Thanks @elfjes for pointing out that I'd missed this! I also went ahead
and bumped the version in the README to 2.0.0dev1, so that it's clear
that what's in master shouldn't be what people expect from pypi or in the
docker image.
Adds an argparse config that, while adding subcommands (`pypi-server run` and `pypi-server update`), retains full commandline backwards compatibility with the existing config parsing logic.
There's a bit of hackery required to do this, so this also issues a warning if using the non-subcommand arguments, allowing us to potentially remove support for the old form in our next next major version bump (i.e. 3.0).
Also adds a `.pyproject.toml` with a black config, and a mypy config block to `setup.cfg`.
`mypy` is now called in `tox`, currently only for `config.py`, because nothing else typechecks successfully.
----
* WIP: argparse config
* Complete config
* Test all the config options
* Another test and a note re: being unused
* mypy config, call mypy in tox
* No mypy on pypy
* Fix tox config
* Add venv to black ignore
* fix tox config (again)
* Fix formatting, simplify error handling
* FMT: Run black on changed files
* Cleanup setup.py
* remove explicit inheritance from object
* convert most string interpolations to f-strings
Co-authored-by: Pelle Koster <pelle.koster@nginfra.nl>
* run black on codebase
* add black check to travis ci
* add pyproject.toml, revert black on bottle.py
Co-authored-by: Pelle Koster <pelle.koster@nginfra.nl>
* log to stdout
* add stdout logging to config and test it
* remove non-implemented parameter from docs
* configure log stream based on config, somehow this change got lost
* fix unittests for other python versions
* option to specify log stream
* Be more explicit in usage text
Co-authored-by: Matthew Planchard <mplanchard@users.noreply.github.com>
* remove redundant arguments
* be more consistent in usage text
* add test for disabling stream logging
* fix side-effect of unittests
Co-authored-by: Matthew Planchard <mplanchard@users.noreply.github.com>
* Add the option to specify list of modules we don't want to update
Signed-off-by: Peter Slovak <peter.slovak@websupport.sk>
* Fix docs
Signed-off-by: Peter Slovak <peter.slovak@websupport.sk>
* Minimize the number of strip() calls
Co-authored-by: Matthew Planchard <mplanchard@users.noreply.github.com>
* Log an exception when we fail to open/read the package blacklist file
* Abort server startup if we fail to read the blacklist file
Co-authored-by: Matthew Planchard <mplanchard@users.noreply.github.com>
* [268] Ensure remove_pkg removes all pkg instances
Reported by @esciara in #268.
Previously, the `remove_pkg` command was only removing the first
matching package that it found so if, for example, there were a .tar.gz
file and a .whl file, it would only remove one of them.
Of course, it could be run in succession to accomplish full removal, but
the expected behavior is that removal will remove the package entirely.
Here, I've grouped `remove_pkg` related tests into a test class, added
some tests that verify the expected behavior, and updated the
`remove_pkg` method to remove all matching packages.
* CHANGES.rst
Resolves#237
Previously, we were not running any sort of URL escaping on values
passed in from the client that were used for redirects. This allowed
injection attacks via URL encoded newlines in the original request.
This update ensures that all user-supplied paths that are used as
components of redirects are passed through `urllib.parse.quote()`
(or the python 2 equivalent) prior to being used in a redirect
response.
Also specified 127.0.0.1 rather than 0.0.0.0 (the default) in server
tests to avoid triggering firewall dialogs when testing on MacOS
Resolves#226
Cleaned up `test_server.py` a bit:
* Call `twine` via `Popen` instead of using their internal API, which
should help us from having to fix twine tests as often
* Cleaned up fixtures
* Some PEP8 updates and general formatting
* Grouped test fixtures and functions all before the tests themselves
* Refactored `updae()` into several single-responsibility functions
* Added tests for said functions
* Some PEP 008 cleanup
* Imported standard `__future__` imports in `manage.py` and its test
module
Resolves#205 - pypi.python.org shutting down
* Updated the default fallback URL to `pypi.org/simple` rather than
`pypi.python.org/simple`
* Scrubbed references and links to `pypi.python.org`
* Fixed tests breaking due to the removal of `pip.main()` in pip 10.0 -
see pypa/pip#5080 for more info
The ability to propagate configuration values from a paste config
file was introduced in #156. However, as pointed out in #125
by @redbaron4, the string strip method introduced in #156 was
problematic in Python 2.
This resolves that issue while also creating a test that fails
on the current master and passes with updates, demonstrating the
issue.
In addition to including tests from @jameshiebert with slight
updates, I have also resolved an issue with newer versions of twine,
which require an extra parameter in the calls to `upload` and
`register`.
Resolves#179
Due to a pypi API change (reasoning
[here](https://mail.python.org/pipermail/distutils-sig/2017-October/031712.html),
thanks to @natefoo for the link), the redirect links that we were
generating for distributions not present in the package index were
failing with `403` errors.
@ankostis, I have not had time to look into why the standalone tests are
failing. Perhaps we should just ignore them in order to get a new
version out once this is merged to master?
`pypi.python.org/simple` will respond to HTTP requests with `403: SSL is required.`
This will change the default fallback_url to use HTTPS. This should fix#179.
* Updated .travis.yml to fix PEP 440 warnings
* Fixed twine calls
We were getting test failures on multiple branches in
`test_server.py`. I first investigated a warning message
popping up in every test run:
```
PEP440Warning,
/home/travis/virtualenv/python3.5.2/lib/python3.5/site-packages/pkg_resources/__init__.py:2510: PEP440Warning: 'setuptools (git-0.4.0)' is being parsed as a legacy, non PEP 440, version. You may find odd behavior and sort order. In particular it will be sorted as less than 0.0. It is recommend to migrate to PEP 440 compatible versions.
```
Moving the installation of setuptools, pip, sphinx, and tox
into the `install` key for Travis resolved that issue, but
`test_server.py` tests were still failing. It turns out that
Twine 1.7.0 added support for SSL cert specification and,
in the process, changed the call signature for the `upload`
and `register` internal methods.
This PR fixes the calls so that they align with Twine's new
function signature. Note that tests now fail on Twine <1.7.0,
so I have also updated the dev requirements file.
+ FIX#104: Stopped parsing invalid package-versions prefixed with `v`;
they are invalid according to :pep-reference:`0440`.
+ Also support versions with epochs separated by `!` like `package-1!1.1.0`.
+ Move bottle-filename check on app module.
