PyPI is the Python Package Index. Its purpose is to help Python developers find and install software developed by the Python community.
I recently built my first Python package, patter, and released it publicly via PyPI. I ran into a few hiccups along the way, so I am writing this post to help those in a similar position.
This post will describe the basics of a .pypirc file and how to configure and secure it. I originally wrote this post for the Truveris Engineering blog and I am reposting it here for additional reach.
Before proceeding, it's a good idea to make sure that the
wheel libraries are up to date. The following command will update them if needed:
$ pip install -U setuptools wheel
This post will assume that you have a new Python library that is ready to be published. The source code should be packaged using a command like the one below. Your command may differ slightly depending on the needs of your package.
$ python setup.py sdist bdist_wheel
To read more about creating a distributable Python package, see these docs.
In the next section, I use the twine utility to facilitate the release of my new package. You can read about the benefits of using
twine over the built-in packaging tools here. Install
twine using the following command:
$ pip install twine
There are two main benefits to using a
- It removes the need to enter a username/password when pushing to PyPI.
- It simplifies command line usage when pushing packages to a non-default package repository (i.e. anywhere other than pypi.org).
The official documentation on the
.pypirc file can be found here. The contents of my
.pypirc file can be seen below. This file must be placed in
$HOME/.pypirc for pip/twine to use it.
[distutils] index-servers= pypi testpypi [pypi] username: brodan password: xxxxxxxxxxxxxxxx [testpypi] repository: https://test.pypi.org/legacy/ username: brodan password: yyyyyyyyyyyyyyyy
One thing to notice above is that the
[pypi] section does not have
repository configured, but the
testpypi section does. That is because the
repository variable defaults to
https://upload.pypi.org/legacy/, so it does not need to be included in that section.
Once the file above is in place, the
--repository flag can now be used with
twine to specify which package repository your packages will be uploaded to:
If you wish to upload a package to the TestPyPI repository, the following command should be used:
$ twine upload --repository testpypi dist/*
Similarly, once the package is ready to be released to the public, the following should be used:
$ twine upload --repository pypi dist/*
Notice that you won't be prompted for a password when running either of the above commands. You also no longer need to copy and paste repository URLs into the terminal.
.pypirc file is storing sensitive information (i.e. passwords) in plain text, it's important to set the permissions on this file accordingly so that other users on the system can't access this file.
To do this, run the following command:
$ chmod 600 ~/.pypirc
The command above will ensure that only the file owner (which should be your own user) can read and write to this file. Additional info on file permissions in UNIX can be found here. Thanks to this StackOverflow answer for help on this section.
.pypirc file in place the process of pushing Python packages to public repositories is now much easier.