pypiserver / pypiserver Goto Github PK

The actual documentation states that in order to start the server, one should do:

pip install pypiserver
mkdir ~/packages
# copy some source packages or eggs to this directory
pypi-server -p 8080 ~/packages
pip install -i http://localhost:8080/simple/ ...

When installing pypiserver on Windows, the fourth line results in the following error:

Error: while trying to list 'C:\Program Files\Python\Scripts~\packages': [WinError 3] The system cannot find the path specified: 'C:\Program Files\Python\Scripts~\packages_._'

Replacing:

pypi-server -p 8080 ~/packages

by:

pypi-server -p 8080 packages

works.

Wouldn't it be nice to include in the documentation a note about this error on Windows and the possible way to avoid it?

For moin2, we need flatland==dev. if one downloads that with the suggested pip command, it gets stored as tip.zip into the package mirror directory.

if i add another package with ==dev, that one gets also stored as tip.zip.

This obviously can't work. Is there a way to handle this?

Aside from the conflict, it also loses information about what package that was. I suspect when looking for updates pypi-server will only look at the filenames in the package mirror directory and it won't know from which package name that tip.zip came from.

I just had a quick glance over the docs, but I could not find how to use pypiserver as a wsgi app.

It looks like it is using wsgi internally, but usually one would expect there is a documented way to initialize the wsgi app and use it with ANY wsgi server one likes, not just the ones supported by bottle. Isn't that why wsgi was implemented in the first place?

For apache2 / mod_wsgi users, a pypiserver.wsgi would also be a nice addition.

I added the pytz package to my pypiserver packages dir (as I did with all other packages needed).

On my pypiserver http://pypi.moinmo.in/simple/ it looks like this:

python-ldap
python-openid
pytz-2012b.tar.bz2
speaklater

On http://pypi.python.org/simple/ it looks like this:

pytyp
pytyrant
pytz
PyUblas
PyUblasExt

Looks like pypiserver gets confused somehow by the packagename / filename / extension?

Currently working on puppet module.
Chef module can be picked up by anybody who wants to.

For package-name-0.0.1.dev0.linux-x86_64.tar.gz the name is correctly detected as package-name
For package-name-0.0.1.dev0.macosx-10.10-intel.tar.gz the name is incorrectly detected as package-name-0.0.1.dev0.macosx

Versions up to and including 1.1.7 contain a cross site scripting vulnerability. I acknowledge this is not likely to ever be a problem since the normal usage of the server is from pip rather than a web browser. I only note it because my server was flagged as vulnerable by a Nessus scan.

The vulnerability can be demonstrated by entering the following in a web browser that does not filter XSS (on modern browsers, you'll probably have to disable automatic XSS filtering to see the exploit)
http://my.pypi-server.com:8080/?<script>alert("Vulnerable!");</script>

If successful, this should pop up an alert window,

Maybe this is the wrong way to handle this problem, but according to git flow, the develop branch of a project should not have any version number (how can you know what version you're going to release until you're in the release tagging stage?, or so the argument goes).

My version number is, therefore, "DEVELOP". This creates packages that look like this: "foo-DEVELOP-1402948847.tar.gz".

It looks like the "DEVELOP" part of this package filename is being included as part of the package name in the default "/simple" view.

I'm not really even sure if this is an actual bug, but I wanted to mention it, and see if there was anything that could be done. In the meantime my intended workaround is to slip in a numeric value before "DEVELOP", which I think will cause it to be considered the remaining text to be a "version" identifier.

It appears as though the Bottle web framework you are using has support for a simple template system: http://bottlepy.org/docs/dev/tutorial.html#tutorial-templates

I'm confused, or there is a bug.

I'm using --log-file with a pathname and nothing is being written there.

The server is acting as it always has and logs to stdout + stderr instead of to my specified log file.

The process, showing --log-file /var/log/pypiserver.log as the place to log.

pypi     16729 16728  0 15:52 ?        00:00:00 /apps/pypi-server/bin/python /apps/pypi-server/bin/pypi-server -p 8080 -P /apps/htaccess-live --log-file /var/log/pypiserver.log /apps/pypi-server-data

And the files:

Exhibit A: The 0-length log file that I primed and chown()ed before starting the process.

