diff --git a/crates/uv-cli/src/lib.rs b/crates/uv-cli/src/lib.rs index e9cc7b50a036..e207b811e3ef 100644 --- a/crates/uv-cli/src/lib.rs +++ b/crates/uv-cli/src/lib.rs @@ -205,6 +205,26 @@ pub struct GlobalArgs { #[arg(global = true, long, overrides_with("offline"), hide = true)] pub no_offline: bool, + /// Allow insecure connections to a host. + /// + /// Can be provided multiple times. + /// + /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., + /// `localhost:8080`), or a URL (e.g., `https://localhost`). + /// + /// WARNING: Hosts included in this list will not be verified against the system's certificate + /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it + /// bypasses SSL verification and could expose you to MITM attacks. + #[arg( + global = true, + long, + alias = "trusted-host", + env = EnvVars::UV_INSECURE_HOST, + value_delimiter = ' ', + value_parser = parse_insecure_host, + )] + pub allow_insecure_host: Option>>, + /// Whether to enable experimental, preview features. /// /// Preview features may change without warning. @@ -1768,25 +1788,6 @@ pub struct PipUninstallArgs { #[arg(long, value_enum, env = EnvVars::UV_KEYRING_PROVIDER)] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - )] - pub allow_insecure_host: Option>>, - /// Use the system Python to uninstall packages. /// /// By default, uv uninstalls from the virtual environment in the current working directory or @@ -2360,25 +2361,6 @@ pub struct VenvArgs { #[arg(long, value_enum, env = EnvVars::UV_KEYRING_PROVIDER)] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - )] - pub allow_insecure_host: Option>>, - /// Limit candidate packages to those that were uploaded prior to the given date. /// /// Accepts both RFC 3339 timestamps (e.g., `2006-12-02T02:07:43Z`) and local dates in the same @@ -4266,26 +4248,6 @@ pub struct InstallerArgs { )] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - help_heading = "Index options" - )] - pub allow_insecure_host: Option>>, - /// Settings to pass to the PEP 517 build backend, specified as `KEY=VALUE` pairs. #[arg( long, @@ -4428,26 +4390,6 @@ pub struct ResolverArgs { )] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - help_heading = "Index options" - )] - pub allow_insecure_host: Option>>, - /// The strategy to use when selecting between the different compatible versions for a given /// package requirement. /// @@ -4620,26 +4562,6 @@ pub struct ResolverInstallerArgs { )] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - help_heading = "Index options" - )] - pub allow_insecure_host: Option>>, - /// The strategy to use when selecting between the different compatible versions for a given /// package requirement. /// @@ -4842,25 +4764,6 @@ pub struct PublishArgs { #[arg(long, value_enum, env = EnvVars::UV_KEYRING_PROVIDER)] pub keyring_provider: Option, - /// Allow insecure connections to a host. - /// - /// Can be provided multiple times. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[arg( - long, - alias = "trusted-host", - env = EnvVars::UV_INSECURE_HOST, - value_delimiter = ' ', - value_parser = parse_insecure_host, - )] - pub allow_insecure_host: Option>>, - /// Check an index URL for existing files to skip duplicate uploads. /// /// This option allows retrying publishing that failed after only some, but not all files have diff --git a/crates/uv-cli/src/options.rs b/crates/uv-cli/src/options.rs index 404129793856..771585990835 100644 --- a/crates/uv-cli/src/options.rs +++ b/crates/uv-cli/src/options.rs @@ -40,7 +40,6 @@ impl From for PipOptions { upgrade_package, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, pre, @@ -58,12 +57,6 @@ impl From for PipOptions { upgrade_package: Some(upgrade_package), index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), resolution, prerelease: if pre { Some(PrereleaseMode::Allow) @@ -91,7 +84,6 @@ impl From for PipOptions { reinstall_package, index_strategy, keyring_provider, - allow_insecure_host, config_setting, no_build_isolation, build_isolation, @@ -107,12 +99,6 @@ impl From for PipOptions { reinstall_package: Some(reinstall_package), index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), config_settings: config_setting .map(|config_settings| config_settings.into_iter().collect::()), no_build_isolation: flag(no_build_isolation, build_isolation), @@ -137,7 +123,6 @@ impl From for PipOptions { reinstall_package, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, pre, @@ -159,12 +144,6 @@ impl From for PipOptions { reinstall_package: Some(reinstall_package), index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), resolution, prerelease: if pre { Some(PrereleaseMode::Allow) @@ -235,7 +214,6 @@ pub fn resolver_options( upgrade_package, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, pre, @@ -289,12 +267,6 @@ pub fn resolver_options( upgrade_package: Some(upgrade_package), index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), resolution, prerelease: if pre { Some(PrereleaseMode::Allow) @@ -331,7 +303,6 @@ pub fn resolver_installer_options( reinstall_package, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, pre, @@ -397,12 +368,6 @@ pub fn resolver_installer_options( }, index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), resolution, prerelease: if pre { Some(PrereleaseMode::Allow) diff --git a/crates/uv-settings/src/settings.rs b/crates/uv-settings/src/settings.rs index 5e0ee6051f0d..bab2d0d1c02a 100644 --- a/crates/uv-settings/src/settings.rs +++ b/crates/uv-settings/src/settings.rs @@ -246,6 +246,22 @@ pub struct GlobalOptions { "# )] pub concurrent_installs: Option, + /// Allow insecure connections to host. + /// + /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., + /// `localhost:8080`), or a URL (e.g., `https://localhost`). + /// + /// WARNING: Hosts included in this list will not be verified against the system's certificate + /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it + /// bypasses SSL verification and could expose you to MITM attacks. + #[option( + default = "[]", + value_type = "list[str]", + example = r#" + allow-insecure-host = ["localhost:8080"] + "# + )] + pub allow_insecure_host: Option>, } /// Settings relevant to all installer operations. @@ -258,7 +274,6 @@ pub struct InstallerOptions { pub find_links: Option>, pub index_strategy: Option, pub keyring_provider: Option, - pub allow_insecure_host: Option>, pub config_settings: Option, pub exclude_newer: Option, pub link_mode: Option, @@ -283,7 +298,6 @@ pub struct ResolverOptions { pub find_links: Option>, pub index_strategy: Option, pub keyring_provider: Option, - pub allow_insecure_host: Option>, pub resolution: Option, pub prerelease: Option, pub dependency_metadata: Option>, @@ -435,22 +449,6 @@ pub struct ResolverInstallerOptions { "# )] pub keyring_provider: Option, - /// Allow insecure connections to host. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[option( - default = "[]", - value_type = "list[str]", - example = r#" - allow-insecure-host = ["localhost:8080"] - "# - )] - pub allow_insecure_host: Option>, /// The strategy to use when selecting between the different compatible versions for a given /// package requirement. /// @@ -847,22 +845,6 @@ pub struct PipOptions { "# )] pub keyring_provider: Option, - /// Allow insecure connections to host. - /// - /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., - /// `localhost:8080`), or a URL (e.g., `https://localhost`). - /// - /// WARNING: Hosts included in this list will not be verified against the system's certificate - /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it - /// bypasses SSL verification and could expose you to MITM attacks. - #[option( - default = "[]", - value_type = "list[str]", - example = r#" - allow-insecure-host = ["localhost:8080"] - "# - )] - pub allow_insecure_host: Option>, /// Don't build source distributions. /// /// When enabled, resolving will not run arbitrary Python code. The cached wheels of @@ -1374,7 +1356,6 @@ impl From for ResolverOptions { find_links: value.find_links, index_strategy: value.index_strategy, keyring_provider: value.keyring_provider, - allow_insecure_host: value.allow_insecure_host, resolution: value.resolution, prerelease: value.prerelease, dependency_metadata: value.dependency_metadata, @@ -1404,7 +1385,6 @@ impl From for InstallerOptions { find_links: value.find_links, index_strategy: value.index_strategy, keyring_provider: value.keyring_provider, - allow_insecure_host: value.allow_insecure_host, config_settings: value.config_settings, exclude_newer: value.exclude_newer, link_mode: value.link_mode, @@ -1438,7 +1418,6 @@ pub struct ToolOptions { pub find_links: Option>, pub index_strategy: Option, pub keyring_provider: Option, - pub allow_insecure_host: Option>, pub resolution: Option, pub prerelease: Option, pub dependency_metadata: