Metadata-Version: 2.4
Name: devpi-server
Version: 6.19.2
Summary: devpi-server: backend for hosting private package indexes and PyPI on-demand mirrors
Maintainer-email: Florian Schulze <mail@pyfidelity.com>
License-Expression: MIT
Project-URL: Bug Tracker, https://github.com/devpi/devpi/issues
Project-URL: Changelog, https://github.com/devpi/devpi/blob/main/server/CHANGELOG
Project-URL: Documentation, https://doc.devpi.net
Project-URL: Funding, https://github.com/sponsors/devpi
Project-URL: Homepage, https://devpi.net
Project-URL: Source Code, https://github.com/devpi/devpi
Keywords: pypi,realtime,cache,server
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Programming Language :: Python :: 3.14
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Internet :: WWW/HTTP :: WSGI :: Application
Classifier: Topic :: Internet :: WWW/HTTP
Requires-Python: >=3.9
Description-Content-Type: text/x-rst
License-File: LICENSE
Requires-Dist: argon2-cffi
Requires-Dist: attrs>=22.2.0
Requires-Dist: defusedxml
Requires-Dist: devpi_common<5,>3.6.0
Requires-Dist: httpx<1
Requires-Dist: itsdangerous>=0.24
Requires-Dist: lazy
Requires-Dist: legacy-cgi; python_version >= "3.13"
Requires-Dist: passlib[argon2]
Requires-Dist: platformdirs
Requires-Dist: pluggy<2.0,>=0.6.0
Requires-Dist: py>=1.4.23
Requires-Dist: pyramid>=2
Requires-Dist: repoze.lru>=0.6
Requires-Dist: requests>=2.3.0
Requires-Dist: setuptools<=81
Requires-Dist: strenum; python_version < "3.11"
Requires-Dist: strictyaml
Requires-Dist: waitress>=1.0.1
Requires-Dist: ruamel.yaml
Dynamic: license-file

====================================================================================
devpi-server: backend for hosting private package indexes and PyPI on-demand mirrors
====================================================================================


PyPI on-demand package mirror
=============================

You can point ``uv``, ``pip`` or another Python package installer to the ``root/pypi/+simple/`` index,
serving as a transparent on-demand mirror for PyPI-hosted packages.


User specific indexes
=====================

Each user (which can represent a person, project or team) can have multiple indexes,
and can upload packages and documents to these indexes via standard ``twine`` or ``setup.py`` invocations.
Users and indexes can be manipulated through `devpi-client`_ and a RESTful HTTP API.


Index inheritance
=================

Each index can be configured to merge in other indexes so that it serves
both its uploads and all releases from other index(es).  For example, an
index using ``root/pypi`` as a parent is a good place to test out a
release candidate before you push it to PyPI.


Sensible defaults for a low friction deployment
===============================================

Get started easily and deploy a devpi-server instance with pre-configured templates for ``nginx`` and process managers.


Separate tool for Packaging/Testing activities
==============================================

The complementary `devpi-client`_ tool helps to manage users, indexes, logins and typical package upload and installation workflows.

See https://doc.devpi.net on how to get started and further documentation.


.. _devpi-client: https://pypi.org/project/devpi-client/


Support
=======

If you find a bug, use the `issue tracker at Github`_.

For general questions, use `GitHub Discussions`_ or the `devpi-dev@python.org mailing list`_.

For support contracts and paid help, contact ``mail at pyfidelity.com``.

.. _issue tracker at Github: https://github.com/devpi/devpi/issues/
.. _devpi-dev@python.org mailing list: https://mail.python.org/mailman3/lists/devpi-dev.python.org/
.. _GitHub Discussions: https://github.com/devpi/devpi/discussions



=========
Changelog
=========




.. towncrier release notes start

6.19.2 (2026-03-17)
===================

Bug Fixes
---------

- Preserve log for documentation uploads in export.

- Any missing file on mirrors will be ignored during event processing as is already the case in other places.

- Use short timeout when project list is requested for ``has_project`` call on mirrors instead of the long one used for ``list_projects``. This prevents installers from timing out and retrying several times.

