How to use pip 1.5 (on Python) to install and later upgrade externally hosted package repositories?

3
votes

Let us take the example of https://pypi.python.org/pypi/py-dom-xpath. In this case the package repository is hosted in http://code.google.com/p/py-dom-xpath/.

I am using Python 2.7 on Windows 7.

pip install py-dom-xpath

Downloading/unpacking py-dom-xpath
  Could not find any downloads that satisfy the requirement py-dom-xpath
  Some externally hosted files were ignored (use --allow-external py-dom-xpath to allow).
Cleaning up...
No distributions at all found for py-dom-xpath
Storing debug log for failure in C:\Users\insrkum\pip\pip.log

pip install --allow-external py-dom-xpath

You must give at least one requirement to install (see "pip help install")

pip install --allow-all-external py-dom-xpath

Downloading/unpacking py-dom-xpath
  Could not find any downloads that satisfy the requirement py-dom-xpath
  Some insecure and unverifiable files were ignored (use --allow-unverified py-dom-xpath to allow).
Cleaning up...
No distributions at all found for py-dom-xpath
Storing debug log for failure in C:\Users\insrkum\pip\pip.log

I attempted use --index-url option without any success. What works is the following command

pip install http://py-dom-xpath.googlecode.com/files/py-dom-xpath-0.1.tar.gz

This is not the best way to install externally hosted package repositories. I am interested to use --allow-external or --allow-all-external. I also want to learn how to use --upgrade option with externally hosted package repositories.

2
pythonpython-2.7pip

2 Answers

1
votes

Pip 1.5 is safe : you need --allow-external to download externally hosted packages and --allow-unverified to download from "http" sites.

You can do it with

pip install --allow-all-external --allow-unverified py-dom-xpath py-dom-xpath

and

pip install --allow-all-external --allow-unverified py-dom-xpath py-dom-xpath --upgrade
0
votes

Both --allow-unverified and --allow-external take package name as an argument.

From pip help install:
--allow-external <package>   Allow the installation of a package even if it
                             is externally hosted
--allow-unverified <package> Allow the installation of a package even if it 
                             is hosted in an insecure and unverifiable way
  • --allow-external requires an argument (name of th external to allow).
  • Same goes for --allow-unverified too .
  • With pip install --allow-external pyodbc, you are allowing the external called pyodbc

  • pip install --allow-external pyodbc pydodbc is what you need, first pyodbc allows that external, second one actually tells pip which package to install.

    From pip help install: --allow-external Allow the installation of a package even if it is externally hosted --allow-unverified Allow the installation of a package even if it is hosted in an insecure and unverifiable way

So your usage should be

pip install <pkg> --allow-unverified <pkg> --allow-external <pkg>

or the little confusing:

pip install --allow-unverified <pkg> --allow-external <pkg> <pkg>

DO NOT use --allow-all-external when you just want to allow one and not ALL. It kills the whole purpose of putting in the security check.