Option>, @@ -1465,7 +1444,6 @@ impl From for ToolOptions { find_links: value.find_links, index_strategy: value.index_strategy, keyring_provider: value.keyring_provider, - allow_insecure_host: value.allow_insecure_host, resolution: value.resolution, prerelease: value.prerelease, dependency_metadata: value.dependency_metadata, @@ -1494,7 +1472,6 @@ impl From for ResolverInstallerOptions { find_links: value.find_links, index_strategy: value.index_strategy, keyring_provider: value.keyring_provider, - allow_insecure_host: value.allow_insecure_host, resolution: value.resolution, prerelease: value.prerelease, dependency_metadata: value.dependency_metadata, @@ -1656,6 +1633,8 @@ impl From for Options { concurrent_downloads, concurrent_builds, concurrent_installs, + // Used twice for backwards compatibility + allow_insecure_host: allow_insecure_host.clone(), }, top_level: ResolverInstallerOptions { index, @@ -1665,7 +1644,6 @@ impl From for Options { find_links, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, dependency_metadata, diff --git a/crates/uv/src/commands/build_frontend.rs b/crates/uv/src/commands/build_frontend.rs index 4823fdf573f3..602c59493518 100644 --- a/crates/uv/src/commands/build_frontend.rs +++ b/crates/uv/src/commands/build_frontend.rs @@ -58,6 +58,7 @@ pub(crate) async fn build_frontend( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -80,6 +81,7 @@ pub(crate) async fn build_frontend( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -120,6 +122,7 @@ async fn build_impl( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -128,7 +131,6 @@ async fn build_impl( index_locations, index_strategy, keyring_provider, - allow_insecure_host, resolution: _, prerelease: _, dependency_metadata, @@ -144,7 +146,8 @@ async fn build_impl( let client_builder = BaseClientBuilder::default() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // Determine the source to build. let src = if let Some(src) = src { diff --git a/crates/uv/src/commands/pip/compile.rs b/crates/uv/src/commands/pip/compile.rs index b3a92a67ab00..59ba8a26b97c 100644 --- a/crates/uv/src/commands/pip/compile.rs +++ b/crates/uv/src/commands/pip/compile.rs @@ -76,7 +76,7 @@ pub(crate) async fn pip_compile( index_strategy: IndexStrategy, dependency_metadata: DependencyMetadata, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, + allow_insecure_host: &[TrustedHost], config_settings: ConfigSettings, connectivity: Connectivity, no_build_isolation: bool, @@ -110,7 +110,7 @@ pub(crate) async fn pip_compile( .connectivity(connectivity) .native_tls(native_tls) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host); + .allow_insecure_host(allow_insecure_host.to_vec()); // Read all requirements from the provided sources. let RequirementsSpecification { diff --git a/crates/uv/src/commands/pip/install.rs b/crates/uv/src/commands/pip/install.rs index 7f45f3001f99..13610f7ef98d 100644 --- a/crates/uv/src/commands/pip/install.rs +++ b/crates/uv/src/commands/pip/install.rs @@ -56,7 +56,6 @@ pub(crate) async fn pip_install( index_strategy: IndexStrategy, dependency_metadata: DependencyMetadata, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, reinstall: Reinstall, link_mode: LinkMode, compile: bool, @@ -79,6 +78,7 @@ pub(crate) async fn pip_install( prefix: Option, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: Cache, dry_run: bool, printer: Printer, @@ -89,7 +89,7 @@ pub(crate) async fn pip_install( .connectivity(connectivity) .native_tls(native_tls) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host); + .allow_insecure_host(allow_insecure_host.to_vec()); // Read all requirements from the provided sources. let RequirementsSpecification { diff --git a/crates/uv/src/commands/pip/sync.rs b/crates/uv/src/commands/pip/sync.rs index 22d73d09417b..26b8175658d0 100644 --- a/crates/uv/src/commands/pip/sync.rs +++ b/crates/uv/src/commands/pip/sync.rs @@ -48,7 +48,6 @@ pub(crate) async fn pip_sync( index_strategy: IndexStrategy, dependency_metadata: DependencyMetadata, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, allow_empty_requirements: bool, connectivity: Connectivity, config_settings: &ConfigSettings, @@ -67,6 +66,7 @@ pub(crate) async fn pip_sync( sources: SourceStrategy, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: Cache, dry_run: bool, printer: Printer, @@ -75,7 +75,7 @@ pub(crate) async fn pip_sync( .connectivity(connectivity) .native_tls(native_tls) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host); + .allow_insecure_host(allow_insecure_host.to_vec()); // Initialize a few defaults. let overrides = &[]; diff --git a/crates/uv/src/commands/pip/uninstall.rs b/crates/uv/src/commands/pip/uninstall.rs index d831eeb4a132..462bfc749c21 100644 --- a/crates/uv/src/commands/pip/uninstall.rs +++ b/crates/uv/src/commands/pip/uninstall.rs @@ -34,7 +34,7 @@ pub(crate) async fn pip_uninstall( connectivity: Connectivity, native_tls: bool, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, + allow_insecure_host: &[TrustedHost], printer: Printer, ) -> Result { let start = std::time::Instant::now(); @@ -43,7 +43,7 @@ pub(crate) async fn pip_uninstall( .connectivity(connectivity) .native_tls(native_tls) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host); + .allow_insecure_host(allow_insecure_host.to_vec()); // Read all requirements from the provided sources. let spec = RequirementsSpecification::from_simple_sources(sources, &client_builder).await?; diff --git a/crates/uv/src/commands/project/add.rs b/crates/uv/src/commands/project/add.rs index 3a5dfbf6b3d3..943d82b30bf1 100644 --- a/crates/uv/src/commands/project/add.rs +++ b/crates/uv/src/commands/project/add.rs @@ -15,6 +15,7 @@ use uv_client::{BaseClientBuilder, Connectivity, FlatIndexClient, RegistryClient use uv_configuration::{ Concurrency, Constraints, DevGroupsManifest, DevGroupsSpecification, DevMode, EditableMode, ExtrasSpecification, GroupsSpecification, InstallOptions, LowerBound, SourceStrategy, + TrustedHost, }; use uv_dispatch::BuildDispatch; use uv_distribution::DistributionDatabase; @@ -74,6 +75,7 @@ pub(crate) async fn add( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -124,7 +126,8 @@ pub(crate) async fn add( let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // If we found a script, add to the existing metadata. Otherwise, create a new inline // metadata tag. @@ -217,6 +220,7 @@ pub(crate) async fn add( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -228,7 +232,8 @@ pub(crate) async fn add( let client_builder = BaseClientBuilder::new() .connectivity(connectivity) .native_tls(native_tls) - .keyring(settings.keyring_provider); + .keyring(settings.keyring_provider) + .allow_insecure_host(allow_insecure_host.to_vec()); // Read the requirements. let RequirementsSpecification { requirements, .. } = @@ -636,6 +641,7 @@ pub(crate) async fn add( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -696,6 +702,7 @@ async fn lock_and_sync( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result<(), ProjectError> { @@ -715,6 +722,7 @@ async fn lock_and_sync( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -832,6 +840,7 @@ async fn lock_and_sync( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -895,6 +904,7 @@ async fn lock_and_sync( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/project/environment.rs b/crates/uv/src/commands/project/environment.rs index c49711576174..7a5eb8e17d72 100644 --- a/crates/uv/src/commands/project/environment.rs +++ b/crates/uv/src/commands/project/environment.rs @@ -10,7 +10,7 @@ use crate::settings::ResolverInstallerSettings; use uv_cache::{Cache, CacheBucket}; use uv_cache_key::{cache_digest, hash_digest}; use uv_client::Connectivity; -use uv_configuration::Concurrency; +use uv_configuration::{Concurrency, TrustedHost}; use uv_distribution_types::Resolution; use uv_python::{Interpreter, PythonEnvironment}; @@ -37,6 +37,7 @@ impl CachedEnvironment { connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -66,6 +67,7 @@ impl CachedEnvironment { connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -116,6 +118,7 @@ impl CachedEnvironment { connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/project/export.rs b/crates/uv/src/commands/project/export.rs index e00efc7b00b6..c03fff53b332 100644 --- a/crates/uv/src/commands/project/export.rs +++ b/crates/uv/src/commands/project/export.rs @@ -9,7 +9,7 @@ use uv_cache::Cache; use uv_client::Connectivity; use uv_configuration::{ Concurrency, DevGroupsSpecification, EditableMode, ExportFormat, ExtrasSpecification, - InstallOptions, LowerBound, + InstallOptions, LowerBound, TrustedHost, }; use uv_normalize::PackageName; use uv_python::{PythonDownloads, PythonPreference, PythonRequest}; @@ -48,6 +48,7 @@ pub(crate) async fn export( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], quiet: bool, cache: &Cache, printer: Printer, @@ -103,6 +104,7 @@ pub(crate) async fn export( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -130,6 +132,7 @@ pub(crate) async fn export( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/project/init.rs b/crates/uv/src/commands/project/init.rs index f0144b0706d1..3b3d1d1b9cf7 100644 --- a/crates/uv/src/commands/project/init.rs +++ b/crates/uv/src/commands/project/init.rs @@ -9,7 +9,9 @@ use tracing::{debug, warn}; use uv_cache::Cache; use uv_cli::AuthorFrom; use uv_client::{BaseClientBuilder, Connectivity}; -use uv_configuration::{ProjectBuildBackend, VersionControlError, VersionControlSystem}; +use uv_configuration::{ + ProjectBuildBackend, TrustedHost, VersionControlError, VersionControlSystem, +}; use uv_fs::{Simplified, CWD}; use uv_git::GIT; use uv_pep440::Version; @@ -48,6 +50,7 @@ pub(crate) async fn init( python_downloads: PythonDownloads, connectivity: Connectivity, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -71,6 +74,7 @@ pub(crate) async fn init( no_pin_python, package, native_tls, + allow_insecure_host, ) .await?; @@ -126,6 +130,7 @@ pub(crate) async fn init( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -177,6 +182,7 @@ async fn init_script( no_pin_python: bool, package: bool, native_tls: bool, + allow_insecure_host: &[TrustedHost], ) -> Result<()> { if no_workspace { warn_user_once!("`--no-workspace` is a no-op for Python scripts, which are standalone"); @@ -192,7 +198,8 @@ async fn init_script( } let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let reporter = PythonDownloadReporter::single(printer); @@ -258,6 +265,7 @@ async fn init_project( python_downloads: PythonDownloads, connectivity: Connectivity, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result<()> { @@ -307,7 +315,8 @@ async fn init_project( let reporter = PythonDownloadReporter::single(printer); let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // Add a `requires-python` field to the `pyproject.toml` and return the corresponding interpreter. let (requires_python, python_request) = if let Some(request) = python.as_deref() { diff --git a/crates/uv/src/commands/project/lock.rs b/crates/uv/src/commands/project/lock.rs index 1ca451232950..c66d36cbb1df 100644 --- a/crates/uv/src/commands/project/lock.rs +++ b/crates/uv/src/commands/project/lock.rs @@ -11,7 +11,8 @@ use tracing::debug; use uv_cache::Cache; use uv_client::{Connectivity, FlatIndexClient, RegistryClientBuilder}; use uv_configuration::{ - BuildOptions, Concurrency, Constraints, ExtrasSpecification, LowerBound, Reinstall, Upgrade, + BuildOptions, Concurrency, Constraints, ExtrasSpecification, LowerBound, Reinstall, + TrustedHost, Upgrade, }; use uv_dispatch::BuildDispatch; use uv_distribution::DistributionDatabase; @@ -82,6 +83,7 @@ pub(crate) async fn lock( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> anyhow::Result { @@ -101,6 +103,7 @@ pub(crate) async fn lock( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -130,6 +133,7 @@ pub(crate) async fn lock( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -204,6 +208,7 @@ pub(super) async fn do_safe_lock( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -233,6 +238,7 @@ pub(super) async fn do_safe_lock( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -271,6 +277,7 @@ pub(super) async fn do_safe_lock( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -300,6 +307,7 @@ async fn do_lock( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -310,7 +318,6 @@ async fn do_lock( index_locations, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, dependency_metadata, diff --git a/crates/uv/src/commands/project/mod.rs b/crates/uv/src/commands/project/mod.rs index 7e2dfdd0a3e9..99c5b2d5d9e7 100644 --- a/crates/uv/src/commands/project/mod.rs +++ b/crates/uv/src/commands/project/mod.rs @@ -9,7 +9,7 @@ use uv_cache::Cache; use uv_client::{BaseClientBuilder, Connectivity, FlatIndexClient, RegistryClientBuilder}; use uv_configuration::{ Concurrency, Constraints, DevGroupsSpecification, ExtrasSpecification, GroupsSpecification, - LowerBound, Reinstall, Upgrade, + LowerBound, Reinstall, TrustedHost, Upgrade, }; use uv_dispatch::BuildDispatch; use uv_distribution::DistributionDatabase; @@ -385,6 +385,7 @@ impl ProjectInterpreter { python_downloads: PythonDownloads, connectivity: Connectivity, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -459,7 +460,8 @@ impl ProjectInterpreter { let client_builder = BaseClientBuilder::default() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let reporter = PythonDownloadReporter::single(printer); @@ -520,6 +522,7 @@ pub(crate) async fn get_or_init_environment( python_downloads: PythonDownloads, connectivity: Connectivity, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -530,6 +533,7 @@ pub(crate) async fn get_or_init_environment( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -626,6 +630,7 @@ pub(crate) async fn resolve_names( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result, uv_requirements::Error> { @@ -650,7 +655,6 @@ pub(crate) async fn resolve_names( index_locations, index_strategy, keyring_provider, - allow_insecure_host, resolution: _, prerelease: _, dependency_metadata, @@ -680,7 +684,7 @@ pub(crate) async fn resolve_names( .index_urls(index_locations.index_urls()) .index_strategy(*index_strategy) .keyring(*keyring_provider) - .allow_insecure_host(allow_insecure_host.clone()) + .allow_insecure_host(allow_insecure_host.to_vec()) .markers(interpreter.markers()) .platform(interpreter.platform()) .build(); @@ -778,6 +782,7 @@ pub(crate) async fn resolve_environment<'a>( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -787,7 +792,6 @@ pub(crate) async fn resolve_environment<'a>( index_locations, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, dependency_metadata, @@ -953,6 +957,7 @@ pub(crate) async fn sync_environment( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> anyhow::Result { @@ -960,7 +965,6 @@ pub(crate) async fn sync_environment( index_locations, index_strategy, keyring_provider, - allow_insecure_host, dependency_metadata, config_setting, no_build_isolation, @@ -1106,6 +1110,7 @@ pub(crate) async fn update_environment( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> anyhow::Result { @@ -1115,7 +1120,6 @@ pub(crate) async fn update_environment( index_locations, index_strategy, keyring_provider, - allow_insecure_host, resolution, prerelease, dependency_metadata, @@ -1186,7 +1190,7 @@ pub(crate) async fn update_environment( .index_urls(index_locations.index_urls()) .index_strategy(*index_strategy) .keyring(*keyring_provider) - .allow_insecure_host(allow_insecure_host.clone()) + .allow_insecure_host(allow_insecure_host.to_vec()) .markers(interpreter.markers()) .platform(interpreter.platform()) .build(); diff --git a/crates/uv/src/commands/project/remove.rs b/crates/uv/src/commands/project/remove.rs index 7cbf0cf15e16..b412d5767541 100644 --- a/crates/uv/src/commands/project/remove.rs +++ b/crates/uv/src/commands/project/remove.rs @@ -7,6 +7,7 @@ use uv_cache::Cache; use uv_client::Connectivity; use uv_configuration::{ Concurrency, DevGroupsManifest, EditableMode, ExtrasSpecification, InstallOptions, LowerBound, + TrustedHost, }; use uv_fs::Simplified; use uv_normalize::DEV_DEPENDENCIES; @@ -45,6 +46,7 @@ pub(crate) async fn remove( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -190,6 +192,7 @@ pub(crate) async fn remove( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -218,6 +221,7 @@ pub(crate) async fn remove( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -262,6 +266,7 @@ pub(crate) async fn remove( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/project/run.rs b/crates/uv/src/commands/project/run.rs index e308610463ed..85602bf19940 100644 --- a/crates/uv/src/commands/project/run.rs +++ b/crates/uv/src/commands/project/run.rs @@ -18,7 +18,7 @@ use uv_cli::ExternalCommand; use uv_client::{BaseClientBuilder, Connectivity}; use uv_configuration::{ Concurrency, DevGroupsSpecification, EditableMode, ExtrasSpecification, GroupsSpecification, - InstallOptions, LowerBound, SourceStrategy, + InstallOptions, LowerBound, SourceStrategy, TrustedHost, }; use uv_distribution::LoweredRequirement; use uv_fs::which::is_executable; @@ -79,6 +79,7 @@ pub(crate) async fn run( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, env_file: Vec, @@ -205,7 +206,8 @@ pub(crate) async fn run( let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let interpreter = PythonInstallation::find_or_download( python_request.as_ref(), @@ -315,6 +317,7 @@ pub(crate) async fn run( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -523,7 +526,8 @@ pub(crate) async fn run( // base environment for the project. let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // Resolve the Python request and requirement for the workspace. let WorkspacePython { @@ -578,6 +582,7 @@ pub(crate) async fn run( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -639,6 +644,7 @@ pub(crate) async fn run( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -707,6 +713,7 @@ pub(crate) async fn run( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -722,7 +729,8 @@ pub(crate) async fn run( let interpreter = { let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // (1) Explicit request from user let python_request = if let Some(request) = python.as_deref() { @@ -784,7 +792,8 @@ pub(crate) async fn run( } else { let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let spec = RequirementsSpecification::from_simple_sources(&requirements, &client_builder).await?; @@ -834,6 +843,7 @@ pub(crate) async fn run( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -1258,6 +1268,7 @@ impl RunCommand { script: bool, connectivity: Connectivity, native_tls: bool, + allow_insecure_host: &[TrustedHost], ) -> anyhow::Result { let (target, args) = command.split(); let Some(target) = target else { @@ -1288,6 +1299,7 @@ impl RunCommand { let client = BaseClientBuilder::new() .connectivity(connectivity) .