The gitlab tests started failing with GL's newest "docker in docker"
image due to the lack of some core C library headers. This ensures that
everything needed for twine (i.e. cryptography) is present before doing
a pip install for twine.
Resolves#264
Generally, pip doesn't need to be available for `pypiserver` to work
correctly, but the `-U` command to update packages requires it to be
importable. This ensures the `pip` module will be available in the final
image.
This reverts commit de6a9ce19440975759e979fc47ba870192c99370.
Not going to be able to use GL because they do not support forks, so
reverting associated changes.
I didn't realize GitLab does not support running PRs on forks for
mirrored GitHub repos. I have switched other projects to Azure
pipelines, but just to get things going, I'm going to pull .travis.yml
back in here.
* [268] Ensure remove_pkg removes all pkg instances
Reported by @esciara in #268.
Previously, the `remove_pkg` command was only removing the first
matching package that it found so if, for example, there were a .tar.gz
file and a .whl file, it would only remove one of them.
Of course, it could be run in succession to accomplish full removal, but
the expected behavior is that removal will remove the package entirely.
Here, I've grouped `remove_pkg` related tests into a test class, added
some tests that verify the expected behavior, and updated the
`remove_pkg` method to remove all matching packages.
* CHANGES.rst
* Compose updates; doc updates; changelog for 1.3.0
* chore(ver): bump 1.2.7-->1.3.0
* update date in README
* rst is not markdown
* Add issue numbers to changelog
Resolves#241
@willrogers points out that `pypiuploader` appears to be a dead project,
so we'll remove specific instructions for it in the docs, unless it
is confirmed to be otherwise.
Thanks for your PR! I was wondering why everyone kept complaining about
`bcrypt`, when my local tests were succeeding just fine, so I spent
some time making the docker test script replicate the error.
Turns out the `.htpasswd` files I was generating were using md5, so they
were not triggering the error. The htpasswd file in this update does
use bcrypt encryption, so it triggers a 500 error on the previous
version of the Dockerfile.
I also updated the test to be a bit more thorough, validating an
authenticated upload in addition to just making sure the server is
running.
The only other change I made was to move `requirements.txt` into a more
specific `docker-requirements.txt` file, just to make it clear that its
intention is to be a part of the docker build and not the normal install
process.
Resolves#237
Previously, we were not running any sort of URL escaping on values
passed in from the client that were used for redirects. This allowed
injection attacks via URL encoded newlines in the original request.
This update ensures that all user-supplied paths that are used as
components of redirects are passed through `urllib.parse.quote()`
(or the python 2 equivalent) prior to being used in a redirect
response.
Also specified 127.0.0.1 rather than 0.0.0.0 (the default) in server
tests to avoid triggering firewall dialogs when testing on MacOS
