Re: [Distutils] [buildout] "private" releases
Hi Christian, On 25/03/2011 16:49, Christian Theune wrote:
the German speaking Zope Users Group (DZUG e.V.) organizes a series of 4 sprints this year to support feature development within the proximity of the ZTK and solve problems encountered by Zope, Plone and Python developers.
<snip>
Topics ======
* Discussing how to deal with "private" releases
FWIW, I've had no problems with this, here's a sample buildout.cfg: [buildout] extensions = lovely.buildouthttp find-links = https://example.com/password/protected/folder ...and just dump the .tgz sdists in that folder. Of course, if you don't need password protection such as when you have your "egg server" on a private network, you just need the find-links. I'm not really sure why people have written a complicated array of "egg servers" and the like when a simple http or file system served folder is just fine ;-) cheers, Chris -- Simplistix - Content Management, Batch Processing & Python Consulting - http://www.simplistix.co.uk
On Fri, Mar 25, 2011 at 3:24 PM, Chris Withers
Hi Christian,
On 25/03/2011 16:49, Christian Theune wrote:
the German speaking Zope Users Group (DZUG e.V.) organizes a series of 4 sprints this year to support feature development within the proximity of the ZTK and solve problems encountered by Zope, Plone and Python developers.
<snip>
Topics ======
* Discussing how to deal with "private" releases
FWIW, I've had no problems with this, here's a sample buildout.cfg:
... We do something similar with sftp (zc.buildoutsftp). To publish eggs, we just use scp. The advantage of this is that it leverages ssh infrastructure, so *no* additional password management is needed. This is wildly better, IMO, than keeping passwords in clear text in your buildout configuration or in a dot file. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton
On Wed, Mar 30, 2011 at 15:08, Jim Fulton
We do something similar with sftp (zc.buildoutsftp). To publish eggs, we just use scp. The advantage of this is that it leverages ssh infrastructure, so *no* additional password management is needed. This is wildly better, IMO, than keeping passwords in clear text in your buildout configuration or in a dot file.
That depends on your deployment scenarios. We generate separate passwords per customer, and give them a dedicated URL to load their private eggs from, then put the password in the buildout.cfg. To load the buildout.cfg in the first place, the exact same password is used. Managing SSH accounts and keys for those customers would cost us much more overhead, and would complicate our instructions for deployment to them. On the other hand, for deployments of a buildout from a SVN repository already served over SSH would make the sftp route the logical choice. -- Martijn Pieters
On Thu, Mar 31, 2011 at 5:38 AM, Martijn Pieters
On Wed, Mar 30, 2011 at 15:08, Jim Fulton
wrote: We do something similar with sftp (zc.buildoutsftp). To publish eggs, we just use scp. The advantage of this is that it leverages ssh infrastructure, so *no* additional password management is needed. This is wildly better, IMO, than keeping passwords in clear text in your buildout configuration or in a dot file.
That depends on your deployment scenarios. We generate separate passwords per customer, and give them a dedicated URL to load their private eggs from, then put the password in the buildout.cfg. To load the buildout.cfg in the first place, the exact same password is used.
Managing SSH accounts and keys for those customers would cost us much more overhead, and would complicate our instructions for deployment to them.
On the other hand, for deployments of a buildout from a SVN repository already served over SSH would make the sftp route the logical choice.
Some customers are too dumb to be secure. OK, makes sense. :) Seriously, I assume this is a read-only scenario, in which case having clear-text passwords laying around in prominent places seems less problematic. If they could write to the repo, then I would still have serious problems with this approach. Another approach would be to integrate with some secure key-management service (keychain) on the customer's machines, but I expect that would be as painful as helping them figure out ssh. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton
On 03/25/2011 03:24 PM, Chris Withers wrote:
Hi Christian,
On 25/03/2011 16:49, Christian Theune wrote:
the German speaking Zope Users Group (DZUG e.V.) organizes a series of 4 sprints this year to support feature development within the proximity of the ZTK and solve problems encountered by Zope, Plone and Python developers.
<snip>
Topics ======
* Discussing how to deal with "private" releases
FWIW, I've had no problems with this, here's a sample buildout.cfg:
[buildout] extensions = lovely.buildouthttp find-links = https://example.com/password/protected/folder
...and just dump the .tgz sdists in that folder.
Of course, if you don't need password protection such as when you have your "egg server" on a private network, you just need the find-links.
I'm not really sure why people have written a complicated array of "egg servers" and the like when a simple http or file system served folder is just fine ;-)
Could you elaborate on this? How does buildout/setuptools/distribut search for an sdist, lacking an index file? Does it look for .tgz only, or other extensions as well? This would save me a ton of heartburn if I could get it to work. Thanks. Eric.
On 05/04/2011 16:33, Eric Smith wrote:
Could you elaborate on this? How does buildout/setuptools/distribut search for an sdist, lacking an index file? Does it look for .tgz only, or other extensions as well? This would save me a ton of heartburn if I could get it to work.
Point find-links at either a folder on disk, or that sample folder served over http by Apache's normal folder serving (ie: index listings on). Just stick any type of dist into that folder. The rest "just works". If it doesn't, explain what you did and we'll see if we can spot what went wrong... cheers, Chris -- Simplistix - Content Management, Batch Processing & Python Consulting - http://www.simplistix.co.uk
On 4/6/2011 3:21 AM, Chris Withers wrote:
On 05/04/2011 16:33, Eric Smith wrote:
Could you elaborate on this? How does buildout/setuptools/distribut search for an sdist, lacking an index file? Does it look for .tgz only, or other extensions as well? This would save me a ton of heartburn if I could get it to work.
Point find-links at either a folder on disk, or that sample folder served over http by Apache's normal folder serving (ie: index listings on).
Just stick any type of dist into that folder.
The rest "just works".
If it doesn't, explain what you did and we'll see if we can spot what went wrong...
Finally following up on this. Yes, just using "Options +Indexes" works fine. Thanks. Eric.
participants (4)
-
Chris Withers
-
Eric Smith
-
Jim Fulton
-
Martijn Pieters