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()) .build(); let response = client.for_host(&url).get(url.clone()).send().await?; diff --git a/crates/uv/src/commands/project/sync.rs b/crates/uv/src/commands/project/sync.rs index 36f8935fd275..2fadc0db2f98 100644 --- a/crates/uv/src/commands/project/sync.rs +++ b/crates/uv/src/commands/project/sync.rs @@ -10,7 +10,7 @@ use uv_cache::Cache; use uv_client::{Connectivity, FlatIndexClient, RegistryClientBuilder}; use uv_configuration::{ Concurrency, Constraints, DevGroupsManifest, DevGroupsSpecification, EditableMode, - ExtrasSpecification, HashCheckingMode, InstallOptions, LowerBound, + ExtrasSpecification, HashCheckingMode, InstallOptions, LowerBound, TrustedHost, }; use uv_dispatch::BuildDispatch; use uv_distribution_types::{DirectorySourceDist, Dist, Index, ResolvedDist, SourceDist}; @@ -58,6 +58,7 @@ pub(crate) async fn sync( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -116,6 +117,7 @@ pub(crate) async fn sync( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -143,6 +145,7 @@ pub(crate) async fn sync( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -209,6 +212,7 @@ pub(crate) async fn sync( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -232,6 +236,7 @@ pub(super) async fn do_sync( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result<(), ProjectError> { @@ -251,7 +256,6 @@ pub(super) async fn do_sync( index_locations, index_strategy, keyring_provider, - allow_insecure_host, dependency_metadata, config_setting, no_build_isolation, diff --git a/crates/uv/src/commands/project/tree.rs b/crates/uv/src/commands/project/tree.rs index 0a9a22ff8ea4..a86f95b0518a 100644 --- a/crates/uv/src/commands/project/tree.rs +++ b/crates/uv/src/commands/project/tree.rs @@ -5,7 +5,9 @@ use anyhow::Result; use uv_cache::Cache; use uv_client::Connectivity; -use uv_configuration::{Concurrency, DevGroupsSpecification, LowerBound, TargetTriple}; +use uv_configuration::{ + Concurrency, DevGroupsSpecification, LowerBound, TargetTriple, TrustedHost, +}; use uv_pep508::PackageName; use uv_python::{PythonDownloads, PythonPreference, PythonRequest, PythonVersion}; use uv_resolver::TreeDisplay; @@ -43,6 +45,7 @@ pub(crate) async fn tree( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -70,6 +73,7 @@ pub(crate) async fn tree( python_downloads, connectivity, native_tls, + allow_insecure_host, cache, printer, ) @@ -101,6 +105,7 @@ pub(crate) async fn tree( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/publish.rs b/crates/uv/src/commands/publish.rs index c4c268cf884b..3d37a4fe5210 100644 --- a/crates/uv/src/commands/publish.rs +++ b/crates/uv/src/commands/publish.rs @@ -25,7 +25,7 @@ pub(crate) async fn publish( publish_url: Url, trusted_publishing: TrustedPublishing, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, + allow_insecure_host: &[TrustedHost], username: Option, password: Option, check_url: Option, @@ -58,7 +58,7 @@ pub(crate) async fn publish( .retries(0) .keyring(keyring_provider) .native_tls(native_tls) - .allow_insecure_host(allow_insecure_host.clone()) + .allow_insecure_host(allow_insecure_host.to_vec()) // Don't try cloning the request to make an unauthenticated request first. .auth_integration(AuthIntegration::OnlyAuthenticated) // Set a very high timeout for uploads, connections are often 10x slower on upload than @@ -82,7 +82,7 @@ pub(crate) async fn publish( .connectivity(connectivity) .index_urls(index_urls) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host.clone()); + .allow_insecure_host(allow_insecure_host.to_vec()); Some(CheckUrlClient { index_url, registry_client_builder, diff --git a/crates/uv/src/commands/python/install.rs b/crates/uv/src/commands/python/install.rs index 6e7f8902d7e7..4cc03ba562f2 100644 --- a/crates/uv/src/commands/python/install.rs +++ b/crates/uv/src/commands/python/install.rs @@ -13,6 +13,7 @@ use tracing::{debug, trace}; use uv_client::Connectivity; use uv_configuration::PreviewMode; +use uv_configuration::TrustedHost; use uv_fs::Simplified; use uv_python::downloads::{DownloadResult, ManagedPythonDownload, PythonDownloadRequest}; use uv_python::managed::{ @@ -111,6 +112,7 @@ pub(crate) async fn install( python_downloads: PythonDownloads, native_tls: bool, connectivity: Connectivity, + allow_insecure_host: &[TrustedHost], no_config: bool, preview: PreviewMode, printer: Printer, @@ -209,6 +211,7 @@ pub(crate) async fn install( let client = uv_client::BaseClientBuilder::new() .connectivity(connectivity) .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()) .build(); let reporter = PythonDownloadReporter::new(printer, downloads.len() as u64); let mut tasks = FuturesUnordered::new(); diff --git a/crates/uv/src/commands/tool/install.rs b/crates/uv/src/commands/tool/install.rs index adb6f884ef3e..c838366f13a6 100644 --- a/crates/uv/src/commands/tool/install.rs +++ b/crates/uv/src/commands/tool/install.rs @@ -7,7 +7,7 @@ use tracing::{debug, trace}; use uv_cache::{Cache, Refresh}; use uv_cache_info::Timestamp; use uv_client::{BaseClientBuilder, Connectivity}; -use uv_configuration::{Concurrency, Upgrade}; +use uv_configuration::{Concurrency, TrustedHost, Upgrade}; use uv_distribution_types::UnresolvedRequirementSpecification; use uv_normalize::PackageName; use uv_pep440::{VersionSpecifier, VersionSpecifiers}; @@ -49,12 +49,14 @@ pub(crate) async fn install( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: Cache, printer: Printer, ) -> Result { let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let reporter = PythonDownloadReporter::single(printer); @@ -79,7 +81,8 @@ pub(crate) async fn install( let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); // Parse the input requirement. let target = Target::parse(&package, from.as_deref()); @@ -111,6 +114,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -180,6 +184,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -229,6 +234,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -352,6 +358,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -377,6 +384,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -400,6 +408,7 @@ pub(crate) async fn install( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) diff --git a/crates/uv/src/commands/tool/run.rs b/crates/uv/src/commands/tool/run.rs index 1f2145a95ee6..43816a5d748c 100644 --- a/crates/uv/src/commands/tool/run.rs +++ b/crates/uv/src/commands/tool/run.rs @@ -14,7 +14,7 @@ use uv_cache::{Cache, Refresh}; use uv_cache_info::Timestamp; use uv_cli::ExternalCommand; use uv_client::{BaseClientBuilder, Connectivity}; -use uv_configuration::Concurrency; +use uv_configuration::{Concurrency, TrustedHost}; use uv_distribution_types::{Name, UnresolvedRequirementSpecification}; use uv_installer::{SatisfiesResult, SitePackages}; use uv_normalize::PackageName; @@ -77,6 +77,7 @@ pub(crate) async fn run( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: Cache, printer: Printer, ) -> anyhow::Result { @@ -118,6 +119,7 @@ pub(crate) async fn run( connectivity, concurrency, native_tls, + allow_insecure_host, &cache, printer, ) @@ -402,12 +404,14 @@ async fn get_or_create_environment( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result<(Requirement, PythonEnvironment), ProjectError> { let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let reporter = PythonDownloadReporter::single(printer); @@ -475,6 +479,7 @@ async fn get_or_create_environment( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -487,7 +492,8 @@ async fn get_or_create_environment( let spec = { let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); RequirementsSpecification::from_simple_sources(with, &client_builder).await? }; @@ -504,6 +510,7 @@ async fn get_or_create_environment( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -580,6 +587,7 @@ async fn get_or_create_environment( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/tool/upgrade.rs b/crates/uv/src/commands/tool/upgrade.rs index e575a341ef72..962da4280418 100644 --- a/crates/uv/src/commands/tool/upgrade.rs +++ b/crates/uv/src/commands/tool/upgrade.rs @@ -7,7 +7,7 @@ use tracing::debug; use uv_cache::Cache; use uv_client::{BaseClientBuilder, Connectivity}; -use uv_configuration::Concurrency; +use uv_configuration::{Concurrency, TrustedHost}; use uv_normalize::PackageName; use uv_python::{ EnvironmentPreference, Interpreter, PythonDownloads, PythonInstallation, PythonPreference, @@ -40,6 +40,7 @@ pub(crate) async fn upgrade( python_downloads: PythonDownloads, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], cache: &Cache, printer: Printer, ) -> Result { @@ -68,7 +69,8 @@ pub(crate) async fn upgrade( let reporter = PythonDownloadReporter::single(printer); let client_builder = BaseClientBuilder::new() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let python_request = python.as_deref().map(PythonRequest::parse); @@ -110,6 +112,7 @@ pub(crate) async fn upgrade( connectivity, concurrency, native_tls, + allow_insecure_host, ) .await; @@ -197,6 +200,7 @@ async fn upgrade_tool( connectivity: Connectivity, concurrency: Concurrency, native_tls: bool, + allow_insecure_host: &[TrustedHost], ) -> Result { // Ensure the tool is installed. let existing_tool_receipt = match installed_tools.get_tool_receipt(name) { @@ -268,6 +272,7 @@ async fn upgrade_tool( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -284,6 +289,7 @@ async fn upgrade_tool( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) @@ -307,6 +313,7 @@ async fn upgrade_tool( connectivity, concurrency, native_tls, + allow_insecure_host, cache, printer, ) diff --git a/crates/uv/src/commands/venv.rs b/crates/uv/src/commands/venv.rs index b1b85ee503e2..60ab7a3535f7 100644 --- a/crates/uv/src/commands/venv.rs +++ b/crates/uv/src/commands/venv.rs @@ -50,7 +50,7 @@ pub(crate) async fn venv( index_strategy: IndexStrategy, dependency_metadata: DependencyMetadata, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, + allow_insecure_host: &[TrustedHost], prompt: uv_virtualenv::Prompt, system_site_packages: bool, connectivity: Connectivity, @@ -131,7 +131,7 @@ async fn venv_impl( index_strategy: IndexStrategy, dependency_metadata: DependencyMetadata, keyring_provider: KeyringProviderType, - allow_insecure_host: Vec, + allow_insecure_host: &[TrustedHost], prompt: uv_virtualenv::Prompt, system_site_packages: bool, connectivity: Connectivity, @@ -179,7 +179,8 @@ async fn venv_impl( let client_builder = BaseClientBuilder::default() .connectivity(connectivity) - .native_tls(native_tls); + .native_tls(native_tls) + .allow_insecure_host(allow_insecure_host.to_vec()); let reporter = PythonDownloadReporter::single(printer); @@ -291,7 +292,7 @@ async fn venv_impl( .index_urls(index_locations.index_urls()) .index_strategy(index_strategy) .keyring(keyring_provider) - .allow_insecure_host(allow_insecure_host) + .allow_insecure_host(allow_insecure_host.to_vec()) .markers(interpreter.markers()) .platform(interpreter.platform()) .build(); diff --git a/crates/uv/src/lib.rs b/crates/uv/src/lib.rs index f038413b687b..170d107d24a5 100644 --- a/crates/uv/src/lib.rs +++ b/crates/uv/src/lib.rs @@ -150,6 +150,7 @@ async fn run(mut cli: Cli) -> Result { *script, settings.connectivity, settings.native_tls, + &settings.allow_insecure_host, ) .await?, ) @@ -353,7 +354,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.index_strategy, args.settings.dependency_metadata, args.settings.keyring_provider, - args.settings.allow_insecure_host, + &globals.allow_insecure_host, args.settings.config_setting, globals.connectivity, args.settings.no_build_isolation, @@ -421,7 +422,6 @@ async fn run(mut cli: Cli) -> Result { args.settings.index_strategy, args.settings.dependency_metadata, args.settings.keyring_provider, - args.settings.allow_insecure_host, args.settings.allow_empty_requirements, globals.connectivity, &args.settings.config_setting, @@ -440,6 +440,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.sources, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, cache, args.dry_run, printer, @@ -505,7 +506,6 @@ async fn run(mut cli: Cli) -> Result { args.settings.index_strategy, args.settings.dependency_metadata, args.settings.keyring_provider, - args.settings.allow_insecure_host, args.settings.reinstall, args.settings.link_mode, args.settings.compile_bytecode, @@ -528,6 +528,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.prefix, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, cache, args.dry_run, printer, @@ -565,7 +566,7 @@ async fn run(mut cli: Cli) -> Result { globals.connectivity, globals.native_tls, args.settings.keyring_provider, - args.settings.allow_insecure_host, + &globals.allow_insecure_host, printer, ) .await @@ -728,6 +729,7 @@ async fn run(mut cli: Cli) -> Result { globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -771,7 +773,7 @@ async fn run(mut cli: Cli) -> Result { args.settings.index_strategy, args.settings.dependency_metadata, args.settings.keyring_provider, - args.settings.allow_insecure_host, + &globals.allow_insecure_host, uv_virtualenv::Prompt::from_args(prompt), args.system_site_packages, globals.connectivity, @@ -900,6 +902,7 @@ async fn run(mut cli: Cli) -> Result { globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, cache, printer, ) @@ -949,6 +952,7 @@ async fn run(mut cli: Cli) -> Result { globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, cache, printer, )) @@ -992,6 +996,7 @@ async fn run(mut cli: Cli) -> Result { globals.python_downloads, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, )) @@ -1057,6 +1062,7 @@ async fn run(mut cli: Cli) -> Result { globals.python_downloads, globals.native_tls, globals.connectivity, + &globals.allow_insecure_host, cli.top_level.no_config, globals.preview, printer, @@ -1137,7 +1143,6 @@ async fn run(mut cli: Cli) -> Result { publish_url, trusted_publishing, keyring_provider, - allow_insecure_host, check_url, } = PublishSettings::resolve(args, filesystem); @@ -1146,7 +1151,7 @@ async fn run(mut cli: Cli) -> Result { publish_url, trusted_publishing, keyring_provider, - allow_insecure_host, + &globals.allow_insecure_host, username, password, check_url, @@ -1251,6 +1256,7 @@ async fn run_project( globals.python_downloads, globals.connectivity, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -1308,6 +1314,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, args.env_file, @@ -1345,6 +1352,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -1373,6 +1381,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -1424,6 +1433,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, )) @@ -1464,6 +1474,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -1497,6 +1508,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, &cache, printer, ) @@ -1531,6 +1543,7 @@ async fn run_project( globals.connectivity, globals.concurrency, globals.native_tls, + &globals.allow_insecure_host, globals.quiet, &cache, printer, diff --git a/crates/uv/src/settings.rs b/crates/uv/src/settings.rs index cb3116da9b60..31c83d40480b 100644 --- a/crates/uv/src/settings.rs +++ b/crates/uv/src/settings.rs @@ -55,6 +55,7 @@ pub(crate) struct GlobalSettings { pub(crate) native_tls: bool, pub(crate) concurrency: Concurrency, pub(crate) connectivity: Connectivity, + pub(crate) allow_insecure_host: Vec, pub(crate) show_settings: bool, pub(crate) preview: PreviewMode, pub(crate) python_preference: PythonPreference, @@ -65,12 +66,6 @@ pub(crate) struct GlobalSettings { impl GlobalSettings { /// Resolve the [`GlobalSettings`] from the CLI and filesystem configuration. pub(crate) fn resolve(args: &GlobalArgs, workspace: Option<&FilesystemOptions>) -> Self { - let preview = PreviewMode::from( - flag(args.preview, args.no_preview) - .combine(workspace.and_then(|workspace| workspace.globals.preview)) - .unwrap_or(false), - ); - Self { quiet: args.quiet, verbose: args.verbose, @@ -120,8 +115,29 @@ impl GlobalSettings { } else { Connectivity::Online }, + allow_insecure_host: args + .allow_insecure_host + .as_ref() + .map(|allow_insecure_host| { + allow_insecure_host + .iter() + .filter_map(|value| value.clone().into_option()) + }) + .into_iter() + .flatten() + .chain( + workspace + .and_then(|workspace| workspace.globals.allow_insecure_host.clone()) + .into_iter() + .flatten(), + ) + .collect(), show_settings: args.show_settings, - preview, + preview: PreviewMode::from( + flag(args.preview, args.no_preview) + .combine(workspace.and_then(|workspace| workspace.globals.preview)) + .unwrap_or(false), + ), python_preference: args .python_preference .combine(workspace.and_then(|workspace| workspace.globals.python_preference)) @@ -1579,7 +1595,6 @@ impl PipUninstallSettings { requirement, python, keyring_provider, - allow_insecure_host, system, no_system, break_system_packages, @@ -1600,12 +1615,6 @@ impl PipUninstallSettings { target, prefix, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), ..PipOptions::default() }, filesystem, @@ -1904,7 +1913,6 @@ impl VenvSettings { index_args, index_strategy, keyring_provider, - allow_insecure_host, exclude_newer, no_project, link_mode, @@ -1925,12 +1933,6 @@ impl VenvSettings { system: flag(system, no_system), index_strategy, keyring_provider, - allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }), exclude_newer, link_mode, ..PipOptions::from(index_args) @@ -1950,7 +1952,6 @@ pub(crate) struct InstallerSettingsRef<'a> { pub(crate) index_locations: &'a IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: &'a [TrustedHost], pub(crate) dependency_metadata: &'a DependencyMetadata, pub(crate) config_setting: &'a ConfigSettings, pub(crate) no_build_isolation: bool, @@ -1973,7 +1974,6 @@ pub(crate) struct ResolverSettings { pub(crate) index_locations: IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: Vec, pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) dependency_metadata: DependencyMetadata, @@ -1992,7 +1992,6 @@ pub(crate) struct ResolverSettingsRef<'a> { pub(crate) index_locations: &'a IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: &'a [TrustedHost], pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) dependency_metadata: &'a DependencyMetadata, @@ -2024,7 +2023,6 @@ impl ResolverSettings { index_locations: &self.index_locations, index_strategy: self.index_strategy, keyring_provider: self.keyring_provider, - allow_insecure_host: &self.allow_insecure_host, resolution: self.resolution, prerelease: self.prerelease, dependency_metadata: &self.dependency_metadata, @@ -2066,7 +2064,6 @@ impl From for ResolverSettings { ), index_strategy: value.index_strategy.unwrap_or_default(), keyring_provider: value.keyring_provider.unwrap_or_default(), - allow_insecure_host: value.allow_insecure_host.unwrap_or_default(), config_setting: value.config_settings.unwrap_or_default(), no_build_isolation: value.no_build_isolation.unwrap_or_default(), no_build_isolation_package: value.no_build_isolation_package.unwrap_or_default(), @@ -2095,7 +2092,6 @@ pub(crate) struct ResolverInstallerSettingsRef<'a> { pub(crate) index_locations: &'a IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: &'a [TrustedHost], pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) dependency_metadata: &'a DependencyMetadata, @@ -2122,7 +2118,6 @@ pub(crate) struct ResolverInstallerSettings { pub(crate) index_locations: IndexLocations, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: Vec, pub(crate) resolution: ResolutionMode, pub(crate) prerelease: PrereleaseMode, pub(crate) dependency_metadata: DependencyMetadata, @@ -2159,7 +2154,6 @@ impl ResolverInstallerSettings { index_locations: &self.index_locations, index_strategy: self.index_strategy, keyring_provider: self.keyring_provider, - allow_insecure_host: &self.allow_insecure_host, resolution: self.resolution, prerelease: self.prerelease, dependency_metadata: &self.dependency_metadata, @@ -2203,7 +2197,6 @@ impl From for ResolverInstallerSettings { ), index_strategy: value.index_strategy.unwrap_or_default(), keyring_provider: value.keyring_provider.unwrap_or_default(), - allow_insecure_host: value.allow_insecure_host.unwrap_or_default(), config_setting: value.config_settings.unwrap_or_default(), no_build_isolation: value.no_build_isolation.unwrap_or_default(), no_build_isolation_package: value.no_build_isolation_package.unwrap_or_default(), @@ -2248,7 +2241,6 @@ pub(crate) struct PipSettings { pub(crate) prefix: Option, pub(crate) index_strategy: IndexStrategy, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: Vec, pub(crate) no_build_isolation: bool, pub(crate) no_build_isolation_package: Vec, pub(crate) build_options: BuildOptions, @@ -2305,7 +2297,6 @@ impl PipSettings { find_links, index_strategy, keyring_provider, - allow_insecure_host, no_build, no_binary, only_binary, @@ -2357,7 +2348,6 @@ impl PipSettings { find_links: top_level_find_links, index_strategy: top_level_index_strategy, keyring_provider: top_level_keyring_provider, - allow_insecure_host: top_level_allow_insecure_host, resolution: top_level_resolution, prerelease: top_level_prerelease, dependency_metadata: top_level_dependency_metadata, @@ -2389,7 +2379,6 @@ impl PipSettings { let find_links = find_links.combine(top_level_find_links); let index_strategy = index_strategy.combine(top_level_index_strategy); let keyring_provider = keyring_provider.combine(top_level_keyring_provider); - let allow_insecure_host = allow_insecure_host.combine(top_level_allow_insecure_host); let resolution = resolution.combine(top_level_resolution); let prerelease = prerelease.combine(top_level_prerelease); let dependency_metadata = dependency_metadata.combine(top_level_dependency_metadata); @@ -2465,10 +2454,6 @@ impl PipSettings { .keyring_provider .combine(keyring_provider) .unwrap_or_default(), - allow_insecure_host: args - .allow_insecure_host - .combine(allow_insecure_host) - .unwrap_or_default(), generate_hashes: args .generate_hashes .combine(generate_hashes) @@ -2582,7 +2567,6 @@ impl<'a> From> for ResolverSettingsRef<'a> { index_locations: settings.index_locations, index_strategy: settings.index_strategy, keyring_provider: settings.keyring_provider, - allow_insecure_host: settings.allow_insecure_host, resolution: settings.resolution, prerelease: settings.prerelease, dependency_metadata: settings.dependency_metadata, @@ -2604,7 +2588,6 @@ impl<'a> From> for InstallerSettingsRef<'a> { index_locations: settings.index_locations, index_strategy: settings.index_strategy, keyring_provider: settings.keyring_provider, - allow_insecure_host: settings.allow_insecure_host, dependency_metadata: settings.dependency_metadata, config_setting: settings.config_setting, no_build_isolation: settings.no_build_isolation, @@ -2632,7 +2615,6 @@ pub(crate) struct PublishSettings { pub(crate) publish_url: Url, pub(crate) trusted_publishing: TrustedPublishing, pub(crate) keyring_provider: KeyringProviderType, - pub(crate) allow_insecure_host: Vec, pub(crate) check_url: Option, } @@ -2650,9 +2632,7 @@ impl PublishSettings { trusted_publishing, } = publish; let ResolverInstallerOptions { - keyring_provider, - allow_insecure_host, - .. + keyring_provider, .. } = top_level; // Tokens are encoded in the same way as username/password @@ -2677,16 +2657,6 @@ impl PublishSettings { .keyring_provider .combine(keyring_provider) .unwrap_or_default(), - allow_insecure_host: args - .allow_insecure_host - .map(|allow_insecure_host| { - allow_insecure_host - .into_iter() - .filter_map(Maybe::into_option) - .collect() - }) - .combine(allow_insecure_host) - .unwrap_or_default(), check_url: args.check_url, } } diff --git a/crates/uv/tests/it/help.rs b/crates/uv/tests/it/help.rs index faf837a7a358..57e954abf201 100644 --- a/crates/uv/tests/it/help.rs +++ b/crates/uv/tests/it/help.rs @@ -47,22 +47,33 @@ fn help() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help ` for more information on a specific command. @@ -116,22 +127,33 @@ fn help_flag() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help` for more details. @@ -184,22 +206,33 @@ fn help_short_flag() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help` for more details. @@ -342,6 +375,20 @@ fn help_subcommand() { When disabled, uv will only use locally cached data and locally available files. + --allow-insecure-host + Allow insecure connections to a host. + + Can be provided multiple times. + + Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., + `localhost:8080`), or a URL (e.g., `https://localhost`). + + WARNING: Hosts included in this list will not be verified against the system's certificate + store. Only use `--allow-insecure-host` in a secure network with verified sources, as it + bypasses SSL verification and could expose you to MITM attacks. + + [env: UV_INSECURE_HOST=] + --no-progress Hide all progress outputs. @@ -518,6 +565,20 @@ fn help_subsubcommand() { When disabled, uv will only use locally cached data and locally available files. + --allow-insecure-host + Allow insecure connections to a host. + + Can be provided multiple times. + + Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., + `localhost:8080`), or a URL (e.g., `https://localhost`). + + WARNING: Hosts included in this list will not be verified against the system's certificate + store. Only use `--allow-insecure-host` in a secure network with verified sources, as it + bypasses SSL verification and could expose you to MITM attacks. + + [env: UV_INSECURE_HOST=] + --no-progress