Exhibit B: The pypi-stdout-stderr.log file that is being captured from my boot-time script. It grows as HTTP requests come in and contains log lines.

log:pypi# cd /var/log
log:pypi# ls -lart
...
-rw-------   1 pypi root        0 Mar 13 15:49 pypiserver.log            <--- A
drwxr-xr-x. 14 root root     4096 Mar 13 15:58 .
-rw-------   1 root root      755 Mar 13 15:58 pypi-stdout-stderr.log   <--- B
log:pypi# cat pypi-stdout-stderr.log
Bottle v0.11.6 server starting up (using AutoServer())...
Listening on http://0.0.0.0:8080/
Hit Ctrl-C to quit.

/apps/pypi-server/lib/python2.6/site-packages/pypiserver/_app.py:174: DeprecationWarning: The COOKIES dict is deprecated. Use `set_cookie()` instead.
  body=response.body, cookies=response.COOKIES,
jblaine.our.org - - [13/Mar/2015 15:58:12] "GET / HTTP/1.1" 200 809
jblaine.our.org - - [13/Mar/2015 15:58:14] "GET / HTTP/1.1" 200 809
jblaine.our.org - - [13/Mar/2015 15:58:15] "GET / HTTP/1.1" 200 809
log:pypi#

I've set up pypiserver 1.1.6 on Windows7 using python 2.7.9 and pip 6.0.8.

http://localhost:8080/simple/ lists my package without problems but
pip install -i http://localhost:8080/simple pygrids says:

Collecting pygrids
  DEPRECATION: Failed to find 'pygrids' at http://localhost:8080/simple/pygrids/. It is suggested to upgrade your index to support
 normalized names as the name in /simple/{name}.
  Cannot fetch index base URL http://localhost:8080/simple/
  Could not find any downloads that satisfy the requirement pygrids
  No distributions at all found for pygrids

The different version of the pygrids package are:

pygrids-0.1.tar.gz
pygrids-0.2.tar.gz
pygrids-0.2.1.tar.gz

Same setup works on Ubuntu 14.04

This patch hacks the code in order to allow pip search PKG. For example:

pip search  --index http://pypi.intenet.com:8080/search/ MyDjango

I wonder if you are interested on this and if this patch is wellcome for your side.

--- /root/_app.py   2015-03-12 11:16:23.000000000 +0000
+++ /usr/local/lib/python2.7/dist-packages/pypiserver/_app.py   2015-03-12 12:26:29.000000000 +0000
@@ -6,6 +6,7 @@
 import mimetypes
 import logging
 import pkg_resources
+import xml.dom.minidom
 
 try:
     from io import BytesIO
@@ -24,6 +25,48 @@
 log = logging.getLogger('pypiserver.http')
 packages = None
 
+XMLRPC_RESPONSE_SKELETON='''
+
+
+
+
+%(objects)s
+
+
+
+'''
+
+def from_obj_to_xmlrpc(obj_):
+    res = ""
+    if isinstance(obj_,int):
+        res += "%s" % obj_
+        return res
+    elif isinstance(obj_,str):
+        res += "%s" % obj_
+        return res
+    elif isinstance(obj_,dict):
+        res += ""
+        for k,v in obj_.iteritems():
+            member = {}
+            member["name"]=k
+            member["value"]=from_obj_to_xmlrpc(v)
+            res_1 = ""
+            res_1 += "%(name)s"
+            res_1 += "%(value)s"
+            res_1 += ""
+            res += res_1 % member
+        res += ""
+        return res
+    elif isinstance(obj_,list):
+        res += ""
+        for i in obj_:
+            res += "%s" % from_obj_to_xmlrpc(i)
+        res += ""
+        return res
+    else:
+       raise Exception("No valid object")
+
+
 
 class Configuration(object):
     def __init__(self):
@@ -267,8 +310,31 @@
     return redirect(request.fullpath + "/")
 
