The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Feature #8933

Package Provider: pip - allow installation from URL

Added by Jeremy Orem over 2 years ago. Updated over 2 years ago.

Status:In Topic Branch Pending ReviewStart date:08/11/2011
Priority:NormalDue date:
Assignee:Jeremy Orem% Done:

0%

Category:provider
Target version:-
Affected Puppet version:2.7.1 Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket may be automatically exported to the PUP project on JIRA using the button below:


Description

Right now there isn’t a good way to install a pip package from source. I want to be able to do something like this:

package {
    "ircutils":
        ensure => 'present',
        source => 'http://dev.guardedcode.com/download/ircutils/0.1.3/ircutils-0.1.3.tar.gz',
        provider => 'pip';
}

I’ve attached a patch which allows specifying a package URL in source.

pip.patch Magnifier - PATCH: Adds requested feature. (962 Bytes) Jeremy Orem, 08/11/2011 11:53 am


Related issues

Related to Puppet - Feature #18029: Install Options for PIP package provider (incl. patch) Code Insufficient

History

#1 Updated by James Turnbull over 2 years ago

  • Status changed from Unreviewed to Requires CLA to be signed
  • Assignee set to Jeremy Orem
  • Affected Puppet version changed from development to 2.7.1

Hi Jeremy! Thanks for your patch. Could I please get you to sign a CLA (see the Contributor License Agreement link in the top menu) and have a quick look at our http://projects.puppetlabs.com/projects/puppet/wiki/Development_Development_Lifecycle link?

Thanks again!

#2 Updated by Jeremy Orem over 2 years ago

Thanks for the quick response.

I have:

  • Agreed to the CLA
  • Wrote an rspec test
  • Run rake mail_patches
  • Pushed patch to my fork: https://github.com/oremj/puppet/tree/feature/master/8933-add_pip_from_source

#3 Updated by James Turnbull over 2 years ago

  • Status changed from Requires CLA to be signed to In Topic Branch Pending Review

#4 Updated by Joe Stevensen over 2 years ago

Question, how do you plan to validate the file you’re hoping to get in the url? MD5/SHA1? GPG signature? Seems dangerous to allow puppet to grab a tar.gz file off the internet.

#5 Updated by Jeremy Orem over 2 years ago

Right now it is possible to install an rpm from a url without any validation e.g.,

'testrpm':
    source => 'http://test.com/testrpm-0.1-2.el6.x86_64.rpm',
    provider => 'rpm',
    ensure => present;

If it isn’t a concern for the rpm provider do we need to be concerned about it for the pip provider?

#6 Updated by Joe Stevensen over 2 years ago

So you can put an rpm in a url and puppet will just grab it and install it too? Why would you want this? I don’t understand why you want the ability to deploy arbitrary software without verifying it first. You can really shoot yourself in the foot here.

Also available in: Atom PDF