| 1 | Allow hosts |
|---|
| 2 | ----------- |
|---|
| 3 | |
|---|
| 4 | On some environments the links visited by `zc.buildout` can be forbidden |
|---|
| 5 | by paranoiac firewalls. These URL might be on the chain of links |
|---|
| 6 | visited by `zc.buildout` whether they are defined in the `find-links` option |
|---|
| 7 | or by various eggs in their `url`, `download_url` and `dependency_links` metadata. |
|---|
| 8 | |
|---|
| 9 | It is even harder to track that package_index works like a spider and |
|---|
| 10 | might visit links and go to other location. |
|---|
| 11 | |
|---|
| 12 | The `allow-hosts` option provides a way to prevent this, and |
|---|
| 13 | works exactly like the one provided in `easy_install` |
|---|
| 14 | (see `easy_install allow-hosts option`_). |
|---|
| 15 | |
|---|
| 16 | You can provide a list of allowed host, together with wildcards:: |
|---|
| 17 | |
|---|
| 18 | [buildout] |
|---|
| 19 | ... |
|---|
| 20 | |
|---|
| 21 | allow-hosts = |
|---|
| 22 | *.python.org |
|---|
| 23 | example.com |
|---|
| 24 | |
|---|
| 25 | Let's create a develop egg in our buildout that specifies |
|---|
| 26 | `dependency_links` which points to a server in the outside world:: |
|---|
| 27 | |
|---|
| 28 | >>> mkdir(sample_buildout, 'allowdemo') |
|---|
| 29 | >>> write(sample_buildout, 'allowdemo', 'dependencydemo.py', |
|---|
| 30 | ... 'import eggrecipekss.core') |
|---|
| 31 | >>> write(sample_buildout, 'allowdemo', 'setup.py', |
|---|
| 32 | ... '''from setuptools import setup; setup( |
|---|
| 33 | ... name='allowdemo', py_modules=['dependencydemo'], |
|---|
| 34 | ... install_requires = 'kss.core', |
|---|
| 35 | ... dependency_links = ['http://dist.plone.org'], |
|---|
| 36 | ... zip_safe=True, version='1') |
|---|
| 37 | ... ''') |
|---|
| 38 | |
|---|
| 39 | Now let's configure the buildout to use the develop egg, |
|---|
| 40 | together with some rules that disallow any website but PyPI and |
|---|
| 41 | local files:: |
|---|
| 42 | |
|---|
| 43 | >>> write(sample_buildout, 'buildout.cfg', |
|---|
| 44 | ... ''' |
|---|
| 45 | ... [buildout] |
|---|
| 46 | ... develop = allowdemo |
|---|
| 47 | ... parts = eggs |
|---|
| 48 | ... allow-hosts = |
|---|
| 49 | ... pypi.python.org |
|---|
| 50 | ... |
|---|
| 51 | ... [eggs] |
|---|
| 52 | ... recipe = zc.recipe.egg:eggs |
|---|
| 53 | ... eggs = allowdemo |
|---|
| 54 | ... ''') |
|---|
| 55 | |
|---|
| 56 | Now we can run the buildout and make sure all attempts to dist.plone.org fails:: |
|---|
| 57 | |
|---|
| 58 | >>> print system(buildout) |
|---|
| 59 | Develop: '/sample-buildout/allowdemo' |
|---|
| 60 | Installing eggs. |
|---|
| 61 | <BLANKLINE> |
|---|
| 62 | Link to http://dist.plone.org ***BLOCKED*** by --allow-hosts |
|---|
| 63 | <BLANKLINE> |
|---|
| 64 | Couldn't find index page for 'kss.core' (maybe misspelled?) |
|---|
| 65 | Getting distribution for 'kss.core'. |
|---|
| 66 | While: |
|---|
| 67 | Installing eggs. |
|---|
| 68 | Getting distribution for 'kss.core'. |
|---|
| 69 | Error: Couldn't find a distribution for 'kss.core'. |
|---|
| 70 | <BLANKLINE> |
|---|
| 71 | |
|---|
| 72 | That's what we wanted : this will prevent any attempt to access |
|---|
| 73 | unwanted domains. For instance, some packages are listing in their |
|---|
| 74 | links `svn://` links. These can lead to error in some cases, and |
|---|
| 75 | can therefore be protected like this:: |
|---|
| 76 | |
|---|
| 77 | XXX (showcase with a svn:// file) |
|---|
| 78 | |
|---|
| 79 | >>> write(sample_buildout, 'buildout.cfg', |
|---|
| 80 | ... ''' |
|---|
| 81 | ... [buildout] |
|---|
| 82 | ... develop = allowdemo |
|---|
| 83 | ... parts = eggs |
|---|
| 84 | ... allow-hosts = |
|---|
| 85 | ... ^(!svn://).* |
|---|
| 86 | ... |
|---|
| 87 | ... [eggs] |
|---|
| 88 | ... recipe = zc.recipe.egg:eggs |
|---|
| 89 | ... eggs = allowdemo |
|---|
| 90 | ... ''') |
|---|
| 91 | |
|---|
| 92 | Now we can run the buildout and make sure all attempts to dist.plone.org fails:: |
|---|
| 93 | |
|---|
| 94 | >>> print system(buildout) |
|---|
| 95 | Develop: '/sample-buildout/allowdemo' |
|---|
| 96 | Installing eggs. |
|---|
| 97 | <BLANKLINE> |
|---|
| 98 | Link to http://dist.plone.org ***BLOCKED*** by --allow-hosts |
|---|
| 99 | <BLANKLINE> |
|---|
| 100 | Couldn't find index page for 'kss.core' (maybe misspelled?) |
|---|
| 101 | Getting distribution for 'kss.core'. |
|---|
| 102 | While: |
|---|
| 103 | Installing eggs. |
|---|
| 104 | Getting distribution for 'kss.core'. |
|---|
| 105 | Error: Couldn't find a distribution for 'kss.core'. |
|---|
| 106 | <BLANKLINE> |
|---|
| 107 | |
|---|
| 108 | Test for issues |
|---|
| 109 | --------------- |
|---|
| 110 | |
|---|
| 111 | Test for 1.0.5 breakage as in https://bugs.launchpad.net/zc.buildout/+bug/239212:: |
|---|
| 112 | |
|---|
| 113 | >>> write(sample_buildout, 'buildout.cfg', |
|---|
| 114 | ... ''' |
|---|
| 115 | ... [buildout] |
|---|
| 116 | ... parts=python |
|---|
| 117 | ... foo = ${python:interpreter} |
|---|
| 118 | ... |
|---|
| 119 | ... [python] |
|---|
| 120 | ... recipe=zc.recipe.egg |
|---|
| 121 | ... eggs=zc.buildout |
|---|
| 122 | ... interpreter=python |
|---|
| 123 | ... ''') |
|---|
| 124 | >>> print system(buildout) |
|---|
| 125 | Unused options for buildout: 'foo'. |
|---|
| 126 | Installing python. |
|---|
| 127 | Generated script '/sample-buildout/bin/buildout'. |
|---|
| 128 | Generated interpreter '/sample-buildout/bin/python'. |
|---|
| 129 | <BLANKLINE> |
|---|
| 130 | |
|---|
| 131 | The bug 239212 above would have got us an *AttributeError* on *buildout._allow_hosts*. |
|---|
| 132 | This was fixed in this changeset: |
|---|
| 133 | http://svn.zope.org/zc.buildout/trunk/src/zc/buildout/buildout.py?rev=87309&r1=87277&r2=87309 |
|---|
| 134 | |
|---|
