Force Poetry to not use public PyPI

[zehauser]

• I have searched the issues of this repo and believe that this is not a duplicate.
• I have searched the documentation and believe that my question is not covered.

My sincere apologies is this is answered elsewhere. I tried my best to find a clear answer in the docs and Github issues but could not.

I would like to be able to ensure that all dependencies are installed from a private repository, and that will not use public PyPI is not used for any dependency resolution. In other words, I want behavior like pip install --index-url.

Basically, I want to ensure that Poetry fails with an error if I've accidentally failed to add a dependency to my private PyPI mirror.

Is this possible with Poetry currently? If not, would a feature request or PR be accepted?

[madig]

I think it's enough if you add

[[tool.poetry.source]]
name = "private-pypi"
url = "https://pypi.yourdomain.com/simple/"

to your pyproject.toml. Poetry seems to exclusively use --index-url, not --extra-index-url in this case, unless I'm missing something. In fact, searching the code here on GitHub gives me one result for --index-url and none for --extra-index-url.

[nirvana-msu]

@sdispater, I have a related, but more general request. I have to work within a firewalled environment where pypi.org is not available. Attempting to make HTTP request to it just produces a DNS errors. Instead we've got an internal PyPI mirror. While poetry install works well with [tool.poetry.source] config, many other commands always fallback to and/or exclusively use pypi.org, e.g. poetry self:update (yes, I'd like to be able to update poetry from an internal PyPI mirror), poetry search, etc, making them useless.

I would like to have an option to completely ignore the public pypi.org across all commands, either by respecting the global [repositories] config setting, or some other setting, or maybe by passing explicitly via command options (less convenient). Either I'm missing something, or there currently seems to be no way at all to use these commands in a firewalled environment.

When I first came across the [repositories] config setting, I thought it would do exactly that (only use the provided repositories across all commands) but unfortunately it's only being used for publishing.

[5long]

I'd like to chime in here:

For developers living in China, downloading packages from the canonical PyPI (strictly speaking, files.pythonhosted.org) might be pretty slow. Right now it's just 200 KB/s in my office.

Being able to download from a local mirror of PyPI could be life-changing.

[craynic]

It seems that Poetry will respect option index-url in pip.conf.
Vote for a config with poetry config to indicate a mirror.

[sdispater]

This has been added in #908. It will be available in the 1.0.0 release

[qiuwei]

It seems that Poetry will respect option index-url in pip.conf.
Vote for a config with poetry config to indicate a mirror.

Poetry still uses public PyPI to resolve the dependencies. Thus it could cause problems especially when the mirror is not synchronized.

[djbrown]

Specifying custom PyPi Url in pyproject.toml doesnt work for me neither.
Also poetry doesn't seem to recognise pip.ini.
--index-url and --extra-index-url also dont work.

---

adding default = true in pyproject.toml did it for me!
https://python-poetry.org/docs/repositories/#disabling-the-pypi-repository

[Halkcyon]

I'd like to voice that installing dependencies works without issue, but the other commands still try resolving to pypi (such as search). So I find myself falling back to using pip to search my local repos and then using poetry to add which feels.. bad.

[GigiusB]

This issue should be reopened.
adding default = true in pyproject.toml as suggested in the doc (https://python-poetry.org/docs/repositories/#disabling-the-pypi-repository ) will only apply to add but not to other commands like "search" ! (as of v1.0.10)

[Halkcyon]

ping @sdispater since this issue seems to have lost attention

[mathieucaroff]

@sdispater I believe this issue does need to be reopened

[gkedge]

@GigiusB / @mburszley: This may pertain to the BanderSnatch pypi mirror that we use: The only command that I know doesn't work behind a firewall is pip search (or, since I can't get poetry to work with my certs yet, pipenv search doesn't work either). If either of you are behind a firewall, am surpised that pip search works.

I did have to revert to 1.0.10 per #3110; comment.

[Halkcyon]

@gkedge I am able to specify the index with pip search and have it work. This same analogue does not exist for poetry.

[gkedge]

@mburszley 😮 Curious if you are familiar with the mirror vendor servicing you behind your firewall. If it's BanderSnatch, I wonder if our admins are missing a setting to support that. I attempted pip search -i https://pypi.internal to no avail.

[Halkcyon]

@gkedge No luck, I believe it's Artifactory.

[MilanAssuied]

Hi everyone,

This is still an issue in 2021.

I must cover both situations:

• Working on our computers, with no vpn connection, packages should be installed from pypi.org
• Working remotely on CI computers, with vpn connection, packages should be installed from internal pypi, and pypi.org is blocked

Nothing is working so far (even default = true, which would block my first use case)

HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url /pypi/pytest/json

Worst of all, pytest is a dev dependencie and I don't even need it on the remote computer. But it is still resolved even when using --no-dev

It's a show stopper for me until it is fixed. I will have to stay on setuptools until then.

[prncevince]

Open backup please.
Still can only can be configured on a per-project basis using something like below, which edits pyproject.toml:

poetry add source <source-name> https://your.pypi.com/simple/ --default

And doing something like below, which edits the "global" user config file (e.g. ~/.config/pypoetry/config.toml on Linux) does nothing for this:

poetry config repositories.pypi https://your.pypi.com/simple/

[djbrown]

see #1632

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.