Able to install `private-hello` package

Question

Able to install `private-hello` package

Viibrant opened this issue 4 months ago · 2 comments

So this project looks amazing, I'm still reeling at the fact GitHub does not support python packages so this is great.

I saw the example on https://astariul.github.io/github-hosted-pypi/, specifically private-hello. I'm not sure if I'm missing something but I'm able to install the package:

➜  ~ pip install private-hello  
Defaulting to user installation because normal site-packages is not writeable
Collecting private-hello
  Using cached private_hello-0.0.0-py3-none-any.whl (1.8 kB)
Installing collected packages: private-hello
Successfully installed private-hello-0.0.0
➜  ~ cat ~/.local/lib/python3.10/site-packages/private-hello/__init__.py 
───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: ~/.local/lib/python3.10/site-packages/private-hello/__init__.py
───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ def is_odd(x: float):
   2   │     """Function checking if a number is odd.
   3   │ 
   4   │     Args:
   5   │         x (float): Number to check.
   6   │ 
   7   │     Returns:
   8   │         bool: True if the number is odd, False otherwise.
   9   │     """
  10   │     return x % 2 == 1
───────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Very odd to me, as I thought privacy was a big selling point. Installing it with --extra-index-url:

➜  ~ pip install private-hello --extra-index-url https://astariul.github.io/github-hosted-pypi/
Defaulting to user installation because normal site-packages is not writeable
Looking in indexes: https://pypi.org/simple, https://astariul.github.io/github-hosted-pypi/
Collecting private-hello
  Cloning https://github.com/astariul/private-hello (to revision v0.4.5) to /tmp/pip-install-45q83zkv/private-hello_126b382e74d64dbcb39971f87d93e14c
  Running command git clone --filter=blob:none --quiet https://github.com/astariul/private-hello /tmp/pip-install-45q83zkv/private-hello_126b382e74d64dbcb39971f87d93e14c
  remote: Repository not found.
  fatal: repository 'https://github.com/astariul/private-hello/' not found
  error: subprocess-exited-with-error
  
  × git clone --filter=blob:none --quiet https://github.com/astariul/private-hello /tmp/pip-install-45q83zkv/private-hello_126b382e74d64dbcb39971f87d93e14c did not run successfully.
  │ exit code: 128
  ╰─> See above for output.
  
  note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error

× git clone --filter=blob:none --quiet https://github.com/astariul/private-hello /tmp/pip-install-45q83zkv/private-hello_126b382e74d64dbcb39971f87d93e14c did not run successfully.
│ exit code: 128
╰─> See above for output.

note: This error originates from a subprocess, and is likely not a problem with pip.

Upon inspection this command failing makes complete sense as that repository is private.

What is going on here? Is there more in the repository that I cannot see and I am installing an entirely separate package? Would love for this to work!!!

Answer 1 · 2024-08-04T23:36:39.000Z

Thanks for the kind words @Viibrant 🤗

So actually, I have registered a package private-hello on PyPi (link) with a dummy content and a dummy version (0.0.0), just to keep this example working (if I didn't register it, other people might have registered it with a higher version, and pip install with --extra-index-url wouldn't work anymore).

When you run pip install without --extra-index-url, pip just checks the public PyPi, find the latest version of private-hello (which is 0.0.0), and installs it. That's why you can see the content of the package. (disclaimer : the actual content of private-hello is different, this dummy content is from my template repository).

When you run pip install with --extra-index-url, pip will check both the public PyPi and the private one, hosted on Github. private-hello has a higher version on the private one, so it will attempt to download the package from there. Since it's private, it will fail with the error you saw (as you pointed out, it's normal, because it's private).

If you want to be convinced that this work as expected, go ahead and create a private package with a unique name, that isn't registered on PyPi.

With this, pip install with --extra-index-url should work fine (unless you don't have the access right to the private repository), and pip install without --extra-index-url will just fail, because no package with this name is registered 👍

Let me know if it clarifies things !

Answer 2 · 2024-08-07T23:35:48.000Z

Nice! That definitely clears it up.

Really cool project you've built here, am definitely using this!