"devpi-constrained: an index for devpi-server that provides a constrained list of packages from it's bases"
Project description
devpi-constrained: releases filter for devpi-server
This plugin adds a constrained index to devpi-server. The constrained index is read-only and filters releases from its bases similar to Constraints Files in pip.
Installation
devpi-constrained needs to be installed alongside devpi-server to enable constrained indexes.
You can install it with:
pip install devpi-constrained
There is no configuration needed as devpi-server will automatically discover the plugin through calling hooks using the setuptools entry points mechanism.
Motivation
It is often useful to filter Python packages available for installation. For example:
Filter package versions with known security issues
Provide a “Known Good Set” of packages which have been tested
Prevent installation of packages with incompatible licenses
Only allowing vetted packages
Block package versions with breaking changes
With devpi-constrained it is possible to provide a package index which enables all of the above and more.
Usage
Create a constrained index with root/pypi as base:
$ devpi index -c prod/devpi type=constrained bases=root/pypi
https://example.com/prod/devpi:
type=constrained
bases=root/pypi
volatile=True
acl_upload=root
acl_toxresult_upload=:ANONYMOUS:
constraints=
mirror_whitelist=
$ devpi use prod/devpi
With no constraints set, all releases are available from root/pypi.
Lets add a constraint for pip:
$ devpi index constraints+="pip==6.0"
/prod/devpi constraints+=pip==6.0
https://example.com/prod/devpi?no_projects=:
type=constrained
bases=root/pypi
volatile=True
acl_upload=root
acl_toxresult_upload=:ANONYMOUS:
constraints=pip==6.0
mirror_whitelist=
Now only pip 6.0 will be listed when looking for releases of pip:
$ devpi list --all pip
http://localhost:3141/root/pypi/+f/610/3897f1bb68d3f/pip-6.0.tar.gz
http://localhost:3141/root/pypi/+f/5ec/6732505bd8be4/pip-6.0-py2.py3-none-any.whl
All other packages are still unconstrained.
To block everything else we add the * constraint:
$ devpi index constraints+="*"
/prod/devpi constraints+=*
https://example.com/prod/devpi?no_projects=:
type=constrained
bases=root/pypi
volatile=True
acl_upload=root
acl_toxresult_upload=:ANONYMOUS:
constraints=pip==6.0,*
mirror_whitelist=
This is the difference to pip constraints, where this isn’t possible.
$ devpi list --all devpi-server
GET https://example.com/prod/devpi/devpi-server/
404 Not Found: no project 'devpi-server'
The constraints option can be set in bulk from a file. Create a file constraints.txt with each constraint in one line:
pip<8,>4 # a comment devpi-server>=4
Set the constraints option on your index from the file:
$ devpi index constraints="$(cat constraints.txt)"
Changelog
2.0.1 - 2023-03-18
Fix filtering of simple links page. [EvaSDK (Gilles Dartiguelongue)]
2.0.0 - 2023-02-21
Remove support for Python <= 3.6.
Add testing for Python 3.8, 3.9, 3.10, 3.11 and PyPy-3.7.
Require devpi-server >= 6.2.0.
1.0.0 - 2019-08-05
Initial release. [fschulze (Florian Schulze)]
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file devpi-constrained-2.0.1.tar.gz
.
File metadata
- Download URL: devpi-constrained-2.0.1.tar.gz
- Upload date:
- Size: 9.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: devpi-server/6.6.0 (py3.8.6; darwin)
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 58c07c1615b1576e5cea66dca8e2c6eb9e28c59021ba74492f5abf642b286f1e |
|
MD5 | 74fd6ca74f45d137bc02fb348383eb94 |
|
BLAKE2b-256 | bd2a0828959cf510866e2a21a5d41c5ee0e1eea1cac592c8291ea3ca4d80a631 |
File details
Details for the file devpi_constrained-2.0.1-py3-none-any.whl
.
File metadata
- Download URL: devpi_constrained-2.0.1-py3-none-any.whl
- Upload date:
- Size: 5.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: devpi-server/6.6.0 (py3.8.6; darwin)
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | a9d0cb4105f802d9f7634cfffc544e74b41aa69e0aa5c1bed106a5831c25f755 |
|
MD5 | 477ae321be320452afad0f77e7f25f1b |
|
BLAKE2b-256 | 0428d4307eedaf7864e3ebb24758a58d830ae6095fa968dbb8560901ce1503ee |