Skip to content
This repository has been archived by the owner on Dec 5, 2021. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Improve security when downloading from pypi
  • Loading branch information
Guillaume Gauvrit committed Feb 6, 2013
1 parent 9c6cbcc commit ffadb0b
Show file tree
Hide file tree
Showing 4 changed files with 3,472 additions and 3 deletions.
2 changes: 1 addition & 1 deletion MANIFEST.in
@@ -1,2 +1,2 @@
include *.txt *.ini *.cfg *.rst
recursive-include pyshop *.ico *.png *.css *.scss *.txt *.js *.html *.pot *.po
recursive-include pyshop *.ico *.png *.css *.scss *.txt *.js *.html *.pot *.po *.pem
7 changes: 6 additions & 1 deletion pyshop/helpers/download.py
Expand Up @@ -33,7 +33,12 @@ def __call__(self, value, system):
if not os.path.exists(dir_):
os.makedirs(dir_, 0750)

resp = requests.get(value['url'])
if value['url'].startswith('https://pypi.python.org'):
verify = os.path.join(os.path.dirname(__file__), 'pypi.pem')
else:
verify = value['url'].startswith('https:')

resp = requests.get(value['url'], verify=verify)
with open(f, 'wb') as rf:
rf.write(resp.content)
return resp.content
Expand Down

0 comments on commit ffadb0b

Please sign in to comment.