6

I'd like to be able to override some packages from upstream PyPI transparently for our users.

I have the following Artifactory set up:

  • Local repository X-local
  • Remote repository X-remote (pointing to PyPI)
  • Virtual repository X-virtual

For some specificities with my environment, I'd like to ensure that users only download package 'mypackage' from X-local.

At the moment I have included a rule to forbid the expression "**/mypackage-*" in X-remote and I publish my internal version of "mypackage" to X-local. This all works great until "mypackage" has wheels or a new version is published.

It seems that when pip goes to list all artifacts of "mypackage" in "X-virtual" it does not only finds the ones in X-local but also the ones in X-Remote. Is there any way to block that? In brief, to prevent all packages from a remote from being listed.

Mario Corchero
  • 5,257
  • 5
  • 33
  • 59
  • If you wish to prevent 'all packages from a remote from being listed' for your users why don't you just remove their permissions on that 'X-Remote' repository? By doing that they will not be able to cache anything or even to search for anything that is not in the local repository. – Ariel Jul 18 '17 at 09:49
  • I want to block all versions and platform for a single package. Not all packages – Mario Corchero Jul 18 '17 at 16:59

1 Answers1

0

Adding "**/*mypackage*" to the blacklist fixed the issue. This might cause problems if you have packages like "mypackage2" but it works for my usecase.

As advised by JFrog Support

Mario Corchero
  • 5,257
  • 5
  • 33
  • 59