Hello Devpi deverlopers, We're looking for a solution for internal PyPi server. We like developers/data Scientists to use the packages only from the internal repo, which is approved by legal and scanned for security purposes. Can we let admins to download from external PyPi, and other users only download from internal repo only? If the package is not in the local repo, the developers need to discuss with Admin first. From reading the doc it seems Devpi can be a through cache. Is this something Devpi can do? Thank you very much! Best, Jessie
Devpi makes it possible but with maintenance for admins. One way of doing this is: You can create a new index and set it as the base instead of root/pypi. There is a "devpi push" command that can help you move packages from root/pypi to a this private/base index. Other option is to manually upload the whitelisted packages from disk to this. Hope it helps. Disclosure: am not a devpi-developer but a devpi-user. On Wed, Jul 17, 2019 at 1:43 PM Jessie Lin <jessie.jianwei.lin@gmail.com> wrote:
-- Regards Venkatesh Email venkatesh.thirumale@gmail.com Mobile: 857 272 2125
Hi Jessie, we have build devpi-builder for pretty much that purpose https://github.com/blue-yonder/devpi-builder In our current internal process, we have one massive requirements.txt which we call the OSS Whitelist that contains all packages that people may use internally. Packages are approved for usage in production by pull request. Once the PR is merged, Jenkins builds and uploads the package for internal use. Along the way, this also solves the issue of having properly recompiled packages for your internal needs (e.g. targeting the correct Linux distribution). Best regards, Stephan From: Jessie Lin <jessie.jianwei.lin@gmail.com> Date: Wednesday, 17. July 2019 at 19:43 To: "devpi-dev@python.org" <devpi-dev@python.org> Subject: [devpi-dev] Internal PyPi repo use case Hello Devpi deverlopers, We're looking for a solution for internal PyPi server. We like developers/data Scientists to use the packages only from the internal repo, which is approved by legal and scanned for security purposes. Can we let admins to download from external PyPi, and other users only download from internal repo only? If the package is not in the local repo, the developers need to discuss with Admin first. From reading the doc it seems Devpi can be a through cache. Is this something Devpi can do? Thank you very much! Best, Jessie
Devpi makes it possible but with maintenance for admins. One way of doing this is: You can create a new index and set it as the base instead of root/pypi. There is a "devpi push" command that can help you move packages from root/pypi to a this private/base index. Other option is to manually upload the whitelisted packages from disk to this. Hope it helps. Disclosure: am not a devpi-developer but a devpi-user. On Wed, Jul 17, 2019 at 1:43 PM Jessie Lin <jessie.jianwei.lin@gmail.com> wrote:
-- Regards Venkatesh Email venkatesh.thirumale@gmail.com Mobile: 857 272 2125
Hi Jessie, we have build devpi-builder for pretty much that purpose https://github.com/blue-yonder/devpi-builder In our current internal process, we have one massive requirements.txt which we call the OSS Whitelist that contains all packages that people may use internally. Packages are approved for usage in production by pull request. Once the PR is merged, Jenkins builds and uploads the package for internal use. Along the way, this also solves the issue of having properly recompiled packages for your internal needs (e.g. targeting the correct Linux distribution). Best regards, Stephan From: Jessie Lin <jessie.jianwei.lin@gmail.com> Date: Wednesday, 17. July 2019 at 19:43 To: "devpi-dev@python.org" <devpi-dev@python.org> Subject: [devpi-dev] Internal PyPi repo use case Hello Devpi deverlopers, We're looking for a solution for internal PyPi server. We like developers/data Scientists to use the packages only from the internal repo, which is approved by legal and scanned for security purposes. Can we let admins to download from external PyPi, and other users only download from internal repo only? If the package is not in the local repo, the developers need to discuss with Admin first. From reading the doc it seems Devpi can be a through cache. Is this something Devpi can do? Thank you very much! Best, Jessie
participants (3)
-
Jessie Lin -
Stephan Erb -
Venkatesh