Menu
I want to add a package to my requirements.txt that would correspond to the command line
pip3 install foo --index-url https://foo.com/bar/baz
I appended
--index-url https://foo.com/bar/baz
foo
to the end of requirements.txt in the hope that the index-url option will affect only things that come after it. It seems to work (at least as long as I am on the VPN from which foo.com is visible).
Is this the right approach? Thanks.
315
Use the extra-index-url option to tell pip where your alternate package index lives. If your package index doesn't support SSL, you can supress warnings by identifying it as a trusted-host . The example below assumes the name of your server is pypi.mydomain.com and you're running on non-standard port 8080.
The arguments in requirements.txt are applied to all packages; the command
$ pip install -r requirements.txt
with requirements.txt being
foo
bar>1
baz==2
--flag
is effectively the same as running
$ pip install "foo" "bar>1" "baz==2" --flag
If you want to download only a selection of dependencies from your private index, use --extra-index-url instead of --index-url. This will instruct pip to download packages from PyPI if available, and resort to your private index otherwise (multiple --extra-index-urls are supported, too).
To handle the vice versa - download from private index if available, fallback to PyPI - set your private index as primary, PyPI as extra index:
--index-url=https://my.index/ --extra-index-url=https://pypi.org/simple
If you have other use cases, for example protection against package spoofing, this can't be effectively solved with pip. There are, however, index servers like devpi that can proxy download requests to PyPI and offer spoofing protection out of the box.
Edit: @Geordie explained package spoofing in his comment well.
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
