Replacing the URL of a source (e.g. PyPI) at the global level

[JacobHenner]

• [X] I have searched the issues of this repo and believe that this is not a duplicate.
• [X] I have searched the documentation and believe that my question is not covered.

Feature Request

Similar to one of the proposals in https://github.com/sdispater/poetry/issues/1070 (which was recently marked stale), Poetry should allow the user to override the default repository URL (PyPI). The user should be able to do this without modifying pyproject.toml.

In certain environments (e.g. corporate networks) PyPI is unavailable, but a mirror exists. These users should be able to specify the address of the mirror without modifying project files, as the mirror settings are irrelevant to contributors in different environments. Similarly, if a mirror user adds a dependency, the generated lock file should not list the user's mirror as the source. The source should remain the default (which in most cases would refer to standard PyPI).

This feature exists in pipenv, see https://github.com/pypa/pipenv/issues/2075 (where the need for this functionality is described in greater detail) and https://github.com/pypa/pipenv/pull/2281.

[mfriedenhagen]

Well, at least I would suggest/document that configuration should be a bit structured ;-)

[JacobHenner]

Right @neersighted, maybe adding the configuration to $USER_CONFIGDIR/pypoetry/config.toml would be better. Is there already a concept of namespacing in the file? E.g. something like

@mfriedenhagen I've adopted a similar scheme starting with version 0.2.0 of the plugin.

[SadPencil]

When I run poetry install I found the following warning:

Setting `experimental.new-installer` to false is deprecated and slated for removal in an upcoming minor release.
(Despite of the setting's name the new installer is not experimental!)

Please don't deprecate this setting before this issue is solved by having a direct PyPI repo setting. Currently, using pip is the fastest way to workaround this issue. Almost all Chinese developers suffer from this issue.

[jpz]

It's disappointing the policy of not respecting pip.conf settings has been decided. For reasons of orthogonality, poetry install and pip -m venv create .... ; ./myenv/activate; .... pip install xxxx; should work the same.

I work in a corporate environment with our repo access to pypi intermediated by an artifactory repository, with different SSL keys. All of these config things are solved for us - SSL, and custom pypi servers. Having to configure poetry as a special case, on top of configuring Python/pip, it does not help adoption, it creates a barrier to ubiquitous adoption.

[waketzheng]

I've published poetry-plugin-pypi-mirror, a plugin that allows pypi.org to be replaced by a mirror specified in an environment variable. It's available on PyPI. Hopefully others will find this useful.

The plugin satisfies the original subject of this issue (Allow user to override PyPI URL without modifying pyproject.toml), but it does not satisfy the current subject as it's not intended to handle replacement of arbitrary sources at the global level.

Worked for me, thanks~

For who want to install the plugin with a custom pypi mirror, command can be:

python -c "mirror_url='http://mirrors.tencent.com/pypi/simple';from poetry.locations import CONFIG_DIR;import os;cmd='cd {}&&poetry source remove pypi-mirror&&poetry source add --priority=default pypi-mirror {}'.format(CONFIG_DIR,mirror_url);os.system(cmd)"
# For poetry < 1.5 change `--priority=default`  to be `--default`
poetry self add poetry-plugin-pypi-mirror

[fabienval]

Any update on this? Developing with poetry in corporate environment is harder than with pdm ...

[vlcinsky]

To me, this and many other poetry issues are resolved sufficiently. By switching to pdm.

No more endless discussions on proposing needed features which are not finally implemented.

[noelmcloughlin]

The industry is increasingly blocking pypi due to cyberecurity supply chain attacks (like this) and regulatory laws. This issue is not niche, everyone needs this in poetry. Cyber security want enforceable global configuration (not per project).

[JacobHenner]

The industry is increasingly blocking pypi due to cyberecurity supply chain attacks (like this) and regulatory laws. This issue is not niche, everyone needs this in poetry. Cyber security want enforceable global configuration (not per project).

Is https://github.com/arcesium/poetry-plugin-pypi-mirror insufficient for your concerns?

[lxohi]

The industry is increasingly blocking pypi due to cyberecurity supply chain attacks (like this) and regulatory laws. This issue is not niche, everyone needs this in poetry. Cyber security want enforceable global configuration (not per project).

Is https://github.com/arcesium/poetry-plugin-pypi-mirror insufficient for your concerns?

This works soooo good. Thank you so much for literally saves the day!