[Distutils] [buildout] private eggs and egg repositories
Jim Fulton
jim at zope.com
Sat Nov 15 15:43:55 CET 2008
On Nov 15, 2008, at 9:32 AM, Chris Withers wrote:
> Jim Fulton wrote:
>>> Does find-links take preference over the repository? I thought
>>> *all* find-links *and* the repository were checked and the best
>>> match used?
>> find-links are searched before the index
>
> Are all find-links searched, regardless of whether they're in
> ~/.buildout/default.cfg or a buildout.cfg?
> (ie: what happens if both have find-links in them?)
For any option, if an option is defined in default.cfg and
buildout.cfg, then the one in buildout.cfg overrides the one in
default.cfg. There is no implicit merging.
>>>> We simply set up an sftp server and point buildout at it using
>>>> the buildoutsftp buildout extension and sftp urls, as in:
>>>> extensions = zc.buildoutsftp
>>>> find-links = sftp://private.zope.com/private
>>>> This provides restricted access with authentication using ssh keys.
>>>
>>> Cool. Out of interest, what ftp server do you use for this
>> The one built in to open ssh.
>
> So I assume the clients just have to be able to have their public
> key on the sftp server?
Yes. sftp is simply a file-transfer protocol implemented on top of ssh.
> Do you use specific keys for sftp
No
> or do the clients just have shell access on the server?
They don't necessarily have shell access. ssh lets you restrict what
people can do. One downside of sftp is that it lets the user access
any file on the system they have permissions for, so, for example,
they can read any world-readable file.
Jim
--
Jim Fulton
Zope Corporation
More information about the Distutils-SIG
mailing list