From 62a3bc3a1f33625527cbc039531cfe8b42916d91 Mon Sep 17 00:00:00 2001 From: Joseph Hunkeler Date: Mon, 21 Oct 2024 11:46:27 -0400 Subject: Fix pip_index_provides * Always quote the incoming spec to avoid accidental shell redirection * Never use the local cache. We're checking a remote source, so it matters greatly where pip is looking for the package --- src/lib/core/conda.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/core/conda.c b/src/lib/core/conda.c index 35caf02..c77a132 100644 --- a/src/lib/core/conda.c +++ b/src/lib/core/conda.c @@ -109,7 +109,7 @@ int pip_index_provides(const char *index_url, const char *spec) { strcpy(proc.f_stdout, logfile); // Do an installation in dry-run mode to see if the package exists in the given index. - snprintf(cmd, sizeof(cmd) - 1, "python -m pip install --dry-run --no-deps --index-url=%s %s", index_url, spec_local); + snprintf(cmd, sizeof(cmd) - 1, "python -m pip install --dry-run --no-cache --no-deps --index-url=%s '%s'", index_url, spec_local); status = shell(&proc, cmd); // Print errors only when shell() itself throws one -- cgit