 
[email protected]("/simple/")
[email protected]('/search')
[email protected]('/search/')
 @auth("list")
+def search():
+    value = ""
+    try:
+        parser = xml.dom.minidom.parse(request.body)
+        member = parser.getElementsByTagName("member")[0]
+        value  = parser.getElementsByTagName("string")[0].childNodes[0].wholeText.strip()
+    except Exception, e:
+        value = ""
+
+    response = []
+    ordering = 0
+    for p in packages():
+        if p.pkgname.count(value) > 0:
+            d = {'_pypi_ordering': ordering, 'version': p.version,
+                 'name': p.pkgname, 'summary': p.fn}
+            response.append(d)
+        ordering += 1
+    res = XMLRPC_RESPONSE_SKELETON \
+        % {"objects":from_obj_to_xmlrpc(response)}
+    return res
+
[email protected]("/simple/")
 def simpleindex():
     links = sorted(get_prefixes(packages()))
     tmpl = """\

http://pypi.python.org/pypi/pypiserver/#table-of-contents
Fallowed the all the stepps mentioned in above link.
But when i am going to upload package to my local pypi server.

1. python setup.py sdist upload -r internal

`When i ran above command by default it's going to pypi.python.org server '

removing 'boto-2.8.0' (and everything under it)
running upload
Submitting dist/boto-2.8.0.tar.gz to http://pypi.python.org/pypi
Upload failed (401): You must be identified to edit package information.

1. python setup.py sdist upload -r http://localhost:7080/simple

When i ran above command getting below issue.
running upload
Submitting dist/boto-2.8.0.tar.gz to http://localhost:7080/simple
[Errno 32] Broken pipe

Can any one suggest how to upload package to local pypi server.

Not sure how pypiserver is meant to behave with upload_docs but it looks wrong to me.

I am building package docs using sphinx and then running the upload_docs command to upload them to my pypiserver (apache2 and wsgi). I get a 200 response saying that everything went well, but I cannot find the documentation saved on the server and not visible in the index.

Scenario 1 - pypiserver does not support documentation uploads. If this is the case it would be good if it returned a 501 not implemented response so people knew
Scenario 2 - pypiserver is accepting the upload_docs command but is hiding the documentation somewhere. The documentation could be uploaded to describe where the docs get saved, how to view them in the web interface and how to change the documentation folder.

I'd be happy to add some code to do either if theres an agreement on which if these options is correct.

Pete

Design those with the ability to feed themselves to logstash.

/pypi is not implemented, that prevents programs like pyg to work.

Currently, attempting to run pypiserver with --server gevent fails due to lack of a monkey patch call:

$ pip freeze | grep pypiserver
pypiserver==1.1.6
$ pip freeze | grep gevent
gevent==1.0
$ pypi-server --server gevent -P htpasswd goat/
This is pypiserver 1.1.6 serving '/home/vagrant/goat' on http://0.0.0.0:8080

Bottle v0.11.6 server starting up (using GeventServer())...
Listening on http://0.0.0.0:8080/
Hit Ctrl-C to quit.

Traceback (most recent call last):
  File "/home/vagrant/.env/bin/pypi-server", line 11, in <module>
    sys.exit(main())
  File "/home/vagrant/.env/local/lib/python2.7/site-packages/pypiserver/core.py", line 328, in main
    run(app=a, host=host, port=port, server=server)
  File "/home/vagrant/.env/local/lib/python2.7/site-packages/pypiserver/bottle.py", line 2703, in run
    server.run(app)
  File "/home/vagrant/.env/local/lib/python2.7/site-packages/pypiserver/bottle.py", line 2499, in run
    raise RuntimeError(msg)
RuntimeError: Bottle requires gevent.monkey.patch_all() (before import)

@schmir, @ror6ax and @dingus9:
I believe it is time to make the 1st public release under the new ownership scheme.

• The PR's marked for inclusion are marked with milestone=v1.1.7.
• I'm hopping to start merging during the weekend.
• Arbitrarily set release-date on 25-January.
• @schmir i will need you to give access to my pypi-account (named also ankostis) for uploading released packages.
• @dingus9 you have to add yourself into the watchers of this project (it is not done automatically).

I managed to create a htpasswd file and use register/upload with pypiserver-1.0. The docs don't really discuss this feature and also the comparison with other pypi servers seems to be based on an earlier release (otherwise why highlight that others have upload).

Hi, thanks for pypiserver, simple and useful !

