README.rst 9.75 KB
Newer Older
1 2 3
twine
=====

4
.. rtd-inclusion-marker-do-not-remove
5

6 7 8
Twine is `a utility`_ for `publishing`_ packages on `PyPI`_.

Currently it only supports registering `projects`_ and uploading `distributions`_.
9 10 11 12 13


Why Should I Use This?
----------------------

14 15 16 17 18 19
The goal of ``twine`` is to improve PyPI interaction by improving
security and testability.

The biggest reason to use ``twine`` is that it securely authenticates you to PyPI
over HTTPS using a verified connection, while ``python setup.py upload`` `only
recently stopped using HTTP <https://bugs.python.org/issue12226>`_ in Python
20 21
2.7.9+ and Python 3.2+. This means anytime you use ``python setup.py upload``
with an older Python version, you expose your username and password to being
22
easily sniffed. Twine uses only verified TLS to upload to PyPI, protecting your
23
credentials from theft.
24

25
Secondly, it allows you to precreate your distribution files.
26 27 28 29 30
``python setup.py upload`` only allows you to upload something that you've
created in the same command invocation. This means that you cannot test the
exact file you're going to upload to PyPI to ensure that it works before
uploading it.

31 32 33 34 35
Finally, it allows you to pre-sign your files and pass the ``.asc``
files into the command line invocation (``twine upload
twine-1.0.1.tar.gz twine-1.0.1.tar.gz.asc``). This enables you to be
assured that you're typing your ``gpg`` passphrase into ``gpg`` itself
and not anything else, since *you* will be the one directly executing
36 37 38 39 40 41
``gpg --detach-sign -a <filename>``.


Features
--------

42 43
- Verified HTTPS connections
- Uploading doesn't require executing ``setup.py``
44
- Uploading files that have already been created, allowing testing of
45
  distributions before release
46
- Supports uploading any packaging format (including wheels)
47 48 49 50 51


Installation
------------

52
.. code-block:: console
53 54 55 56 57 58 59 60 61

    $ pip install twine


Usage
-----

1. Create some distributions in the normal way:

62
   .. code-block:: console
63

64
       $ python setup.py sdist bdist_wheel
65

66
2. Upload with ``twine``:
67

68
   .. code-block:: console
69 70 71

       $ twine upload dist/*

72
3. Done!
73

74 75
More documentation on using ``twine`` to upload packages to PyPI is in
the `Python Packaging User Guide`_.
76 77 78


Options
79
^^^^^^^
80

81
.. code-block:: console
82 83

    $ twine upload -h
84

85 86 87 88
    usage: twine upload [-h] [-r REPOSITORY] [--repository-url REPOSITORY_URL]
                        [-s] [--sign-with SIGN_WITH] [-i IDENTITY] [-u USERNAME]
                        [-p PASSWORD] [-c COMMENT] [--config-file CONFIG_FILE]
                        [--skip-existing] [--cert path] [--client-cert path]
89 90 91 92 93 94 95 96 97 98
                        dist [dist ...]

    positional arguments:
      dist                  The distribution files to upload to the repository,
                            may additionally contain a .asc file to include an
                            existing signature with the file upload

    optional arguments:
      -h, --help            show this help message and exit
      -r REPOSITORY, --repository REPOSITORY
99 100 101 102 103 104 105 106 107 108
                            The repository to upload the package to. Can be a
                            section in the config file or a full URL to the
                            repository (default: pypi). (Can also be set via
                            TWINE_REPOSITORY environment variable)
      --repository-url REPOSITORY_URL
                            The repository URL to upload the package to. This can
                            be specified with --repository because it will be used
                            if there is no configuration for the value passed to
                            --repository. (Can also be set via
                            TWINE_REPOSITORY_URL environment variable.)
109
      -s, --sign            Sign files to upload using gpg
110 111
      --sign-with SIGN_WITH
                            GPG program used to sign uploads (default: gpg)
112 113 114
      -i IDENTITY, --identity IDENTITY
                            GPG identity used to sign files
      -u USERNAME, --username USERNAME
115 116
                            The username to authenticate to the repository as (can
                            also be set via TWINE_USERNAME environment variable)
117 118
      -p PASSWORD, --password PASSWORD
                            The password to authenticate to the repository with
119 120
                            (can also be set via TWINE_PASSWORD environment
                            variable)
121 122
      -c COMMENT, --comment COMMENT
                            The comment to include with the distribution file
123 124
      --config-file CONFIG_FILE
                            The .pypirc config file to use
125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
      --skip-existing       Continue uploading files if one already exists. (Only
                            valid when uploading to PyPI. Other implementations
                            may not support this.)
      --cert path           Path to alternate CA bundle (can also be set via
                            TWINE_CERT environment variable)
      --client-cert path    Path to SSL client certificate, a single file
                            containing the private key and the certificate in PEM
                            format


Twine also includes a ``register`` command.

