devpi-constrained


Namedevpi-constrained JSON
Version 2.0.1 PyPI version JSON
download
home_pagehttps://github.com/fschulze/devpi-constrained
Summary"devpi-constrained: an index for devpi-server that provides a constrained list of packages from it's bases"
upload_time2023-03-18 11:16:48
maintainer
docs_urlNone
authorFlorian Schulze
requires_python>=3.7
licenseMIT
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            devpi-constrained: releases filter for devpi-server
===================================================

This plugin adds a *constrained* index to `devpi-server`_.
The *constrained* index is read-only and filters releases from its bases similar to `Constraints Files`_ in `pip`_.

.. _devpi-server: http://pypi.python.org/pypi/devpi-server
.. _Constraints Files: https://pip.pypa.io/en/stable/user_guide/#constraints-files
.. _pip: https://pip.pypa.io/


Installation
------------

``devpi-constrained`` needs to be installed alongside ``devpi-server`` to enable *constrained* indexes.

You can install it with::

    pip install devpi-constrained

There is no configuration needed as ``devpi-server`` will automatically discover the plugin through calling hooks using the setuptools entry points mechanism.


Motivation
----------

It is often useful to filter Python packages available for installation.
For example:

- Filter package versions with known security issues
- Provide a "Known Good Set" of packages which have been tested
- Prevent installation of packages with incompatible licenses
- Only allowing vetted packages
- Block package versions with breaking changes

With ``devpi-constrained`` it is possible to provide a package index which enables all of the above and more.


Usage
-----

Create a *constrained* index with ``root/pypi`` as base:

.. code-block::

    $ devpi index -c prod/devpi type=constrained bases=root/pypi
    https://example.com/prod/devpi:
      type=constrained
      bases=root/pypi
      volatile=True
      acl_upload=root
      acl_toxresult_upload=:ANONYMOUS:
      constraints=
      mirror_whitelist=

    $ devpi use prod/devpi

With no constraints set, all releases are available from ``root/pypi``.

Lets add a constraint for ``pip``:

.. code-block::

    $ devpi index constraints+="pip==6.0"
    /prod/devpi constraints+=pip==6.0
    https://example.com/prod/devpi?no_projects=:
      type=constrained
      bases=root/pypi
      volatile=True
      acl_upload=root
      acl_toxresult_upload=:ANONYMOUS:
      constraints=pip==6.0
      mirror_whitelist=

Now only ``pip 6.0`` will be listed when looking for releases of ``pip``:

.. code-block::

    $ devpi list --all pip
    http://localhost:3141/root/pypi/+f/610/3897f1bb68d3f/pip-6.0.tar.gz
    http://localhost:3141/root/pypi/+f/5ec/6732505bd8be4/pip-6.0-py2.py3-none-any.whl

All other packages are still unconstrained.

To block everything else we add the ``*`` constraint:

.. code-block::

    $ devpi index constraints+="*"
    /prod/devpi constraints+=*
    https://example.com/prod/devpi?no_projects=:
      type=constrained
      bases=root/pypi
      volatile=True
      acl_upload=root
      acl_toxresult_upload=:ANONYMOUS:
      constraints=pip==6.0,*
      mirror_whitelist=

This is the difference to ``pip`` constraints, where this isn't possible.

.. code-block::

    $ devpi list --all devpi-server
    GET https://example.com/prod/devpi/devpi-server/
    404 Not Found: no project 'devpi-server'

The ``constraints`` option can be set in bulk from a file.
Create a file ``constraints.txt`` with each constraint in one line::

    pip<8,>4
    # a comment
    devpi-server>=4

Set the ``constraints`` option on your index from the file::

    $ devpi index constraints="$(cat constraints.txt)"

Changelog
=========

2.0.1 - 2023-03-18
------------------

- Fix filtering of simple links page.
  [EvaSDK (Gilles Dartiguelongue)]


2.0.0 - 2023-02-21
------------------

- Remove support for Python <= 3.6.

- Add testing for Python 3.8, 3.9, 3.10, 3.11 and PyPy-3.7.

- Require devpi-server >= 6.2.0.


1.0.0 - 2019-08-05
------------------

- Initial release.
  [fschulze (Florian Schulze)]



            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/fschulze/devpi-constrained",
    "name": "devpi-constrained",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.7",
    "maintainer_email": "",
    "keywords": "",
    "author": "Florian Schulze",
    "author_email": "mail@florian-schulze.net",
    "download_url": "https://files.pythonhosted.org/packages/bd/2a/0828959cf510866e2a21a5d41c5ee0e1eea1cac592c8291ea3ca4d80a631/devpi-constrained-2.0.1.tar.gz",
    "platform": null,
    "description": "devpi-constrained: releases filter for devpi-server\n===================================================\n\nThis plugin adds a *constrained* index to `devpi-server`_.\nThe *constrained* index is read-only and filters releases from its bases similar to `Constraints Files`_ in `pip`_.\n\n.. _devpi-server: http://pypi.python.org/pypi/devpi-server\n.. _Constraints Files: https://pip.pypa.io/en/stable/user_guide/#constraints-files\n.. _pip: https://pip.pypa.io/\n\n\nInstallation\n------------\n\n``devpi-constrained`` needs to be installed alongside ``devpi-server`` to enable *constrained* indexes.\n\nYou can install it with::\n\n    pip install devpi-constrained\n\nThere is no configuration needed as ``devpi-server`` will automatically discover the plugin through calling hooks using the setuptools entry points mechanism.\n\n\nMotivation\n----------\n\nIt is often useful to filter Python packages available for installation.\nFor example:\n\n- Filter package versions with known security issues\n- Provide a \"Known Good Set\" of packages which have been tested\n- Prevent installation of packages with incompatible licenses\n- Only allowing vetted packages\n- Block package versions with breaking changes\n\nWith ``devpi-constrained`` it is possible to provide a package index which enables all of the above and more.\n\n\nUsage\n-----\n\nCreate a *constrained* index with ``root/pypi`` as base:\n\n.. code-block::\n\n    $ devpi index -c prod/devpi type=constrained bases=root/pypi\n    https://example.com/prod/devpi:\n      type=constrained\n      bases=root/pypi\n      volatile=True\n      acl_upload=root\n      acl_toxresult_upload=:ANONYMOUS:\n      constraints=\n      mirror_whitelist=\n\n    $ devpi use prod/devpi\n\nWith no constraints set, all releases are available from ``root/pypi``.\n\nLets add a constraint for ``pip``:\n\n.. code-block::\n\n    $ devpi index constraints+=\"pip==6.0\"\n    /prod/devpi constraints+=pip==6.0\n    https://example.com/prod/devpi?no_projects=:\n      type=constrained\n      bases=root/pypi\n      volatile=True\n      acl_upload=root\n      acl_toxresult_upload=:ANONYMOUS:\n      constraints=pip==6.0\n      mirror_whitelist=\n\nNow only ``pip 6.0`` will be listed when looking for releases of ``pip``:\n\n.. code-block::\n\n    $ devpi list --all pip\n    http://localhost:3141/root/pypi/+f/610/3897f1bb68d3f/pip-6.0.tar.gz\n    http://localhost:3141/root/pypi/+f/5ec/6732505bd8be4/pip-6.0-py2.py3-none-any.whl\n\nAll other packages are still unconstrained.\n\nTo block everything else we add the ``*`` constraint:\n\n.. code-block::\n\n    $ devpi index constraints+=\"*\"\n    /prod/devpi constraints+=*\n    https://example.com/prod/devpi?no_projects=:\n      type=constrained\n      bases=root/pypi\n      volatile=True\n      acl_upload=root\n      acl_toxresult_upload=:ANONYMOUS:\n      constraints=pip==6.0,*\n      mirror_whitelist=\n\nThis is the difference to ``pip`` constraints, where this isn't possible.\n\n.. code-block::\n\n    $ devpi list --all devpi-server\n    GET https://example.com/prod/devpi/devpi-server/\n    404 Not Found: no project 'devpi-server'\n\nThe ``constraints`` option can be set in bulk from a file.\nCreate a file ``constraints.txt`` with each constraint in one line::\n\n    pip<8,>4\n    # a comment\n    devpi-server>=4\n\nSet the ``constraints`` option on your index from the file::\n\n    $ devpi index constraints=\"$(cat constraints.txt)\"\n\nChangelog\n=========\n\n2.0.1 - 2023-03-18\n------------------\n\n- Fix filtering of simple links page.\n  [EvaSDK (Gilles Dartiguelongue)]\n\n\n2.0.0 - 2023-02-21\n------------------\n\n- Remove support for Python <= 3.6.\n\n- Add testing for Python 3.8, 3.9, 3.10, 3.11 and PyPy-3.7.\n\n- Require devpi-server >= 6.2.0.\n\n\n1.0.0 - 2019-08-05\n------------------\n\n- Initial release.\n  [fschulze (Florian Schulze)]\n\n\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "\"devpi-constrained: an index for devpi-server that provides a constrained list of packages from it's bases\"",
    "version": "2.0.1",
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "0428d4307eedaf7864e3ebb24758a58d830ae6095fa968dbb8560901ce1503ee",
                "md5": "477ae321be320452afad0f77e7f25f1b",
                "sha256": "a9d0cb4105f802d9f7634cfffc544e74b41aa69e0aa5c1bed106a5831c25f755"
            },
            "downloads": -1,
            "filename": "devpi_constrained-2.0.1-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "477ae321be320452afad0f77e7f25f1b",
            "packagetype": "bdist_wheel",
            "python_version": "3",
            "requires_python": ">=3.7",
            "size": 5620,
            "upload_time": "2023-03-18T11:16:47",
            "upload_time_iso_8601": "2023-03-18T11:16:47.623455Z",
            "url": "https://files.pythonhosted.org/packages/04/28/d4307eedaf7864e3ebb24758a58d830ae6095fa968dbb8560901ce1503ee/devpi_constrained-2.0.1-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "bd2a0828959cf510866e2a21a5d41c5ee0e1eea1cac592c8291ea3ca4d80a631",
                "md5": "74fd6ca74f45d137bc02fb348383eb94",
                "sha256": "58c07c1615b1576e5cea66dca8e2c6eb9e28c59021ba74492f5abf642b286f1e"
            },
            "downloads": -1,
            "filename": "devpi-constrained-2.0.1.tar.gz",
            "has_sig": false,
            "md5_digest": "74fd6ca74f45d137bc02fb348383eb94",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.7",
            "size": 9075,
            "upload_time": "2023-03-18T11:16:48",
            "upload_time_iso_8601": "2023-03-18T11:16:48.843160Z",
            "url": "https://files.pythonhosted.org/packages/bd/2a/0828959cf510866e2a21a5d41c5ee0e1eea1cac592c8291ea3ca4d80a631/devpi-constrained-2.0.1.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-03-18 11:16:48",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "github_user": "fschulze",
    "github_project": "devpi-constrained",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "tox": true,
    "lcname": "devpi-constrained"
}
        
Elapsed time: 0.09432s