Closed
Description
Originally reported by: lrowe (Bitbucket: lrowe, GitHub: lrowe)
I like to restrict installation to pypi, but sometimes I need to use a particular tag tarball from a personal fork of a package. Currently that requires adding "github.com" to allow-hosts, which is far too broad.
It looks like this could be achieved by populating a set of always allowed urls in add_find_links which would be okayed by url_ok regardless of the configured allowed hosts (as 'file' scheme urls are.)
(I'm using buildout, but digging into the code it looks like the underlying issue is from setuptools.)
Activity
ghost commentedon Jan 7, 2014
Original comment by mgedmin (Bitbucket: mgedmin, GitHub: mgedmin):
Can you clarify if you're talking about --find-links on the easy_install command line/find-links= in buildout.cfg, or about setup(find_links=...), or both?
I use allow-hosts specifically to disable random setup.py files arbitrarily specifying other package sources with find_links. (I don't see any other reason for even having allow-hosts.)
Now --find-links on the command line or in buildout.cfg, I don't think I would mind those overriding allow-hosts.
ghost commentedon Jan 7, 2014
Original comment by lrowe (Bitbucket: lrowe, GitHub: lrowe):
Only easy-install's --find-links and buildout's find-links, not the project level find_links.
abravalheri commentedon Jan 4, 2022
Hello, I suppose we can close this issue now that
easy_installand the direct usage ofpython setup.py installhave been deprecated and widely replace by other installation means, such aspypa/pip.If anyone would like to reopen this issue, please feel free to write a new comment with more information or other use cases that we might be missing 😄.
Merge pull request #133 from mgorny/build_dir-cache_tag