pypa / twine Goto Github PK

Our organization uses chishop for our PyPI mirror. When using twine against that server, it fails with the following error:

C:\Users\jaraco\org\pan\dist> twine-upload -r example .\pan-9.0.zip
Uploading distributions to https://cheese.example.com
Uploading pan-9.0.zip
HTTPError: 501 Server Error: NOT IMPLEMENTED

Using the distutils upload command works fine. Also, using the upload-package command from the jaraco.packaging toolkit works.

It would be nice if twine supported the same protocol as distutils used for uploading packages to be compatible with other package index implementations. This limitation is the primary reason I'm unable to adopt twine to supersede the aforementioned upload-package.

Gives people who find it on GitHub a warm fuzzy feeling that the package is mature enough to be on PyPI and has passing tests.

How is it possible that Twine isn't referenced on the main page of http://pythonwheels.com/ ?
(it is filled up with python setup.py sdist bdist_wheel upload instead)

Tried to use twine to upload pipe on pypi, and got:

[email protected] (master)$ twine --version
twine version 1.3.1
[email protected] (master)$ twine upload dist/*
Uploading distributions to https://pypi.python.org/pypi
Uploading pipe-1.3.tar.gz
Traceback (most recent call last):
  File "/usr/local/lib/python3.2/dist-packages/twine/commands/upload.py", line 228, in main
    upload(**vars(args))
  File "/usr/local/lib/python3.2/dist-packages/twine/commands/upload.py", line 180, in upload
    password or config.get("password"),
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 282, in post
    return self.request('post', url, data=data, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 229, in request
    r.send(prefetch=prefetch)
  File "/usr/lib/python3/dist-packages/requests/models.py", line 501, in send
    (body, content_type) = self._encode_files(self.files)
  File "/usr/lib/python3/dist-packages/requests/models.py", line 357, in _encode_files
    fp = StringIO(fp)
TypeError: initial_value must be str or None, not bytes

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/twine-upload", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.2/dist-packages/twine/commands/upload.py", line 230, in main
    sys.exit("{0}: {1}".format(exc.__class__.__name__, exc.message))
AttributeError: 'TypeError' object has no attribute 'message'

Any idea ?

My ~/.pypirc file contains:
"""[server-login]
username:name
password:password
""""

but twine barfs on this. setup.py upload works fine.

I tried this command

$ twine upload dist/*

using twine 1.4.0 but I got this error:

$ twine upload dist/
usage: twine [-h] [--version] {}
twine: error: argument command: invalid choice: 'upload' (choose from )

In Python 3, the second exception occurs because Exceptions no longer have a message attribute, and should use the args attribute or str(e) instead.

(h/t @merwok)

Traceback (most recent call last):
  File ".../lib/python3.3/site-packages/twine/commands/upload.py", line 64, in upload
    config = get_config()[repository]
KeyError: None

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File ".../lib/python3.3/site-packages/twine/commands/upload.py", line 230, in main
    (k, v) for k, v in args._get_kwargs() if not k.startswith("_")
  File ".../lib/python3.3/site-packages/twine/commands/upload.py", line 68, in upload
    repository,
KeyError: "Missing 'None' section from the configuration file"

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File ".../bin/twine-upload", line 11, in <module>
    sys.exit(main())
  File ".../lib/python3.3/site-packages/twine/commands/upload.py", line 234, in main
    sys.exit("{0}: {1}".format(exc.__class__.__name__, exc.message))
AttributeError: 'KeyError' object has no attribute 'message'

Right now, we load the entire file into memory in order to upload it. We can instead open the file once, read it incrementally to find the md5 checksum, and then use the MultipartEncoder from requests-toolbelt to stream the upload... if PyPI will accept a streamed multipart/form-data upload.

