @@ async fn run(mut cli: Cli) -> Result { globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -771,7 +773,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.index_strategy, args.settings.dependency_metadata, args.settings.keyring_provider, - args.settings.allow_insecure_host, + &globals.allow_insecure_host, uv_virtualenv::Prompt::from_args(prompt), args.system_site_packages, globals.connectivity, @@ -900,6 +902,7 @@ async fn run(mut cli: Cli) -> Result { globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, cache, printer, ) @@ -949,6 +952,7 @@ async fn run(mut cli: Cli) -> Result { globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, cache, printer, )) @@ -992,6 +996,7 @@ async fn run(mut cli: Cli) -> Result { globals.python_downloads, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, )) @@ -1057,6 +1062,7 @@ async fn run(mut cli: Cli) -> Result { globals.python_downloads, globals.native_tls, globals.connectivity, + &globals.allow_insecure_host, cli.top_level.no_config, globals.preview, printer, @@ -1137,7 +1143,6 @@ async fn run(mut cli: Cli) -> Result { publish_url, trusted_publishing, keyring_provider, - allow_insecure_host, check_url, } = PublishSettings::resolve(args, filesystem); @@ -1146,7 +1151,7 @@ async fn run(mut cli: Cli) -> Result { publish_url, trusted_publishing, keyring_provider, - allow_insecure_host, + &globals.allow_insecure_host, username, password, check_url, @@ -1251,6 +1256,7 @@ async fn run_project( globals.python_downloads, globals.connectivity, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -1308,6 +1314,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, args.env_file, @@ -1345,6 +1352,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -1373,6 +1381,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -1424,6 +1433,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, )) @@ -1464,6 +1474,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -1497,6 +1508,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -1531,6 +1543,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, globals.quiet, &cache, printer, diff --git a/crates/uv/src/settings.rs b/crates/uv/src/settings.rs index cb3116da9b600..31c83d40480b7 100644 --- a/crates/uv/src/settings.rs +++ b/crates/uv/src/settings.rs @@ -55,6 +55,7 @@ pub(crate) struct GlobalSettings { pub(crate) native_tls: bool, pub(crate) concurrency: Concurrency, pub(crate) connectivity: Connectivity, + pub(crate) allow_insecure_host: Vec, pub(crate) show_settings: bool, pub(crate) preview: PreviewMode, pub(crate) python_preference: PythonPreference, @@ -65,12 +66,6 @@ pub(crate) struct GlobalSettings { impl GlobalSettings { /// Resolve the [`GlobalSettings`] from the CLI and filesystem configuration. pub(crate) fn resolve(args: &GlobalArgs, workspace: Option<&FilesystemOptions>) -> Self { - let preview = PreviewMode::from( - flag(args.preview, args.no_preview) - .combine(workspace.and_then(|workspace| workspace.globals.preview)) - .unwrap_or(false), - ); - Self { quiet: args.quiet, verbose: args.verbose, @@ -120,8 +115,29 @@ impl GlobalSettings { } else { Connectivity::Online }, + allow_insecure_host: args + .allow_insecure_host + .as_ref() + .map(|allow_insecure_host| { + allow_insecure_host + .iter() + .filter_map(|value| value.clone().into_option()) + }) + .into_iter() + .flatten() + .chain( + workspace + .and_then(|workspace| workspace.globals.allow_insecure_host.clone()) + .into_iter() + .flatten(), + ) + .collect(), show_settings: args.show_settings, - preview, + preview: PreviewMode::from( + flag(args.preview, args.no_preview) + .combine(workspace.and_then(|workspace| workspace.globals.preview)) + .unwrap_or(false), + ), python_preference: args .python_preference .combine(workspace.and_then(|workspace| workspace.globals.python_preference)) @@ -1579,7 +1595,6 @@ impl PipUninstallSettings { requirement, python, keyring_provider, - allow_insecure_host, system, no_system, break_system_packages, @@ -1600,12 +1615,6 @@ impl PipUninstallSettings { target, prefix, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), ..PipOptions::default() }, filesystem, @@ -1904,7 +1913,6 @@ impl VenvSettings { index_args, index_strategy, keyring_provider, - allow_insecure_host, exclude_newer, no_project, link_mode, @@ -1925,12 +1933,6 @@ impl VenvSettings { system: flag(system, no_system), index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), exclude_newer, link_mode, ..PipOptions::from(index_args) @@ -1950,7 +1952,6 @@ pub(crate) struct InstallerSettingsRef<'a> { pub(crate) index_locations: &'a IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: &'a [TrustedHost], pub(crate) dependency_metadata: &'a DependencyMetadata, pub(crate) config_setting: &'a ConfigSettings, pub(crate) no_build_isolation: bool, @@ -1973,7 +1974,6 @@ pub(crate) struct ResolverSettings { pub(crate) index_locations: IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: Vec, pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) dependency_metadata: DependencyMetadata, @@ -1992,7 +1992,6 @@ pub(crate) struct ResolverSettingsRef<'a> { pub(crate) index_locations: &'a IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: &'a [TrustedHost], pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) dependency_metadata: &'a DependencyMetadata, @@ -2024,7 +2023,6 @@ impl ResolverSettings { index_locations: &self.index_locations, index_strategy: self.index_strategy, keyring_provider: self.keyring_provider, - allow_insecure_host: &self.allow_insecure_host, resolution: self.resolution, prerelease: self.prerelease, dependency_metadata: &self.dependency_metadata, @@ -2066,7 +2064,6 @@ impl From for ResolverSettings { ), index_strategy: value.index_strategy.unwrap_or_default(), keyring_provider: value.keyring_provider.unwrap_or_default(), - allow_insecure_host: value.allow_insecure_host.unwrap_or_default(), config_setting: value.config_settings.unwrap_or_default(), no_build_isolation: value.no_build_isolation.unwrap_or_default(), no_build_isolation_package: value.no_build_isolation_package.unwrap_or_default(), @@ -2095,7 +2092,6 @@ pub(crate) struct ResolverInstallerSettingsRef<'a> { pub(crate) index_locations: &'a IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: &'a [TrustedHost], pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) dependency_metadata: &'a DependencyMetadata, @@ -2122,7 +2118,6 @@ pub(crate) struct ResolverInstallerSettings { pub(crate) index_locations: IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: Vec, pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) dependency_metadata: DependencyMetadata, @@ -2159,7 +2154,6 @@ impl ResolverInstallerSettings { index_locations: &self.index_locations, index_strategy: self.index_strategy, keyring_provider: self.keyring_provider, - allow_insecure_host: &self.allow_insecure_host, resolution: self.resolution, prerelease: self.prerelease, dependency_metadata: &self.dependency_metadata, @@ -2203,7 +2197,6 @@ impl From for ResolverInstallerSettings { ), index_strategy: value.index_strategy.unwrap_or_default(), keyring_provider: value.keyring_provider.unwrap_or_default(), - allow_insecure_host: value.allow_insecure_host.unwrap_or_default(), config_setting: value.config_settings.unwrap_or_default(), no_build_isolation: value.no_build_isolation.unwrap_or_default(), no_build_isolation_package: value.no_build_isolation_package.unwrap_or_default(), @@ -2248,7 +2241,6 @@ pub(crate) struct PipSettings { pub(crate) prefix: Option, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: Vec, pub(crate) no_build_isolation: bool, pub(crate) no_build_isolation_package: Vec, pub(crate) build_options: BuildOptions, @@ -2305,7 +2297,6 @@ impl PipSettings { find_links, index_strategy, keyring_provider, - allow_insecure_host, no_build, no_binary, only_binary, @@ -2357,7 +2348,6 @@ impl PipSettings { find_links: top_level_find_links, index_strategy: top_level_index_strategy, keyring_provider: top_level_keyring_provider, - allow_insecure_host: top_level_allow_insecure_host, resolution: top_level_resolution, prerelease: top_level_prerelease, dependency_metadata: top_level_dependency_metadata, @@ -2389,7 +2379,6 @@ impl PipSettings { let find_links = find_links.combine(top_level_find_links); let index_strategy = index_strategy.combine(top_level_index_strategy); let keyring_provider = keyring_provider.combine(top_level_keyring_provider); - let allow_insecure_host = allow_insecure_host.combine(top_level_allow_insecure_host); let resolution = resolution.combine(top_level_resolution); let prerelease = prerelease.combine(top_level_prerelease); let dependency_metadata = dependency_metadata.combine(top_level_dependency_metadata); @@ -2465,10 +2454,6 @@ impl PipSettings { .keyring_provider .combine(keyring_provider) .unwrap_or_default(), - allow_insecure_host: args - .allow_insecure_host - .combine(allow_insecure_host) - .unwrap_or_default(), generate_hashes: args .generate_hashes .combine(generate_hashes) @@ -2582,7 +2567,6 @@ impl<'a> From> for ResolverSettingsRef<'a> { index_locations: settings.index_locations, index_strategy: settings.index_strategy, keyring_provider: settings.keyring_provider, - allow_insecure_host: settings.allow_insecure_host, resolution: settings.resolution, prerelease: settings.prerelease, dependency_metadata: settings.dependency_metadata, @@ -2604,7 +2588,6 @@ impl<'a> From> for InstallerSettingsRef<'a> { index_locations: settings.index_locations, index_strategy: settings.index_strategy, keyring_provider: settings.keyring_provider, - allow_insecure_host: settings.allow_insecure_host, dependency_metadata: settings.dependency_metadata, config_setting: settings.config_setting, no_build_isolation: settings.no_build_isolation, @@ -2632,7 +2615,6 @@ pub(crate) struct PublishSettings { pub(crate) publish_url: Url, pub(crate) trusted_publishing: TrustedPublishing, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: Vec, pub(crate) check_url: Option, } @@ -2650,9 +2632,7 @@ impl PublishSettings { trusted_publishing, } = publish; let ResolverInstallerOptions { - keyring_provider, - allow_insecure_host, - .. + keyring_provider, .. } = top_level; // Tokens are encoded in the same way as username/password @@ -2677,16 +2657,6 @@ impl PublishSettings { .keyring_provider .combine(keyring_provider) .unwrap_or_default(), - allow_insecure_host: args - .allow_insecure_host - .map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }) - .combine(allow_insecure_host) - .unwrap_or_default(), check_url: args.check_url, } } diff --git a/crates/uv/tests/it/help.rs b/crates/uv/tests/it/help.rs index faf837a7a3588..57e954abf2013 100644 --- a/crates/uv/tests/it/help.rs +++ b/crates/uv/tests/it/help.rs @@ -47,22 +47,33 @@ fn help() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help ` for more information on a specific command. @@ -116,22 +127,33 @@ fn help_flag() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help` for more details. @@ -184,22 +206,33 @@ fn help_short_flag() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help` for more details. @@ -342,6 +375,20 @@ fn help_subcommand() { When disabled, uv will only use locally cached data and locally available files. + --allow-insecure-host + Allow insecure connections to a host. + + Can be provided multiple times. + + Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., + `localhost:8080`), or a URL (e.g., `https://localhost`). + + WARNING: Hosts included in this list will not be verified against the system's certificate + store. Only use `--allow-insecure-host` in a secure network with verified sources, as it + bypasses SSL verification and could expose you to MITM attacks. + + [env: UV_INSECURE_HOST=] + --no-progress Hide all progress outputs. @@ -518,6 +565,20 @@ fn help_subsubcommand() { When disabled, uv will only use locally cached data and locally available files. + --allow-insecure-host + Allow insecure connections to a host. + + Can be provided multiple times. + + Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., + `localhost:8080`), or a URL (e.g., `https://localhost`). + + WARNING: Hosts included in this list will not be verified against the system's certificate + store. Only use `--allow-insecure-host` in a secure network with verified sources, as it + bypasses SSL verification and could expose you to MITM attacks. + + [env: UV_INSECURE_HOST=] + --no-progress Hide all progress outputs. @@ -606,22 +667,33 @@ fn help_flag_subcommand() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help python` for more details. @@ -660,22 +732,33 @@ fn help_flag_subsubcommand() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version ----- stderr ----- "###); @@ -806,22 +889,33 @@ fn help_with_global_option() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help ` for more information on a specific command. @@ -911,22 +1005,33 @@ fn help_with_no_pager() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help ` for more information on a specific command. diff --git a/crates/uv/tests/it/show_settings.rs b/crates/uv/tests/it/show_settings.rs index 4275db0ac491c..a435be824d4eb 100644 --- a/crates/uv/tests/it/show_settings.rs +++ b/crates/uv/tests/it/show_settings.rs @@ -54,6 +54,7 @@ fn resolve_uv_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -129,7 +130,6 @@ fn resolve_uv_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -201,6 +201,7 @@ fn resolve_uv_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -276,7 +277,6 @@ fn resolve_uv_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -349,6 +349,7 @@ fn resolve_uv_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -424,7 +425,6 @@ fn resolve_uv_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -529,6 +529,7 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -604,7 +605,6 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -678,6 +678,7 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -724,7 +725,6 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -807,6 +807,7 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -882,7 +883,6 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -979,6 +979,7 @@ fn resolve_index_url() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1082,7 +1083,6 @@ fn resolve_index_url() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -1156,6 +1156,7 @@ fn resolve_index_url() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1289,7 +1290,6 @@ fn resolve_index_url() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -1386,6 +1386,7 @@ fn resolve_find_links() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1461,7 +1462,6 @@ fn resolve_find_links() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -1557,6 +1557,7 @@ fn resolve_top_level() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1603,7 +1604,6 @@ fn resolve_top_level() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -1692,6 +1692,7 @@ fn resolve_top_level() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1795,7 +1796,6 @@ fn resolve_top_level() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -1867,6 +1867,7 @@ fn resolve_top_level() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1970,7 +1971,6 @@ fn resolve_top_level() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2066,6 +2066,7 @@ fn resolve_user_configuration() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2112,7 +2113,6 @@ fn resolve_user_configuration() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2191,6 +2191,7 @@ fn resolve_user_configuration() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2237,7 +2238,6 @@ fn resolve_user_configuration() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2316,6 +2316,7 @@ fn resolve_user_configuration() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2362,7 +2363,6 @@ fn resolve_user_configuration() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2443,6 +2443,7 @@ fn resolve_user_configuration() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2489,7 +2490,6 @@ fn resolve_user_configuration() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2589,6 +2589,7 @@ fn resolve_tool() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2624,7 +2625,6 @@ fn resolve_tool() -> anyhow::Result<()> { find_links: None, index_strategy: None, keyring_provider: None, - allow_insecure_host: None, resolution: Some( LowestDirect, ), @@ -2660,7 +2660,6 @@ fn resolve_tool() -> anyhow::Result<()> { }, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], resolution: LowestDirect, prerelease: IfNecessaryOrExplicit, dependency_metadata: DependencyMetadata( @@ -2747,6 +2746,7 @@ fn resolve_poetry_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2793,7 +2793,6 @@ fn resolve_poetry_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2900,6 +2899,7 @@ fn resolve_both() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2975,7 +2975,6 @@ fn resolve_both() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3074,6 +3073,7 @@ fn resolve_config_file() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -3149,7 +3149,6 @@ fn resolve_config_file() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3322,6 +3321,7 @@ fn resolve_skip_empty() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -3368,7 +3368,6 @@ fn resolve_skip_empty() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3450,6 +3449,7 @@ fn resolve_skip_empty() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -3496,7 +3496,6 @@ fn resolve_skip_empty() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3586,6 +3585,18 @@ fn allow_insecure_host() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [ + Host { + scheme: None, + host: "google.com", + port: None, + }, + Host { + scheme: None, + host: "example.com", + port: None, + }, + ], show_settings: true, preview: Disabled, python_preference: Managed, @@ -3632,18 +3643,6 @@ fn allow_insecure_host() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [ - Host { - scheme: None, - host: "google.com", - port: None, - }, - Host { - scheme: None, - host: "example.com", - port: None, - }, - ], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3736,6 +3735,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -3841,7 +3841,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3913,6 +3912,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -4018,7 +4018,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -4096,6 +4095,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -4201,7 +4201,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -4274,6 +4273,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -4379,7 +4379,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -4459,6 +4458,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -4564,7 +4564,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -4637,6 +4636,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -4742,7 +4742,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { diff --git a/docs/reference/cli.md b/docs/reference/cli.md index 7ce2ac4d44ec0..525f3ca64bd9c 100644 --- a/docs/reference/cli.md +++ b/docs/reference/cli.md @@ -489,7 +489,16 @@ uv init [OPTIONS] [PATH]

