{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 做个烂人 的问题《How to specify pip options in PyCharm for installi》','https://www.manongdao.com/q-841433.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
To install Python packages from behind a corporate proxy, it is sometimes necessary to add options to pip, such as --proxy or --cert.
How to specify a proxy in PyCharm is explained in this question and how to add any option to the pip call is explained in this answer.
The latter would allow me to add the required --cert option. Unfortunately, this works only when installing a package manually and does not cover the case where I have a requirements.txt file and want PyCharm to automatically install the packages listed. This results in this error:
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)'),)': /simple/robotframework/
Which means that I need to add something to the underlying pip call (--cert in my case).
Question: How can I specify pip options that will be used by PyCharm for automatic installation of the packages specified in requirements.txt?
You can download the CA cert inserted by your corporate firewall and install it to pip's keystore. Below is the process I used, but I'm sure those more adept at cert formats/manipulation can improve it:
Step 1. Identify the correct keystore. If you are using a virtual environment, the location of the keystore used by pip when it is activated should be
C:\PATH\TO\VENV\Lib\site-packages\pip\_vendor\certifi\cacert.pemNOTE: Unlike most keystores that I have dealt with (mostly while trying to get JetBrains products to work behind corpo firewalls), this one is plain text. More on this in Step 3.
Step 2. Download the cert. Using Firefox (there are many ways to do this), go to the URL that precedes the error (something like https://pypi.org/simple/, or https://pypi.python.org/simple/). Click on the Lock > Show connection details > More information. On Page Info window, Click View Certificate > Details Tab. Export the top-level cert as .crt/.pem. Click back to the General tab, it may be needed in Step 3.
Step 3. Normally, you could just use a keytool command like
keytool -import -alias key-alias -file "C:\path\to\exported\key.der" -keystore "C:\Path\to\keystore\.PyCharm2018.3\system\tasks\cacerts",but when you do, you get the following keytool error: java.security.KeyStoreException: Unrecognized keystore format: null. It turns out you can just copy the plain text cert exported in Step 2 directly into the keystore.You don't need to include any header information, just from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----. However, it may be beneficial in the future if someone (you) has to look at this keystore again, so you can copy it from the General Tab mentioned above.