Bug description
On Windows, when pip-audit creates the virtual environment a permission error occurs. This is caused under the hood by a known bug in Python itself. However, there is a way to work around it (see the end of this issue report).
During the pip-audit process a virtual environment is created in a temporary folder. A temporary file created in this temp folder loses its permissions on Windows when it is closed (this doesn't happen in Unix). The pip install process opens and closes one or two temporary files several times during the installation process, and thus, permissions on the temp file are lost and Windows throws an error.
Reproduction steps
On windows for any python package:
Expected behavior
Create virtual environment for auditing.
Screenshots and logs
The error message
ERROR:pip_audit._virtual_env:internal pip failure: ERROR: Could not open requirements file: [Errno 13] Permission denied: 'C:\\Users\\Manrho\\AppData\\Local\\Temp\\82\\tmpnmkebs43'
ERROR:pip_audit._cli: Failed to install packages: ['C:\\Users\\Manrho\\AppData\\Local\\Temp\\82\\tmp855pujcg\\Scripts''python.exe', ' -m', ' pip', ' install', ' --dry-run', '--report', 'C:\\Users\\Manrho\\AppData\\Local\\Temp\\82\\tmpm_c5v3cp', '-r', 'C:\\Users\\Manrho\\AppData\\Local\\Temp\\82\\tmpnmkebs43']
Platform information
- OS name and version: Windows Server 2019
pip-audit version (pip-audit -V): 2.6.0- Python version (
python -V or python3 -V): 3.9.17
pip version (pip -V or pip3 -V): 23.1.2
Additional context
An easy fix is to replace NamedTemporaryFile() to NamedTemporaryFile(delete=False) in the files _virtual_env.py and pip_audit/_dependency_source. However, this defeats the purpose of using NamedTemporaryFile as manual cleanup is needed.
The way to fix this is to avoid using the NamedTemporaryFile() context manager altogether.
Bug description
On Windows, when
pip-auditcreates the virtual environment a permission error occurs. This is caused under the hood by a known bug in Python itself. However, there is a way to work around it (see the end of this issue report).During the pip-audit process a virtual environment is created in a temporary folder. A temporary file created in this temp folder loses its permissions on Windows when it is closed (this doesn't happen in Unix). The pip install process opens and closes one or two temporary files several times during the installation process, and thus, permissions on the temp file are lost and Windows throws an error.
Reproduction steps
On windows for any python package:
Expected behavior
Create virtual environment for auditing.
Screenshots and logs
The error message
Platform information
pip-auditversion (pip-audit -V): 2.6.0python -Vorpython3 -V): 3.9.17pipversion (pip -Vorpip3 -V): 23.1.2Additional context
An easy fix is to replace
NamedTemporaryFile()toNamedTemporaryFile(delete=False)in the files_virtual_env.pyandpip_audit/_dependency_source. However, this defeats the purpose of using NamedTemporaryFile as manual cleanup is needed.The way to fix this is to avoid using the
NamedTemporaryFile()context manager altogether.