Pip behind a corporate firewall

The tldr is:

  1. Pip 23.3 or newer "just works" after you add a simple snippet to your config file.
    ; %AppData%\pip\pip.ini
    ; "${XDG_HOME-$HOME/.config}/pip/pip.ini"
    use-feature = 
  2. However, said snippet will break older versions of pip.
    • In particular, pip < 23.3, >= 22.2 will break, complaining that you need to install the "truststore" package before you can install any packages—a perfect "catch 22".
  3. As of the last time I checked (CPython 3.12.1), ensurepip, which is what's used to bootstrap virtual environments) installs one of these broken versions of pip.
    • If you create your venvs with PyPA's "virtualenv" (specifically virtualenv >= 20.24.6) rather than venv, you will get a version of pip that works.
      • If you're using PyPA's "build" tool, it will automatically switch to using virtualenv if available, which means your "isolated" builds will work behind a corporate firewall.

Leave a Reply

Your email address will not be published. Required fields are marked *

Warning: This site uses Akismet to filter spam. Until or unless I can find a suitable replacement anti-spam solution, this means that (per their indemnification document) all commenters' IP addresses will be sent to Automattic, Inc., who may choose to share such with 3rd parties.
If this is unacceptable to you, I highly recommend using an anonymous proxy or public Wi-Fi connection when commenting.