I recently uploaded a package to PyPI under a name with mixed-case letters, QualysAPI.
In retrospect I think it'd be better to have the package name be all lowercase per PEP 8. Is there a way I can change it?
Here's what happens when I try manually edit the package name on Pypi:
Forbidden
Package name conflicts with existing package 'QualysAPI'
Here's what happens when I try to edit the package name via python setup.py sdist upload:
Upload failed (403): You are not allowed to edit 'qualysapi' package information
Deleted package. Reupload package with all lowercase. Lost all history of package but doesn't matter since Github has revisions online.
Related
We have a lock file which has not changed since April 2021. Recently, we have started seeing the following error on pipenv install --deploy:
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
gunicorn==20.1.0 from https://files.pythonhosted.org/packages/e4/dd/5b190393e6066286773a67dfcc2f9492058e9b57c4867a95f1ba5caf0a83/gunicorn-20.1.0-py3-none-any.whl (from -r /tmp/pipenv-g7_1pdnq-requirements/pipenv-d64a8p6k-hashed-reqs.txt (line 32)):
Expected sha256 e0a968b5ba15f8a328fdfd7ab1fcb5af4470c28aaf7e55df02a99bc13138e6e8
Got 9dcc4547dbb1cb284accfb15ab5667a0e5d1881cc443e0677b4882a4067a807e
We have opened an issue in the project GitHub https://github.com/benoitc/gunicorn/issues/2889
We believe that it would be unsafe to use this new version without confirmation it is correct and safe in case someone has maliciously updated the package in the package repository.
Is there a way we can grab the wheel file from a previous docker build and force that to be used for the time being so we can safely build with the existing version and checksum?
Thanks
Thanks to #Ouroborus for the answer:
e0... is for the .tar.gz (source) package, 9d... is for the .whl package. (See the "view hashes" links on PyPI's gunicorn files page) I'm not sure why your systems are choosing to download the wheel now when they downloaded the source previously. However, those are both valid hashes for that module and version.
I am looking to deploy a Module to PyPI and this error is thrown in the console:
HTTPError: 403 Client Error: The credential associated with user 'aloisdg' isn't allowed to upload to project 'example-pkg-your-username'. See https://test.pypi.org/help/#project-name for more information. for url: https://test.pypi.org/legacy/
It is possible to reproduce the error by following step by step the tutorial in the official documentation: Packaging Python Projects.
My credential works fine when I try to connect to the PyPI website directly.
Why cant I upload my own package?
This error means that you can't upload this package because you, as a user, are not allowed to. Why? Because it is not your package. Someone already created a package with this name. Your package is seen as an update to this already existing package. You won't have this error if the original creator would include you as maintainer of this package.
How to fix this error? Replace example-pkg-your-username with example-pkg-aloisdg (or any name absent from PyPI).
This answer was inspired by issue #4607.
You missed this step in the tutorial:
Open setup.py and enter the following content. Update the package name to include your username (for example, example-pkg-theacodes), this ensures that you have a unique package name and that your package doesn’t conflict with packages uploaded by other people following this tutorial.
Change the package name to be something unique and your upload will succeed.
I upload a package to pypi, but I got some trouble after upload, so I delete it completely, and I tried to re-upload, but there are some error after upload again:
HTTP Error 400: This filename has previously been used, you should use a different version.
error: HTTP Error 400: This filename has previously been used, you should use a different version.
It seems pypi can track the upload activity, I delete project and account and upload again, but I can see the previous record. Why?
How can I solve the problem?
In short, you cannot reupload a distribution with the same name due to stability reasons. Here you can read more about this issue at https://github.com/pypa/packaging-problems/issues/74.
You need to change the distribution's file name, usually done by increasing the version number, and upload it again.
Yes you can reupload the package with same name.
I had faced similar issue what I did was increased the version number in setup.py and delete the folders generated by running python setup.py sdist i.e. dist and your_package_name-egg.info and again run the commands python setup.py sdist to make the package upload ready.
I think pypi tracks the repo from folder generated by sdist i.e. dist and your_package_name-egg.info so you have to delete it.
If you are running your local pypi server then you can use -o,--overwrite option which will allow overwriting existing package files.
pypi-server -p 8080 --overwrite ~/packages &
I am struggling to find information about how / where to fill a summary for a PyPI package that can be seen next to the package name when typing pip search <my_package>.
We run a private PyPI server with the pypiserver library and would like all our packages to have this short description, similarly to any package on pypi.org.
In my package's setup.py I filled description and long_description but it still doesn't show us any summary when using pip search.
When I do pip install <my_package> and look inside the downloaded egg, I see the PKG_INFO file with summary field filled appropriately.
I have discovered, there is no summary provided.
In pypiserver/_app.py:218 written:
# We do not presently have any description/summary, returning
# version instead
I would like to use distutils (setup.py) to be able to install a python package (from a local repository), which requires another package from a different local repository. Since I am lacking decent documentation of the setup command (I only found some examples
here and here, confused by setup-terms extras_require, install_require and dependency_links found here and here), does anyone have a complete setup.py file that shows how this can be handled, i.e. that distutils handles the installation of a package found in some SVN repository, when the main package I am installing right now requires that?
More detailed explanation: I have two local svn (or git) repositories basicmodule and extendedmodule. Now I checkout extendedmodule and run python setup.py install. This setup.py files knows that extendedmodule requires basicmodule, and automatically downloads it from the repository and installs it (in case it is not installed yet). How can I solve this with setup.py? Or maybe there is another, better way to do this?
EDIT: Followup question
Based on the answer by Tom I have tried to use a setup.py as follows:
from setuptools import setup
setup(
name = "extralibs",
version = "0.0.2",
description = ("Some extra libs."),
packages=['extralib'],
install_requires = "basiclib==1.9dev-r1234",
dependency_links = ["https://source.company.xy/svn/MainDir/SVNDir/basiclib/trunk#20479#egg=basiclib-1.9dev-r1234"]
)
When trying to install this as a normal user I get the following error:
error: Can't download https://source.company.xy/svn/MainDir/SVNDir/basiclib/trunk#20479: 401 Authorization Required
But when I do a normal svn checkout with the exact same link it works:
svn co https://source.company.xy/svn/MainDir/SVNDir/basiclib/trunk#20479
Any suggestion how to solve this without changing ANY configuration of the svn repository?
I think the problem is that your svn client is authentified (caching realm somewhere in ~/.subversion directory) what your distutils http client don't know how to do.
Distutils supports svn+http link type in dependency links. So you may try adding "svn+" before your dependency link providing username and password:
dependency_links =
["svn+https://user:password#source.company.xy/svn/MainDir/SVNDir/basiclib/trunk#20479#egg=basiclib-1.9dev-r1234"]
For security reasons you should not put your username and password in your setup.py file. One way to do that it fetching authentication information from an environment variable or event try to fetch it from your subversion configuration directory (~/.subversion)
Hope that help
Check out the answers to these two questions. They both give specific examples on how install_requires and dependency_links work together to achieve what you want.
Can Pip install dependencies not specified in setup.py at install time?
Can a Python package depend on a specific version control revision of another Python package?