"pip search" does not return packages of other repositories than the default one

[jkpubsrc]

• Pip version: 9.0.1
• Python version: 3.5.2
• Operating system: Ubuntu Linux

Description:

I configured a local pypi repository in /etc/pip.conf using the key "extra-index-url". Installing packages work, I get the packages installed from the local repository if no default ones are found. What I don't get are search results: If I search for packages only pypi.python.org is searched.

As it turns out "index" is honored, not "extra-index-url". Not even "index-url" though the pip help page tells otherwise. It would make sense to have a consistent approach here that works across all commands. It would make sense to have clear way of configuring which servers are queried for packages in a clearly defined order, regardless of what action a user chooses, search or installation, as both actions are closely related.

What I've run:

pip3 -v search jk_console
Starting new HTTPS connection (1): pypi.python.org
"POST /pypi HTTP/1.1" 200 None
....

[xavfernandez]

pip install and pip search are two different commands that support different options just like their help page shows.

Anyway I think the plan is to move to PackageFinder which would realigne both command, cf #395.

[jkpubsrc]

Thank you for your reply.

Yes, I'm very much aware of that. Nevertheless I think there is some overlapping in functionality, that's why I'm wondering about that. And as both query the same server(s) I'm wondering about this difference in configuration. Nevertheless my main problem is that I cannot seem to search in local repositories: pip simply does not seem query them.

If pip is replaced by PackageFinder I hope that there will be a way to cleanly configure the servers to query. More research into that topic seems to indicate that there is actually a security risk: As the PyPi server has precedence that might open room for attacks if in an existing infrastructure s.o. registers a package publicly that till then has been used privately. As users have no indication by pip from where pip retrieves a package the user can not even notice that problem during pip install.

[pradyunsg]

PackageFinder is an internal class in pip that streamlines the handling of index URL scrapping internally; iiuc. @xavfernandez is referring to that.

users have no indication by pip from where pip retrieves a package the user can not even notice that problem during pip install.

This will change in the upcoming pip 10, where pip will display locations will search in, if they are not the default of just PyPI. :)

---

I'll close this issue in favour of #395 if everyone in this thread thinks that's reasonable.

[xavfernandez]

Closing in favor of #395