[Distutils] bdist_nsis, bdist_deb, bdist_msi, bdist_inno, bdist_pkgtool, bdist_sdux, bdist_mpkg, etc.
Phillip J. Eby
pje at telecommunity.com
Tue Dec 20 16:41:30 CET 2005
- Previous message: [Distutils] bdist_nsis, bdist_deb, bdist_msi, bdist_inno, bdist_pkgtool, bdist_sdux, bdist_mpkg, etc.
- Next message: [Distutils] bdist_nsis, bdist_deb, bdist_msi, bdist_inno, bdist_pkgtool, bdist_sdux, bdist_mpkg, etc.
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
At 03:40 PM 12/20/2005 +0100, M.-A. Lemburg wrote:
>AFAIK, easy_install doesn't
>provide any kind of authenticity control - probably due to
>the fact that PyPI doesn't have this feature. At least the
>MD5 sum should be checked, but for this, the PyPI registry
>would have to provide this information in some way.
EasyInstall verifies the MD5 sums for files downloaded from PyPI, and the
--allow-hosts option allows you to restrict what hosts will be
contacted. It also allows you to create your own package lists with MD5
sums (using "#md5=...." on the end of download URLs). You can then
restrict to hosts in your intranet, or only download from python.org,
etc. You can also just block downloading altogether (--allow-hosts=none)
and just see what URLs it spits out as rejected, then go manually download
things into a directory, and use --find-links=downloadsdir or just pass the
filenames on the command line. And since easy_install is a distutils
command, you can configure all of those options in the standard distutils
config files.
--allow-hosts is in the EasyInstall manual, but the MD5 bit isn't currently
documented. The manual should probably have a section on setting up your
own package index(es) and access control in general, as right now you have
to just dig through the options reference to find out about all of this
stuff. In 0.7 there will be a "nest" command that will offer the same
functionality through a different interface, as right now the EasyInstall
options are a combinatorial explosion of different things you can do. Nest
will offer separate commands for separate functions. For example, to fetch
a package's source into a subdirectory of the current directory, you would
now do:
easy_install -eb. somepackage
but in 0.7 there will be a "nest source" command:
nest source somepackage
In other words, different use cases for the tools will have their own
commands and their own documentation, rather than using a slew of options
that interact with each other in non-obvious ways.
- Previous message: [Distutils] bdist_nsis, bdist_deb, bdist_msi, bdist_inno, bdist_pkgtool, bdist_sdux, bdist_mpkg, etc.
- Next message: [Distutils] bdist_nsis, bdist_deb, bdist_msi, bdist_inno, bdist_pkgtool, bdist_sdux, bdist_mpkg, etc.
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Distutils-SIG
mailing list