devpi-server 6.9.2__tar.gz → 6.11.0__tar.gz

devpi_server-6.11.0/.flake8

@@ -0,0 +1,9 @@
+[flake8]
+ignore = E501,E741,W503
+per-file-ignores =
+    plugin.py:E127,E128,E225,E231,E265,E402,E712
+    importexport.py:E127
+    model.py:E128,E225,E231
+    setup.py:E121,E126
+    test_importexport.py:E121
+    test*.py:E117,E126,E127,E128,E225,E226,E231,E251,E265,E712,E721

{devpi-server-6.9.2 → devpi_server-6.11.0}/CHANGELOG

@@ -2,6 +2,48 @@
 
 .. towncrier release notes start
 
+6.11.0 (2024-04-20)
+===================
+
+Features
+--------
+
+- The ``devpi-fsck`` script now returns an error code when there have been missing files or checksum errors.
+
+- Fix #983: Add plugin hook for mirror authentication header.
+
+
+
+Bug Fixes
+---------
+
+- Preserve last modified of docs and toxresults during export/import.
+
+- Fix #1033: Use ``int`` for ``--mirror-cache-expiry`` to fix value of ``proxy_cache_valid`` in nginx caching config.
+
+
+
+6.10.0 (2023-12-19)
+===================
+
+Features
+--------
+
+- Use ``Authorization`` header instead of adding username/password to URL when fetching from mirror.
+
+- Fix #998: Use the pure Python httpx library instead of aiohttp to prevent delays in supporting newest Python releases.
+
+
+
+Bug Fixes
+---------
+
+- Fix #996: support hashes other than sha256 in application/vnd.pypi.simple.v1+json responses.
+
+- Only compare hostname instead of full URL prefix when parsing mirror packages to fix mirrors with basic authentication and absolute URLs. See #1006
+
+
+
 6.9.2 (2023-08-06)
 ==================
 

devpi_server-6.11.0/CHANGELOG.short.rst

@@ -0,0 +1,95 @@
+
+
+=========
+Changelog
+=========
+
+
+
+
+.. towncrier release notes start
+
+6.10.0 (2023-12-19)
+===================
+
+Features
+--------
+
+- Use ``Authorization`` header instead of adding username/password to URL when fetching from mirror.
+
+- Fix #998: Use the pure Python httpx library instead of aiohttp to prevent delays in supporting newest Python releases.
+
+
+
+Bug Fixes
+---------
+
+- Fix #996: support hashes other than sha256 in application/vnd.pypi.simple.v1+json responses.
+
+- Only compare hostname instead of full URL prefix when parsing mirror packages to fix mirrors with basic authentication and absolute URLs. See #1006
+
+
+
+6.9.2 (2023-08-06)
+==================
+
+Bug Fixes
+---------
+
+- Prevent duplicates when adding values to lists in index configuration with ``+=`` operator.
+
+
+6.9.1 (2023-07-02)
+==================
+
+Bug Fixes
+---------
+
+- Prevent error in find_pre_existing_file in case of incomplete metadata.
+
+- Fix #980: Remove long deprecated backward compatibility for old pluggy versions to fix error with pluggy 1.1.0.
+
+
+6.9.0 (2023-05-23)
+==================
+
+Features
+--------
+
+- Support export directory layout for ``--replica-file-search-path`` option.
+
+- Fix #931: Add ``mirror_no_project_list`` setting for mirror indexes that have no full project list like google cloud artifacts or if you want to prevent downloading the full list for huge indexes like PyPI.
+
+
+Bug Fixes
+---------
+
+- Keep a reference to async tasks to avoid their removal mid execution.
+
+- Support changed default of ``enforce_content_length`` in urllib3 >= 2.
+
+- Fix #934: Properly set PATH_INFO when outside URL is used with sub-path.
+
+- Fix #945: Adapt FatalError to be usable as an async HTTP response when updating a project on a mirror.
+
+- Fix wrong hash metadata introduced in 6.5.0 for toxresults which prevents replication. The metadata can be fixed by an export/import cycle.
+
+
+6.8.0 (2022-12-05)
+==================
+
+Features
+--------
+
+- Fix #929: Cache normalized project names per transaction on mirror index instances.
+
+
+Bug Fixes
+---------
+
+- Fix #914: add locking to list_projects_perstage of mirror indexes to prevent multiple slow concurrent updates of the full project name list.
+
+- Catch exceptions in async_httpget analog to httpget.
+
+- Add locking to mirror name cache to prevent race condition on updates.
+

