McSinyx
/
pip
mirror of https://github.com/pypa/pip
1
1
Fork 0
Code Issues Releases Activity

Change --allow-external to work per project and add --allow-all-external

This commit is contained in:
Donald Stufft 2013-06-07 09:48:34 -04:00
parent 74d0246bcd
commit fb24b3eaaa
5 changed files with 35 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pip/cmdoptions.py
View File

@ -66,17 +66,26 @@ mirrors = make_option(
allow_external = make_option(
"--allow-external",
dest="allow_external",
action="append",
default=[],
metavar="PACKAGE",
help="Allow the installation of externally hosted files",
)
allow_all_external = make_option(
"--allow-all-external",
dest="allow_all_external",
action="store_true",
default=True, # TODO: Change to False after 1.4 has been released
help="Allow the installation of externally hosted files",
help="Allow the installation of all externally hosted files",
)
# TODO: NOOP after 1.4 has been released
no_allow_external = make_option(
"--no-allow-external",
dest="allow_external",
dest="allow_all_external",
action="store_false",
help="Disallow the installation of externally hosted files",
help="Disallow the installation of all externally hosted files",
)
allow_unsafe = make_option(
@ -173,6 +182,7 @@ index_group = {
use_mirrors,
mirrors,
allow_external,
allow_all_external,
no_allow_external,
allow_unsafe,
no_allow_unsafe,

1
pip/commands/install.py
View File

@ -165,6 +165,7 @@ class InstallCommand(Command):
use_wheel=options.use_wheel,
allow_external=options.allow_external,
allow_insecure=options.allow_insecure,
allow_all_external=options.allow_all_external,
allow_all_insecure=options.allow_all_insecure,
)

21
pip/index.py
View File

@ -48,8 +48,8 @@ class PackageFinder(object):
def __init__(self, find_links, index_urls,
use_mirrors=False, mirrors=None, main_mirror_url=None,
use_wheel=False, allow_external=False, allow_insecure=[],
allow_all_insecure=False):
use_wheel=False, allow_external=[], allow_insecure=[],
allow_all_external=False, allow_all_insecure=False):
self.find_links = find_links
self.index_urls = index_urls
self.dependency_links = []
@ -64,11 +64,14 @@ class PackageFinder(object):
self.use_wheel = use_wheel
# Do we allow (safe and verifiable) externally hosted files?
self.allow_external = allow_external
self.allow_external = set(normalize_name(n) for n in allow_external)
# Which names are allowed to install insecure and unverifiable files?
self.allow_insecure = set(normalize_name(n) for n in allow_insecure)
# Do we allow all (safe and verifiable) externally hosted files?
self.allow_all_external = allow_all_external
# Do we allow unsafe and unverifiable files?
self.allow_all_insecure = allow_all_insecure
@ -249,7 +252,7 @@ class PackageFinder(object):
if self.need_warn_external:
logger.warn("Some externally hosted files were ignored (use "
"--allow-external to allow).")
"--allow-external %s to allow)." % req.name)
if self.need_warn_insecure:
logger.warn("Some insecure and unverifiable files were ignored"
@ -377,7 +380,10 @@ class PackageFinder(object):
continue
done.append(page)
for link in page.rel_links():
if not self.allow_external:
normalized = normalize_name(req.name).lower()
if (not normalized in self.allow_external
and not self.allow_all_external):
self.need_warn_external = True
logger.debug("Not searching %s for files because external "
"urls are disallowed." % link)
@ -385,7 +391,7 @@ class PackageFinder(object):
if (link.trusted is not None
and not link.trusted
and not normalize_name(req.name).lower() in self.allow_insecure
and not normalized in self.allow_insecure
and not self.allow_all_insecure): # TODO: Remove after release
logger.debug("Not searching %s for urls, it is an "
"untrusted link and cannot produce safe or "
@ -468,7 +474,8 @@ class PackageFinder(object):
if (link.internal is not None
and not link.internal
and not self.allow_external):
and not normalize_name(search_name).lower() in self.allow_external
and not self.allow_all_external):
# We have a link that we are sure is external, so we should skip
# it unless we are allowing externals
logger.debug("Skipping %s because it is externally hosted." % link)

5
pip/req.py
View File

@ -1396,7 +1396,10 @@ def parse_requirements(filename, finder=None, comes_from=None, options=None):
elif line.startswith('--no-index'):
finder.index_urls = []
elif line.startswith("--allow-external"):
finder.allow_external = True
line = line[len("--allow-external"):].strip().lstrip("=")
finder.allow_external |= set([normalize_name(line).lower()])
elif line.startswith("--allow-all-external"):
finder.allow_all_external = True
elif line.startswith("--no-allow-external"):
finder.allow_external = False
elif line.startswith("--allow-insecure"):

6
tests/unit/test_finder.py
View File

@ -283,7 +283,7 @@ def test_finder_finds_external_links_with_hashes_per_project():
# using a local index
index_url = path_to_url(os.path.join(tests_data, "indexes", "externals"))
finder = PackageFinder([], [index_url], allow_external=True)
finder = PackageFinder([], [index_url], allow_external=["bar"])
link = finder.find_requirement(req, False)
assert link.filename == "bar-2.0.tar.gz"
@ -311,7 +311,7 @@ def test_finder_finds_external_links_without_hashes_per_project():
# using a local index
index_url = path_to_url(os.path.join(tests_data, "indexes", "externals"))
finder = PackageFinder([], [index_url],
allow_external=True,
allow_external=["bar"],
allow_insecure=["bar"],
)
link = finder.find_requirement(req, False)
@ -344,7 +344,7 @@ def test_finder_finds_external_links_without_hashes_scraped_per_project():
# using a local index
index_url = path_to_url(os.path.join(tests_data, "indexes", "externals"))
finder = PackageFinder([], [index_url],
allow_external=True,
allow_external=["bar"],
allow_insecure=["bar"],
)
link = finder.find_requirement(req, False)