DEV Community

Brodan
Brodan

Posted on

3 1

Configuring a .pypirc File for Easier Python Packaging

PyPI is the Python Package Index. Its purpose is to help Python developers find and install software developed by the Python community.

I recently built my first Python package, patter, and released it publicly via PyPI. I ran into a few hiccups along the way, so I am writing this post to help those in a similar position.

This post will describe the basics of a .pypirc file and how to configure and secure it. I originally wrote this post for the Truveris Engineering blog and I am reposting it here for additional reach.

Getting Started

Before proceeding, it's a good idea to make sure that the setuptools and wheel libraries are up to date. The following command will update them if needed:

$ pip install -U setuptools wheel
Enter fullscreen mode Exit fullscreen mode

This post will assume that you have a new Python library that is ready to be published. The source code should be packaged using a command like the one below. Your command may differ slightly depending on the needs of your package.

$ python setup.py sdist bdist_wheel
Enter fullscreen mode Exit fullscreen mode

To read more about creating a distributable Python package, see these docs.

In the next section, I use the twine utility to facilitate the release of my new package. You can read about the benefits of using twine over the built-in packaging tools here. Install twine using the following command:

$ pip install twine
Enter fullscreen mode Exit fullscreen mode

The .pypirc File

There are two main benefits to using a .pypirc file:

  1. It removes the need to enter a username/password when pushing to PyPI.
  2. It simplifies command line usage when pushing packages to a non-default package repository (i.e. anywhere other than pypi.org).

The official documentation on the .pypirc file can be found here. The contents of my .pypirc file can be seen below. This file must be placed in $HOME/.pypirc for pip/twine to use it.

    [distutils]
    index-servers=
        pypi
        testpypi

    [pypi]
    username: brodan
    password: xxxxxxxxxxxxxxxx

    [testpypi]
    repository: https://test.pypi.org/legacy/
    username: brodan
    password: yyyyyyyyyyyyyyyy
Enter fullscreen mode Exit fullscreen mode

Keep in mind, pypi.org and test.pypi.org are not integrated, so you'll need to have a separate account created on each site.

One thing to notice above is that the [pypi] section does not have repository configured, but the testpypi section does. That is because the repository variable defaults to https://upload.pypi.org/legacy/, so it does not need to be included in that section.

Uploading Python Packages

Once the file above is in place, the --repository flag can now be used with twine to specify which package repository your packages will be uploaded to:

If you wish to upload a package to the TestPyPI repository, the following command should be used:

$ twine upload --repository testpypi dist/*
Enter fullscreen mode Exit fullscreen mode

Similarly, once the package is ready to be released to the public, the following should be used:

$ twine upload --repository pypi dist/*
Enter fullscreen mode Exit fullscreen mode

Notice that you won't be prompted for a password when running either of the above commands. You also no longer need to copy and paste repository URLs into the terminal.

Securing The .pypirc File

Since the .pypirc file is storing sensitive information (i.e. passwords) in plain text, it's important to set the permissions on this file accordingly so that other users on the system can't access this file.

To do this, run the following command:

$ chmod 600 ~/.pypirc
Enter fullscreen mode Exit fullscreen mode

The command above will ensure that only the file owner (which should be your own user) can read and write to this file. Additional info on file permissions in UNIX can be found here. Thanks to this StackOverflow answer for help on this section.

Wrapping Up

With a .pypirc file in place the process of pushing Python packages to public repositories is now much easier.

If you have any questions or feedback regarding this post, please reach out to me via email or Twitter. Thanks for reading!

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay