-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tres Seaver wrote:
> Anybody running against the Cheeseshop today is *more* on the bleeding > edge than a sysadmin whose production boxes are running 'sid': Debian > has cultural constraits, even for that distro, which are vastly more > restricted than the Wild West which is PyPI. > > The only solution I can see is to create filtered subsets / mirrors of PyPI. <snip> > > Exactly. Without some way to impose a "gatekeeper" role on the package > pool from which a given deployment draws, we can't have any > deterministic outcomes when installing packages. OK, here is a sample "gatekeeper" script, intended to be run from within a directory full of source distributions. E.g.: $ cd /path/to/dist.example.com $ ls abc-1.2.3.tar.gz abc-1.2.4.tar.gz ghijk-2.3.4.tar.gz $ python /tmp/makeindex.py *.gz Parsing: abc-1.2.3.tar.gz Parsing: abc-1.2.4.tar.gz Parsing: ghijk-2.3.4.tar.gz Project: abc --> 1.2.3 abc-1.2.3.tar.gz --> 1.2.4 abc-1.2.4.tar.gz Project: ghijk --> 2.3.4 ghijk-2.3.4.tar.gz Assuming that the directory is the root of an Apache virtual domain, 'dist.example.com', the script creates a 'simple' subdirectory, with an index listing the projects corresponding to the tarballs. Each project ('abc', 'ghijk') gets a subdirectory with an index pointing to its tarballs. At this point, from a fresh virtualenv, you can install those packages without risk of pulling anything from the Cheeseshop: $ bin/easy_install --index-url=http://dist.example.com/simple ghijk Total effort involved in maintaining the "gated community" then becomes keeping a set of tarballs available at some web-downloadable location, and re-running the script after adding / removing them to regenerate the index. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG/D9a+gerLs4ltQ4RAtZrAJwPrSe+vAaLTNF+XrrdyPY6bFXgTgCgzqOV ssgeiDB9/whhld4DyylsQxA= =f2tL -----END PGP SIGNATURE-----
makeindex.py
Description: application/httpd-cgi
_______________________________________________ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com