.. WARNING::
   ``register`` is `no longer necessary if you are
   uploading to pypi.org
   <https://packaging.python.org/guides/migrating-to-pypi-org/#registering-package-names-metadata>`_. As
   such, it is `no longer supported
   <https://github.com/pypa/warehouse/issues/1627>`_ in `Warehouse`_
   (the new PyPI software running on pypi.org). However, you may need
   this if you are using a different package index.

For completeness, its usage:

.. code-block:: console

    $ twine register -h
    usage: twine register [-h] [-r REPOSITORY] [--repository-url REPOSITORY_URL]
                          [-u USERNAME] [-p PASSWORD] [-c COMMENT]
                          [--config-file CONFIG_FILE] [--cert path]
                          [--client-cert path]
                          package

    positional arguments:
      package               File from which we read the package metadata
159

160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206
    optional arguments:
      -h, --help            show this help message and exit
      -r REPOSITORY, --repository REPOSITORY
                            The repository to register the package to. Can be a
                            section in the config file or a full URL to the
                            repository (default: pypi). (Can also be set via
                            TWINE_REPOSITORY environment variable)
      --repository-url REPOSITORY_URL
                            The repository URL to upload the package to. This can
                            be specified with --repository because it will be used
                            if there is no configuration for the value passed to
                            --repository. (Can also be set via
                            TWINE_REPOSITORY_URL environment variable.)
      -u USERNAME, --username USERNAME
                            The username to authenticate to the repository as (can
                            also be set via TWINE_USERNAME environment variable)
      -p PASSWORD, --password PASSWORD
                            The password to authenticate to the repository with
                            (can also be set via TWINE_PASSWORD environment
                            variable)
      -c COMMENT, --comment COMMENT
                            The comment to include with the distribution file
      --config-file CONFIG_FILE
                            The .pypirc config file to use
      --cert path           Path to alternate CA bundle (can also be set via
                            TWINE_CERT environment variable)
      --client-cert path    Path to SSL client certificate, a single file
                            containing the private key and the certificate in PEM
                            format


Environment Variables
^^^^^^^^^^^^^^^^^^^^^

Twine also supports configuration via environment variables. Options passed on
the command line will take precedence over options set via environment
variables. Definition via environment variable is helpful in environments where
it is not convenient to create a `.pypirc` file, such as a CI/build server, for
example.

* ``TWINE_USERNAME`` - the username to use for authentication to the repository
* ``TWINE_PASSWORD`` - the password to use for authentication to the repository
* ``TWINE_REPOSITORY`` - the repository configuration, either defined as a
  section in `.pypirc` or provided as a full URL
* ``TWINE_REPOSITORY_URL`` - the repository URL to use
* ``TWINE_CERT`` - custom CA certificate to use for repositories with
  self-signed or untrusted certificates
207 208 209 210

Resources
---------

211
* `IRC <http://webchat.freenode.net/?channels=%23pypa>`_
212 213
  (``#pypa`` - irc.freenode.net)
* `GitHub repository <https://github.com/pypa/twine>`_
214 215
* User and developer `documentation`_
* `Python Packaging User Guide`_
216 217 218 219

Contributing
------------

220 221
See our `developer documentation`_ for how to get started, an
architectural overview, and our future development plans.
222 223 224 225

Code of Conduct
---------------

226 227 228 229 230 231 232 233 234 235 236 237 238 239
Everyone interacting in the ``twine`` project's codebases, issue
trackers, chat rooms, and mailing lists is expected to follow the
`PyPA Code of Conduct`_.

.. _`a utility`: https://pypi.org/project/twine/
.. _`publishing`: https://packaging.python.org/tutorials/distributing-packages/
.. _`PyPI`: https://pypi.org
.. _`Python Packaging User Guide`: https://packaging.python.org/tutorials/distributing-packages/
.. _`documentation`: http://twine.readthedocs.io/
.. _`developer documentation`: https://twine.readthedocs.io/en/latest/contributing.html
.. _`projects`: https://packaging.python.org/glossary/#term-project
.. _`distributions`: https://packaging.python.org/glossary/#term-distribution-package
.. _`PyPA Code of Conduct`: https://www.pypa.io/en/latest/code-of-conduct/
.. _`Warehouse`: https://github.com/pypa/warehouse