This is a wild idea and it may end up being trashed if PyPI cannot support it. It would be nice to have though

>py -m twine
usage: twine [-h] [--version] command
twine: error: too few arguments

>py -m twine -h
usage: twine [-h] [--version] command

positional arguments:
  command

optional arguments:
  -h, --help  show this help message and exit
  --version   show program's version number and exit

>py -m twine command
Traceback (most recent call last):
  File "C:\Python27\lib\runpy.py", line 162, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "C:\Python27\lib\runpy.py", line 72, in _run_code
    exec code in run_globals
  File "C:\Python27\lib\site-packages\twine\__main__.py", line 28, in <module>
    sys.exit(main())
  File "C:\Python27\lib\site-packages\twine\__main__.py", line 24, in main
    return dispatch(sys.argv[1:])
  File "C:\Python27\lib\site-packages\twine\cli.py", line 41, in dispatch
    p = subprocess.Popen(["twine-{0}".format(args.command)] + args.args)
  File "C:\Python27\lib\subprocess.py", line 709, in __init__
    errread, errwrite)
  File "C:\Python27\lib\subprocess.py", line 957, in _execute_child
    startupinfo)
WindowsError: [Error 2] The system cannot find the file specified

?

I am not sure whether this is something that is limited by Pypi, but I want to use testpypi as a continuous development server for my library. The first upload to testpypi is fine, but then I can't overwrite the library files. If it is possible to over-write files on PyPI that would be fantastic and would save me having to set up my own PYPI server just to be able to overwrite files.

I guess wheels are now the standard binaries (thank goodness), but most of my windows users are not experienced with programming in general. I make one-click installers for my library because they are familiar with them. But twine can't upload them:

[XXX]$ twine upload *.exe
Uploading distributions to https://pypi.python.org/pypi
ValueError: Unknown distribution format: 'CoolProp-5.0.1.win-amd64-py2.7.exe'

The docs could be updated to clearly state that exe installers are not supported if that is the case. Or better, a list of file formats that are supported.

Hi there,

I get the following error as soon as I have more than 1 classifier:

HTTPError: 400 Client Error: Invalid classifier "<string with all classifiers comma separated no quote>"

Any idea what's happening ?

Thanks !

New error in version "1.2.3":

$ twine upload cffi-0.8.2-cp*
KeyError: Missing 'None' section from the configuration file

I've tried uploading package to pypi and it failed silently.

Twine reported, that file was uploaded, but actually file wasn't shown anywhere on pypi.

I'm just following the steps in the README.rst file.

Step 1 "Create some distributions in the normal way:"

c:\srv\lib\dkconfig>python setup.py sdist bdist_wininst bdist_wheel
....
c:\srv\lib\dkconfig>ll dist
total 756
-rw-rw-rw-  1 bjorn 0   5848 2014-11-30 02:37 dkconfig-0.1.0-py2.py3-none-any.whl
-rwxrwxrwx  1 bjorn 0 238971 2014-11-30 02:37 dkconfig-0.1.0.win32.exe*
-rw-rw-rw-  1 bjorn 0   7107 2014-11-30 02:37 dkconfig-0.1.0.zip
-rw-rw-rw-  1 bjorn 0   6097 2014-11-30 16:59 dkconfig-0.1.2-py2.py3-none-any.whl
-rwxrwxrwx  1 bjorn 0 239326 2014-11-30 16:59 dkconfig-0.1.2.win32.exe*
-rw-rw-rw-  1 bjorn 0   7417 2014-11-30 16:59 dkconfig-0.1.2.zip
-rw-rw-rw-  1 bjorn 0   6328 2014-12-04 05:35 dkconfig-0.1.4-py2.py3-none-any.whl
-rwxrwxrwx  1 bjorn 0 239536 2014-12-04 05:35 dkconfig-0.1.4.win32.exe*
-rw-rw-rw-  1 bjorn 0   7641 2014-12-04 05:35 dkconfig-0.1.4.zip

Step 2 "Upload with twine:"

c:\srv\lib\dkconfig>twine upload dist/*
Uploading distributions to https://pypi.python.org/pypi
ValueError: Unknown distribution format: '*'

It's fine if you don't support windows, but when Windows is listed in setup's classifiers it would be nice if there was an asterisk in the docs saying that the steps as listed are not going to work...

