Hey folks I m doing a write up of how | PyPA | Page 1

earnest shadow Jul 24, 2022, 1:05 AM

#

My thought on how to do this would be using --trusted-host and provide hashes for pip 22.2 and truststore 0.4.0?

turbid rain Jul 24, 2022, 1:11 AM

#

Make a get-pip on https

#

And a get-truststore

#

You'd have to make a version of https://bootstrap.pypa.io/get-pip.py with an embedded truststore whl that you add to the path and use with zipimporter

#

If you somehow get trustore into this pip.zip then the PIP_USE_FEATURE flags should just work for installing pip wheel and setuptools, you should only then need to copy the code for optionally installing setuptools with inverted logic

https://github.com/pypa/get-pip/blob/main/templates/default.py#L127

GitHub

get-pip/default.py at main · pypa/get-pip

Helper scripts to install pip, in a Python installation that doesn't have it. - get-pip/default.py at main · pypa/get-pip

earnest shadow Jul 24, 2022, 2:34 AM

#

That seems like a lot more work than using a hash with disabling TLS. Also I'd have to maintain something

#Hey folks I m doing a write up of how