Introduction
I want to create a dependency from one private Python project (myproject) on another private Python project (example). Currently I'm trying to run python setup.py install and have setuptools find the example library and install it too.
Testing
I've published the dependency to a local instance of Artifactory as an egg.
I'm using pip version 19.1.1.
I'm running macOS 10.13.6.
Constructing a URL
According to the pip release notes, the following feature was added:
Allow PEP 508 URL requirements to be used as dependencies.
As a security measure, pip will raise an exception when installing packages from PyPI if those packages depend on packages not also hosted on PyPI. In the future, PyPI will block uploading packages with such external URL dependencies directly. (#4187)
I've tried adding the following to the parent project's setup.py:
install_requires=['example'],
dependency_links=['https://artifactory.company.com/api/pypi/pypi-local/simple#egg=example-0.1.0.dev27'],
Running
When running python setup.py install, I get the following output:
...
Processing dependencies for myproject==0.0.0
Searching for example
Downloading https://artifactory.company.com/api/pypi/pypi-local/simple#egg=example-0.1.0.dev27
Authenticating as me for https://artifactory.company.com/api/pypi/pypi-local/simple#egg=example-0.1.0.dev27 (from .pypirc)
error: Download error for https://artifactory.company.com/api/pypi/pypi-local/simple#egg=example-0.1.0.dev27: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)
So I am confused by [SSL: CERTIFICATE_VERIFY_FAILED]. If I run:
curl -v https://me:<token>@artifactory.company.com/api/pypi/pypi-local/simple#egg=example-0.1.0.dev27
I get the following:
...
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
...
GET /api/pypi/pypi-local/simple HTTP/1.1
> Host: artifactory.company.com
> Authorization: Basic abcxyz0d
> User-Agent: curl/7.54.0
> Accept: */*
>
>
< HTTP/1.1 302 Found
...
So it seems like SSL certification verification is working outside of setuptools.
If I go to the site specified in this output (https://artifactory.company.com/api/pypi/pypi-local/simple/#egg=example-0.1.0.dev27), I can see a hyperlink for example. If I click the hyperlink, it takes me to a list of hyperlinks of all the wheels and eggs I've published, looks like this:
...
example-0.1.0.dev26-py2-none-any.whl
example-0.1.0.dev27-py2-none-any.whl
example-0.1.0.dev27-py2.7.egg
...
And I can download these without any issue.
Question
How can I create a dependency from one private Python project (myproject) on another private Python project (example) using setuptools?