• .pypirc - link to the comprehensive documentation at https://docs.python.org/3/distutils/packageindex.html#pypirc and say, for instance, your .pypirc file needs a [pypi] section, and per #118, the documentation should discuss how you can choose to use .pypirc to store the URL of a repo even if you don't want to store credentials.

• #277 is where we are specifically figuring out what documentation to add about keyring usage, which figures into pypa/packaging.python.org#297 for the Python Packaging User Guide. I want to both make sure that we have, or link to, comprehensive .pypirc guidance, AND encourage folks to use keyring instead.

• improve twine -h / twine --help invocation (right now you have to invoke as twine upload -h and the twine -h upload error message is misleading)

• improve command help/usage annotations for twine upload to explain that you should upload dist/*

• address pypa/packaging.python.org#145 and this Twitter conversation by adding a "use Test PyPI" line to the Usage section of the README

• add "when to use this versus when to use flit/zest.releaser" to README

• OS-specific troubleshooting tips, e.g., #274 (comment) troubleshooting tip for Mac users running with SIP enabled

• a maintainer checklist for making new releases (see #306)

• improve command help/usage annotations/README for twine upload to add instructions for adding a detached GPG signature & uploading it

When running tox to test, the coverage does not report any coverage for the module (as seen in Travis runs).

Coverage.py warning: Module /Users/rod/dev/external/twine/.tox/py27/lib/python2.7/site-packages/twine was never imported.
Coverage.py warning: No data was collected.

I think I have nailed it down to the following file in the tox.ini

coverage run --source {envsitepackagesdir}/twine -m pytest {posargs:tests}

If I change the line to

coverage run --source twine -m pytest {posargs:tests}

The coverage is properly reported.

It looks like pytest is actually running the test with the module found in the root of the repo but not with the installed module in tox virtualenvs.

Is it what should be expected? If so I will submit a quick pull request to fix it.

Twine doesn't work in Python 2.6 thanks to its use of at least one dictionary comprehension: https://github.com/dstufft/twine/blob/master/twine/application.py#L97

Package names with underscores cause twine trouble. I'm not sure if this is a twine issue or a pypi API issue or what, but it's related to pkg_resources.safe_name.

I've uploaded these distributions with twine: https://pypi.python.org/pypi/hunter/0.2.0

However I don't see my two deps (colorama and fields) in the metadata section. For example https://pypi.python.org/pypi/wheel/0.24.0 has lots of stuff there (the Requires Distributions part).

Is my wheel wrong or why is the Requires Distributions missing? I've uploaded the sdist first (I think) - could that be a problem?

I execute Twine from an unactivated virtualenv (or at least I used to until this change occurred). Probably no explicit reason to change and I can just change my habit, but thought I should put it here in case anyone else has issues.

> ../py34_venv/bin/twine upload *
Traceback (most recent call last):
  File "../py34_venv/bin/twine", line 11, in <module>
    sys.exit(main())
  File "/Users/bcannon/Repositories/caniusepython3/py34_venv/lib/python3.4/site-packages/twine/__main__.py", line 24, in main
    return dispatch(sys.argv[1:])
  File "/Users/bcannon/Repositories/caniusepython3/py34_venv/lib/python3.4/site-packages/twine/cli.py", line 41, in dispatch
    p = subprocess.Popen(["twine-{0}".format(args.command)] + args.args)
  File "/Users/bcannon/Repositories/cpython/default/Lib/subprocess.py", line 850, in __init__
    restore_signals, start_new_session)
  File "/Users/bcannon/Repositories/cpython/default/Lib/subprocess.py", line 1448, in _execute_child
    raise child_exception_type(errno_num, err_msg)
FileNotFoundError: [Errno 2] No such file or directory: 'twine-upload'

