source: TI12-security/trunk/NDGSecurity/python/buildout/ndgsecurity/eggs/zc.buildout-1.2.1-py2.5.egg/zc/buildout/allowhosts.txt @ 7081

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDGSecurity/python/buildout/ndgsecurity/eggs/zc.buildout-1.2.1-py2.5.egg/zc/buildout/allowhosts.txt@7081
Revision 7081, 4.1 KB checked in by pjkersha, 11 years ago (diff)
  • Property svn:keywords set to Id
Line 
1Allow hosts
2-----------
3
4On some environments the links visited by `zc.buildout` can be forbidden
5by paranoiac firewalls. These URL might be on the chain of links
6visited by `zc.buildout` whether they are defined in the `find-links` option
7or by various eggs in their `url`, `download_url` and `dependency_links` metadata.
8
9It is even harder to track that package_index works like a spider and
10might visit links and go to other location.
11
12The `allow-hosts` option provides a way to prevent this, and
13works exactly like the one provided in `easy_install`
14(see `easy_install allow-hosts option`_).
15
16You can provide a list of allowed host, together with wildcards::
17
18    [buildout]
19    ...
20   
21    allow-hosts =
22        *.python.org
23        example.com
24
25Let's create a develop egg in our buildout that specifies
26`dependency_links` which points to a server in the outside world::
27
28    >>> mkdir(sample_buildout, 'allowdemo')
29    >>> write(sample_buildout, 'allowdemo', 'dependencydemo.py',
30    ...       'import eggrecipekss.core')
31    >>> write(sample_buildout, 'allowdemo', 'setup.py',
32    ... '''from setuptools import setup; setup(
33    ...     name='allowdemo', py_modules=['dependencydemo'],
34    ...     install_requires = 'kss.core',
35    ...     dependency_links = ['http://dist.plone.org'],
36    ...     zip_safe=True, version='1')
37    ... ''')
38
39Now let's configure the buildout to use the develop egg,
40together with some rules that disallow any website but PyPI and
41local files::
42
43    >>> write(sample_buildout, 'buildout.cfg',
44    ... '''
45    ... [buildout]
46    ... develop = allowdemo
47    ... parts = eggs
48    ... allow-hosts =
49    ...     pypi.python.org
50    ...
51    ... [eggs]
52    ... recipe = zc.recipe.egg:eggs
53    ... eggs = allowdemo
54    ... ''')
55
56Now we can run the buildout and make sure all attempts to dist.plone.org fails::
57
58    >>> print system(buildout)
59    Develop: '/sample-buildout/allowdemo'
60    Installing eggs.
61    <BLANKLINE>
62    Link to http://dist.plone.org ***BLOCKED*** by --allow-hosts
63    <BLANKLINE>
64    Couldn't find index page for 'kss.core' (maybe misspelled?)
65    Getting distribution for 'kss.core'.
66    While:
67      Installing eggs.
68      Getting distribution for 'kss.core'.
69    Error: Couldn't find a distribution for 'kss.core'.
70    <BLANKLINE>
71
72That's what we wanted : this will prevent any attempt to access
73unwanted domains. For instance, some packages are listing in their
74links `svn://` links. These can lead to error in some cases, and
75can therefore be protected like this::
76
77XXX (showcase with a svn:// file)
78
79    >>> write(sample_buildout, 'buildout.cfg',
80    ... '''
81    ... [buildout]
82    ... develop = allowdemo
83    ... parts = eggs
84    ... allow-hosts =
85    ...     ^(!svn://).*
86    ...
87    ... [eggs]
88    ... recipe = zc.recipe.egg:eggs
89    ... eggs = allowdemo
90    ... ''')
91
92Now we can run the buildout and make sure all attempts to dist.plone.org fails::
93
94    >>> print system(buildout)
95    Develop: '/sample-buildout/allowdemo'
96    Installing eggs.
97    <BLANKLINE>
98    Link to http://dist.plone.org ***BLOCKED*** by --allow-hosts
99    <BLANKLINE>
100    Couldn't find index page for 'kss.core' (maybe misspelled?)
101    Getting distribution for 'kss.core'.
102    While:
103      Installing eggs.
104      Getting distribution for 'kss.core'.
105    Error: Couldn't find a distribution for 'kss.core'.
106    <BLANKLINE>
107
108Test for issues
109---------------
110
111Test for 1.0.5 breakage as in https://bugs.launchpad.net/zc.buildout/+bug/239212::
112
113    >>> write(sample_buildout, 'buildout.cfg',
114    ... '''
115    ... [buildout]
116    ... parts=python
117    ... foo = ${python:interpreter}
118    ...
119    ... [python]
120    ... recipe=zc.recipe.egg
121    ... eggs=zc.buildout
122    ... interpreter=python
123    ... ''')
124    >>> print system(buildout)
125    Unused options for buildout: 'foo'.
126    Installing python.
127    Generated script '/sample-buildout/bin/buildout'.
128    Generated interpreter '/sample-buildout/bin/python'.
129    <BLANKLINE>
130
131The bug 239212 above would have got us an *AttributeError* on *buildout._allow_hosts*.
132This was fixed in this changeset:
133http://svn.zope.org/zc.buildout/trunk/src/zc/buildout/buildout.py?rev=87309&r1=87277&r2=87309
134
Note: See TracBrowser for help on using the repository browser.