We have our own internal tool kit that we are packaging into a pip package.
Is there a way we can encrypt the packate itself to protect its contents? (Not the sources so much as some of the config info that is included in a couple of the sources.)
Ideally, we would run something like:
pip install http://www.oursite.com/testpackage/testingkit.tar.gz -decrypt=(crypto key)
Related
following this guide: https://realpython.com/pypi-publish-python-package/
can I just create my Python package but not publish it to pypi.
just install it with pip install and then import my_packeg.
when trying this get No module named my_packeg error
the goal is to using this package code inside x micro service for prevent duplicate code...
From pip's user guide:
pip supports installing from PyPI, version control, local projects, and directly from distribution files.
The command-line to use is different:
There is a suitable command-line use for each of them and pip looks for, in the following order:
When looking at the items to be installed, pip checks what type of item each is, in the following order:
Project or archive URL.
Local directory (which must contain a setup.py, or pip will report an error).
Local file (a sdist or wheel format archive, following the naming conventions for those formats).
A requirement, as specified in PEP 440.
For your specific problem, you don't need to upload to PyPI. Solutions:
Build a "wheel" https://pip.pypa.io/en/stable/reference/pip_wheel/ and distribute that file, pip can install it.
Place a zip archive of the source somewhere on your intranet (or shared file system) and call pip install http://intranet.url/mypackage-1.0.4.zip
source: Can I make pip installable package without registering package in pypi?
So my problem is as follows. I have an online repository where I host my package. I'd like my end user to install it using:
pip install git + ssh
The source code is written in C and I would like for the users to not be given access to it. Is it possible to package a wheel out of pre-existing binary outputs of CMake?
Follow up question: if I push a wheel to the repo, how do I get pip install to install the wheel? what does my setup.py look like?
I understand there is already a question about packaging into pip, but this is more generic. On what mechanism does pip identify packages? To which central server should I add the name so that when someone types in
pip install <mypackagename>
how does pip know, where to look for the package. What should I do to add mine to that name resolution directory?
Pip pulls from the Python Package Index. It is very easy to submit a package, assuming you have a configured setup.py to build the package.
You'll need to register an account on PyPi, have certain metadata defined in setup.py (license, etc), and a setup.cfg if you're using markdown-formatted readme (as on Github). Then it's just a shell command to register the package :
Register:
python setup.py register -r pypi
Submit:
python setup.py sdist upload -r pypi
Python's crowdsourced package repository, PyPI, aka the Python Package Index.
You will want to start with a tutorial on how to package your code for, then submit to, PyPI. This is one. There is a learning curve, but it is most worthwhile.
It helps to look at packages already on PyPI, then follow the links back to their source code repositories to see all of the files and configurations that were used. For example, my intspan package is hosted at bitbucket. As many PyPI packages are hosted at either Bitbucket or Github, so there are many examples available from which to learn.
I am trying to find a way to use my Github repo tags for versioning of my package, which should be available for download using something like pip.
The problem is every time I update the package version I have to upload the contents to pypi.
Is there any way to just set the donwload url in pypi point to my github repo, So that when I do something like
pip install -I MySQL_python==1.2.2 and it just install that form the git tag 1.2.2, without me having to upload the version to pypi.
EDIT:(I was not clear enough)
I know about the pip install git+git://blabal way
I am looking for something like I tell pypi that my package is at github.com/bla.git
and the user does pip install bla==1.2 and pip install that from github (with version as tag)
Something like vundle for vim
You could install like this:
pip install -e git+<repo address>#<ref>#egg=<egg name>
where ref could be a commit id, tag name or branch name.
Read the docs.
I've just started working with setuptools and virtualenv. My package requires the latest python-gearman that is only available from GitHub. The python-gearman version that's on PyPI is an old one. The Github source is setuptools-compatible, i.e. has setup.py, etc. Is there a way to make setuptools download and install the new version instead of looking for it on PyPI and installing the old one?
FYI, the new python-gearman is http://github.com/mtai/python-gearman
The key is to tell easy_install where the package can be downloaded. In this particular case, it can be found at the url http://github.com/mtai/python-gearman/tarball/master. However, that link by itself won't work, because easy_install can't tell just by looking at the URL what it's going to get.
