-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Repository source precedence order issue #5959
Comments
Per https://python-poetry.org/docs/master/repositories#secondary-package-sources
I'm not sure that this is what people necessarily want: but it is the documented and expected behaviour. I think that what a lot of people expect is that: if poetry finds a package in a primary repository, then it doesn't bother to look in any secondary repositories. That wouldn't be very hard to arrange - relevant code is here - but probably trying to change it would provoke some discussion... |
I have hit this problem with s3pypi private repo. In our case when we access a non existent package in s3pypi repo, we receive 403, wich is a authentication problem. But, return 403 instead 404 can be a security measure for private repos in order to avoid bots to know which packages doesn't exist in repos. |
This is currently as designed -- see #6713 for a proposal to introduce the behavior you desire/expect. |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
I am on the latest Poetry version.
I have searched the issues of this repo and believe that this is not a duplicate.
If an exception occurs when executing a command, I executed it again in debug mode (
-vvv
option).OS version and name: Debian GNU/Linux bookworm/sid x86_64, Kernel: 5.10.0-2-amd64
Poetry version: 1.1.13, 1.1.2, 1.1.3, 1.1.4
Link of a Gist with the contents of your pyproject.toml file: https://gist.github.com/elachere/df77e06ed5b1830ff66c254919314c3d
Issue
I'm trying to install dependencies both from pypi and a private repo, here's my original
pyproject.toml
, following the official documentation:However, running
poetry install
results in poetry trying to install every requirement from the private repo, at least that's what I understand from the resulting traceback:As you can see, it seems that
poetry
is trying to installmypy
fromhttps://url/to/private_repo/mypy/
.So far I have tried to:
source
for each dependency in thepyproject.toml
file (e.g:mypy = {version = "^0.961", source = "pypi"}
): then the same thing happens with subdependenciespoetry config repositories.private https://url/to/private_repo
: does not seem to have any impactdefault
andsecondary
keys for[[tool.poetry.source]]
: nothing helpspoetry add private_package --source private
pypi
and set it asdefault
N.B: the private repo I'm trying to install from does not require any kind of authentication ( I can install from it with
pip install -i https://url/to/private_repo private_package
)Experiencing this behaviour with versions:
The text was updated successfully, but these errors were encountered: