opengisch/qpip

support for --trusted-host and --index-url

axelande opened this issue · 5 comments

This seems like the plugin that I've been looking for many years! It looks really nice!

I've played around a little bit and the only issue that I have is that I can´t get the trusted-host and index-url to work

I have added some lines in the requirements.txt:

--index-url http://my_token/api/v4/projects/293/packages/pypi/simple
--trusted-host  my_gitlab
my_internal_project

Nothing happens if I have these -- lines in the requirements.txt when I try to make the installation but when I close the plugin manager I get this error:

File "", line 1, in
File "C:\Users/user/AppData/Roaming/QGIS/QGIS3\profiles\default/python/plugins\a00_qpip\plugin.py", line 122, in patched_load_plugin
self.check_deps_and_prompt_install(additional_plugins=[packageName])
File "C:\Users/user/AppData/Roaming/QGIS/QGIS3\profiles\default/python/plugins\a00_qpip\plugin.py", line 159, in check_deps_and_prompt_install
for requirement in requirements:
File "C:\OSGeo4W\apps\Python39\lib\site-packages\pkg_resources_init_.py", line 3170, in init
super(Requirement, self).init(requirement_string)
File "C:\OSGeo4W\apps\Python39\lib\site-packages\pkg_resources_vendor\packaging\requirements.py", line 37, in init
raise InvalidRequirement(str(e)) from e
pkg_resources.extern.packaging.requirements.InvalidRequirement: Expected package name at the start of dependency specifier
--index-url http://my_token/api/v4/projects/293/packages/pypi/simple
^

Hi, thank you for the feedback.

As far as I am aware, both options index-url and trusted-host are not to be specified in the requirements.txt file, but on the command line or in the pip.conf file. The second one should be relatively straightforward to set up https://pip.pypa.io/en/stable/topics/configuration/ . Can you try this?

I use the global pip.ini file which works, but for some of my colleagues with less computer experience adding a global/user pip.ini file could be complicated step so I was looking more on the site specific, I tried to add the pip.ini/pip.conf to the plugin folder but qpip does not read it, or?
Reading a plugin specific pip.conf might be a feature that we don't want to have for plugins published at qgis.plugins.org? but for inhouse plugins that is a nice feature.

Would you have the possibility to publish your plugin on a host with a working SSL configuration?
As an alternative to adding the index, you might also directly install a package with mypackage @ https://host/project/archive/v1.2.3.tar.gz.

I am sure we could come up with some smart idea how to add a trusted-host, but I wonder if the possibility to do that silently is really accurate. And I guess to get all edge cases right, this will need more than a very simple patch.

That is probably true, if the possibility to read a pip.conf in each plugin is determined to be be too complicated I'm happy to close this issue.

Is there any plans to drop the experimental flag and release it?

That is probably true, if the possibility to read a pip.conf in each plugin is determined to be be too complicated I'm happy to close this issue.

I would be relieved if we could not go this road (at least for now)

Is there any plans to drop the experimental flag and release it?

If you say that it's useful and helps in production, we are happy to make it a stable release. Next thing will be to go out and talk about it, so it gains some traction.