Why does pip3 want to create a kdewallet after installing/updating packages on Ubuntu 20.04?
I recently updated my system from Ubuntu 18.04 to 20.04. Afterwards I tried to update all of my pip3 packages using the shell command mentioned here (I changed "pip" to "pip3").
After it updated a couple of packages, this prompt came up: KDE Wallet Service
Since I never saw it while updating/installing a package, I cancelled it which resulted in an instant reopening of the same prompt and the terminal showed following warning:
WARNING: Keyring is skipped due to an exception: Failed to unlock the keyring!
I pressed CTRL+C after the same happend with the next package it tried to install. Ever since when I try to install a package the same happens.
Example:
pip3 install numpy
WARNING: Keyring is skipped due to an exception: Failed to unlock the keyring!
WARNING: Keyring is skipped due to an exception: Failed to unlock the keyring!
Collecting numpy
WARNING: Keyring is skipped due to an exception: Failed to unlock the keyring!
Using cached numpy-1.19.2-cp38-cp38-manylinux2010_x86_64.whl (14.5 MB)
Installing collected packages: numpy
WARNING: The scripts f2py, f2py3 and f2py3.8 are installed in '/home/gesuchter/.local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed numpy-1.19.2
I already tried to fix my issue with reinstalling python3-pip.
Here are hopefully some helpful information:
pip3 --version
pip 20.0.2 from /usr/lib/python3/dist-packages/pip (python 3.8)
ls ~/.local/share/keyrings
default login.keyring user.keystore
find ~/.config/kwalletrc
find: ‘/home/gesuchter/.config/kwalletrc’: No such file or directory
Solution 1:
This solved it for me:
python3 -m keyring --disable
Running it adds:
[backend]
default-keyring=keyring.backends.null.Keyring
to the file ~/.config/python_keyring/keyringrc.cfg
.
Presumably PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring
mentioned at https://stackoverflow.com/a/68504137/895245 offers an environment variable way to achieve the same result.
Without this, it would show the annoying KDE keyring popup every time I try to install a package:
Google, index this:
The KDE Wallet System
The application
'/usr/lib/python3/dist-packages/pip/__main__.py'
has requested to create a new wallet named 'kdewallet'. This is used to store sensitive data in a secure fashion. Please choose the new wallet's type below or click cancel to deny the application's request.
- Classic, blowfish encrypted file
- Use GPG encryption, for better protection
Related: https://askubuntu.com/questions/1205161/annoying-kde-wallet-service-popup-the-application-kded5-has-requested-to-open
Tested on Ubuntu 21.04, Python 3.9.5, pip3 20.3.4, keyring==22.2.0.
Solution 2:
This issue was reported upstream, see https://github.com/pypa/pip/issues/8090 and the other issues linked from that thread.
tl;dr: new versions of pip too eagerly search keyrings for credentials that might be required to access some package downloads. If it ends up querying a keyring (such as kdewallet) which doesn't exist yet, the prompt you noticed shows up. It's not yet clear how exactly and in which release this will be fully fixed.
EDIT: Please note that stackoverflow is not the right place for bug reports: pip maintainers are unlikely to see this, and as far as I can tell it's also not really in scope for stackoverflow. It could be a question for another stackexchange community (superuser maybe?). But since you were already sure that this was a problem with pip, the best place for a report would have been any of the communication channels indicated in the README on https://github.com/pypa/pip