Getting error 403 while installing package with pip

Question

getting an error while installing google app engine using pip

Collecting google_appengine
  Downloading google-appengine-1.5.1.tar.gz (897kB)
    100% |█████         


        

Answer 1

Got the error. The problem was with the repo from where pip was trying to install the package.

Answer 2

It's because PyPI has disabled non HTTPS access to APIs

https://mail.python.org/pipermail/distutils-sig/2017-October/031712.html

as workaround you can use

$ pip install xxxx -i https://pypi.python.org/simple/

Answer 3

Unfortunately none of the previous answers work for me.

IMHO it was very stupid pip / distutils chose to break packages on http repos.

I think a better choice would have been:

• pip/distutils use https by default

• in case of error, like 403, pip has to suggest you "the package repo is on http, do you want to download it?"

Still in 2020 many Python 2 packages are on http repos; with their decision, the installation of these packages is broken.

---

The working solution for me is a very simple patch of one python core modules:

--- /usr/local/lib/python2.7/urllib2.py.original
+++ /usr/local/lib/python2.7/urllib2.py
@@ -427,6 +427,9 @@
             req = meth(req)

         response = self._open(req, data)
+        if protocol == "http" and response.code == 403 :
+            if isinstance(fullurl, basestring) and fullurl.startswith("http://pypi.python.org/packages/source/d/distribute/") :
+                return    self.open(fullurl.replace("http://", "https://"), data = data, timeout = timeout)

         # post-process response
         meth_name = protocol+"_response"

Working: if the failed url is on http, retry on https.

I know it is a little ugly, but it is very clear and also you can revert to the original module in a snap (make a copy of /usr/local/lib/python2.7/urllib2.py before to apply this patch).