A cheeseshop clone (PyPI server) written in pyramid
Project description
pyshop
Getting Started
Pyshop is a private packaging repository for python.
The aim is to split private projects in distinct private package and keep a setup.py clean and working, by declaring all dependancies, exactly as public package from PyPI.
Pyshop also mirror packages from PyPI safety (using ssl by checking certificate).
Pyshop use clear and simple ACL to manage privilleges:
an installer group that can only download release file
a developer group that can download/upload release file and browse the website and
an admin group that have developer privilleges and accounts management.
So, every users, including “pip”, must be authenticated by login and password.
Installation
$ virtualenv pyshop $ cd pyshop (pyshop)$ source bin/activate (pyshop)$ pip install pyshop (pyshop)$ cp pyshop.sample.ini pyshop.ini (pyshop)$ vim pyshop.ini # change the pyshop.cookie_key setting (pyshop)$ pyshop_install pyshop.ini (pyshop)$ pserve pyshop.ini start --log-file=pyshop.log
You shoud edit the pyshop.ini file in order to configure the pyshop.cookie_key, the host:port that host the service. When the pyshop is running visit the web application, http://localhost:8000/ by default, to check all is fine.
For production usage, you should create accounts with the “developer” group. Visit http://localhost:6543/pyshop/user with the admin account to create accounts. You also should use an https reverse proxy. Python packaging core use basic authentication: it send user/password in clear.
Configuring your environment to use that new pyshop
Here is all configuration files for usual python tools you have to edit for simplify the usage of pyshop.
~/.pip/pip.conf
Configuration used by pip. This is a user file, you can set a developper or the pip generic account.
[global] # when mirroring a package, # pyshop retrieve informations from PyPI and # store them in its DB. # Be patient, it is not so long. default-timeout = 120 timeout = 120 [install] index-url = http://pip:changeme@localhost:6543/simple/
Note: If you are using a WSGI server that kill requests in a timeout, like uWSGI, set an appropriate timout for this service too.
setup.cfg
A setup.cfg file is used by the “python setup.py develop” to install dependancies. You should use a generic account with have installer privilleges only, shared by every developper.
This file is a “per project file” at the root of the package.
[easy_install] index-url = http://pip:changeme@localhost:6543/simple/
This should work now:
python setup.py develop
~/.pypirc
Configuration used by setuptools to upload package. Every developper should have it’s own account to upload package.
[distutils] index-servers = pyshop [pyshop] username: admin # or create an account in pyshop admin interface password: changeme repository: http://localhost:6543/simple/
This should works now:
python setup.py sdist upload -v -r pyshop /pypi/pypiserver
Feature Missing
Developper can’t add other accounts to give them upload right to their project. This can be done in the database or in the pyshop shell by an administrator.
$ pyshop_shell pyshop.ini In [1]: pkg = Package.by_name(session, u'pyshop') In [2]: pkg.owners.append(User.by_login(session, u'admin')) In [3]: session.commit()
Alternatives
pypiserver: https://pypi.python.org/pypi/pypiserver
localshop: http://pypi.python.org/pypi/localshop
djangopypi: http://pypi.python.org/pypi/djangopypi
chishop: http://pypi.python.org/pypi/chishop
Changelist
0.7.5
Fix package version comparison
Handle bdist_wheel format
To handle the wheel format, (some package like Twisted 13 use it), for previous install, you must run a migration script like this.
$ pyshop_migrate development.ini 0.7.5
The sqlite database file will be altered, YOU MAY backup it before run the script.
0.7.4
Fix local package usage (broken since 0.7.1) [fizyk]
0.7.3
Remove all certificates and extra handling for PyPI validation as PyPI now uses a certificate that can be validated without these. [disko]
0.7.2
Remove unused certificates for pypi validation
0.7.1
Securize download from pypi by forcing https and validate certificate pypi.python.org certificate chain is embed in the pyshop package
Fix package order on web page
0.7
Satanize version number on upload. This is configurable with settings pyshop.upload.satanize and pyshop.upload.satanize.regex
Settings pyshop.satanize and pyshop.satanize.regex have been renamed to pyshop.mirror.satanize and pyshop.mirror.satanize.regex
0.6
Fix first connection of the web application
Fix the usage of http proxy (forcing request version)
0.5
Add Link to display all release versions
Improve navigation
Fix ugly version number sorting
0.4
Fix release file upgrade (allow developper to override release file)
Rename user views to account
Add view to let the connected user to update his account
0.3
The setting pyshop.satanize.reg has been renamed to pyshop.satanize.regex
The setting cookie_key has been renamed to pyshop.cookie_key
Fix bug on package upload. don’t close the stream while writing it.
Add basic tests on packages view
0.2
Packaging Issue.
0.1
Initial version.
work with pip, setuptools
mirror packages
upload packages
secure access with login/password
create/update accounts
tests for python 2.7 only
compatible with python 2.6
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.