[Zope3-dev] Re: Known working sets II [was: Eggification redux]

Tres Seaver tseaver at palladion.com
Thu Sep 27 19:40:11 EDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tres Seaver wrote:

> Anybody running against the Cheeseshop today is *more* on the bleeding
> edge than a sysadmin whose production boxes are running 'sid':  Debian
> has cultural constraits, even for that distro, which are vastly more
> restricted than the Wild West which is PyPI.
> 
> The only solution I can see is to create filtered subsets / mirrors of PyPI.

<snip>

> 
> Exactly.  Without some way to impose a "gatekeeper" role on the package
> pool from which a given deployment draws, we can't have any
> deterministic outcomes when installing packages.

OK, here is a sample "gatekeeper" script, intended to be run from within
a directory full of source distributions.  E.g.:

  $ cd /path/to/dist.example.com
  $ ls
  abc-1.2.3.tar.gz  abc-1.2.4.tar.gz  ghijk-2.3.4.tar.gz
  $ python /tmp/makeindex.py *.gz
  Parsing: abc-1.2.3.tar.gz
  Parsing: abc-1.2.4.tar.gz
  Parsing: ghijk-2.3.4.tar.gz
  Project: abc
    --> 1.2.3  abc-1.2.3.tar.gz
    --> 1.2.4  abc-1.2.4.tar.gz
  Project: ghijk
    --> 2.3.4  ghijk-2.3.4.tar.gz

Assuming that the directory is the root of an Apache virtual domain,
'dist.example.com', the script creates a 'simple' subdirectory, with
an index listing the projects corresponding to the tarballs.  Each
project ('abc', 'ghijk') gets a subdirectory with an index pointing to
its tarballs.

At this point, from a fresh virtualenv, you can install those packages
without risk of pulling anything from the Cheeseshop:

  $ bin/easy_install --index-url=http://dist.example.com/simple ghijk

Total effort involved in maintaining the "gated community" then becomes
keeping a set of tarballs available at some web-downloadable location,
and re-running the script after adding / removing them to regenerate
the index.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG/D9a+gerLs4ltQ4RAtZrAJwPrSe+vAaLTNF+XrrdyPY6bFXgTgCgzqOV
ssgeiDB9/whhld4DyylsQxA=
=f2tL
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: makeindex.py
Type: application/x-httpd-cgi
Size: 2977 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope3-dev/attachments/20070927/da13dab9/makeindex-0001.bin

More information about the Zope3-dev mailing list