From 3d090ac143625cab8f1d1c6a017b5a3aa80957fd Mon Sep 17 00:00:00 2001 From: M Clark Date: Wed, 6 Jan 2016 13:21:52 +0800 Subject: [PATCH] Update README.md --- README.md | 45 ++++++++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 729b21b..e297976 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,17 @@ docker-devpi ============ -This repository contains a Dockerfile for devpi pypi server +This repository contains a Dockerfile for [devpi pypi server](http://doc.devpi.net/latest/). -http://doc.devpi.net/latest/ - -Installation +# Installation `docker pull muccg/docker-devpi` -Quickstart +# Quickstart Start using -``` +```bash docker run -d --name devpi \ --publish 3141:3141 \ --volume /srv/docker/devpi:/data \ @@ -21,22 +19,18 @@ docker run -d --name devpi \ --restart always \ muccg/docker-devpi ``` -Devpi creates a user named root by default, its password can be set with DEVPI_PASSWORD environment variable. Please set it, otherwise attacker can *execute arbitrary code* in your application by uploading modified packages. +Please set DEVPI_PASSWORD to a secret otherwise an attacker can *execute arbitrary code* in your application by uploading modified packages. -Persistence +# Persistence For devpi to preserve its state across container shutdown and startup you should mount a volume at `/data`. The quickstart command already includes this. -Security +# Client side usage -Devpi creates a user named root by default, its password can be set with DEVPI_PASSWORD environment variable. Please set it, otherwise attacker can *execute arbitrary code* in your application by uploading modified packages. - -Usage - -To use this devpi cache to speed up your dockerfile builds, add pip as an optional cache: +To use this devpi cache to speed up your dockerfile builds, add use this snippit in your dockerfiles. This will add the devpi container an optional cache for pip: ```Dockerfile -# configure apt to not install reccomendations +# Install netcat for ip route RUN apt-get update \ && apt-get install -y netcat \ && rm -rf /var/lib/apt/lists/* @@ -51,3 +45,24 @@ RUN export HOST_IP=$(ip route| awk '/^default/ {print $3}') \ && cat ~/.pip/pip.conf ``` +# Uploading files + +```bash +pip wheel --download=packages --wheel-dir=wheelhouse -r requirements.txt +pip install "devpi-client>=2.3.0" \ +&& export HOST_IP=$(ip route| awk '/^default/ {print $3}') \ +&& if devpi use http://$HOST_IP:3141>/dev/null; then \ + devpi use http://$HOST_IP:3141/${DEVPI_USER:-app}/${DEVPI_INDEX:-dev} --set-cfg \ + && devpi login ${DEVPI_USER:-app} --password=$DEVPI_PASSWORD \ + && devpi upload --from-dir --formats=* ./wheelhouse ./packages; \ +else \ + echo No started devpi container found at http://$HOST_IP:3141; \ +fi +``` + +# Security + +Devpi creates a user named root by default, its password can be set with DEVPI_PASSWORD environment variable. Please set it, otherwise attacker can *execute arbitrary code* in your application by uploading modified packages. + +For additonal security the argument `--restrict-modify root` has been added so only the root may create users and indexes. +