Here's a tricky problem when running pypiserver with fallback to a mirror index, not sure if it should be fixed within pypiserver or not.
See also https://bitbucket.org/loewis/pep381client/issue/22

The main PyPI server does some 301 redirections (to fix some mispellings). That's not something a mirror can easily reproduce (see above cited issue on pep381client).
The combination of pypiserver and a mirror leads to installation errors.
Fixing one's spellings is not practically possible, because they occur a lot through dependencies.

Reproduction

Assume for instance that pypiserver does not hold packages for 'babel'.

Client applications (such as pip) try e.g., '/simple/babel' (proper spelling is 'Babel')

• On the main PyPI, they get a 301 response to '/simple/Babel' -> ok
• On a PyPI mirror, they get a 404, then they fetch the whole '/simple/' page, analyse it, find 'Babel' in it, correct the spelling and retry -> inefficient, but ok
• On pypiserver with fallback on a mirror, they get:
  • a 303 to the mirror ('/simple/babel')
  • then, a 404 from the mirror
  • then they fetch the '/simple' page from pypiserver, which does not list the wished distribution ('Babel') -> ERROR

Workarounds

My workaround for now is to setup 301 redirections for commonly mispelled distributions in the mirror as well (in our case, the mirror is ours), but that's a maintenance burden and does not scale.

Another possibility is to manually add commonly mispelled distributions in pypiserver and use '-U'. That's insatisfactoy for the same reasons.

Conclusion

Mispellings in dependencies are really common, since many distribution authors don't even realize their spelling is wrong. Any idea ?

Hi,

it will be necessary in our company to run our own pypiserver. To improve the work for the admins we want to build rpm packages for them. Would you guys be interested in cooperating?

Currently I have a shell script which creates a virtualenv location and a package location, starts the virtualenv and installs a new pypiserver, then runs it on a configured port. Additionally I've created a systemd service file which enables automatic startup for the package service. The next step will be putting all of that into a RPM spec file and finding a service that always builds a new package when the shell script or the service file change. I think that a public rpm builder would be okay and that the pypiserver repo would be a reasonable location for these files. What do you guys think?

When starting the pypi-server I get an error message saying "malformed htpasswd file". I get the error message even if the .htpasswd file does not exist. What is causing the error?

Here is the entire Traceback:

C:\Data>pypi-server -p 8080 -P packages\.htaccess packages
Traceback (most recent call last):
  File "c:\python27\lib\runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "c:\python27\lib\runpy.py", line 72, in _run_code
    exec code in run_globals
  File "C:\Python27\Scripts\pypi-server.exe\__main__.py", line 9, in <module>
  File "c:\python27\lib\site-packages\pypiserver\__main__.py", line 293, in main
    app = pypiserver.app(**vars(c))
  File "c:\python27\lib\site-packages\pypiserver\__init__.py", line 124, in app
    config, packages = core.configure(**kwds)
  File "c:\python27\lib\site-packages\pypiserver\core.py", line 47, in configure
    htPsswdFile = HtpasswdFile(c.password_file)
  File "c:\python27\lib\site-packages\passlib\apache.py", line 583, in __init__
    super(HtpasswdFile, self).__init__(path, **kwds)
  File "c:\python27\lib\site-packages\passlib\apache.py", line 166, in __init__
    self.load()
  File "c:\python27\lib\site-packages\passlib\apache.py", line 236, in load
    self._load_lines(fh)
  File "c:\python27\lib\site-packages\passlib\apache.py", line 261, in _load_lines
    key, value = parse(line, idx+1)
  File "c:\python27\lib\site-packages\passlib\apache.py", line 590, in _parse_record
    % lineno)
ValueError: malformed htpasswd file (error reading line 1)

see: http://stackoverflow.com/questions/34635226/malformed-htpasswd-file-error-message-when-starting-pypi-server

You can see it on https://pypi.python.org/pypi/pypiserver/1.1.8b1

pip 1.5 and greater would like secure links by default, which by implementation means the link provides a hash of the package in the url. This provides some form of verification of correct file download at least.

You can see some of the api docs at warehouse how this is done.

It would be great for pypiserver's links to provide this for pip; I believe this would mean you no longer have to pass --allow-insecure.