{devpi-server-6.9.2 → devpi_server-6.11.0}/MANIFEST.in

@@ -1,4 +1,4 @@
-include CHANGELOG *.ini *.rst LICENSE
+include .flake8 CHANGELOG *.ini *.rst LICENSE
 recursive-include devpi_server *.template 
 recursive-include test_devpi_server *.py
 recursive-include test_devpi_server/importexportdata *.gz* *.json

{devpi-server-6.9.2 → devpi_server-6.11.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: devpi-server
-Version: 6.9.2
+Version: 6.11.0
 Summary: devpi-server: reliable private and pypi.org caching server
 Home-page: https://devpi.net
 Maintainer: Florian Schulze
@@ -26,9 +26,26 @@ Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
 Requires-Python: >=3.7
 License-File: LICENSE
 License-File: AUTHORS
+Requires-Dist: py>=1.4.23
+Requires-Dist: httpx
+Requires-Dist: argon2-cffi
+Requires-Dist: attrs>=21.3.0
+Requires-Dist: defusedxml
+Requires-Dist: devpi_common<5,>3.6.0
+Requires-Dist: itsdangerous>=0.24
+Requires-Dist: platformdirs
+Requires-Dist: pyramid>=2
+Requires-Dist: waitress>=1.0.1
+Requires-Dist: repoze.lru>=0.6
+Requires-Dist: passlib[argon2]
+Requires-Dist: pluggy<2.0,>=0.6.0
+Requires-Dist: ruamel.yaml
+Requires-Dist: strictyaml
+Requires-Dist: lazy
 
 =============================================================================
 devpi-server: server for private package indexes and PyPI caching
@@ -102,85 +119,89 @@ Changelog
 
 .. towncrier release notes start
 
-6.9.2 (2023-08-06)
-==================
+6.11.0 (2024-04-20)
+===================
 
-Bug Fixes
----------
+Features
+--------
 
-- Prevent duplicates when adding values to lists in index configuration with ``+=`` operator.
+- The ``devpi-fsck`` script now returns an error code when there have been missing files or checksum errors.
+
+- Fix #983: Add plugin hook for mirror authentication header.
 
 
-6.9.1 (2023-07-02)
-==================
 
 Bug Fixes
 ---------
 
-- Prevent error in find_pre_existing_file in case of incomplete metadata.
+- Preserve last modified of docs and toxresults during export/import.
 
-- Fix #980: Remove long deprecated backward compatibility for old pluggy versions to fix error with pluggy 1.1.0.
+- Fix #1033: Use ``int`` for ``--mirror-cache-expiry`` to fix value of ``proxy_cache_valid`` in nginx caching config.
 
 
-6.9.0 (2023-05-23)
-==================
+
+6.10.0 (2023-12-19)
+===================
 
 Features
 --------
 
-- Support export directory layout for ``--replica-file-search-path`` option.
+- Use ``Authorization`` header instead of adding username/password to URL when fetching from mirror.
+
+- Fix #998: Use the pure Python httpx library instead of aiohttp to prevent delays in supporting newest Python releases.
 
-- Fix #931: Add ``mirror_no_project_list`` setting for mirror indexes that have no full project list like google cloud artifacts or if you want to prevent downloading the full list for huge indexes like PyPI.
 
 
 Bug Fixes
 ---------
 
-- Keep a reference to async tasks to avoid their removal mid execution.
-
-- Support changed default of ``enforce_content_length`` in urllib3 >= 2.
-
-- Fix #934: Properly set PATH_INFO when outside URL is used with sub-path.
+- Fix #996: support hashes other than sha256 in application/vnd.pypi.simple.v1+json responses.
 
-- Fix #945: Adapt FatalError to be usable as an async HTTP response when updating a project on a mirror.
+- Only compare hostname instead of full URL prefix when parsing mirror packages to fix mirrors with basic authentication and absolute URLs. See #1006
 
-- Fix wrong hash metadata introduced in 6.5.0 for toxresults which prevents replication. The metadata can be fixed by an export/import cycle.
 
 
-6.8.0 (2022-12-05)
+6.9.2 (2023-08-06)
 ==================
 
-Features
---------
+Bug Fixes
+---------
 
-- Fix #929: Cache normalized project names per transaction on mirror index instances.
+- Prevent duplicates when adding values to lists in index configuration with ``+=`` operator.
 
