tool.poetry.source url is not used by Poetry when it calls pip commands

[ckarrasalithya]

• Poetry version: 1.3.2

• Python version: 3.8.10

• OS version and name: Tested under Windows 10 22H2 OS Build 19045.2486 and Debian 11 and Ubuntu 20.04

• pyproject.toml: https://gist.github.com/ckarrasalithya/70d5c391797dcecbc9e36e6ee0faaa47

• I am on the latest stable Poetry version, installed using a recommended method.

• I have searched the issues of this repo and believe that this is not a duplicate.

• I have consulted the FAQ and blog for any relevant entries or release notes.

• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option) and have included the output below.

Issue

We're using a private repo instead of pypi.org and are running in an environment where pypi.org is not accessible. All our pyproject.toml files have a tool.poetry.source section with a url and default=true. Most packages can be installed successfully by Poetry with this configuration, however some packages, as part of their installation, try to download other packages. In our case we have aioodbc and roundrobin that try to download setuptools.

This attempt to download setuptools fails, and after investigation, we found that pip was trying to download setuptools from pypi.org instead of our private repo. This issue used to be hidden because we also had, in ~/.pip/pip.conf the private repo's URL:

[global]
index-url = "https://private/repo/url/simple"

However, since the release of Poetry 1.3.0, this change #6531 causes the ~/.pip/pip.conf file to be ignored, by passing the --isolated argument to pip commands. I think this fix makes the incorrect assumption that the user's pip.conf is always "wrong", and based in the code changes for 6531, it seems there's no way to revert to the "non-isolated" behavior.

Steps to reproduce

• Use my sample pyproject.toml and modify it to use some private repo https://gist.github.com/ckarrasalithya/70d5c391797dcecbc9e36e6ee0faaa47. The private repo should have a copy of the two librairies I used to reproduce the issue: aioodbc and roundrobin
• To ensure any attempts to connect to pypi.org are blocked, modify your computer's host file to resolve pypi.org to 127.0.0.1
• Run poetry install -vvv in the folder that contains the pyproject.toml
• This log will show a command similar to virtual\env\path\Scripts\python.exe -m pip install -use-pep517 --disable-pip-version-check *--isolated* --no-input --prefix ... --no-deps path\aiiodbc-0.3.3.tar.gz and it will show that the command failed after retrying multiple time an HTTPSConnection attempt on /simple/setuptools/ (the server name is not shown in the error message)
• To find the server name, copy the command and add --verbose to it, then run it in the same terminal where poetry install was run
• This will show the same errors when trying to download setuptools, but will also show full command: virtual\env\path\Scripts\python.exe -m pip install -use-pep517 --disable-pip-version-check *--isolated* --no-input --prefix ... --no-deps path\aiiodbc-0.3.3.tar.gz -i **https://pypi.org/simple**
• If I revert to a Poetry version older than 1.3.0, it would instead show, the pip command won't have the --isolated parameter, and will have specified -i https://private/repo/url/simple:
  full command: virtual\env\path\Scripts\python.exe -m pip install -use-pep517 --disable-pip-version-check --no-input --prefix ... --no-deps path\aiiodbc-0.3.3.tar.gz -i **https://private/repo/url/simple**
• Revert modifications to your computer's hostfile to unblock pypi.org

Workaround

As a root/admin user, run:

pip config set global.index-url https://private/repo/url/simple --global

However, this assumes the private repo URL is the same for all projects so it might not be an appropriate workaround for everyone. It also requires root/admin access.

Suggested solution

So I think the solution would be either:

• When calling pip, poetry should add arguments (--index-url, --extra-index-url, etc) based on the tool.poetry.source section
• Or new configurations should be added to pyproject.toml for that purpose, if using tool.poetry.source is not appropriate

[neersighted]

Duplicate #3249, should be fixed soon as we're looking to stop using pip here.

[haohetao]

I'm have a same problem,poetry install is failed.

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.