By changing it to http://github.com/mtai/python-gearman/tarball/master#egg=gearman-2.0.0beta instead, easy_install will be able to identify the package name and its version.
The final step is to add the URL to your package's dependency_links, e.g.:
setup(
...
dependency_links = ['http://github.com/mtai/python-gearman/tarball/master#egg=gearman-2.0.0beta']
)
Now, when YOUR package is being installed, easy_install will discover that there is a "gearman 2.0.0beta" available for download from that URL, and happily pick it over the one on PyPI, if you specify "gearman>=2.0.0beta" in your dependencies..
(Normally, the way this sort of thing is done is to include a link on one's PyPI page to the downloadable source; in this case, if the author of the gearman package had included a link like the above, you'd be already set. Typically, people mark the development version with 'myproject-dev' and then people use a requirement of 'myproject>=somever,==dev', so that if there isn't a package of somever or higher, easy_install will try to check out or download the release.)
You'll need to specify --process-dependency-links when using pip. Note that dependency links processing has been deprecated and will be removed in a future release.
You can use the pip install protocol+location[#tag][#egg=Dependency] format to install directly from source using pip.
Git
pip install git+https://github.com/username/repo.git
pip install git+https://github.com/username/repo.git#MyTag
pip install git+https://github.com/username/repo.git#MyTag#egg=ProjectName
Mercurial
pip install hg+https://hg.myproject.org/MyProject/
SVN
pip install svn+svn://svn.myproject.org/svn/MyProject
Bzr
pip install bzr+http://bzr.myproject.org/MyProject/trunk
The following protocols are supported: [+git, +svn, +hg, +bzr]
Versions
#tag lets you specify a specific version/tag to check out.
#egg=name lets you specify what the project is as a dependency for others.
The order must always be #tag#egg=name.
Private Repositories
You can also install from private repositories by changing the protocol to SSH (ssh://) and adding an appropriate user (git#):
git+ssh://git#github.com/username/my_private_repo
You can also install from private repositories with a username / password.
git+https://<username>:<password>#github.com/<user>/<repo>.git
Github provides the ability to create personal OAuth tokens which can be cycled
git+https://<oauth token>:x-oauth-basic#github.com/<user>/<repo>.git
requirements.txt
requirements.txt is used to specify project dependencies:
requirements.txt
package1
package2==1.0.2
package3>=0.0.4
git+https://github.com/username/repo.git
These are not installed automatically with the package and must be installed with the command pip -r requirements.txt.
Including requirements files
Requirements files can include other requirements files:
requirements-docs.txt
sphinx
-r requirements-dev.txt
requirements-dev.txt
some-dev-tool
-r requirements.txt
requirements.txt
package1
package2==1.0.2
package3>=0.0.4
git+https://github.com/username/repo.git
setup.py
Requirements files can install dependencies specified in setup.py with the following command:
-e .
setup.py can also install from repositories using the same syntax as above, but using the dependency_links value as mentioned in this answer.
References:
https://pip.pypa.io/en/latest/user_guide.html#installing-packages
https://pip.pypa.io/en/latest/reference/pip_install.html
As I just had to do the same thing, I found another way to do this as pip's --process-dependency-links are scheduled to be removed in pip 19.0 according to this comment.
pip 18.1 includes the following feature
Allow PEP 508 URL requirements to be used as dependencies.
From the description of PEP 508, the syntax for such URL dependencies looks like:
A minimal URL based lookup:
pip # https://github.com/pypa/pip/archive/1.3.1.zip#sha1=da9234ee9982d4bbb3c72346a6de940a148ea686
So in your setup.py it would look like
setup(
...
install_requires = [
...
'python-gearman # https://github.com/mtai/python-gearman/archive/master.zip'
...
]
)
Notice, the link is an archive file and could also be a specific release or branch of a repository as described in this answer. Also, see that answer for working with other repository hosts.
To the best of my knowledge, the easiest way to update the dependency is by using pip install -I . when installing your package from its directory.
Vanilla setuptools does not support downloading directly from a git repository but you can use one of the Download Source links from that page, like:
easy_install http://github.com/mtai/python-gearman/tarball/master