 
+6.9.1 (2023-07-02)
+==================
+
 Bug Fixes
 ---------
 
-- Fix #914: add locking to list_projects_perstage of mirror indexes to prevent multiple slow concurrent updates of the full project name list.
-
-- Catch exceptions in async_httpget analog to httpget.
+- Prevent error in find_pre_existing_file in case of incomplete metadata.
 
-- Add locking to mirror name cache to prevent race condition on updates.
+- Fix #980: Remove long deprecated backward compatibility for old pluggy versions to fix error with pluggy 1.1.0.
 
 
-6.7.0 (2022-09-28)
+6.9.0 (2023-05-23)
 ==================
 
 Features
 --------
 
-- Add nginx example to ``devpi-gen-config`` with caching of simple pages for installers like pip.
-
-- Automatically check for ``+files`` when using ``--replica-file-search-path``.
+- Support export directory layout for ``--replica-file-search-path`` option.
 
-- Set headers to prevent caching for simple links with stale results.
+- Fix #931: Add ``mirror_no_project_list`` setting for mirror indexes that have no full project list like google cloud artifacts or if you want to prevent downloading the full list for huge indexes like PyPI.
 
 
 Bug Fixes
 ---------
 
-- Fix #840: Correct url scheme in config if nginx is behind another proxy.
+- Keep a reference to async tasks to avoid their removal mid execution.
+
+- Support changed default of ``enforce_content_length`` in urllib3 >= 2.
+
+- Fix #934: Properly set PATH_INFO when outside URL is used with sub-path.
+
+- Fix #945: Adapt FatalError to be usable as an async HTTP response when updating a project on a mirror.
+
+- Fix wrong hash metadata introduced in 6.5.0 for toxresults which prevents replication. The metadata can be fixed by an export/import cycle.
 

devpi_server-6.11.0/devpi_server/__init__.py

@@ -0,0 +1 @@
+__version__ = '6.11.0'

{devpi-server-6.9.2 → devpi_server-6.11.0}/devpi_server/auth.py

@@ -1,5 +1,6 @@
 import base64
 import hashlib
+import itertools
 import itsdangerous
 import secrets
 from .log import threadlog
@@ -53,7 +54,8 @@ class Auth:
             # one of the plugins returned valid userinfo
             # return union of all groups which may be contained in that info
             groups = (ui.get('groups', []) for ui in userinfo_list)
-            return dict(status="ok", groups=sorted(set(sum(groups, []))))
+            return dict(status="ok", groups=sorted(
+                set(itertools.chain.from_iterable(groups))))
 
     def _validate(self, authuser, authpassword, request=None):
         """ Validates user credentials.
@@ -131,7 +133,7 @@ class Auth:
                 username,
                 result.get("groups", []),
                 result.get("from_user_object", False)])
-            assert not isinstance(pseudopass, str) or pseudopass.encode('ascii')
+            assert not isinstance(pseudopass, str) or pseudopass.encode('ascii')  # type: ignore[attr-defined]
             return {"password": pseudopass,
                     "expiration": self.LOGIN_EXPIRATION}
 

{devpi-server-6.9.2 → devpi_server-6.11.0}/devpi_server/cfg/supervisor-devpi.conf.template

@@ -1,7 +1,5 @@
-
 [program:devpi-server]
 command={devpibin} {server_args}
-user = {user}
 priority = 999
 startsecs = 5
 redirect_stderr = True

{devpi-server-6.9.2 → devpi_server-6.11.0}/devpi_server/config.py

@@ -179,7 +179,7 @@ def add_web_options(parser, pluginmanager):
 
 def add_mirror_options(parser, pluginmanager):
     parser.addoption(
-        "--mirror-cache-expiry", type=float, metavar="SECS",
+        "--mirror-cache-expiry", type=int, metavar="SECS",
         default=DEFAULT_MIRROR_CACHE_EXPIRY,
         help="(experimental) time after which projects in mirror indexes "
              "are checked for new releases.")
@@ -420,7 +420,8 @@ def get_parser(pluginmanager):
                     "mirror of pypi.org and is created by default. "
                     "All indices are suitable for pip or easy_install usage "
                     "and setup.py upload ... invocations.",
-        add_help=False)
+        add_help=False,
+        pluginmanager=pluginmanager)
     addoptions(parser, pluginmanager)
     pluginmanager.hook.devpiserver_add_parser_options(parser=parser)
     return parser
@@ -439,7 +440,7 @@ def find_config_file():
         if os.path.exists(config_file):
             config_files.append(config_file)
     if len(config_files) > 1:
-        log.warn("Multiple configuration files found:\n%s", "\n".join(config_files))
+        log.warning("Multiple configuration files found:\n%s", "\n".join(config_files))
     if len(config_files):
         return config_files[-1]
 
