PyPI is the Python Package Index. Its purpose is to help Python developers find and install software developed by the Python community.
I recently built my first Python package, patter, and released it publicly via PyPI. I ran into a few hiccups along the way, so I am writing this post to help those in a similar position.
This post will describe the basics of a .pypirc file and how to configure and secure it.
Getting Started
Before you proceed, it's a good idea to make sure that the setuptools
and wheel
libraries are up to date. The following command will update them if needed:
$ pip install -U setuptools wheel
This post will assume that you have a new Python library that is ready to be published. The source code should be packaged using a command like the one below. Your command may differ slightly depending on the needs of your package.
$ python setup.py sdist bdist_wheel
To read more about creating a distributable Python package, see these docs.
In the next section, I use the twine utility to facilitate the release of my new package. You can read about the benefits of using twine
over the built-in packaging tools here. Install twine
using the following command:
$ pip install twine
The .pypirc File
There are two main benefits to using a .pypirc
file:
1. It removes the need to enter a username/password when pushing to PyPI.
2. It simplifies command line usage when pushing packages to a non-default package repository (i.e. anywhere other than pypi.org).
The official documentation on the .pypirc
file can be found here.
The contents of my .pypirc
file can be seen below. This file must be placed in $HOME/.pypirc
for pip/twine to use it.
[distutils]
index-servers=
pypi
testpypi
[pypi]
username: brodan
password: xxxxxxxxxxxxxxxx
[testpypi]
repository: https://test.pypi.org/legacy/
username: brodan
password: yyyyyyyyyyyyyyyy
Keep in mind, pypi.org and test.pypi.org are not integrated, so you'll need to have a separate account created on each site.
One thing to notice above is that the
[pypi]
section does not have repository
configured, but the testpypi
section does.
That is because the repository
variable defaults to https://upload.pypi.org/legacy/
, so it does not need to be included in that section.
Uploading Python Packages
Once the file above is in place, the --repository
flag can now be used with twine
to specify which package repository your packages will be uploaded to:
- If you wish to upload a package to the TestPyPI repository, the following command should be used:
twine upload --repository testpypi dist/*
- Similarly, once the package is ready to be released to the public, the following should be used:
twine upload --repository pypi dist/*
Notice that you won't be prompted for a password when running either of the above commands. You also no longer need to copy and paste repository URLs into the terminal.
Securing The .pypirc File
Since the .pypirc
file is storing sensitive information (i.e. passwords) in plain text, it's import to set the permissions on this file accordingly so that other users on the system can not access this file.
To do this, run the following command:
chmod 600 ~/.pypirc
The command above will ensure that only the file owner (which should be your own user) can read and write to this file. Additional info on file permissions in UNIX can be found here.
Thank you to this StackOverflow answer for help on this section.
Wrapping Up
With a .pypirc file in place, the process of pushing Python packages to public repositories is much easier.
If you have any questions or feedback regarding this post, reach out to me via email: chranj@truveris.com