Mercurial > hg > simpypi

view README.txt @ 77:4415ba355f25

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
flush out README
author Jeff Hammel <jhammel@mozilla.com>
date Fri, 02 Mar 2012 16:03:37 -0800
parents 5fbe4374bc8a
children d5c3fdceb718
line wrap: on
line source

simpypi
=======

Simple python package index

How simpypi works
-----------------

The heart of simpypi is ``simpypi.wsgi.SimPyPI``, a simple
`WSGI <http://www.python.org/dev/peps/pep-0333/>`_ web app that
accepts a uploaded
`python package <http://guide.python-distribute.org/introduction.html>`_
distribution and places it according to its name and version metadata
appropriate to the
`simple index protocol <http://guide.python-distribute.org/contributing.html#the-simple-index-protocol>`_ .

For security, ``SimPyPI`` returns straight
`HTTP 400 <http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html>`_ s
for invalid requests.  This could probably be improved.

``SimPyPI`` itself does not serve this directory.  The directory
should be served by a fileserver that will generate directory indices
(as apprpropriate to
http://guide.python-distribute.org/contributing.html#the-simple-index-protocol
) such as Apache or
`FileServer <http://pypi.python.org/pypi/FileServer>`_ .
``simpypi.factory.factory`` does provide a factory to make a WSGI app
that wraps ``FileServer`` in middleware and serves the simple index
under ``/index/`` and the ``SimPyPI`` app at ``/``.  Additionally, a
``simpypi`` command line program is provided that front-ends this.

Currently ``simpypi`` only works on source distributions (that is,
packages made with ``python setup.py sdist``).

Running the Tests
-----------------

``tests-require.txt`` contains dependencies that should be installed
to run the tests.
`Paste <http://pythonpaste.org/>`_
`TestApp <http://pythonpaste.org/testing-applications.html>`_ ,
though this could be transitioned to
`WebTest <http://webtest.pythonpaste.org/en/latest/index.html>`_ .
`virtualenv <http://www.virtualenv.org/>`_
is used for isolating python environments.

TODO
----

While simpypi is pretty simple, just because it is only 100 lines of
code doesn't mean that it is the *right* 100 lines of code.  The
following issues could be addressed:

 * the temporary package should be dealt with entirely in memory,
   ideally.  Currently we write to a file and move it.

 * ``simpypi`` use ``pkginfo.sdist`` to read the data from a source
   distribution. Instead, the uploaded package should probably be
   unpacked and ``python setup.py sdist`` run and the resulting
   package put in the appropriate place.  This will allow archives
   without ``PKG-INFO``
   (e.g. http://hg.mozilla.org/build/talos/archive/tip.tar.gz )
   to be uploaded as well as at least partially correct for the fact
   that currently ``simpypi`` only works for uploaded source
   distributions.

--

http://k0s.org/mozilla/hg/simpypi