mirror of https://github.com/pypa/pip
Change --allow-external to work per project and add --allow-all-external
This commit is contained in:
parent
74d0246bcd
commit
fb24b3eaaa
|
@ -66,17 +66,26 @@ mirrors = make_option(
|
|||
allow_external = make_option(
|
||||
"--allow-external",
|
||||
dest="allow_external",
|
||||
action="append",
|
||||
default=[],
|
||||
metavar="PACKAGE",
|
||||
help="Allow the installation of externally hosted files",
|
||||
)
|
||||
|
||||
allow_all_external = make_option(
|
||||
"--allow-all-external",
|
||||
dest="allow_all_external",
|
||||
action="store_true",
|
||||
default=True, # TODO: Change to False after 1.4 has been released
|
||||
help="Allow the installation of externally hosted files",
|
||||
help="Allow the installation of all externally hosted files",
|
||||
)
|
||||
|
||||
# TODO: NOOP after 1.4 has been released
|
||||
no_allow_external = make_option(
|
||||
"--no-allow-external",
|
||||
dest="allow_external",
|
||||
dest="allow_all_external",
|
||||
action="store_false",
|
||||
help="Disallow the installation of externally hosted files",
|
||||
help="Disallow the installation of all externally hosted files",
|
||||
)
|
||||
|
||||
allow_unsafe = make_option(
|
||||
|
@ -173,6 +182,7 @@ index_group = {
|
|||
use_mirrors,
|
||||
mirrors,
|
||||
allow_external,
|
||||
allow_all_external,
|
||||
no_allow_external,
|
||||
allow_unsafe,
|
||||
no_allow_unsafe,
|
||||
|
|
|
@ -165,6 +165,7 @@ class InstallCommand(Command):
|
|||
use_wheel=options.use_wheel,
|
||||
allow_external=options.allow_external,
|
||||
allow_insecure=options.allow_insecure,
|
||||
allow_all_external=options.allow_all_external,
|
||||
allow_all_insecure=options.allow_all_insecure,
|
||||
)
|
||||
|
||||
|
|
21
pip/index.py
21
pip/index.py
|
@ -48,8 +48,8 @@ class PackageFinder(object):
|
|||
|
||||
def __init__(self, find_links, index_urls,
|
||||
use_mirrors=False, mirrors=None, main_mirror_url=None,
|
||||
use_wheel=False, allow_external=False, allow_insecure=[],
|
||||
allow_all_insecure=False):
|
||||
use_wheel=False, allow_external=[], allow_insecure=[],
|
||||
allow_all_external=False, allow_all_insecure=False):
|
||||
self.find_links = find_links
|
||||
self.index_urls = index_urls
|
||||
self.dependency_links = []
|
||||
|
@ -64,11 +64,14 @@ class PackageFinder(object):
|
|||
self.use_wheel = use_wheel
|
||||
|
||||
# Do we allow (safe and verifiable) externally hosted files?
|
||||
self.allow_external = allow_external
|
||||
self.allow_external = set(normalize_name(n) for n in allow_external)
|
||||
|
||||
# Which names are allowed to install insecure and unverifiable files?
|
||||
self.allow_insecure = set(normalize_name(n) for n in allow_insecure)
|
||||
|
||||
# Do we allow all (safe and verifiable) externally hosted files?
|
||||
self.allow_all_external = allow_all_external
|
||||
|
||||
# Do we allow unsafe and unverifiable files?
|
||||
self.allow_all_insecure = allow_all_insecure
|
||||
|
||||
|
@ -249,7 +252,7 @@ class PackageFinder(object):
|
|||
|
||||
if self.need_warn_external:
|
||||
logger.warn("Some externally hosted files were ignored (use "
|
||||
"--allow-external to allow).")
|
||||
"--allow-external %s to allow)." % req.name)
|
||||
|
||||
if self.need_warn_insecure:
|
||||
logger.warn("Some insecure and unverifiable files were ignored"
|
||||
|
@ -377,7 +380,10 @@ class PackageFinder(object):
|
|||
continue
|
||||
done.append(page)
|
||||
for link in page.rel_links():
|
||||
if not self.allow_external:
|
||||
normalized = normalize_name(req.name).lower()
|
||||
|
||||
if (not normalized in self.allow_external
|
||||
and not self.allow_all_external):
|
||||
self.need_warn_external = True
|
||||
logger.debug("Not searching %s for files because external "
|
||||
"urls are disallowed." % link)
|
||||
|
@ -385,7 +391,7 @@ class PackageFinder(object):
|
|||
|
||||
if (link.trusted is not None
|
||||
and not link.trusted
|
||||
and not normalize_name(req.name).lower() in self.allow_insecure
|
||||
and not normalized in self.allow_insecure
|
||||
and not self.allow_all_insecure): # TODO: Remove after release
|
||||
logger.debug("Not searching %s for urls, it is an "
|
||||
"untrusted link and cannot produce safe or "
|
||||
|
@ -468,7 +474,8 @@ class PackageFinder(object):
|
|||
|
||||
if (link.internal is not None
|
||||
and not link.internal
|
||||
and not self.allow_external):
|
||||
and not normalize_name(search_name).lower() in self.allow_external
|
||||
and not self.allow_all_external):
|
||||
# We have a link that we are sure is external, so we should skip
|
||||
# it unless we are allowing externals
|
||||
logger.debug("Skipping %s because it is externally hosted." % link)
|
||||
|
|
|
@ -1396,7 +1396,10 @@ def parse_requirements(filename, finder=None, comes_from=None, options=None):
|
|||
elif line.startswith('--no-index'):
|
||||
finder.index_urls = []
|
||||
elif line.startswith("--allow-external"):
|
||||
finder.allow_external = True
|
||||
line = line[len("--allow-external"):].strip().lstrip("=")
|
||||
finder.allow_external |= set([normalize_name(line).lower()])
|
||||
elif line.startswith("--allow-all-external"):
|
||||
finder.allow_all_external = True
|
||||
elif line.startswith("--no-allow-external"):
|
||||
finder.allow_external = False
|
||||
elif line.startswith("--allow-insecure"):
|
||||
|
|
|
@ -283,7 +283,7 @@ def test_finder_finds_external_links_with_hashes_per_project():
|
|||
|
||||
# using a local index
|
||||
index_url = path_to_url(os.path.join(tests_data, "indexes", "externals"))
|
||||
finder = PackageFinder([], [index_url], allow_external=True)
|
||||
finder = PackageFinder([], [index_url], allow_external=["bar"])
|
||||
link = finder.find_requirement(req, False)
|
||||
assert link.filename == "bar-2.0.tar.gz"
|
||||
|
||||
|
@ -311,7 +311,7 @@ def test_finder_finds_external_links_without_hashes_per_project():
|
|||
# using a local index
|
||||
index_url = path_to_url(os.path.join(tests_data, "indexes", "externals"))
|
||||
finder = PackageFinder([], [index_url],
|
||||
allow_external=True,
|
||||
allow_external=["bar"],
|
||||
allow_insecure=["bar"],
|
||||
)
|
||||
link = finder.find_requirement(req, False)
|
||||
|
@ -344,7 +344,7 @@ def test_finder_finds_external_links_without_hashes_scraped_per_project():
|
|||
# using a local index
|
||||
index_url = path_to_url(os.path.join(tests_data, "indexes", "externals"))
|
||||
finder = PackageFinder([], [index_url],
|
||||
allow_external=True,
|
||||
allow_external=["bar"],
|
||||
allow_insecure=["bar"],
|
||||
)
|
||||
link = finder.find_requirement(req, False)
|
||||
|
|
Loading…
Reference in New Issue