[Distutils] HTTP authentication support
Phillip J. Eby
pje at telecommunity.com
Sat Dec 30 17:16:04 CET 2006
At 03:55 PM 12/28/2006 +0900, David Smith wrote:
>"Phillip J. Eby" <pje at telecommunity.com> writes:
> > At 03:12 PM 12/28/2006 +0900, David Smith wrote:
> >>The usecase is too obvious: using setuptools for
> >>distribution of modules that are not publically available, such
> >>as commercial or pre-release development.
> > If they're not publically available, why use authenticated HTTP
> > at all? Among the many alternatives that work with
> > easy_install today are:
> > * rsync-mirrored directories
> > * NFS-mounted directories
> > * ssh-transport SVN servers (you even get prompted for your credentials!)
> > * proxied HTTP
Also, I forgot to mention password-protected FTP, which easy_install also
supports (using ftp://user:pass@host URLs).
>I believe HTTP authenticated subversion is more common than all
>of the above.
I've never set up svn-over-http before, as I find it a PITA compared to
plain svn or svn-over-ssh. I guess tastes vary in this respect.
> Additionally, the proxied HTTP support also lacks
>authentication support, which the patch rectifies.
It's relatively easy to add support for Basic auth with credentialed HTTP
URLs, so that's what I've done. I'd rather not make easy_install
interactive at this time, nor add one-shot user/password command line
options, nor make the behavior dependent on the server's response. Using
URLs with credentials also allows more than one set to be specified on the
command line (or via dependency_links).
The patch is minor enough that I added it to 0.6; it only affects URLs that
would have caused today's easy_install to crash with an httplib.InvalidURL
The easiest way to use it is to use a -f or dependency_links URL that
points to a page with links to the actual downloads. As long as they are
the same scheme and host, they'll inherit the credentials from the original
More information about the Distutils-SIG