Python | 发包 2018 入坑记录

最近业务需要抽离，抽离出来的应用需要做成 Django 第三方包的形式，可以在任何 Django（也没那么神奇，例如有些版本就没测试）版本项目中，直接安装使用，所以这里还是需要发包到 pypi。

第一次发包

我是先发到 test 环境 https://testpypi.python.org/，看下发包还是不是符合我的预期，毕竟很长时间没发过包。

twine upload  -r pypitest dist/django-xxxxx-0.0.1.tar.gz
Uploading distributions to https://test.pypi.org/legacy/
Uploading django-xxxxx-0.0.1.tar.gz
  0%|                                                                                                            | 0.00/18.5k [00:00<?, ?B/s]
SSLError: HTTPSConnectionPool(host='test.pypi.org', port=443): Max retries exceeded with url: /legacy/ (Caused by SSLError(SSLError(1, u'[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661)'),))

结果打脸，查了下资料，http://pyfound.blogspot.hk/20...，摘出来一部分

There are two deadlines to upgrade your Python to a version with the latest TLS. The first comes soon, on April 30, 2017, when python.org sites without Extended Validation Certificates will stop supporting TLS 1.0 and 1.1. These sites include:

testpypi.python.org
test.pypi.org
files.pythonhosted.org

大意是什么呢，意思就是提醒赶紧升级 python，那个后面只会只支持使用 TLS 1.2 版本的协议，低版本的不再支持了，很不幸，testpypi.python.org 这个测试站点停止支持 TLS 1.0 和 1.1

接着按照给出的例子，自己测了下

python -m pip install --upgrade requests
python -c "import requests; print(requests.get('https://www.howsmyssl.com/a/check', verify=False).json()['tls_version'])"

TLS 1.0

If you see "TLS 1.2", your interpreter's TLS is up to date. If you see "TLS 1.0" or an error like "tlsv1 alert protocol version", then you must upgrade. ↩

第二次发包

按照文档上讲的，我的 python 过时了，那就直接升到 2.7.14；升完再跑一遍

python -c "import requests; print(requests.get('https://www.howsmyssl.com/a/check', verify=False).json()['tls_version'])"
/Users/allen/Develop/py3env/lib/python3.6/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
TLS 1.2

这下是否可以省心了，继续我的发包

twine upload  -r pypitest dist/django-xxxxx-0.0.1.tar.gz
Uploading distributions to https://test.pypi.org/legacy/
Uploading django-xxxxx-0.0.1.tar.gz
  0%|                                                                                                            | 0.00/18.5k [00:00<?, ?B/s]
SSLError: HTTPSConnectionPool(host='test.pypi.org', port=443): Max retries exceeded with url: /legacy/ (Caused by SSLError(SSLError(1, u'[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661)'),))

很不幸，继续躺着，谷歌了下 pip install pyOpenSSL 如果已经安装了，更新下，保险；

第三次发包

twine upload  -r pypitest dist/django-xxxxx-0.0.1.tar.gz
Uploading distributions to https://test.pypi.org/legacy/
Uploading django-xxxxx-0.0.1.tar.gz
100%|███████████████████████████████████████████████████████████████████████████████████████████████████| 18.5k/18.5k [00:08<00:00, 2.13kB/s]

终于跑起来了，小结下

• 如果 Python 版本低，升级
• 如果 pyOpenSSL 版本低，升级
• 如果 requests 版本低，升级