Hi,

I run into this error when using a newer version of pip.

pip 1.5.4 from /usr/lib/python2.7/dist-packages (python 2.7)

root@bc36f17fe2cc:/# pip install -r http://my-pypiserver/simple/ my-package
Exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/pip/basecommand.py", line 122, in main
    status = self.run(options, args)
  File "/usr/lib/python2.7/dist-packages/pip/commands/install.py", line 262, in run
    for req in parse_requirements(filename, finder=finder, options=options, session=session):
  File "/usr/lib/python2.7/dist-packages/pip/req.py", line 1631, in parse_requirements
    req = InstallRequirement.from_line(line, comes_from, prereleases=getattr(options, "pre", None))
  File "/usr/lib/python2.7/dist-packages/pip/req.py", line 172, in from_line
    return cls(req, comes_from, url=url, prereleases=prereleases)
  File "/usr/lib/python2.7/dist-packages/pip/req.py", line 70, in __init__
    req = pkg_resources.Requirement.parse(req)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2667, in parse
    reqs = list(parse_requirements(s))
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2593, in parse_requirements
    raise ValueError("Missing distribution spec", line)
ValueError: ('Missing distribution spec', '<html><head><title>Simple Index</title></head><body>')

When using pip 1.3.x (don't recall the exact version), it works just fine.

This would make pypiserver useful for serving a private (proprietary) package repository.

Now all packages are stored in a single directory. If the server has too many packages with numerous releases, the number of files will be very huge. It would be good to organize the files in a directory structure based on package name. This need not be the default behavior, it can be a configurable.

For example:

packages/
   hello/
     hello-1.0.tar.gz
     hello-1.1.tar.gz
   another/
     another-1.0.tar.gz
     another-2.0.tar.gz

pypi-server -U [OPTIONS] [PACKAGES_DIRECTORY] seems to fail due to lack of proxy support. I have tried to set http_proxy but it has no effect. pip is working fine with the proxy.

[edit by @ankostis]: Error was:

proxy support [was: pypi-server -U fails with socket.error: [Errno 10060]]

$ pip install pypiserver --upgrade
Downloading/unpacking pypiserver
HTTP error 404 while getting http://pypi.python.org/packages/source/p/pypiserver/pypiserver-0.4.0.zip#md5=1a1a30d75b92137e99e7bf967a98d3e9 (from http://pypi.python.org/simple/pypiserver/)
Could not install requirement pypiserver because of error HTTP Error 404: Not Found ()
Could not install requirement pypiserver because of HTTP error HTTP Error 404: Not Found () for URL http://pypi.python.org/packages/source/p/pypiserver/pypiserver-0.4.0.zip#md5=1a1a30d75b92137e99e7bf967a98d3e9 (from http://pypi.python.org/simple/pypiserver/)

Going to http://pypi.python.org/pypi/pypiserver/#downloads in my browser and attempting to download the 0.4 source tarball also results in a 404.

I have pypiserver running on apache/mod_wsgi, served under "/pypi"

but the some links on the homepage are incorrect
because they don not take into account request.fullpath

in
58 @app.route('/')
59 def root():

"packages" point to "/packages" instead of "/pypi/packages"
"simple" point to "/packages" instead of "/pypi/simple"

When I try to upload my pip's to the pypiser server, it will fail with a 401 error a random amount of times, then magically be accepted. This goes for registering the package as well. The logging is not very helpful in figuring out what exactly has gone wrong.

Here is logging output:

[09/Jul/2012:13:46:00 +0000] "POST / HTTP/1.1" 401 729 "-" "Python-urllib/2.7"
[09/Jul/2012:13:46:01 +0000] "POST / HTTP/1.1" 401 729 "-" "Python-urllib/2.7"
[09/Jul/2012:13:46:01 +0000] "POST / HTTP/1.1" 200 0 "-" "Python-urllib/2.7"
[09/Jul/2012:13:46:19 +0000] "POST / HTTP/1.1" 200 0 "-" "Python-urllib/2.7"

The wheel filename is {distribution}-{version}(-{build tag})?-{python tag}-{abi tag}-{platform tag}.whl.
http://www.python.org/dev/peps/pep-0427/

When zope.kgs parse content of source files, he catch this:
/packages/js.amcharts-2.7.7.tar.gz
instead of
http://pypi.rd.securactive.lan/packages/js.amcharts/

As a consequence, he cannot use the right url. Please add a base_url option.

