devpi-{server-2.1,web-2.2}: upload history, deploy status, groups

holger krekel holger at
Mon Sep 22 12:15:35 CEST 2014

devpi-{server-2.1,web-2.2}: upload history, deploy status, groups 

With devpi-server-2.1 and devpi-web-2.2 you'll get a host of fixes and
improvements as well as some major new features for the private pypi

- upload history: release/tests/doc files now carry metadata for 
  by whom, when and to which index something was uploaded

- deployment status: the new json /+status gives detailed information
  about a replica or master's internal state

- a new authentication hook supports arbitrary external authentication 
  systems which can also return "group" membership information.  An initial
  separately released "devpi-ldap" plugin implements verification accordingly.
  You can specify groups in ACLs with the ":GROUPNAME" syntax.  

- a new "--restrict-modify=ACL" option to start devpi-server such that
  only select accounts can create new or modify users or indexes

For many more changes and fixes, please see the CHANGELOG information below.

UPGRADE note: devpi-server-2.1 requires to ``--export`` your 2.0
server state and then using ``--import`` with the new version
before you can serve your private packages through devpi-server-2.1.

Please checkout the web plugin if you want to have a web interface::

Here is a Quickstart tutorial for efficient pypi-mirroring 
on your laptop::                         
And if you want to manage your releases or implement staging
as an individual or within an organisation::                                                    
If you want to host a devpi-server installation with nginx/supervisor
and access it from clients from different hosts::                             
More documentation here::                                                

many thanks to Florian Schulze who co-implemented many of the new features.
And special thanks go to the two companies who funded major parts 
of the above work.

have fun,

Holger Krekel, merlinux GmbH

devpi-server-2.1.0 (compared to 2.0.6)

- make replication more precise: if a file cannot be replicated,
  fail with an error log and try again in a few seconds.
  This helps to maintain a consistent replica and discover 
  the potential remaining bugs in the replication code.

- add who/when metadata to release files, doczips and test results
  and preserve it during push operations so that any such file provides
  some history which can be visualized via the web-plugin.  The metadata
  is also exposed via the json API (/USER/INDEX/PROJECTNAME[/VERSION])

- fix issue113: provide json status information at /+status including roles 
  and replica polling status, UUIDs of the repository. See new
  server status docs for more info.

- support for external authentication plugins: new devpiserver_auth_user 
  hook which plugins can implement for user/password validation and
  for providing group membership.

- support groups for acl_upload via the ":GROUPNAME" syntax. This
  requires an external authentication plugin that provides group

- on replicas return auth status for "+api" requests 
  by relaying to the master instead of using own key.

- add "--restrict-modify" option to specify users/groups which can create,
  delete and modify users and indices.

- make master/replica configuration more permanent and a bit safer
  against accidental errors: introduce "--role=auto" option, defaulting
  to determine the role from a previous invocation or the presence of the
  "--master-url" option if there was no previous invocation.  Also verify
  that a replica talks to the same master UUID as with previous requests.

- replaced hack from nginx template which abused "try_files" in "location /"
  with the recommended "error_page"/"return" combo.
  Thanks Jürgen Hermann

- change command line option "--master" to "--master-url"

- fix issue97: remove already deprecated --upgrade 
  option in favor of just using --export/--import

- actually store UTC in last_modified attribute of release files instead of
  the local time disguising as UTC.  preserve last_modified when pushing 
  a release.  

- fix exception when a static resource can't be found.

- address issue152: return a proper 400 "not registered" message instead
  of 500 when a doczip is uploaded without prior registration.

- add OSX/launchd example configuration when "--gen-config" is issued.
  thanks Sean Fisk.

- fix replica proxying: don't pass original host header when relaying a
  modifying request from replica to master.

- fix export error when a private project doesnt exist on pypi

- fix pushing of a release when it contains multiple tox results.

- fix "refresh" button on simple pages on replica sites

- fix an internal link code issue possibly affecting strangeness
  or exceptions with test result links

- be more tolerant when different indexes have different project names 
  all mapping to the same canonical project name.

- fix issue161: allow "{pkgversion}" to be part of a jenkins url

devpi-web-2.2.0 (compared to 2.1.6)

- require devpi-server >= 2.1.0

- static resources now have a plus in front to avoid clashes with usernames and
  be consistent with how other urls work: "+static/..." and "+theme-static/..."

- adjusted font-sizes and cut-off width of content.

- only show underline on links when hovering.

- make the "description hasn't been rendered" warning stand out.

- moved md5 sum from it's own column to the file column below the
  download link

- added "history" column showing last modified time and infos
  about uploads and pushes.

- fix issue153: friendly error messages on upstream errors.

- show permissions on index page

devpi-client-2.0.3 (compared to 2.0.2)

- use default "" when no repository is set in .pypirc

- fix issue152: when --upload-docs is given, make sure to first register
  and upload the release file before attempting to upload docs (the latter
  requires prior registration)

- fix issue75: add info about basic auth to "url" option help of "devpi use".

- fix issue154: fix handling of vcs-exporting when unicode filenames are
  present.  This is done by striking our own code in favor of Marius Gedminas' 
  vcs exporting functions from his check-manifest project which devpi-client
  now depends on.  This also adds in support for svn and bazaar in addition
  to the already supported git/hg.

- devpi list: if a tox result does not contain basic information (probably a bug in
  tox) show a red error instead of crashing out with a traceback.

- fix issue157: filtering of tox results started with the oldest ones and
  didn't show newer results if the host, platform and environment were the same.


More information about the Python-announce-list mailing list