Skip to main content

A cheeseshop clone (PyPI server) written in pyramid

Project description


Getting Started

Pyshop is a private packaging repository for python.

The aim is to split private projets in distinct private package and keep a clean and working, by declaring all dependancies, exactly has public package from PyPI.

Pyshop also mirror package from PyPI safety (using ssl and checking certificate).

Pyshop use clear and simple ACL to manage privilleges:

  • an installer group that can only download release file
  • a developer group that can download/upload release file and browse the website and
  • an admin group that have developer privilleges and accounts management.

So, every users, including “pip” must authenticated by login and password.


$ virtualenv pyshop
$ cd pyshop
(pyshop)$ source bin/activate
(pyshop)$ pip install pyshop
(pyshop)$ cp pyshop.sample.ini pyshop.ini
(pyshop)$ vim pyshop.ini  # change the pyshop.cookie_key setting
(pyshop)$ pyshop_install pyshop.ini
(pyshop)$ pserve pyshop.ini start --log-file=pyshop.log

You shoud edit the pyshop.ini file in order to configure the pyshop.cookie_key, the host:port that host the service. When the pyshop is running visit the web application, http://localhost:8000/ by default, to check all is fine.

For production usage, you should create accounts with the “developer” group. Visit http://localhost:6543/pyshop/user with the admin account to create accounts. You also should use an https reverse proxy. Python packaging core use basic authentication: it send user/password in clear.

Configuring your environment to use that new pyshop

Here is all configuration files for usual python tools you have to edit for simplify the usage of pyshop.


Configuration used by pip. This is a user file, you can set a developper or the pip generic account.

# when mirroring a package,
# pyshop retrieve informations from PyPI and
# store them in its DB.
# Be patient, it is not so long.
default-timeout = 60
timeout = 60
index-url = http://pip:changeme@localhost:6543/simple/


A setup.cfg file is used by the “python develop” to install dependancies. You should use a generic account with have installer privilleges only, shared by every developper.

This file is a “per project file” at the root of the package.

index-url = http://pip:changeme@localhost:6543/simple/

This should work now:

python develop


Configuration used by setuptools to upload package. Every developper should have it’s own account to upload package.

index-servers =

username: admin # or create an account in pyshop admin interface
password: changeme
repository: http://localhost:6543/simple/

This should work now:

python sdist upload -v -r pyshop /pypi/pypiserver

Feature Missing

Developper can’t add other account to give them upload right to their project. This can be done in the database or in the pyshop shell by an administrator.

$ pyshop_shell pyshop.ini
In [1]: pkg = Package.by_name(session, u'pyshop')
In [2]: pkg.owners.append(User.by_login(session, u'admin'))
In [3]: session.commit()



  • Fix local package usage (broken since 0.7.1) [fizyk]


  • Remove all certificates and extra handling for PyPI validation as PyPI now uses a certificate that can be validated without these. [disko]


  • Remove unused certificates for pypi validation


  • Securize download from pypi by forcing https and validate certificate certificate chain is embed in the pyshop package
  • Fix package order on web page


  • Satanize version number on upload. This is configurable with settings pyshop.upload.satanize and pyshop.upload.satanize.regex
  • Settings pyshop.satanize and pyshop.satanize.regex have been renamed to pyshop.mirror.satanize and pyshop.mirror.satanize.regex


  • Fix first connection of the web application
  • Fix the usage of http proxy (forcing request version)


  • Add Link to display all release versions
  • Improve navigation
  • Fix ugly version number sorting


  • Fix release file upgrade (allow developper to override release file)
  • Rename user views to account
  • Add view to let the connected user to update his account


  • The setting pyshop.satanize.reg has been renamed to pyshop.satanize.regex
  • The setting cookie_key has been renamed to pyshop.cookie_key
  • Fix bug on package upload. don’t close the stream while writing it.
  • Add basic tests on packages view


Packaging Issue.


Initial version.

  • work with pip, setuptools
  • mirror packages
  • upload packages
  • secure access with login/password
  • create/update accounts
  • tests for python 2.7 only
  • compatible with python 2.6

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for pyshop, version 0.7.4
Filename, size File type Python version Upload date Hashes
Filename, size pyshop-0.7.4.tar.gz (137.5 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page