linehaul should do something with PIP_USER_AGENT_USER_DATA #226
Description
Note
I'm not asking to share any data publicly without further analysis of what's being passed in the user agent.
pip provides an environment variable to set "something" to be passed along as part of the user agent to upstream servers for inspection. This is noted in the proxy section. Available since pip 19.1
Here's a couple of examples of what that looks like when sent upstream:
$ PIP_USER_AGENT_USER_DATA="{'spam': 'eggs'}" pip install ...pip/25.1.1 {"ci":null,"cpu":"arm64","distro":{"name":"macOS","version":"15.5"},"implementation":{"name":"CPython","version":"3.13.3"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.5.0 8 Apr 2025","python":"3.13.3","rustc_version":"1.87.0","system":{"name":"Darwin","release":"24.5.0"},"user_data":"{'spam': 'eggs'}"}
There's little validation to the structure, can pass a string along:
$ PIP_USER_AGENT_USER_DATA="spam and eggs" pip install ...pip/25.1.1 {"ci":null,"cpu":"arm64","distro":{"name":"macOS","version":"15.5"},"implementation":{"name":"CPython","version":"3.13.3"},"installer":{"name":"pip","version":"25.1.1"},"openssl_version":"OpenSSL 3.5.0 8 Apr 2025","python":"3.13.3","rustc_version":"1.87.0","system":{"name":"Darwin","release":"24.5.0"},"user_data":"spam and eggs"}
At the very least, linehaul should log these lines to a storage location, similar to unprocessed files, for admin review.
The hope is that nobody's using them for anything particularly funky and that the existence of this ability could lead to other tools setting this variable to convey to PyPI "where" things are coming from beyond the normal user agent data that we get already.