search

stevearc / pypicloud

S3-backed pypi server implementation
MIT License
506 stars 141 forks source link

Do not search for releases when fallback disallowed #328

Open pulecp opened 2 years ago

pulecp commented 2 years ago

The fuction "request.locator.get_releases" looking for releases in an upstream was called regardless of permissions that were set on a given package. Looking for releases of packages in the upstream that were disallowed by the "pypi.disallow_fallback" option exposed the names of disallowed packages to the upstream. This is unsolicited behavior.

This change also fixes these warnings that were logged for all disallowed packages:

WARNING [pypicloud.locator] Error fetching 'package1' from upstream: 404 Client Error: Not Found for url: https://pypi.org/pypi/package1/json

Fixes issue #327

stevearc commented 2 years ago

Change looks good, but there appear to be some issues with the CI tests. Could you look into it?

pulecp commented 2 years ago

I would like to help but it seems like the CI is broken. See the error. It can't be caused by my change:

py39 run-test: commands[0] | coverage run --source=pypicloud --branch setup.py nosetests --no-skip
Traceback (most recent call last):
  File "/usr/lib/python3.9/pathlib.py", line 387, in gethomedir
    return os.environ['HOME']
  File "/usr/lib/python3.9/os.py", line 679, in __getitem__
    raise KeyError(key) from None
KeyError: 'HOME'
stevearc commented 2 years ago

While I understand that your change didn't cause the CI error, I do not have the time to look into it myself. I put pypicloud in maintenance mode because I have too many other demands on my time, and I can't spend a random hour digging into CI failures on a project I don't use anymore.

pulecp commented 2 years ago

While I understand that your change didn't cause the CI error, I do not have the time to look into it myself. I put pypicloud in maintenance mode because I have too many other demands on my time, and I can't spend a random hour digging into CI failures on a project I don't use anymore.

I see and understand that you have different priorities now. Let's keep this PR open so other can see it. It might be accepted one day :). Thank you for your time you invested into this project. I still hope that someone will over this project and will continue in maintenance and further development. Let's see!