Hi. I am trying to upload a package to PyPI. The Python Packaging User Guide told me to use twine for this. Thus, I followed the instructions at https://github.com/dstufft/twine/blob/master/README.rst#usage

However, when I ran twine upload dist/* I got a KeyError 'pypi'

Traceback (most recent call last):
  File "C:\Python34\lib\site-packages\twine\commands\upload.py", line 64, in upload
    config = get_config()[repository]
KeyError: 'pypi'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Python34\lib\site-packages\twine\commands\upload.py", line 228, in main
    upload(**vars(args))
  File "C:\Python34\lib\site-packages\twine\commands\upload.py", line 68, in upload
    repository,
KeyError: "Missing 'pypi' section from the configuration file"

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Python34\lib\runpy.py", line 171, in _run_module_as_main
    "__main__", mod_spec)
  File "C:\Python34\lib\runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "C:\Python34\Scripts\twine-upload.exe\__main__.py", line 9, in <module>
  File "C:\Python34\lib\site-packages\twine\commands\upload.py", line 230, in main
    sys.exit("{0}: {1}".format(exc.__class__.__name__, exc.message))
AttributeError: 'KeyError' object has no attribute 'message'

Any ideas?

Edit: After investigation, this turned out to be because I didn't have a ~/.pypirc file. The traceback wasn't helpful. It would be better if it were replaced with a friendly error message explaining the problem (missing ~/.pypirc configuration file) and how to fix it (I did python setup.py register).

This is particularly important for people publishing a Python package for the first time, who won't have a .pypirc or know how to create one.

Hello,

I've installed twine via pip install twine, and it doesn't appear to match the release tagged with the same version number on github. pip freeze tells me I have version 1.3.1. Pypi says this version was uploaded 4/20/14. Indeed, checking the commit log on github shows a version number bump on 4/20.

However, the two commits right before that one, (55028ae and a311454) don't appear to have made it into the version I have. Inspecting upload.py shows I don't have those lines, either the "before" or "after" code from the diff.

I'm not sure where the discrepancy is coming from, but it sure seems unusual. Any help would be appreciated.

We need a sane way to upload documentation to PyPI

Hello,

I'm trying twine but it returns the error
ValueError: Unknown distribution format: '.'
when using the command
twine upload -r test dist*.*

If I enter any of the individual files (zip, egg or whl) it works.
The test section is using PyPI testing site.

Thanks,

JM

When using wheel and twine to upload a package, PyPI and Warehouse will have information about the dependencies of said package. It would be very nice to be able to look up the reverse relationship, the dependents, on the package's listing in Warehouse.

Distutils is pretty bad, and it has all it's own edge cases. So let's remove our dependency on it and do our own thing.

I've installed Twine 1.1.1 on Python 2.7.3 with Six 1.4.1, but when I try to run Twine I get the following stack trace

Traceback (most recent call last):
  File "/usr/local/bin/twine", line 9, in <module>
    load_entry_point('twine==1.1.1', 'console_scripts', 'twine')()
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources.py", line 378, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources.py", line 2566, in load_entry_point
    return ep.load()
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources.py", line 2260, in load
    entry = __import__(self.module_name, globals(),globals(), ['__name__'])
  File "/usr/local/lib/python2.7/dist-packages/twine/__main__.py", line 19, in <module>
    from twine.application import Twine
  File "/usr/local/lib/python2.7/dist-packages/twine/application.py", line 23, in <module>
    import twine.commands
  File "/usr/local/lib/python2.7/dist-packages/twine/commands/__init__.py", line 17, in <module>
    from twine.commands import upload
  File "/usr/local/lib/python2.7/dist-packages/twine/commands/upload.py", line 25, in <module>
    from six.moves import urllib_parse
ImportError: cannot import name urllib_parse

Any ideas?

pypi now has a policy such that any filename that is pushed to pypi is now permanent and forever. This means that if one makes a mistake, such as they forgot to include their .asc file, that release is now toast, and a whole new version number has to be created. Your users can no longer have version X.Y.Z of your package.