@@ -476,7 +477,7 @@ def default_getter(name, config_options, environ):
         return
     if name == "serverdir":
         if "DEVPI_SERVERDIR" in environ:
-            log.warn(
+            log.warning(
                 "Using deprecated DEVPI_SERVERDIR environment variable. "
                 "You should switch to use DEVPISERVER_SERVERDIR.")
             return environ["DEVPI_SERVERDIR"]
@@ -540,8 +541,9 @@ def get_action_long_name(action):
 
 
 class MyArgumentParser(argparse.ArgumentParser):
-    def __init__(self, *args, **kwargs):
+    def __init__(self, *args, pluginmanager=None, **kwargs):
         self.addoption = self.add_argument
+        self.pluginmanager = pluginmanager
         super(MyArgumentParser, self).__init__(*args, **kwargs)
 
     def post_process_actions(self, defaultget=None):
@@ -573,6 +575,39 @@ class MyArgumentParser(argparse.ArgumentParser):
         grp.addoption = grp.add_argument
         return grp
 
+    def add_all_options(self):
+        addoptions(self, self.pluginmanager)
+
+    def add_configfile_option(self):
+        add_configfile_option(self, self.pluginmanager)
+
+    def add_export_options(self):
+        add_export_options(self, self.pluginmanager)
+
+    def add_hard_links_option(self):
+        add_hard_links_option(self, self.pluginmanager)
+
+    def add_help_option(self):
+        add_help_option(self, self.pluginmanager)
+
+    def add_import_options(self):
+        add_import_options(self, self.pluginmanager)
+
+    def add_init_options(self):
+        add_init_options(self, self.pluginmanager)
+
+    def add_master_url_option(self):
+        add_master_url_option(self, self.pluginmanager)
+
+    def add_role_option(self):
+        add_role_option(self, self.pluginmanager)
+
+    def add_secretfile_option(self):
+        add_secretfile_option(self, self.pluginmanager)
+
+    def add_storage_options(self):
+        add_storage_options(self, self.pluginmanager)
+
 
 def new_secret():
     return base64.b64encode(secrets.token_bytes(32))
@@ -591,7 +626,7 @@ class Config(object):
 
     @cached_property
     def waitress_info(self):
-        from .main import fatal
+        from .main import Fatal
         host = self.args.host
         port = self.args.port
         default_host_port = (host == 'localhost') and (port == 3141)
@@ -609,7 +644,7 @@ class Config(object):
                 port = None
         if self.args.listen:
             if not default_host_port:
-                fatal("You can use either --listen or --host/--port, not both together.")
+                raise Fatal("You can use either --listen or --host/--port, not both together.")
             host = None
             port = None
             for listen in self.args.listen:
@@ -796,13 +831,15 @@ class Config(object):
             self.nodeinfo["role"] = "standalone"
 
     def _automatic_role(self, role):
-        from .main import fatal
+        from .main import Fatal
         if role == "replica" and not self.master_url:
-            fatal("configuration error, masterurl isn't set in nodeinfo, but "
-                  "role is set to replica")
+            raise Fatal(
+                "configuration error, masterurl isn't set in nodeinfo, but "
+                "role is set to replica")
         if role != "replica" and self.master_url:
-            fatal("configuration error, masterurl set in nodeinfo, but role "
-                  "isn't set to replica")
+            raise Fatal(
+                "configuration error, masterurl set in nodeinfo, but role "
+                "isn't set to replica")
         if role != "replica":
             self.master_url = None
         if role == "master":
@@ -810,13 +847,13 @@ class Config(object):
             self.nodeinfo["role"] = "standalone"
 
     def _change_role(self, old_role, new_role):
-        from .main import fatal
+        from .main import Fatal
         if new_role == "replica":
             if old_role and old_role != "replica":
-                fatal("cannot run as replica, was previously run "
-                      "as %s" % old_role)
+                msg = f"cannot run as replica, was previously run as {old_role}"
+                raise Fatal(msg)
             if not self.master_url:
-                fatal("need to specify --master-url to run as replica")
+                raise Fatal("need to specify --master-url to run as replica")
         else:
             self.master_url = None
         self.nodeinfo["role"] = new_role
@@ -839,12 +876,13 @@ class Config(object):
             self.nodeinfo.pop("masterurl", None)
 
