Hash: SHA1

Tres Seaver wrote:

> Anybody running against the Cheeseshop today is *more* on the bleeding
> edge than a sysadmin whose production boxes are running 'sid':  Debian
> has cultural constraits, even for that distro, which are vastly more
> restricted than the Wild West which is PyPI.
> The only solution I can see is to create filtered subsets / mirrors of PyPI.


> Exactly.  Without some way to impose a "gatekeeper" role on the package
> pool from which a given deployment draws, we can't have any
> deterministic outcomes when installing packages.

OK, here is a sample "gatekeeper" script, intended to be run from within
a directory full of source distributions.  E.g.:

  $ cd /path/to/dist.example.com
  $ ls
  abc-1.2.3.tar.gz  abc-1.2.4.tar.gz  ghijk-2.3.4.tar.gz
  $ python /tmp/makeindex.py *.gz
  Parsing: abc-1.2.3.tar.gz
  Parsing: abc-1.2.4.tar.gz
  Parsing: ghijk-2.3.4.tar.gz
  Project: abc
    --> 1.2.3  abc-1.2.3.tar.gz
    --> 1.2.4  abc-1.2.4.tar.gz
  Project: ghijk
    --> 2.3.4  ghijk-2.3.4.tar.gz

Assuming that the directory is the root of an Apache virtual domain,
'dist.example.com', the script creates a 'simple' subdirectory, with
an index listing the projects corresponding to the tarballs.  Each
project ('abc', 'ghijk') gets a subdirectory with an index pointing to
its tarballs.

At this point, from a fresh virtualenv, you can install those packages
without risk of pulling anything from the Cheeseshop:

  $ bin/easy_install --index-url=http://dist.example.com/simple ghijk

Total effort involved in maintaining the "gated community" then becomes
keeping a set of tarballs available at some web-downloadable location,
and re-running the script after adding / removing them to regenerate
the index.

- --
Tres Seaver          +1 540-429-0999          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Attachment: makeindex.py
Description: application/httpd-cgi

Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to