In Twine, it is in fact very easy for one to read it's simple and friendly docs and have no idea that twine is not going to read one's "sign" directive in their setup.cfg, the way "python setup.py upload" has done for us for years, and while this documentation issue is not that big a deal, the fact that running the example exactly as twine says creates a permanent-and-forever name, the stakes are now very high that one needs to get their upload exactly right.

For that reason I think a general perspective of testpypi.python.org being the default for all upload tools everywhere is a good idea, as it encourages users to definitely use this host with no chance of screwing up their releases. Only when the user is certain that its good to go, an option such as "-p / --publish" means they can effectively "burn" it to pypi.

Because a name that goes to pypi is now burned in, forever. Thanks for listening!

in order to help people avid pitfalls that are created by presumptiosn when just following the docs we should include additional steps in long description

1. optional detached signing step
2. alternative signed upload call (addresses #96 as well)
3. test pypi upload and verification before real upload

additional note, the confusion around signing might be avoided by making detached and more secure signing the only option, since convenience seems to be a vector for mistakes

/Users/bcannon/Repositories/caniusepython3/py34_venv/lib/python3.4/site-packages/twine/application.py:97: ResourceWarning: unclosed <ssl.SSLSocket fd=7, family=AddressFamily.AF_INET, type=SocketType.SOCK_STREAM, proto=6, laddr=('192.168.1.16', 60647), raddr=('199.27.73.184', 443)>
(k, v) for k, v in args._get_kwargs()

It'd be great if twine could upload files larger than the system's memory. Currently, I don't think this is possible due to reading the entire file into memory

Right now twine has a couple dependencies. Ideally people will be installing this globally, or at the very least alongside code. Because twine is generally unrelated to their application we should keep our dependencies very minimal and vendor what we can.

Otherwise twine upload -s only works if you have the gpg command installed.

This is what twine's readme currently says:

The biggest reason to use twine is [...] while python setup.py upload uses
HTTP and exposes your credentials.

That is not true anymore, for more than a year. I think we agree that most people use distutils (in stdlib) or setuptools (monkey-patching/extending distutils) when they upload to PyPI. Both use transport encryption:

Since December 2013, distutils in Python 2.7 and 3 uploads to an HTTPS endpoint by default, see python/cpython@241fbe9

AFAIK setuptools leverages the uploading implementation from distutils, at least a grep -HR "upload" . on their code did not reveal any different upload implementation.

$ twine cffi-0.8.3-cp*
Traceback (most recent call last):
  File "app_main.py", line 75, in run_toplevel
  File "/Users/alex_gaynor/.virtualenvs/tempenv-3aed5394482d/bin/twine", line 11, in <module>
    sys.exit(main())
  File "/Users/alex_gaynor/.virtualenvs/tempenv-3aed5394482d/site-packages/twine/__main__.py", line 24, in main
    return dispatch(sys.argv[1:])
  File "/Users/alex_gaynor/.virtualenvs/tempenv-3aed5394482d/site-packages/twine/cli.py", line 41, in dispatch
    p = subprocess.Popen(["twine-{0}".format(args.command)] + args.args)
  File "/Users/alex_gaynor/.pyenv/versions/pypy-2.3.1/lib-python/2.7/subprocess.py", line 709, in __init__
    errread, errwrite)
  File "/Users/alex_gaynor/.pyenv/versions/pypy-2.3.1/lib-python/2.7/subprocess.py", line 1330, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

Would be nice if it said something like "cffi not a command name" or similar.

I registered https://pypi.python.org/pypi/vat_moss via the website, as recommended at https://packaging.python.org/en/latest/distributing.html#uploading-your-project-to-pypi.

