Whitelist or list of packages to sync

pypa / bandersnatch

A PyPI mirror client according to PEP 381 http://www.python.org/dev/peps/pep-0381/

Academic Free License v3.0

453 stars 141 forks source link

Whitelist or list of packages to sync #24

Closed dawidrabiega closed 6 years ago

dawidrabiega commented 6 years ago

To create local mirrors with only known, trusted packages, it would be nice to have option to whitelist packages. For example like this:

[whitelist] package = pip setuptools ....

Best Regards, Dawid

cooperlees commented 6 years ago

Have you looked at devpi? https://devpi.net/docs/devpi/devpi/stable/%2Bd/index.html. I believe this might do this - Otherwise, PRs welcome. I guess we should implement this like @dwighthubbard's blacklist plugin.

I'll leave you two to work that out.

dwighthubbard commented 6 years ago

With the filtering plugin changes it should be possible to implement this as a plugin. It would essentially have to do the opposite of what the existing blacklist plugin does.

The nice thing about the plugins using entrypoints is the plugin can be implemented inside the bandersnatch package's bandersnatch_plugins module or as a separate package.

jake2184 commented 6 years ago

+1.

Is there a roadmap or ETA for this enhancement? I can't seem to find a whitelisting PyPi mirror (devpi has a similar open issue for the enhancement, but seems to have no recent work on it).

dawidrabiega commented 6 years ago

Hey, It's already done. You can use it like this:

[blacklist]
plugins =
    whitelist_project

[whitelist]
packages =
    ansible
    asn1crypto
    argparse

Thanks guys for this.

jake2184 commented 6 years ago

Thank you, that works. Should the issue be closed now the feature exists?

Note to others: the feature is not yet in the stable pypi release.

dwighthubbard commented 6 years ago

This has been implemented

GreatBahram commented 5 years ago

Great job @dwighthubbard