Specifying --extra-index-url in setup.cfg option dependencies

Hello,

I have a dependency that requires --extra-index-url URL flag to work with rest of my project. I have following lines in my setup.cfg:

[options]
zip_safe = False
packages = find:
python_requires = >=3.9
include_package_data = True
install_requires =

then my dependencies with their names in PyPI and the desired versions of them. I am having hard time to find a way to specify this --extra-index-url flag with setup.cfg. I found some related answers on stackoverflow (pip - Using an extra python package index url with setup.py - Stack Overflow) but also learned that easy_install is deprecated. I want to make this work with pip and PyPI. I learned I can specify such index-url in pip.conf yet pip.conf files are not project specific apparently and would require me to ship pip.conf file separately to my users. I just want to keep providing the smooth experience of doing pip install yourpackage to my users while bringing the correct dependency from correct index-url.

How can I achieve the desired behavior with setup.cfg and pip?
Any tips/comments/feedback appreciated.
Thank you.

This is explicitly not supported due to security reasons. If a package is allowed to inject arbitrary package sources, it would be impossible for PyPI and package users to reliably audit dependencies. It is possible to achieve an equivalent goal via direct reference specifications (specified in PEP 508), but a dependency using this specification cannot be uploaded to PyPI for the same reasons, and must be hosted externally.

2 Likes

Thank you for prompt answer @uranusjr ! That make sense. I will try to reach the developers of my dependency and see if they can upload with a different version name to PyPI so that might be a viable solution.