Hide all progress outputs. @@ -606,22 +667,33 @@ fn help_flag_subcommand() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help python` for more details. @@ -660,22 +732,33 @@ fn help_flag_subsubcommand() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version ----- stderr ----- "###); @@ -806,22 +889,33 @@ fn help_with_global_option() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help ` for more information on a specific command. @@ -911,22 +1005,33 @@ fn help_with_no_pager() { Disable automatic downloads of Python. [env: "UV_PYTHON_DOWNLOADS=never"] Global options: - -q, --quiet Do not print any output - -v, --verbose... Use verbose output - --color Control colors in output [default: auto] [possible values: auto, - always, never] - --native-tls Whether to load TLS certificates from the platform's native - certificate store [env: UV_NATIVE_TLS=] - --offline Disable network access - --no-progress Hide all progress outputs [env: UV_NO_PROGRESS=] - --directory Change to the given directory prior to running the command - --project Run the command within the given project directory - --config-file The path to a `uv.toml` file to use for configuration [env: - UV_CONFIG_FILE=] - --no-config Avoid discovering configuration files (`pyproject.toml`, - `uv.toml`) [env: UV_NO_CONFIG=] - -h, --help Display the concise help for this command - -V, --version Display the uv version + -q, --quiet + Do not print any output + -v, --verbose... + Use verbose output + --color + Control colors in output [default: auto] [possible values: auto, always, never] + --native-tls + Whether to load TLS certificates from the platform's native certificate store [env: + UV_NATIVE_TLS=] + --offline + Disable network access + --allow-insecure-host + Allow insecure connections to a host [env: UV_INSECURE_HOST=] + --no-progress + Hide all progress outputs [env: UV_NO_PROGRESS=] + --directory + Change to the given directory prior to running the command + --project + Run the command within the given project directory + --config-file + The path to a `uv.toml` file to use for configuration [env: UV_CONFIG_FILE=] + --no-config + Avoid discovering configuration files (`pyproject.toml`, `uv.toml`) [env: UV_NO_CONFIG=] + -h, --help + Display the concise help for this command + -V, --version + Display the uv version Use `uv help ` for more information on a specific command. diff --git a/crates/uv/tests/it/show_settings.rs b/crates/uv/tests/it/show_settings.rs index 4275db0ac491..a435be824d4e 100644 --- a/crates/uv/tests/it/show_settings.rs +++ b/crates/uv/tests/it/show_settings.rs @@ -54,6 +54,7 @@ fn resolve_uv_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -129,7 +130,6 @@ fn resolve_uv_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -201,6 +201,7 @@ fn resolve_uv_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -276,7 +277,6 @@ fn resolve_uv_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -349,6 +349,7 @@ fn resolve_uv_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -424,7 +425,6 @@ fn resolve_uv_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -529,6 +529,7 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -604,7 +605,6 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -678,6 +678,7 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -724,7 +725,6 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -807,6 +807,7 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -882,7 +883,6 @@ fn resolve_pyproject_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -979,6 +979,7 @@ fn resolve_index_url() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1082,7 +1083,6 @@ fn resolve_index_url() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -1156,6 +1156,7 @@ fn resolve_index_url() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1289,7 +1290,6 @@ fn resolve_index_url() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -1386,6 +1386,7 @@ fn resolve_find_links() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1461,7 +1462,6 @@ fn resolve_find_links() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -1557,6 +1557,7 @@ fn resolve_top_level() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1603,7 +1604,6 @@ fn resolve_top_level() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -1692,6 +1692,7 @@ fn resolve_top_level() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1795,7 +1796,6 @@ fn resolve_top_level() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -1867,6 +1867,7 @@ fn resolve_top_level() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -1970,7 +1971,6 @@ fn resolve_top_level() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2066,6 +2066,7 @@ fn resolve_user_configuration() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2112,7 +2113,6 @@ fn resolve_user_configuration() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2191,6 +2191,7 @@ fn resolve_user_configuration() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2237,7 +2238,6 @@ fn resolve_user_configuration() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2316,6 +2316,7 @@ fn resolve_user_configuration() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2362,7 +2363,6 @@ fn resolve_user_configuration() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2443,6 +2443,7 @@ fn resolve_user_configuration() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2489,7 +2490,6 @@ fn resolve_user_configuration() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2589,6 +2589,7 @@ fn resolve_tool() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2624,7 +2625,6 @@ fn resolve_tool() -> anyhow::Result<()> { find_links: None, index_strategy: None, keyring_provider: None, - allow_insecure_host: None, resolution: Some( LowestDirect, ), @@ -2660,7 +2660,6 @@ fn resolve_tool() -> anyhow::Result<()> { }, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], resolution: LowestDirect, prerelease: IfNecessaryOrExplicit, dependency_metadata: DependencyMetadata( @@ -2747,6 +2746,7 @@ fn resolve_poetry_toml() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2793,7 +2793,6 @@ fn resolve_poetry_toml() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -2900,6 +2899,7 @@ fn resolve_both() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -2975,7 +2975,6 @@ fn resolve_both() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3074,6 +3073,7 @@ fn resolve_config_file() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -3149,7 +3149,6 @@ fn resolve_config_file() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3322,6 +3321,7 @@ fn resolve_skip_empty() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -3368,7 +3368,6 @@ fn resolve_skip_empty() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3450,6 +3449,7 @@ fn resolve_skip_empty() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -3496,7 +3496,6 @@ fn resolve_skip_empty() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3586,6 +3585,18 @@ fn allow_insecure_host() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [ + Host { + scheme: None, + host: "google.com", + port: None, + }, + Host { + scheme: None, + host: "example.com", + port: None, + }, + ], show_settings: true, preview: Disabled, python_preference: Managed, @@ -3632,18 +3643,6 @@ fn allow_insecure_host() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [ - Host { - scheme: None, - host: "google.com", - port: None, - }, - Host { - scheme: None, - host: "example.com", - port: None, - }, - ], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3736,6 +3735,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -3841,7 +3841,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -3913,6 +3912,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -4018,7 +4018,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -4096,6 +4095,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -4201,7 +4201,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -4274,6 +4273,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -4379,7 +4379,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -4459,6 +4458,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -4564,7 +4564,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { @@ -4637,6 +4636,7 @@ fn index_priority() -> anyhow::Result<()> { installs: 8, }, connectivity: Online, + allow_insecure_host: [], show_settings: true, preview: Disabled, python_preference: Managed, @@ -4742,7 +4742,6 @@ fn index_priority() -> anyhow::Result<()> { prefix: None, index_strategy: FirstIndex, keyring_provider: Disabled, - allow_insecure_host: [], no_build_isolation: false, no_build_isolation_package: [], build_options: BuildOptions { diff --git a/docs/reference/cli.md b/docs/reference/cli.md index cac93c92030f..4308395201ba 100644 --- a/docs/reference/cli.md +++ b/docs/reference/cli.md @@ -485,7 +485,16 @@ uv init [OPTIONS] [PATH]