Options

-
--app

Create a project for an application.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--app

Create a project for an application.

This is the default behavior if --lib is not requested.

@@ -3700,7 +3709,16 @@ uv tool list [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -3800,6 +3818,15 @@ uv tool uninstall [OPTIONS] ...
--all

Uninstall all tools

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -3912,7 +3939,16 @@ uv tool update-shell [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -4026,7 +4062,16 @@ uv tool dir [OPTIONS]

Options

-
--bin

Show the directory into which uv tool will install executables.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--bin

Show the directory into which uv tool will install executables.

By default, uv tool dir shows the directory into which the tool Python environments themselves are installed, rather than the directory containing the linked executables.

@@ -4228,6 +4273,15 @@ uv python list [OPTIONS]

By default, only the latest patch version is shown for each minor version.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -4358,7 +4412,16 @@ uv python install [OPTIONS] [TARGETS]...

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -4480,7 +4543,16 @@ uv python find [OPTIONS] [REQUEST]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -4611,7 +4683,16 @@ uv python pin [OPTIONS] [REQUEST]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -4733,7 +4814,16 @@ uv python dir [OPTIONS]

Options

-
--bin

Show the directory into which uv python will install Python executables.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--bin

Show the directory into which uv python will install Python executables.

Note that this directory is only used when installing Python with preview mode enabled.

@@ -4865,6 +4955,15 @@ uv python uninstall [OPTIONS] ...
--all

Uninstall all managed Python versions

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -6365,7 +6464,16 @@ uv pip freeze [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -6489,7 +6597,16 @@ uv pip list [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -6635,7 +6752,16 @@ uv pip show [OPTIONS] [PACKAGE]...

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -6759,7 +6885,16 @@ uv pip tree [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -6894,7 +7029,16 @@ uv pip check [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -7811,7 +7955,16 @@ uv cache clean [OPTIONS] [PACKAGE]...

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -7917,7 +8070,16 @@ uv cache prune [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -8037,7 +8199,16 @@ uv cache dir [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -8165,7 +8336,16 @@ uv self update [OPTIONS] [TARGET_VERSION]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -8274,7 +8454,16 @@ uv version [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -8386,7 +8575,16 @@ uv generate-shell-completion [OPTIONS]

Options

-
--directory directory

Change to the given directory prior to running the command.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--directory directory

Change to the given directory prior to running the command.

Relative paths are resolved with the given directory as the base.

@@ -8420,7 +8618,16 @@ uv help [OPTIONS] [COMMAND]...

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

diff --git a/docs/reference/settings.md b/docs/reference/settings.md index 43672ae1ebb51..d8801f5598da3 100644 --- a/docs/reference/settings.md +++ b/docs/reference/settings.md @@ -1505,39 +1505,6 @@ packages. --- -#### [`allow-insecure-host`](#pip_allow-insecure-host) {: #pip_allow-insecure-host } - - -Allow insecure connections to host. - -Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., -`localhost:8080`), or a URL (e.g., `https://localhost`). - -WARNING: Hosts included in this list will not be verified against the system's certificate -store. Only use `--allow-insecure-host` in a secure network with verified sources, as it -bypasses SSL verification and could expose you to MITM attacks. - -**Default value**: `[]` - -**Type**: `list[str]` - -**Example usage**: - -=== "pyproject.toml" - - ```toml - [tool.uv.pip] - allow-insecure-host = ["localhost:8080"] - ``` -=== "uv.toml" - - ```toml - [pip] - allow-insecure-host = ["localhost:8080"] - ``` - ---- - #### [`annotation-style`](#pip_annotation-style) {: #pip_annotation-style } diff --git a/uv.schema.json b/uv.schema.json index 15ed7a0e03af3..ecf4e8b620ced 100644 --- a/uv.schema.json +++ b/uv.schema.json @@ -745,16 +745,6 @@ "null" ] }, - "allow-insecure-host": { - "description": "Allow insecure connections to host.\n\nExpects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., `localhost:8080`), or a URL (e.g., `https://localhost`).\n\nWARNING: Hosts included in this list will not be verified against the system's certificate store. Only use `--allow-insecure-host` in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.", - "type": [ - "array", - "null" - ], - "items": { - "$ref": "#/definitions/TrustedHost" - } - }, "annotation-style": { "description": "The style of the annotation comments included in the output file, used to indicate the source of each package.", "anyOf": [