poetry: Dependency resolution problem with non-pypi repository
Version: Poetry 0.12.10
I have a private PyPI server for company internal packages. Something in poetry seems to get confused when that private package has public dependencies. Specifically this case:
private-package
depends on public-package
which itself has further (public) dependencies.
poetry add private-package
poetry add public-package
fails with[PackageNotFound]: Package [<private-package>] not found.
However poetry add
works for public packages not depended on by private-package
and also works for public packages which have no dependencies on their own, even if depended on by private-package
.
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 1
- Comments: 20 (11 by maintainers)
I’ve actually thought about a good reason not to use
--extra-index-url
. Say you have a private packageprivpkg
on your private repo. If someone now uploadsprivpkg
to the public repo, using--extra-index-url
would pull that in.Maybe a better solution would be something like:
Though this raises the question how private and public dependencies of
privpkg
are handled, I guess the lockfile could take care of that?Is there a way to make private repositories behave like
--extra-index-url
rather than--index-url
(in pip)? Ideally I’d like poetry to try pypi.org first, then fall back to the company pypi.Any update on this. I just spend quite some time on migrating the whole project to poetry and now i am stuck at this point.
@sdispater After some debugging, I figured out the issue. It mostly on my end. The URL I used to specify my index is the same as I use for my pip configuration (pip.conf). However, it does not carry the
/+simple
path that poetry needed. Apparently, native pip adds that on automatically when it is contacting an index, but poetry needed it expicitly.Once I ammended my pyproject.toml file accordingly, it worked great.
Thanks again for the great tool!
working pyproject.toml:
Any news on this? Is there a good argument not to use
--extra-index-url
rather than--index-url
?Here’s the
-vvvvv
log (company-pypi
is a private pypi server,private-package
depends onaiohttp
):