Options

-
--app

Create a project for an application.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--app

Create a project for an application.

This is the default behavior if --lib is not requested.

@@ -3696,7 +3705,16 @@ uv tool list [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -3796,6 +3814,15 @@ uv tool uninstall [OPTIONS] ...
--all

Uninstall all tools

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -3908,7 +3935,16 @@ uv tool update-shell [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -4022,7 +4058,16 @@ uv tool dir [OPTIONS]

Options

-
--bin

Show the directory into which uv tool will install executables.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--bin

Show the directory into which uv tool will install executables.

By default, uv tool dir shows the directory into which the tool Python environments themselves are installed, rather than the directory containing the linked executables.

@@ -4224,6 +4269,15 @@ uv python list [OPTIONS]

By default, only the latest patch version is shown for each minor version.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -4354,7 +4408,16 @@ uv python install [OPTIONS] [TARGETS]...

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -4476,7 +4539,16 @@ uv python find [OPTIONS] [REQUEST]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -4607,7 +4679,16 @@ uv python pin [OPTIONS] [REQUEST]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -4729,7 +4810,16 @@ uv python dir [OPTIONS]

Options

-
--bin

Show the directory into which uv python will install Python executables.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--bin

Show the directory into which uv python will install Python executables.

Note that this directory is only used when installing Python with preview mode enabled.

@@ -4861,6 +4951,15 @@ uv python uninstall [OPTIONS] ...
--all

Uninstall all managed Python versions

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -6361,7 +6460,16 @@ uv pip freeze [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -6485,7 +6593,16 @@ uv pip list [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -6631,7 +6748,16 @@ uv pip show [OPTIONS] [PACKAGE]...

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -6755,7 +6881,16 @@ uv pip tree [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -6890,7 +7025,16 @@ uv pip check [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -7807,7 +7951,16 @@ uv cache clean [OPTIONS] [PACKAGE]...

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -7913,7 +8066,16 @@ uv cache prune [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -8033,7 +8195,16 @@ uv cache dir [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -8161,7 +8332,16 @@ uv self update [OPTIONS] [TARGET_VERSION]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -8270,7 +8450,16 @@ uv version [OPTIONS]

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

@@ -8382,7 +8571,16 @@ uv generate-shell-completion [OPTIONS]

Options

-
--directory directory

Change to the given directory prior to running the command.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--directory directory

Change to the given directory prior to running the command.

Relative paths are resolved with the given directory as the base.

@@ -8416,7 +8614,16 @@ uv help [OPTIONS] [COMMAND]...

Options

-
--cache-dir cache-dir

Path to the cache directory.

+
--allow-insecure-host allow-insecure-host

Allow insecure connections to a host.

+ +

Can be provided multiple times.

+ +

Expects to receive either a hostname (e.g., localhost), a host-port pair (e.g., localhost:8080), or a URL (e.g., https://localhost).

+ +

WARNING: Hosts included in this list will not be verified against the system’s certificate store. Only use --allow-insecure-host in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.

+ +

May also be set with the UV_INSECURE_HOST environment variable.

+
--cache-dir cache-dir

Path to the cache directory.

Defaults to $XDG_CACHE_HOME/uv or $HOME/.cache/uv on macOS and Linux, and %LOCALAPPDATA%\uv\cache on Windows.

diff --git a/docs/reference/settings.md b/docs/reference/settings.md index 43672ae1ebb5..d8801f5598da 100644 --- a/docs/reference/settings.md +++ b/docs/reference/settings.md @@ -1505,39 +1505,6 @@ packages. --- -#### [`allow-insecure-host`](#pip_allow-insecure-host) {: #pip_allow-insecure-host } - - -Allow insecure connections to host. - -Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., -`localhost:8080`), or a URL (e.g., `https://localhost`). - -WARNING: Hosts included in this list will not be verified against the system's certificate -store. Only use `--allow-insecure-host` in a secure network with verified sources, as it -bypasses SSL verification and could expose you to MITM attacks. - -**Default value**: `[]` - -**Type**: `list[str]` - -**Example usage**: - -=== "pyproject.toml" - - ```toml - [tool.uv.pip] - allow-insecure-host = ["localhost:8080"] - ``` -=== "uv.toml" - - ```toml - [pip] - allow-insecure-host = ["localhost:8080"] - ``` - ---- - #### [`annotation-style`](#pip_annotation-style) {: #pip_annotation-style } diff --git a/uv.schema.json b/uv.schema.json index 15ed7a0e03af..ecf4e8b620ce 100644 --- a/uv.schema.json +++ b/uv.schema.json @@ -745,16 +745,6 @@ "null" ] }, - "allow-insecure-host": { - "description": "Allow insecure connections to host.\n\nExpects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g., `localhost:8080`), or a URL (e.g., `https://localhost`).\n\nWARNING: Hosts included in this list will not be verified against the system's certificate store. Only use `--allow-insecure-host` in a secure network with verified sources, as it bypasses SSL verification and could expose you to MITM attacks.", - "type": [ - "array", - "null" - ], - "items": { - "$ref": "#/definitions/TrustedHost" - } - }, "annotation-style": { "description": "The style of the annotation comments included in the output file, used to indicate the source of each package.", "anyOf": [