     def _storage_info_from_name(self, name, settings):
-        from .main import fatal
+        from .main import Fatal
         storages = self.pluginmanager.hook.devpiserver_storage_backend(settings=settings)
         for storage in storages:
             if storage['name'] == name:
                 return storage
-        fatal("The backend '%s' can't be found, is the plugin not installed?" % name)
+        msg = f"The backend {name!r} can't be found, is the plugin not installed?"
+        raise Fatal(msg)
 
     def _storage_info(self):
         name = self.storage_info["name"]
@@ -884,7 +922,7 @@ class Config(object):
             secretfile = self.serverdir.join('.secret')
             if not secretfile.check(file=True):
                 return None
-            log.warn(
+            log.warning(
                 "Using deprecated existing secret file at '%s', use "
                 "--secretfile to explicitly provide the location." % secretfile)
             return secretfile
@@ -892,25 +930,25 @@ class Config(object):
             os.path.expanduser(self.args.secretfile))
 
     def get_validated_secret(self):
-        from .main import fatal
+        from .main import Fatal
         import stat
         if not self.secretfile.check(file=True):
-            fatal("The given secret file doesn't exist.")
+            raise Fatal("The given secret file doesn't exist.")
         if self.secretfile.stat().mode & stat.S_IRWXO and sys.platform != "win32":
-            fatal("The given secret file is world accessible, the access mode must be user accessible only (0600).")
+            raise Fatal("The given secret file is world accessible, the access mode must be user accessible only (0600).")
         if self.secretfile.stat().mode & stat.S_IRWXG and sys.platform != "win32":
-            fatal("The given secret file is group accessible, the access mode must be user accessible only (0600).")
+            raise Fatal("The given secret file is group accessible, the access mode must be user accessible only (0600).")
         if self.secretfile.dirpath().stat().mode & stat.S_IWGRP and sys.platform != "win32":
-            fatal("The folder of the given secret file is group writable, it must only be writable by the user.")
+            raise Fatal("The folder of the given secret file is group writable, it must only be writable by the user.")
         if self.secretfile.dirpath().stat().mode & stat.S_IWOTH and sys.platform != "win32":
-            fatal("The folder of the given secret file is world writable, it must only be writable by the user.")
+            raise Fatal("The folder of the given secret file is world writable, it must only be writable by the user.")
         secret = self.secretfile.read_binary()
         if len(secret) < 32:
-            fatal(
+            raise Fatal(
                 "The secret in the given secret file is too short, "
                 "it should be at least 32 characters long.")
         if len(set(secret)) < 6:
-            fatal(
+            raise Fatal(
                 "The secret in the given secret file is too weak, "
                 "it should use less repetition.")
         return secret
@@ -918,7 +956,7 @@ class Config(object):
     @cached_property
     def basesecret(self):
         if self.secretfile is None:
-            log.warn(
+            log.warning(
                 "No secret file provided, creating a new random secret. "
                 "Login tokens issued before are invalid. "
                 "Use --secretfile option to provide a persistent secret. "
@@ -970,21 +1008,20 @@ def getpath(path):
 def gensecret():
     from .log import configure_cli_logging
     from .log import threadlog as log
+    from .main import CommandRunner
     from .main import Fatal
-    from .main import fatal
     import stat
-    try:
-        pluginmanager = get_pluginmanager()
-        parser = MyArgumentParser(
+    with CommandRunner() as runner:
+        parser = runner.create_parser(
             description="Create a random secret.",
             add_help=False)
-        add_help_option(parser, pluginmanager)
-        add_configfile_option(parser, pluginmanager)
-        add_secretfile_option(parser, pluginmanager)
-        config = parseoptions(pluginmanager, sys.argv, parser=parser)
+        parser.add_help_option()
+        parser.add_configfile_option()
+        parser.add_secretfile_option()
+        config = runner.get_config(sys.argv, parser=parser)
         configure_cli_logging(config.args)
         if config.args.secretfile is None:
-            fatal("You need to provide a location for the secret file.")
+            raise Fatal("You need to provide a location for the secret file.")
         if not config.secretfile.exists():
             with config.secretfile.open("wb") as f:
                 f.write(new_secret())
@@ -999,7 +1036,4 @@ def gensecret():
         # run checks
         config.get_validated_secret()
         log.info("Permissions of secret file look good.")
-    except Fatal as e:
-        tw = py.io.TerminalWriter(sys.stderr)
-        tw.line("fatal: %s" % e.args[0], red=True)
-        return 1
+    return runner.return_code