[PEAK] Passing user and password to easy_install

Luigi Paioro luigi at lambrate.inaf.it
Fri Apr 9 04:29:08 EDT 2010 

Il 04/07/10 19:12, P.J. Eby ha scritto:
> At 05:23 PM 4/7/2010 +0200, Luigi Paioro wrote:
>> Dear PEAKers,
>>
>> I'm using setuptool module to pack my software and I'd like to
>> distribute it via PyPI, making it installable exploiting easy_install.
>>
>> I have a requirement, though, that I'm not sure is supported by
>> setuptools:
>>
>> My software must be distributed to registered/authenticated/authorised
>> users only.
>>
>> Well, registering the packages I might specify that the download URL
>> is a CGI, optionally with Basic Authentication accepting a default
>> user and password as described here:
>>
>> http://peak.telecommunity.com/DevCenter/EasyInstall#id17
>>
>> This would provides me with the possibility of tracking the number of
>> downloads, but always with a single public user/password. But I need
>> to know who is downloading my packages.
>>
>> Is there a way to associate a user and password to easy_install
>> command? Such data would be nice if passed as Basic Authentication
>> data to the download URL...
>
> As described in the docs above, just have your users do "easy_install -f
> http://their_userid:their_password@some.example.com/some_path/", where
> /some_path/ is a web-served directory containing your packages. They can
> put this in their configuration file so they don't have to type it every
> time.
>
> (What you *can't* do, is put this on the Python Package index and still
> have it require logins for download. But, since the user needs to
> register with you anyway, supporting automated install from PyPI doesn't
> sound very useful in that case.)


Dear Eby,

what I'd like to have is the possibility to avoid asking the user to 
explicitly refer to a specific repository address (it might be provided 
with an easy_install configuration file, for example), and in particular 
I would avoid to put clearly the user name and the password in the 
command line. Basic Authentication is not secure by itself, but typing 
the password in clear is not really "polite" :-).

Poking around setuptools code, I stumbled on the routine where the 
actual package downloading is performed, and thus I tried to modify the 
code in order to introduce something that might meet my needs. In 
attachment you find a package_index.py patch file with very few lines 
giving me all I need. It is just a testing code, not really clean, but I 
think it is enough to exemplify my point of view. It just tries to open 
the URL and if it results in an HTTPError 401 (authentication required) 
then it prompts for the user name and the password, and afterwards it 
reformats the URL encoding it appropriately, and thus it tries again to 
access the URL.

I cannot say whether this is very useful in general, but it is certainly 
a nice feature, and in my case it is all I need. Please, take into 
account the code attached.

Thanks in advance for your attention.

Best regards,

Luigi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: package_index.py.patch
Type: text/x-patch
Size: 612 bytes
Desc: not available
Url : http://www.eby-sarna.com/pipermail/peak/attachments/20100409/6faf83c7/package_index.py.bin

More information about the PEAK mailing list