Thanks.

When the paste_app_factory instance the app don't read the password_file option fron the configuration file.

I don't use python anymore and won't support pypiserver anymore. Someone else should take over.

Please take a look at devpi for a well maintained alternative.

pypiserver-1.0 supports a fallbackurl fine. A few questions:

• if the package query which is redirect to pypi.python.org has dependencies will pip/easy_install again first ask the initial instance (pypiserver-1.0)?
• did you consider performing the query to pypi.python.org yourself and caching the result so that on the next occassion the server will know about it (after all, releases/files can be thought as immutable usually)?

1. Add option --fallback-cache-root or -c
2. If the package is not found locally
   1. Search fallback cache root
   2. If fallback cache root doesn't have the package
      1. Retrieve the package
      2. Store it in the fallback root
      3. Send it to the requesting client
   3. If fallback cache root does have the package
      1. Check whether package is older than --cache-control and if older proceed to 2.ii.a
      2. Otherwise send the cached package to the requesting client

Not sure when this was introduced, but pypiserver 1.1.2 didn't have this issue. From the bottle API docs:

Name of the file on the client file system, but normalized to ensure file system compatibility. An empty filename is returned as ‘empty’. Only ASCII letters, digits, dashes, underscores and dots are allowed in the final filename. Accents are removed, if possible. Whitespace is replaced by a single dash. Leading or tailing dots or dashes are removed. The filename is limited to 255 characters.

For example, the version 0.0.0+local is a valid package version, but bottle gets rid of the +. I'm sure there are other combinations that also break.

I asked on stackoverlfow, but nobody replied. Here is the question again:

http://stackoverflow.com/questions/17275323/pypiserver-build-ext-on-mirror

We have a local pypiserver and up to now we are happy with it.

But psycopg2 makes trouble. It wants pg_config to be installed. I don't see a reason why it should be installed on the mirror server. I understand that it needs to be on the client where I install psycopg2.

Is this a bug in psycopg2? Or do I use the wrong options the get the package to the mirror?

pypi@gray:~> pip install --no-deps --no-install -d packages psycopg2
Downloading/unpacking psycopg2
File was already downloaded packages/psycopg2-2.5.1.tar.gz
Running setup.py egg_info for package psycopg2
Error: pg_config executable not found.

Please add the directory containing pg_config to the PATH
or specify the full executable path with the option:

    python setup.py build_ext --pg-config /path/to/pg_config build ...

or with the pg_config option in 'setup.cfg'.
Complete output from command python setup.py egg_info:
running egg_info

creating pip-egg-info/psycopg2.egg-info

writing pip-egg-info/psycopg2.egg-info/PKG-INFO

writing top-level names to pip-egg-info/psycopg2.egg-info/top_level.txt

writing dependency_links to pip-egg-info/psycopg2.egg-info/dependency_links.txt

writing manifest file 'pip-egg-info/psycopg2.egg-info/SOURCES.txt'

warning: manifest_maker: standard file '-c' not found

Error: pg_config executable not found.

Please add the directory containing pg_config to the PATH

or specify the full executable path with the option:

python setup.py build_ext --pg-config /path/to/pg_config build ...

or with the pg_config option in 'setup.cfg'.

Command python setup.py egg_info failed with error code 1 in /home/pypi/tmp/pip-build/psycopg2
Storing complete log in /home/pypi/.config/pip/pip.log

We use this pypiserver: https://pypi.python.org/pypi/pypiserver

Running this, I still get results when I take the local server down:

$ PIP_INDEX_URL=https://pypi.local/simple pip -v search gdrivefs

The -v option is supposed to turn-on verbosity, but there's nothing.

I created a fork on https://github.com/fraoustin/pypiserver for add functionality a web page with url http://myserver/pypi.

Are you interested?

PS: For full functionality , my fork needs the pkginfo module and docutils module

Thanks for pypiserver. I must say it is the most stable and clean pypi alternative implementations out there for now tho, it's still feature incomplete.

Please do consider allowing package upload by using python setup.py upload as it is the most convenient way to to distribute a private package.

I set up a pypi server with some packages and tried adding the /simple/ URL to one of the packages setup.py script's dependency_links. When I run pip install or easy_install it fails to find the package at /simple/. When I add a package name to the path in dependency_links it does work. Can this work without having to add explicit paths for each dependency? I want to avoid having to tell users to configure pip or easy_install to pull from our server.

The passlib package is required and (if not present) will cause the application to crash when the password_file parameter is passed to app(). Simplest fix is probably just to add this as a dependency when building your distribution.

I tried both with the default bottle webserver and gunicorn (-w4) and every now and then I get a 503 making the mirror unreliable.

I am digging into the code to find more clues.

I have fresh pypiserver 1.1.7 running on current Debian Stable, on Python2.7.

For some reason, running "python setup.py sdist register upload" works, but just "setup.py register" does not (locally):

Server response (500): <urlopen error [Errno 104] Connection reset by peer>

Or from a remote OSX system:

Server response (500): <urlopen error [Errno 32] Broken pipe>

... and likewise, using jarn.mkrelease (tool to automate releases) from the OSX system to do uploads fails:
(it does register - sdist - upload in three separate HTTP calls, I guess)

running register
Registering z3c.form to http://pypi.vidamin.com:8765
Server response (500): <urlopen error [Errno 32] Broken pipe>
ERROR: register failed

In all these cases, the pypiserver log shows just:

"POST / HTTP/1.1" 401 713 "-" "Python-urllib/2.7"

Which is not very helpful...

pypiserver should accept the register call on its own, even if just to satisfy clients (and users) that try to do "setup.py register" on its own without other commands. My suggestion would be to simply silently accept the call, and do nothing (except log the event perhaps).

Note: I suspect this issue may be behind a few other issue reports about "random" 401 or 500 errors, as well... I thought for a long time I was seeing the same issue.

At the very least, it should be documented that doing just "setup.py register" does not work.

My package is uploaded and I can see it when I browse http://server/simple

When running pip install I get the message: "Could not find a version that satisfies the requirement <package_name> (from versions: 1.0.0d5, 1.0.0d7)"

pip install <package_name>==<version> works, but I would like it to auto-negotiate the latest version.

Am I doing something incorrectly, or does pypiserver not support my type of versioning? If so, could you point me at the relevant code?

Harsh Gupta [email protected] points out in email to webmaster@ that the page footer still shows "Copyright © 1990-2014, Python Software Foundation." The easy fix is a change to the templates, but it might be better to simply dynamically substitute the current year for the second date.

Hi.
Geez, this was a nightmare to track down ;).
Look at BaseRequest.MAX_PARAMS

We have a package with 112 requirements at the company, this caused HTTPError: 400 Client Error: Bad Request as this exceeded allowed POST parameters.

You can reproduce by building this fake package and uploading it (I used twine):

from setuptools import setup
setup(
    name='pyserver_test',
    install_requires=['a==1.0'] * 200,
)

$ pip wheel .
$ twine upload -r my_locally_run_pypiserver wheelhouse/pyserver_test-0.0.0-cp27-none-linux_x86_64.whl 
Uploading distributions to http://127.0.0.1:8080
Uploading pyserver_test-0.0.0-cp27-none-linux_x86_64.whl
HTTPError: 400 Client Error: Bad Request

Please explain why cap at 100 (I assume this is a question to bottle authors). I can easily fix this in my fork but I don't have an idea how to elegantly fix it for everyone else.

Windows support seems to be broken due to the usage of os.spawnlp:

http://docs.python.org/2/library/os.html#os.spawnlp:

# update Django from 1.4.1 to 1.4.3
pip -q install --no-deps -i http://pypi.python.org/simple -d D:\hackable-pypi\_data Django==1.4.3

Traceback (most recent call last):
  File "D:\hackable-pypi\python\Scripts\pypi-server-script.py", line 9, in <module>
    load_entry_point('pypiserver==1.0.0', 'console_scripts', 'pypi-server')()
  File "d:\hackable-pypi\pypiserver\pypiserver\core.py", line 255, in main
    manage.update(packages, update_directory, update_dry_run, stable_only=update_stable_only)
  File "d:\hackable-pypi\pypiserver\pypiserver\manage.py", line 137, in update
    os.spawnlp(os.P_WAIT, cmd[0], *cmd)
AttributeError: 'module' object has no attribute 'spawnlp'