Comments (6)
@chrishas35 I created devpi-lockdown.
from devpi.
Original comment by @hpk42
ASFAIK pip/easy_install only support authentication by specifying username/password encoded into the URL. It's probably not very hard to support that. The idea would be to add ACLs to indexes, i.e. allowing certain users READ, WRITE, or READ/WRITE access. We could then pass auth information to the pip command that "devpi install" generates.
from devpi.
Original comment by pendletongp
Is this feature on the radar?
from devpi.
Original comment by @fschulze
There is experimental support for basic authentication in devpi-client by using a web server like nginx in front of the devpi-server instance. For now those credentials aren't shared with devpi-server though. There are still some issues like https://bitbucket.org/hpk42/devpi/issue/135/basic-auth-doesnt-work-with-https-if-no and https://bitbucket.org/hpk42/devpi/issue/75/use-x-devpi-auth-header-instead-of#comment-11450541
An alternative is the experimental support for client side certificates: https://bitbucket.org/hpk42/devpi/issue/74/add-option-to-devpi-client-to-send-ssl
from devpi.
Original comment by pendletongp
If it is assumed that a server sits in front of devpi, a wsgi authentication module could be used.
For nginx see wsgi_pass_authorization at http://wiki.nginx.org/NgxWSGIModule
For apache see https://docs.djangoproject.com/en/1.7/howto/deployment/wsgi/apache-auth/#authentication-with-mod-wsgi (didn't see this well documented in the apache docs so I linked to the django docs)
It would probably be fairly simple to implement read access for owner only now
from devpi.
Besides devpi-lockdown we don't intend to add further support for this feature.
from devpi.
Related Issues (20)
- [client] upload `OSError: [Errno 18] Invalid cross-device link '/tmp/devpi-…/dist/….whl' -> 'dist/….whl'` HOT 2
- Cannot load packages when use base auth in gitlab registry mirror HOT 4
- Need help upgrading from 4.4.0 to current HOT 3
- Incorrect version given to doczip with devpi-client version 7.0.0 HOT 7
- All >400 HTTP responses from login provoke a SystemExit, not using fatal, and are not always fatal errors for login HOT 1
- Errors when sharing package files HOT 8
- Option to have the latest available documentation displayed, when a package has no docs HOT 2
- Support PEP 658 / PEP 714 HOT 8
- HTTP error 502 while retrieving a wheel file HOT 6
- Return HTTP 406 instead of HTTP 404 when `Accept` cannot be fulfilled HOT 4
- Support range requests when downloading files HOT 3
- Connection failures when downloading wheels HOT 6
- Devpi test fails with something related to build(i assume) HOT 6
- Server fatal exception: KeyError: 'projects' HOT 15
- Wheel file including +(Plus sign) doesn't mirrored from origin.
- Support Large Object Files (.whl, egg) greater than 1Gib with postgres HOT 1
- pytz package can't be installed from an index other that root/pypi HOT 1
- Password-less authentication HOT 2
- Add an option to prevent upload packages with Private classifier
- Invalid nginx configuration generated when `--mirror-cache-expiry` is specified
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from devpi.