- Fix error handling for proxy requests from replica to primary.

Other Changes
-------------

- Removed limit of reported missing files for devpi-fsck.


6.19.1 (2026-02-09)
===================

Bug Fixes
---------

- Pin setuptools as pyramid still requires pkg_resources.

- Always allow replicas to access deleted releases to get the proper ``410 Gone`` instead of ``403 Forbidden`` when ``devpi-lockdown`` is in use.


6.19.0 (2026-02-06)
===================

Features
--------

- Add ``--autocreate-users`` server option.
  Automatically creates users that don't exist in devpi, but have successfully authenticated via an authentication plugin.
  A typical example of when to enable this would be when authenticating via an LDAP directory.
  Automatically created users do not have passwords, and have no password hash to prevent local authentication.

- Add ``replica-files-in-sync-at``, ``replica-init-queue-finished-at`` and ``replica-metadata-in-sync-at`` to status view, the existing ``replica-in-sync-at`` is now a combination of all three instead of just metadata.

- Warn when an unknown option is found in config file to detect typos. Be aware that some commands don't use all the options, that is why this only warns instead of exiting.

- Add new ``devpiserver_user_created`` hook which can be used to create default indexes or other setup for newly created users.

Bug Fixes
---------

- Fix ``+status`` json encoding errors by making sure the ``FatalResponse.url`` attribute is a string.

- Ignore existing unknown index options from uninstalled plugins when patching other options with ``+=`` and ``-=``.

- Fix removal with ``-=`` of index options with default values from ``devpiserver_indexconfig_defaults`` hooks.

- Fix #1110: a list for the ``listen`` option in a config file stopped working in 6.18.0.


6.18.0 (2026-01-27)
===================

Features
--------

- Store all available hashes of files.

- Validate hashes of all files during devpi-import, not only releases.

Bug Fixes
---------

- Apply argparse transformations on values read from config file or environment.

- Restore Python and platform info in user agent string after switch to httpx.

- Remove all database entries on project deletion instead of only emptying them.

- Fix error at end of replica streaming caused by changed behavior from switch to httpx.

- Fix #1102: The data stream was cut off after 64k when proxying from replica to primary after switching to httpx.

- Fix #1107: retry file downloads if there has been an error during download.

Other Changes
-------------

- The filenames of some exported doczip files change due to normalization of the project name caused by changing the internals during export to allow ``--hard-links`` to work.


6.17.0 (2025-08-27)
===================

Deprecations and Removals
-------------------------

- Dropped support for migrating old password hashes that were replaced in devpi-server 4.2.0.

- Removed support for basic authorization in primary URL. The connection is already secured by a bearer token header.

- Removed the experimental ``--replica-cert`` option. The replica is already using a token via a shared secret, so this is redundant.

- Removed ``--replica-max-retries`` option. It wasn't implemented for async_httpget and didn't work correctly when streaming data.

Features
--------

- Use httpx for all data fetching for mirrors and fetch projects list asynchronously to allow update in background even after a timeout.

- Use httpx instead of requests when proxying from replicas to primary.

- Use httpx for all requests from replicas to primary.

- Use httpx when pushing releases to external index.

- Added ``mirror_ignore_serial_header`` mirror index option, which allows switching from PyPI to a mirror without serials header when set to ``True``, otherwise only stale links will be served and no updates be stored.

- The HTTP cache information for mirrored projects is persisted and re-used on server restarts.

- Added ``--file-replication-skip-indexes`` option to skip file replication for ``all``, by index type (i.e. ``mirror``) or index name (i.e. ``root/pypi``).

Bug Fixes
---------

- Correctly handle lists for ``Provides-Extra`` and ``License-File`` metadata in database.

- Fix traceback by returning 401 error code when using wrong password with a user that was created using an authentication plugin like devpi-ldap which passes authentication through in that case.

- Fix #1053: allow users to update their passwords when ``--restrict-modify`` is used.

- Fix #1097: return 404 when trying to POST to +simple.

Other Changes
-------------

- Changed User-Agent when fetching data for mirrors from just "server" to "devpi-server".

