[Distutils] [buildout] private eggs and egg repositories

Jim Fulton jim at zope.com
Sat Nov 15 15:43:55 CET 2008

On Nov 15, 2008, at 9:32 AM, Chris Withers wrote:

> Jim Fulton wrote:
>>> Does find-links take preference over the repository? I thought  
>>> *all* find-links *and* the repository were checked and the best  
>>> match used?
>> find-links are searched before the index
> Are all find-links searched, regardless of whether they're in  
> ~/.buildout/default.cfg or a buildout.cfg?
> (ie: what happens if both have find-links in them?)

For any option, if an option is defined in default.cfg and  
buildout.cfg, then the one in buildout.cfg overrides the one in  
default.cfg.  There is no implicit merging.

>>>> We simply set up an sftp server and point buildout at it using  
>>>> the buildoutsftp buildout extension and sftp urls, as in:
>>>> extensions = zc.buildoutsftp
>>>> find-links = sftp://private.zope.com/private
>>>> This provides restricted access with authentication using ssh keys.
>>> Cool. Out of interest, what ftp server do you use for this
>> The one built in to open ssh.
> So I assume the clients just have to be able to have their public  
> key on the sftp server?

Yes.  sftp is simply a file-transfer protocol implemented on top of ssh.

> Do you use specific keys for sftp


> or do the clients just have shell access on the server?

They don't necessarily have shell access. ssh lets you restrict what  
people can do. One downside of sftp is that it lets the user access  
any file on the system they have permissions for, so, for example,  
they can read any world-readable file.


Jim Fulton
Zope Corporation

More information about the Distutils-SIG mailing list