So we've been running devpi internall for a few weeks, 1.1 and now 1.2. One thing we've seen occasionally is pip running into this SSLError below. Apache Bench doesn't show any oddities when we try to hit devpi directly. Our SSL settings are the same we use with all our internal sites. It's fronted by nginx:
ssl on;
ssl_certificate ***;
ssl_certificate_key ***;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security max-age=86400;
Exception:
Traceback (most recent call last):
File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/pip/basecommand.py", line 134, in main
status = self.run(options, args)
File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/pip/commands/install.py", line 236, in run
requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/pip/req.py", line 1092, in prepare_files
self.unpack_url(url, location, self.is_download)
File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/pip/req.py", line 1238, in unpack_url
retval = unpack_http_url(link, location, self.download_cache, self.download_dir)
File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/pip/download.py", line 602, in unpack_http_url
resp = _get_response_from_url(target_url, link)
File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/pip/download.py", line 638, in _get_response_from_url
resp = urlopen(target_url)
File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/pip/download.py", line 176, in __call__
response = self.get_opener(scheme=scheme).open(url)
File "/usr/lib/python2.7/urllib2.py", line 400, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 418, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 378, in _call_chain
result = func(*args)
File "/home/travis/virtualenv/python2.7/local/lib/python2.7/site-packages/pip/download.py", line 155, in https_open
return self.do_open(self.specialized_conn_class, req)
File "/usr/lib/python2.7/urllib2.py", line 1180, in do_open
r = h.getresponse(buffering=True)
File "/usr/lib/python2.7/httplib.py", line 1030, in getresponse
response.begin()
File "/usr/lib/python2.7/httplib.py", line 407, in begin
version, status, reason = self._read_status()
File "/usr/lib/python2.7/httplib.py", line 365, in _read_status
line = self.fp.readline()
File "/usr/lib/python2.7/socket.py", line 447, in readline
data = self._sock.recv(self._rbufsize)
File "/usr/lib/python2.7/ssl.py", line 241, in recv
return self.read(buflen)
File "/usr/lib/python2.7/ssl.py", line 160, in read
return self._sslobj.read(len)
SSLError: The read operation timed ou
t
The devpi-{server,client}-1.2 releases bring a lot of refinements
and improvements for serving and interacting with your own pypi indexes:
- devpi-server serves release files from URLs containing a MD5 hash
allowing safe serving of those files through nginx
- devpi-server's USER/INDEX urls can now be used directly with
pip/easy_install without the previously required (and still valid)
``+simple/`` suffix.
- ``devpi use --set-cfg`` reads and writes pip/easy_install
configuration files, making those installers pick up the in-use
index seemlessly. You can even do ``devpi use --always-set-cfg`` to
always set those config files when issuing a "devpi use" afterwards.
- ``devpi upload`` got many improvements:
- versioned files (git and hg) will be exported to a clean directory prior to the build step
- distutils/setup.py is now only used for building a package
- documentation upload is tied to a version now
- you can directly upload distribution files, including wheel files
- both devpi-server and devpi-client are python3.3 compatible now and
depend on a new devpi-common package which consolidates various
pypi-interaction aspects to avoid code duplication. Also,
global http proxy settings are honoured.
If you have an existing devpi-server-1.1 installation serving
your own packages you can install devpi-server>=1.2 and
migrate the data with::
devpi-server --upgrade-state [--serverdir your_server_dir]
This upgrades your server state in-place. Please make sure you
backup your serverdir ahead of doing the upgrade (default location
is ~/.devpi/server).
WARNING: ``devpi-server --gendeploy`` is deprecated and will be removed
probably in favor of just generating example config files for
nginx/supervisor/cron. Also ``devpi install`` is deprecated now
in favor of using pip/easy_install directly (see also the --set-cfg
and --always-set-cfg options).
For more information please refer to the extensive documentation at:
http://doc.devpi.net/
or check the CHANGELOG below.
have fun,
holger krekel
1.2
----------------------------
devpi-server:
- serve links to files on simple pages and index root as relative
paths so that it works more nicely with proxy-pass server setups.
fixes issue56.
- make devpi-server and devpi-common python3.3 compatible, addresses
issue57
- use system http/s proxy settings from devpi-server. fixes issue58.
- refactor locations to allow nginx serving static files more directly.
Also updated nginx template accordingly.
- rework "--upgrade-state" to detect the state version of the server dir
and create an appropriate virtualenv with a devpi-server install in order
to export data, and then import that version.
- allow to use /user/index as indexserver url for pip/easy_install by
redirecting non-json queries to /user/index/PROJ[/] to
/user/index/+simple/PROJ/
- fix submission of multi-value fields like "classifiers" or "platform"
(previously they would be wrongly collapsed to become the last value of a list)
- fix normalization import/export issue: pypi names take precendence
for defining the "real" name of a project.
- always store uploaded documentation with a version. While
"devpi upload" will make sure to pass in the version, "setup.py upload_docs"
will not pass in a version. In the latter case, devpi-server assumes
the documentation belongs to the highest yet registered release.
This change requires exporting with devpi-1.1 and importing with devpi-1.2
in order to properly store versioned docs internally.
- use types/url/metadata/validation functionality of new depdency devpi_common
- internal cleanup using pytest-flakes
- make devpi-server use a proper UserAgent string
devpi-client:
- "devpi list" and "devpi remove" now accept a pip/setuptools style
requirement like "pkg>=1.0" instead of the former for limited "pkg-1.0".
- make devpi-client fully work with python3.3 and fix test bugs
- use system http/s proxy settings. fixes issue58.
- add "devpi test -c tox.ini package" to use a particular (external)
tox.ini for running tox with the unpackaged package.
also add "--fallback-ini tox.ini" option which will only
be used if the download package has no tox.ini.
- new "devpi use --set-cfg" option to set pip/easy_install configuration
files when changing indexes. Also new "devpi use --always-set-cfg=yes"
option if you want to imply "--set-cfg" on future "devpi use" invocations
and "devpi use --always-st-cfg=no" to disable this implication.
- support git and hg for exporting all versioned files of a directory
before performing the build step when uploading
- improve how upload works: setup.py is only used for building docs
and release files but not for the remote upload part. This gets rid of a
number of hacks that were done trying to get the Python shipped "distutils"
to pick the proper devpi index and allows proper SSL verification on Python2.6
onwards.
- upload: show response when uploading documentation failed
- upload: allow to specify archive files as positional arguments (both files and
directories can be specified but the latter additionally require
a --upload-dirs option)
- fix issue54: upload now works on wheel files as well.
As pkginfo does not support wheels directly, we use the ``twine``
project which extends pkginfo for now.
- only show highest version in "devpi list PROJECT" output, unless
"--all" is specified.
- on upload release files: skip rather than guess packages which contain no metadata
- strike BeautifulSoup dependency and re-use vendored pip-link parser
- use types/url/metadata/validation functionality of new depdency devpi_common
- internal cleanup wrt pytest-flakes discoveries
- remove "archive" dependency in favour of a small implementation in
devpi_common
- make devpi-client use a proper UserAgent string