Skip to main content

devpi-server: reliable private and pypi.python.org caching server

Project description

devpi-server: pypi server for caching and private indexes

consistent robust pypi-cache

You can point pip or easy_install to the root/pypi/+simple/ index, serving as a self-updating transparent cache for pypi-hosted and external packages. Cache-invalidation uses the latest and greatest PyPI protocols. The cache index continues to serve when offline and will resume cache-updates once network is available.

user specific indexes

Each user (which can represent a person or a project, team) can have multiple indexes and upload packages and docs via standard setup.py invocations command. Users and indexes can be manipulated through a RESTful HTTP API.

index inheritance

Each index can be configured to merge in other indexes so that it serves both its uploads and all releases from other index(es). For example, an index using root/pypi as a parent is a good place to test out a release candidate before you push it to PyPI.

good defaults and easy deployment

Get started easily and create a permanent devpi-server deployment including pre-configured templates for nginx and cron.

separate tool for Packaging/Testing activities

The complimentary devpi-client tool helps to manage users, indexes, logins and typical setup.py-based upload and installation workflows.

See http://doc.devpi.net for getting started and documentation.

Changelog

4.2.0 (2016-12-14)

SECURITY NOTE:

Before devpi-server 4.2.0 passwords were hashed with a very weak algorithm. It’s strongly recommended to change any passwords created before 4.2.0 after upgrading! The password salt and hashes are exposed via the /+changelog URL used for replication. If you use replication you should use client side certificates or https with basic authentication to secure /+changelog.

UPGRADE NOTE:

Starting with devpi-server 4.2.0 the replication protocol is disabled by default to prevent accidental information leaks, like password hashes. To enable the replication protocol, you have to use --role master when starting the master devpi-server instance.

  • fix issue378: the replication protocol is now disabled by default.

  • fix push to PyPI by skipping failing “register” step and adding additional fields in POST data on “file_upload”.

  • fix issue372: correctly set isolation_level for sqlite3 connections. This also fixes Python 3.6 compatibility.

  • fix issue334: The event handler for the simple page cache failed when an index was deleted and a new replica tried to run the event hooks.

  • fix issue314: Fetch external file on replica from original source if master is down.

  • fix issue363: Replace weak password hashing with argon2 using passlib. Existing logins will be migrated on login.

  • fix issue377: Add new --init option required to initialize a server directory. This prevents accidental use of wrong or empty --serverdir.

  • fix issue285: require waitress >= 1.0.1 to enable IPv6 support.

4.1.1 (2016-10-14)

  • when a project has no releases (only setup.py register ran) and it isn’t whitelisted, then upstream releases will now be blocked as expected.

  • Adjust event processing status messages and the times when they are shown: After 5 minutes of no event processing there will be a warning. After 30 minutes this will turn into a fatal status. After 1 hour of not being in sync there will be a warning. After 6 hours of desync the status turns fatal.

  • handle sqlite3.NotSupportedError when the installed sqlite doesn’t support URI filenames at all.

4.1.0 (2016-07-15)

  • Try opening read only transactions in SQLite read only mode for better concurrency/locking behaviour. This is officially supported with Python 3.4, but many systems allow it implicitly in older Python versions.

  • fix issue353: If an index inherits from a mirror with an empty cache and the mirror is returning errors, there would be an error returned by devpi. Now this situation is treated like the mirror has no releases and just the releases from the index are returned.

  • fix issue352: When there was an issue during commit or rollback, the thread local info got into an inconsistent state. This caused an AttributeError whenever that thread was used. Eventually this could exhaust all worker threads and make devpi unresponsive.

  • fix issue354: allow more general agent versions, such as ‘Python-urllib/3.5’ to appear before the installer user agent string so redirects for setuptools versions which had that work.

  • fix issue214: change the order in which indices are searched to fix the mirror whitelisting and also make sure that packages, if available, are always installed from internal indices instead of root/pypi.

4.0.0 (2016-05-12)

  • require devpi-common 3.0.0 which changes the normalization of project names.

  • allow import of exported data from devpi-server 3.1.2 with inconsistently normalized project names.

3.1.2 (2016-05-12)

  • fix issue336: the mirror_whitelist setting got lost on import.

  • allow export if a package with dotted name was uploaded while devpi-common 2.0.9 was installed. The resulting export will only be importable with devpi-server 4.x. It will fail to import in 3.x with a MissingRegistration error.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

devpi-server-4.2.0.tar.gz (160.3 kB view details)

Uploaded Source

Built Distribution

devpi_server-4.2.0-py2.py3-none-any.whl (172.8 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file devpi-server-4.2.0.tar.gz.

File metadata

File hashes

Hashes for devpi-server-4.2.0.tar.gz
Algorithm Hash digest
SHA256 bfdc5811b468dcfb08177780ea84ff58c31cc54bc28d8698befd8d989d13062a
MD5 867c3cd9a7424a5fd3321a464df63018
BLAKE2b-256 d4a147b9846f184e006f762c9ac273fca07b5ae59abf39d3ce5fd7dd116249f0

See more details on using hashes here.

File details

Details for the file devpi_server-4.2.0-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for devpi_server-4.2.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 cd5b74b2fa85b96d484dc45034e17392e7255d8648f2d653a23b8d53f9af18a4
MD5 a737531a0cb01af7f9230c40944e13f1
BLAKE2b-256 e569d7575fa0732e1bb1668f89bade4958901f30b70a3f3147432291703c9ccc

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page