[Distutils] HTTP authentication support

[Phillip J. Eby]

At 03:55 PM 12/28/2006 +0900, David Smith wrote:
>"Phillip J. Eby" <pje at telecommunity.com> writes:
>
> > At 03:12 PM 12/28/2006 +0900, David Smith wrote:
> >>The usecase is too obvious: using setuptools for
> >>distribution of modules that are not publically available, such
> >>as commercial or pre-release development.
> >
> > If they're not publically available, why use authenticated HTTP
> > at all?  Among the many alternatives that work with
> > easy_install today are:
> >
> > * rsync-mirrored directories
> > * NFS-mounted directories
> > * ssh-transport SVN servers (you even get prompted for your credentials!)
> > * proxied HTTP

Also, I forgot to mention password-protected FTP, which easy_install also 
supports (using ftp://user:pass@host URLs).


>I believe HTTP authenticated subversion is more common than all
>of the above.

I've never set up svn-over-http before, as I find it a PITA compared to 
plain svn or svn-over-ssh.  I guess tastes vary in this respect.


>  Additionally, the proxied HTTP support also lacks
>authentication support, which the patch rectifies.

It's relatively easy to add support for Basic auth with credentialed HTTP 
URLs, so that's what I've done.  I'd rather not make easy_install 
interactive at this time, nor add one-shot user/password command line 
options, nor make the behavior dependent on the server's response.  Using 
URLs with credentials also allows more than one set to be specified on the 
command line (or via dependency_links).

The patch is minor enough that I added it to 0.6; it only affects URLs that 
would have caused today's easy_install to crash with an httplib.InvalidURL 
error, anyway.

The easiest way to use it is to use a -f or dependency_links URL that 
points to a page with links to the actual downloads.  As long as they are 
the same scheme and host, they'll inherit the credentials from the original 
URL.