I then ran:

python setup.py sdist
twine upload dist/vat_moss-0.9.0.tar.gz

The result is:

Uploading distributions to https://pypi.python.org/pypi
Enter your password: 
Uploading vat_moss-0.9.0.tar.gz
HTTPError: 403 Client Error: You are not allowed to edit 'vat-moss' package information

I have successfully uploaded other packages recently, and created the package via the website, so I know my password and ~/.pypirc file are set up properly.

I am using the latest version of twine from this repo:

pip install git+https://github.com/pypa/twine

twine upload -r testpypi -u maphew -p {{****}} ..\dist\foorbar5.01b.zip
Uploading distributions to https://testpypi.python.org/pypi
Uploading foorbar5.0b1.zip
SSLError: [Errno 8] _ssl.c:504: EOF occurred in violation of protocol

Python 2.7.4 (default, Apr 6 2013, 19:54:46) [MSC v.1500 32 bit (Intel)] on win
32
How to troubleshoot this error?

Right now if you want to register a new package you still need to do setup.py register which is still grossly insecure. So twine should support a twine register <foo>.

A Python 3.4 issue?

(py34_venv) > twine upload ../dist/*
Traceback (most recent call last):
  File "/Users/bcannon/Repositories/caniusepython3/py34_venv/lib/python3.4/site-packages/twine/commands/upload.py", line 64, in upload
    config = get_config()[repository]
KeyError: None

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/bcannon/Repositories/caniusepython3/py34_venv/lib/python3.4/site-packages/twine/commands/upload.py", line 230, in main
    (k, v) for k, v in args._get_kwargs() if not k.startswith("_")
  File "/Users/bcannon/Repositories/caniusepython3/py34_venv/lib/python3.4/site-packages/twine/commands/upload.py", line 68, in upload
    repository,
KeyError: "Missing 'None' section from the configuration file"

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/bcannon/Repositories/caniusepython3/py34_venv/bin/twine-upload", line 11, in <module>
    sys.exit(main())
  File "/Users/bcannon/Repositories/caniusepython3/py34_venv/lib/python3.4/site-packages/twine/commands/upload.py", line 234, in main
    sys.exit("{0}: {1}".format(exc.__class__.__name__, exc.message))
AttributeError: 'KeyError' object has no attribute 'message'

Python 2.6 doesn't have logging.config.dictConfig (it was added in 2.7), which is used on line 62 of twine/application.py .

Currently twine requires a ~/.pypirc. It would be really great for twine not to require one and to simply allow or ask for parameters as required.

missing a requirements.txt file. helpful in setting up development environment.

I am trying to upload my release to pypi using twine, and I had a previous attempt that failed for another reason (issue to follow), leaving my package 60% uploaded. When I try to come back and upload just the wheels, I can't, because they were already uploaded before.

Files that are already there should not cause failure, they should be warnings in my opinion

[XXX]$ twine upload buildbot/server-master/public_html/binaries/Python/*.whl
Uploading distributions to https://pypi.python.org/pypi
Uploading CoolProp-5.0.0-cp27-none-macosx_10_5_x86_64.whl
HTTPError: 400 Client Error: A file named "CoolProp-5.0.0-cp27-none-macosx_10_5_x86_64.whl" already exists for  CoolProp-5.0.0. To fix problems with that file you should create a new release.

The only way to "fix" this is to remove the release entirely

AFAICS currently you can either save your password to the .pypirc file or supply it on the command line as an argument. Both options are bad from a security perspecitve. Passwords should not be saved on disk unencrypted and they should not be part of the command line either (because they show up in process listings and shell history).

Please add a method to prompt for the password if it's neither in the config file nor given on the command line.

NoOptionError: No option u'username' in section: 'public'
for

[distutils]
index-servers =
    public

[public]
repository = http://pypi.python.org

Which could be a perfectly fine config if used with -u as in
twine-upload -r public -u username -p password package-file

The 'twine' super-command expects 'twine-upload' to be on the path: it shouldn't do that, but instead use its own path to generate the shell command.