EggBasket

Author:	Christopher Arndt
Version:	0.5a
Date:	2008-04-21
Description:	A simple, lightweight Python Package Index (aka Cheeseshop) clone.

Contents

Overview
Features
Todo
Acknowledgments
Installation
Usage
Changelog

Overview

EggBasket is a web application which provides a service similar and compatible to the Python Package Index (aka Cheeseshop). It allows you to maintain your own local repository of Python packages required by your installations.

It is implemented using the TurboGears web framework, Genshi and SQLAlchemy.

Warning

This is still alpha-stage software. All the basic operations necessary to support a setuptools-based infrastructure are there, but some convenience features are missing and the software has not been tested extensively. Use at your own risk!

Features

Can be used by setuptools/easy_install as the package index and repository.
Supports the distutils upload protocol.
Has a simple, role-based permission system to grant/deny access to the functions of the server (for example package uploads) to groups of users.
Requires only SQLite as the database system (included with Python 2.5).
Is able to read and display meta data from the following distribution package formats (source and binary):

.egg, .tar, .tar.bz2, .tar.gz, .tgz, .zip
Any other file format can be configured to be listed under the distribution files for a package (by default this includes .exe and .rpm and .tar.Z files in addition to the filetypes listed above).
Can be run without any configuration by just initializing the database and starting the server from within a directory containing package directories (see "Usage").

Todo

Add support for MD5 check sums and GPG signatures.
Add more error and sanity checks to the upload handling.
Add pagination to the main package list.
Support deletion of packages through web interface.
Cache package listings and meta data.
Improve DBmechanic-based admin interface for adding users and groups and setting configuration values (currently disabled by default).

Acknowledgments

This application is a re-implementation (almost no shared code) of the haufe.eggserver Grok application with some improvements.

Installation

To install EggBasket from the Cheeseshop use easy_install:

[sudo] easy_install EggBasket

This requires the setuptools package to be installed. If you have not done so already, download the ez_setup.py script and run it to install setuptools.

Usage

EggBasket server

Your packages should all reside under a common root directory, with a sub-directory for each package with the same base name as the distribution. The sub-directories should each contain the egg files and source archives for all available versions of the package. The package diretories will be created by the application when using the upload command (see below).
Open a terminal, change to the directory which contains the packages and, if you are haven't already done so, initialize the database with:
```
eggbasket-server --init [<config file>]
```
Start the application server with:
```
eggbasket-server [<config file>]
```
You can also set the location of the package root directory in the configuration with the eggbasket.package_root setting and start the server anywhere you want.

If no configuration file is specified on the command line, the default configuration file included in the egg will be used. The default configuration file can also be found in the source distribution and be adapted for your environment.

The server either needs write permissions in the directory where it is started, or you need to change the path of the database and the access log in the configuration so they can be written by the server. Of course, package uploads will also only work if the server has the permissions to create any missing package directories or write in existing ones.
To stop the server just hit Control-C in the terminal or kill the process.
You can look at the package index with your web browser by opening the URL http://localhost:3442/. The default port 3442 can be changed by setting the server.socket_port option in the configuration file.

Using EggBasket with `distutils` & `easy_install`

You can instruct easy_install to search & download packages from your package repository by specifying the URL to your server with the -i option. Example:
```
easy_install -i http://localhost:3442/ PACKAGE_NAME
```
Additionally, it might be necessary to restrict the hosts from which easy_install will download to your EggBasket server with the -H option. Example:
```
easy_install -H localhost:3442 -i http::/localhost:3442/ PACKAGE_NAME
```
You can also set the eggbasket.rewrite_download_url resp. eggbasket.rewrite_homepage_url settings in the configuration to True and EggBasket will replace the download resp. homepage URL of each package in the package meta data view with the URL of the package distribution files listing on the EggBasket server.
You can upload a package to your repository with the distutils upload command, for example:
```
python setup.py bdist_egg upload -r http://localhost:3442/upload
```
This command will ask for your username and password on the server. You can store these and the repository URL in your .pypirc file. See the distutils documentation for more information.
Of course you can always just copy package distribution files manually in the filesystem to your repository or upload them to the appropriate place with scp etc. The application will find and list new files without the need to "register" them as is necessary with the original PyPI.

Permissions

EggBasket uses a simple, role-based permission system to grant/restrict access to the functions of the server. Here is a list of the defined permissions and their meaning:

viewpkgs - User can view the list of all packages
viewfiles - User can view the list of distribution files for a package.
viewinfo - User can view the meta data for a package distribution file.
download - User can download a package distribution file.
upload - User can upload a package distribution file.

You can let EggBasket create an initial admin user, groups and permissions in the database by giving the --init option to the eggbasket-server command:

eggbasket-server --init [<config file>]

This will create the following objects and relations in the database:

The above listed permissions.
The following groups (with permissions in brackets):
- anonymous (viewpkgs, viewfiles, viewinfo, download)
- authenticated (viewpkgs, viewfiles, viewinfo, download)
- maintainer (upload)
- admin
A user with user name/password "admin", belonging to the groups "maintainer" and "admin".

The groups "anonymous" and "authenticated" are special groups to which all anonymous (i.e. not logged in) resp. all authenticated (logged in) users belong automatically.

With the default permission setup, uploading through the server is restricted to users that are members of a group that has the "upload" permission. The configuration page can only be accessed by members of the "admin" group. Everything else can be accessed all users, whether authenticated or not.

Please not that if you want to give a certain permission to all users, whether logged in or not, you need to give this permission to both the "anonymous" AND the "authenticated" group. This is what the standard permission setup already does for all permissions except "upload".

See the TurboGears documentation on Identity for background information.

Changelog

0.5a (2008-04-21)

Added permission checks to the main application views and actions. It is now possible to restrict the following actions to specific groups, all authenticated users or allow them for all anonymous users:
- View listing of all packages
- View listing of a package's distribution files
- View meta data of a package distribution file
- Download a package distribution file
- Upload a package distribution file
For more details, see README.txt or the "Help" page within the application.
Call methods of package sub-controller directly in root controller instead of using HTTP redirects.
Use buffered file writing in 'upload' method.
Updated documentation and relase information.

0.4a (2008-04-15)

Documentation update and minor fixes.
Added new 'eggbasket.rewrite_homepage_url' and 'eggbasket.rewrite_download_url' and config settings. These allow you to change the homepage/download URL on the package meta data view pages to the package distribution files listing on your EggBasket server, so that easy_install will look for downloads there.
Added download/homepage URL rewriting to 'munge_pkg_info' function.
Added 'get_base_url' and '_rewrite_url' functions to 'util' module.
Included odict.py module from voidspace.org.uk

0.3a (2008-04-10)

Create AdminController with listing of config values and access to DBMechanic controler (if dbsprockets is available).
Protect AdminController with identity.Secureresource with access only for "admin" group.
Add link for admin controller to navbar for "admin" group.
Add DBMechanic controller.
Add errorcatcher.py and error templates for custom HTTP error pages.
Also accept requested package name in lower-case to handle wrong package file names in the repository.
Minor documentaton fixes.
Add "download" permission (not used yet).
Add "admin" group and add "admin" user too it.
Rename "maintainers" group to "maintainer".

Development features:

Added script to create virtualenv bootstrap script
Added handling for virtualenv to development start script

0.2a (2008-04-09)

Bumped down TurboGears version requirement to 1.0.4.4 and added requirement for Genshi 0.4

0.1a (2008-04-09)

first alpha release