[Distutils] Good news everyone, PyPI is behind a CDN

Donald Stufft donald at stufft.io
Tue May 28 03:53:29 CEST 2013 

On May 27, 2013, at 9:33 PM, Donald Stufft <donald at stufft.io> wrote:

> 
> On May 27, 2013, at 6:02 PM, Ralf Schmitt <ralf at systemexit.de> wrote:
> 
>> Noah Kantrowitz <noah at coderanger.net> writes:
>> 
>>>> 
>>>> 
>>>> the xmlrpc api is broken when using http 1.0. the second call to curl
>>>> uses http/1.0 and returns an empty response:
>>>> 
>>>> $ cat >body.txt <<EOF
>>>> <?xml version='1.0'?>
>>>> <methodCall>
>>>> <methodName>package_releases</methodName>
>>>> <params>
>>>> <param>
>>>> <value><string>e</string></value>
>>>> </param>
>>>> </params>
>>>> </methodCall>
>>>> EOF
>>>> $ curl -X POST -d @body.txt http://pypi.python.org/pypi --header "Content-Type:text/xml"
>>>> <?xml version='1.0'?>
>>>> <methodResponse>
>>>> <params>
>>>> <param>
>>>> <value><array><data>
>>>> <value><string>1.4.5</string></value>
>>>> </data></array></value>
>>>> </param>
>>>> </params>
>>>> </methodResponse>
>>>> $ curl -0 -X POST -d @body.txt http://pypi.python.org/pypi --header "Content-Type:text/xml"
>>>> $ 
>>> 
>>> We have not supported HTTP 1.0 for quite some time. 
>> 
>> well, it has been working until at least last friday.
>> 
>>> Even before the CDN move, we used the Host header to route between
>>> different HAProxy server blocks on the load balancers. I'm unaware of
>>> any reason people would be using HTTP 1.0 clients at this point, HTTP
>>> 1.1 has been a standard for 14 years now.
>> 
>> the fact that you are unaware of any reason people would be using HTTP
>> 1.0 is not a good reason not to support it.
>> 
>> python 2.6 xmlrpclib uses HTTP/1.0!
> 
> Maybe I misunderstand, but xmlrpclib on Python2.6 and the new CDN work fine together.
> 
> $ python2.6                                                                                 (pypi)
> Python 2.6.7 (r267:88850, Oct 11 2012, 20:15:00)
> [GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on darwin
> Type "help", "copyright", "credits" or "license" for more information.
> >>> import xmlrpclib
> >>> s = xmlrpclib.ServerProxy("https://pypi.python.org/pypi")
> >>> s
> <ServerProxy for pypi.python.org/pypi>
> >>> s.user_packages("dstufft")
> [...]
> >>> # Just incase we aren't getting the CDN on pypi.python.org
> >>> s = xmlrpclib.ServerProxy("https://pypi.a.ssl.fastly.net/pypi")
> >>> s.user_packages("dstufft")
> [...]
> 
>> 
>> -- 
>> Cheers
>> Ralf
>> _______________________________________________
>> Distutils-SIG maillist  -  Distutils-SIG at python.org
>> http://mail.python.org/mailman/listinfo/distutils-sig
> 
> 
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
> 
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> http://mail.python.org/mailman/listinfo/distutils-sig

Figured it out.

Use HTTPS.

$ curl -0 -X POST -d @body.txt https://pypi.python.org/pypi --header "Content-Type:text/xml"
<?xml version='1.0'?>
<methodResponse>
<params>
<param>
<value><array><data>
<value><string>1.4.5</string></value>
</data></array></value>
</param>
</params>
</methodResponse>

-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130527/7e3a4e48/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130527/7e3a4e48/attachment-0001.pgp>

More information about the Distutils-SIG mailing list