[Distutils] devpi-{server-2.1, web-2.2}: upload history, deploy status, groups
holger krekel
holger at merlinux.eu
Mon Sep 22 12:15:35 CEST 2014
devpi-{server-2.1,web-2.2}: upload history, deploy status, groups
==================================================================
With devpi-server-2.1 and devpi-web-2.2 you'll get a host of fixes and
improvements as well as some major new features for the private pypi
system:
- upload history: release/tests/doc files now carry metadata for
by whom, when and to which index something was uploaded
- deployment status: the new json /+status gives detailed information
about a replica or master's internal state
- a new authentication hook supports arbitrary external authentication
systems which can also return "group" membership information. An initial
separately released "devpi-ldap" plugin implements verification accordingly.
You can specify groups in ACLs with the ":GROUPNAME" syntax.
- a new "--restrict-modify=ACL" option to start devpi-server such that
only select accounts can create new or modify users or indexes
For many more changes and fixes, please see the CHANGELOG information below.
UPGRADE note: devpi-server-2.1 requires to ``--export`` your 2.0
server state and then using ``--import`` with the new version
before you can serve your private packages through devpi-server-2.1.
Please checkout the web plugin if you want to have a web interface::
http://doc.devpi.net/2.1/web.html
Here is a Quickstart tutorial for efficient pypi-mirroring
on your laptop::
http://doc.devpi.net/2.1/quickstart-pypimirror.html
And if you want to manage your releases or implement staging
as an individual or within an organisation::
http://doc.devpi.net/2.1/quickstart-releaseprocess.html
If you want to host a devpi-server installation with nginx/supervisor
and access it from clients from different hosts::
http://doc.devpi.net/2.1/quickstart-server.html
More documentation here::
http://doc.devpi.net/2.1/
many thanks to Florian Schulze who co-implemented many of the new features.
And special thanks go to the two companies who funded major parts
of the above work.
have fun,
Holger Krekel, merlinux GmbH
devpi-server-2.1.0 (compared to 2.0.6)
----------------------------------------
- make replication more precise: if a file cannot be replicated,
fail with an error log and try again in a few seconds.
This helps to maintain a consistent replica and discover
the potential remaining bugs in the replication code.
- add who/when metadata to release files, doczips and test results
and preserve it during push operations so that any such file provides
some history which can be visualized via the web-plugin. The metadata
is also exposed via the json API (/USER/INDEX/PROJECTNAME[/VERSION])
- fix issue113: provide json status information at /+status including roles
and replica polling status, UUIDs of the repository. See new
server status docs for more info.
- support for external authentication plugins: new devpiserver_auth_user
hook which plugins can implement for user/password validation and
for providing group membership.
- support groups for acl_upload via the ":GROUPNAME" syntax. This
requires an external authentication plugin that provides group
information.
- on replicas return auth status for "+api" requests
by relaying to the master instead of using own key.
- add "--restrict-modify" option to specify users/groups which can create,
delete and modify users and indices.
- make master/replica configuration more permanent and a bit safer
against accidental errors: introduce "--role=auto" option, defaulting
to determine the role from a previous invocation or the presence of the
"--master-url" option if there was no previous invocation. Also verify
that a replica talks to the same master UUID as with previous requests.
- replaced hack from nginx template which abused "try_files" in "location /"
with the recommended "error_page"/"return" combo.
Thanks Jürgen Hermann
- change command line option "--master" to "--master-url"
- fix issue97: remove already deprecated --upgrade
option in favor of just using --export/--import
- actually store UTC in last_modified attribute of release files instead of
the local time disguising as UTC. preserve last_modified when pushing
a release.
- fix exception when a static resource can't be found.
- address issue152: return a proper 400 "not registered" message instead
of 500 when a doczip is uploaded without prior registration.
- add OSX/launchd example configuration when "--gen-config" is issued.
thanks Sean Fisk.
- fix replica proxying: don't pass original host header when relaying a
modifying request from replica to master.
- fix export error when a private project doesnt exist on pypi
- fix pushing of a release when it contains multiple tox results.
- fix "refresh" button on simple pages on replica sites
- fix an internal link code issue possibly affecting strangeness
or exceptions with test result links
- be more tolerant when different indexes have different project names
all mapping to the same canonical project name.
- fix issue161: allow "{pkgversion}" to be part of a jenkins url
devpi-web-2.2.0 (compared to 2.1.6)
----------------------------------------
- require devpi-server >= 2.1.0
- static resources now have a plus in front to avoid clashes with usernames and
be consistent with how other urls work: "+static/..." and "+theme-static/..."
- adjusted font-sizes and cut-off width of content.
- only show underline on links when hovering.
- make the "description hasn't been rendered" warning stand out.
- version.pt: moved md5 sum from it's own column to the file column below the
download link
- version.pt: added "history" column showing last modified time and infos
about uploads and pushes.
- fix issue153: friendly error messages on upstream errors.
- index.pt: show permissions on index page
devpi-client-2.0.3 (compared to 2.0.2)
----------------------------------------
- use default "https://www.python.org/pypi" when no repository is set in .pypirc
see https://docs.python.org/2/distutils/packageindex.html#the-pypirc-file
- fix issue152: when --upload-docs is given, make sure to first register
and upload the release file before attempting to upload docs (the latter
requires prior registration)
- fix issue75: add info about basic auth to "url" option help of "devpi use".
- fix issue154: fix handling of vcs-exporting when unicode filenames are
present. This is done by striking our own code in favor of Marius Gedminas'
vcs exporting functions from his check-manifest project which devpi-client
now depends on. This also adds in support for svn and bazaar in addition
to the already supported git/hg.
- devpi list: if a tox result does not contain basic information (probably a bug in
tox) show a red error instead of crashing out with a traceback.
- fix issue157: filtering of tox results started with the oldest ones and
didn't show newer results if the host, platform and environment were the same.
More information about the Distutils-SIG
mailing list