search

theupdateframework / python-tuf

Python reference implementation of The Update Framework (TUF)
https://theupdateframework.com/
Apache License 2.0
1.62k stars 269 forks source link

Run a PyPI mirror #44

Closed trishankkarthik closed 10 years ago

trishankkarthik commented 11 years ago

Nick Coghlan would like some measurements with TUF.

According to Monzur Muhammad: "He would like to see any overhead that TUF would add and any delay that will be seen if a new package was added/modified. He also mentioned that it might be nice for us to become a mirror for Pypi so we can run experiments/measurements."

JustinCappos commented 11 years ago

I agree this is what we should be doing.

Herman: Can you get a new VM setup (Linux only)? I think that pypi-tuf-mirror.poly.edu is probably a good name unless Trishank objects.

I think that Trishank, me, Vlad, and Kon all need accounts on this system. I would like to be able log-in with my ssh key (as always).

Thanks, Justin

On Sun, Mar 17, 2013 at 8:22 PM, TKK notifications@github.com wrote:

Nick Coghlan would like some measurements with TUF. He would like to see any overhead that TUF would add and any delay that will be seen if a new package was added/modified. He also mentioned that it might be nice for us to become a mirror for Pypi so we can run experiments/measurements.

— Reply to this email directly or view it on GitHubhttps://github.com/akonst/tuf/issues/44 .

dholth commented 11 years ago

Unfortunately ping distance from the mirror is a tremendous factor in "pip install" speeds.

trishankkarthik commented 11 years ago

Thanks for the tip. We should certainly keep this in mind for our measurements.

trishankkarthik commented 11 years ago

Working on this at the moment; will report back with setup.

trishankkarthik commented 11 years ago

Beginning to write automation for creating, updating and destroying a TUF-secured PyPI mirror.

trishankkarthik commented 11 years ago

Okay, I have now automated all the steps for setting up a TUF-secured PyPI mirror.

Next steps: automate updates of TUF-secured PyPI mirror; testing, testing, testing!

P.S.: I am going to be busy with my machine learning midterm next week, so more news after that.

dholth commented 11 years ago

If you've been following distutils there is a new mirroring client that you can drop in instead of pep381client

TKK notifications@github.com wrote:

Okay, I have now automated all the steps for setting up a TUF-secured PyPI mirror.

Next steps: automate updates of TUF-secured PyPI mirror; testing, testing, testing!

P.S.: I am going to be busy with my machine learning midterm next week, so more news after that.

— Reply to this email directly or view it on GitHub.

trishankkarthik commented 11 years ago

Yes, bandersnatch, I have noted it in my comments, thanks :)

trishankkarthik commented 11 years ago

Now we handle updates to delegated target roles, or their target delegations, induced by catalogued PyPI package updates.

Next: handle revocation of deletion of catalogued PyPI packages.

I am testing all of this on my mirror of PyPI, and I will be sure to inform you as soon as I think it is sufficiently stable.

trishankkarthik commented 11 years ago

Now that I have a complete (not necessarily latest) PyPI mirror (thanks to bandersnatch), I have started generating all the TUF metadata on my machine. Let's see how long it takes...

trishankkarthik commented 11 years ago

We are now running a public TUF-secured PyPI mirror.