Re: [Buildroot] [Help] Building from a private PyPi server

[Peter Korsgaard <peter@korsgaard.com>]

>>>>> "Alberto" == Alberto Fahrenkrog <Alberto.Fahrenkrog@rigtechnologies.com.au> writes:

 > Hello all,
 > In our company we have custom Python packages stored in a private PyPi
 > server. To install them we simply add the --extra-index-url in our
 > requirements.txt file when using pip.

Are you aware of the security issues with --extra-index-url?

https://github.com/pypa/pip/issues/9612

 > The packages are also available for manual download from the server,
 > however all URLs to any .tar.gz file are in the form
 > https://git.ourserver.com/packages/pypi/package-name/version-number/files/1234. This
 > leads me to the following options (I think):


 >   * Try to get Buildroot to use the private PyPi server. I had a look
 > at the "scanpypi" script and it generated the .mk and .in files for a
 > regular PyPi package, but I could not find a way to tell scanpypi to
 > use an extra url or private pypi address

scanpypi is indeed hard coded to use pypi and their JSON API
(https://pypi.org/pypi/{pkg}/json), so not trivial to use with a local
repo. Do your private server expose the same API? If so, I guess we
could add an argument to scanpypi to use a custom URI instead of
pypi.org.


 >   * Find a way, using wget, to download the package from the address
 > above. Unfortunately I've had no luck with that yet. With the command:
 > wget
 > https://ourserver.com/-/packages/pypi/package-name/version_nr/files/5525

Notice: You have an additional /-/ compared to the URL above.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot