Support for multiple PyPI publishing identities is rather convoluted
Hello, My usecase is: I work on different projects in parallel, with different roles. For example, I work on community project and publish packages on behalf of it, and I publish personal packages too. Obviously, I want to have 2 separate PyPI publishing accounts for those roles. Also, I don't want to cleanup after dumb mistakes, so want to explicitly specify an identity to use for each publishing operation, and get an error if I don't. It took me some trial and error to arrive at following .pypirc: ====== [distutils] index-servers = use--repository-switch! pfalcon micropython-lib [micropython-lib] reposytory: http://www.python.org/pypi username:... password:... [pfalcon] reposytory: http://www.python.org/pypi username:... password:... [use--repository-switch!] username:foo password:foo ====== However, using standard 3-fold idiom of "python setup.py sdist register upload" (suffixed with "-r pfalcon"), it didn't work, throwing random "Server response (401): basic auth failed". It took me even more trial and error to figure out that I needed to specify -r after each of register & upload: python setup.py sdist register -r pfalcon upload -r pfalcon So, the questions are: Why so complicated? Am I doing something wrong and there's easier way to achieve described setup? (https://docs.python.org/2/distutils/packageindex.html#the-pypirc-file describes a case of 2 different servers, and that's what I started with, but it took bunch of attempts to add 3rd "captive" account, and then make it all work without throwing random errors like "AssertionError: unsupported schema"). Thanks, Paul mailto:pmiscml@gmail.com
On Jun 1, 2014, at 8:02 AM, Paul Sokolovsky
Hello,
My usecase is: I work on different projects in parallel, with different roles. For example, I work on community project and publish packages on behalf of it, and I publish personal packages too. Obviously, I want to have 2 separate PyPI publishing accounts for those roles. Also, I don't want to cleanup after dumb mistakes, so want to explicitly specify an identity to use for each publishing operation, and get an error if I don't.
PyPI has an ACL system to make this unnecessary. You can use a single account, and for the community project just grant multiple people access. --Noah
Hello,
On Sun, 1 Jun 2014 12:10:01 -0700
Noah Kantrowitz
On Jun 1, 2014, at 8:02 AM, Paul Sokolovsky
wrote: Hello,
My usecase is: I work on different projects in parallel, with different roles. For example, I work on community project and publish packages on behalf of it, and I publish personal packages too. Obviously, I want to have 2 separate PyPI publishing accounts for those roles. Also, I don't want to cleanup after dumb mistakes, so want to explicitly specify an identity to use for each publishing operation, and get an error if I don't.
PyPI has an ACL system to make this unnecessary. You can use a single account, and for the community project just grant multiple people access.
Unnecessary what exactly? On my packages' PyPI pages, I want to have "Package Index Owner: pfalcon", and on other packages' pages, I don't want to have "pfalcon" (and want to have another specific username). Having it otherwise would be misrepresentation of package origin. If "single account" can do that (that would be a surprise), I'd appreciate a link to materials I can read up on the matter. -- Best regards, Paul mailto:pmiscml@gmail.com
On Jun 1, 2014, at 12:30 PM, Paul Sokolovsky
Hello,
On Sun, 1 Jun 2014 12:10:01 -0700 Noah Kantrowitz
wrote: On Jun 1, 2014, at 8:02 AM, Paul Sokolovsky
wrote: Hello,
My usecase is: I work on different projects in parallel, with different roles. For example, I work on community project and publish packages on behalf of it, and I publish personal packages too. Obviously, I want to have 2 separate PyPI publishing accounts for those roles. Also, I don't want to cleanup after dumb mistakes, so want to explicitly specify an identity to use for each publishing operation, and get an error if I don't.
PyPI has an ACL system to make this unnecessary. You can use a single account, and for the community project just grant multiple people access.
Unnecessary what exactly? On my packages' PyPI pages, I want to have "Package Index Owner: pfalcon", and on other packages' pages, I don't want to have "pfalcon" (and want to have another specific username). Having it otherwise would be misrepresentation of package origin.
If "single account" can do that (that would be a surprise), I'd appreciate a link to materials I can read up on the matter.
If you didn't want to show up as the owner you would need to use the other account once to register it, but after that just grant your normal user access and use that for day-to-day releases. --Noah
participants (2)
-
Noah Kantrowitz
-
Paul Sokolovsky