I'd like to be able to override some packages from upstream PyPI transparently for our users.
I have the following Artifactory set up:
For some specificities with my environment, I'd like to ensure that users only download package 'mypackage' from X-local.
At the moment I have included a rule to forbid the expression "**/mypackage-*" in X-remote and I publish my internal version of "mypackage" to X-local. This all works great until "mypackage" has wheels or a new version is published.
It seems that when pip goes to list all artifacts of "mypackage" in "X-virtual" it does not only finds the ones in X-local but also the ones in X-Remote. Is there any way to block that? In brief, to prevent all packages from a remote from being listed.
Adding "**/*mypackage*" to the blacklist fixed the issue. This might cause problems if you have packages like "mypackage2" but it works for my usecase.
As advised by JFrog Support