Skip to main content
Huy's site

Introducing IPWHL: an alternative Python packaging

This post was excerpted from discuss.python.org

What is IPWHL?

The interplanetary wheels are platform-unique, singly-versioned Python built distributions backed by IPFS. It aims to be a downstream wheel supplier in a similar fashion to GNU/Linux distributions, whilst take advantage of a content-addressing peer-to-peer network to provide a reproducible, easy-to-mirror source of packages.

On IPWHL, for each platform (architecture, operating system and Python implementation and version), there exists only one single built distribution. The collection of these distribution packages are given as a single IPFS CID. An installer can use solely this content ID and packages names to reproduce the exactly same environment on every platform.

The official IPWHL repository will provide exclusively free software. However, deriving the repository should be trivial and is a supported use case.

Why?

IPWHL is created as a curated and decentralized Python package repository.

PyPI repository is uncurated: anyone can publish a package there, which enables typosquatting and some other exploits. In contrast, by controlling which packages can go into IPWHL, we reduces risk of distributing malware significantly. Decentralizing the repository with IPFS makes mirroring more helpful and cost-saving. Additionally, by making the wheels singly-versioned, IPWHL is expected to save time for dependency resolution.

How to use IPWHL?

Setting up IPFS

IPFS has a well-documented installation guide. It is worth noting that several GNU/Linux distributions and BSD-based OSes may have already included it in their repositories. Afterwards, please follow the IPFS quick-start guide. Some downstream go-ipfs packages may also contains a init-system service to automatically manage the IPFS daemon. By default, the daemon opens a local IPFS gateway at port 8080.

Use it

To use IPWHL repository, we can simply replace the PyPI URL to the repository through an IPFS gateway. For pip, you can do this by changing index-url:

pip config --site set global.index-url "http://localhost:8080/ipfs/$IPWHL_CID"

Mirroring a release is also as simple as pinning its CID:

ipfs pin add $IPWHL_CID

Feedback

IPWHL is in its early stage, so we would appreciate if you can let us know how you feel about it.

Fediring

Look at my fedi fellows' sites:
  1. Previous site
  2. What is Fediring?
  3. Next site

Articles from blogs I read

1/4 tree species endangered

*Prevent tree extinctions or face global ecological catastrophe, scientists warn.* Over 1/4 of tre…

via Richard Stallman's Political Notes September 3, 2022

Tumbleweed Continues Release Streak

Tumbleweed’s continuous daily release streak has reached an astounding 26 snapshots. The streak of …

via openSUSE News September 2, 2022

In praise of qemu

qemu is another in a long line of great software started by Fabrice Bellard. It provides virtual mac…

via Drew DeVault's blog September 2, 2022
Generated by openring