Enable private PyPI repositories

[stefano-m]

trafficstars

Hello, thanks for creating pypi2nix!

It would be great if pypi2nix could fetch packages from repositories other than pypi.python.org

This would be similar to what one can do with pip's --extra-index-url (using --trusted-host if needed).

At the moment one can "trick" pypi2nix by adding the options directly in requirements.txt, e.g.

--extra-index-url http://private-pypi.example.com:8082
--trusted-host private-pypi.example.com
# Private dependencies
my-private-package
# Public dependencies
jsonschema

However pypi2nix will attempt to fetch the private package's metadata from pypi.python.org only and fail.

It would be great if one could pass the URL of private repo to pypi2nix or maybe add an option to not fail if the metadata cannot be fetched.

[garbas]

@stefano-m sorry for long reply. last months have been extremely busy.

i wonder if information from where the package was downloaded is stored somewhere in metadata. If not we would need to change pip to do this.

[garbas]

I opened a question on pip regarding this pypa/pip#5024

[stefano-m]

Hi @garbas and thanks for the update.

Wouldn't it be enough to check different URLs in stage2.py? IIUC at the moment the PyPI URL is hardcoded in INDEX_URL and used.

Maybe the tool could parse the requirements.txt file for --extra-index-url (or even the pip configuration)?

[takeda]

@garbas any luck with it? I think what they suggested in PYPA would be satiable. If you would allow --index-url to overwrite location or --extra-index-url to provide additional sources and pypi2nix would check them when they can't find the package in the original place would be good enough. At least for my use.

[garbas]

@takeda i'm sorry, this is not on my priority. but if somebody needs it and wants to work on it i can offer mentoring and review.