distributions named on the command line for the invocation including
the \command{upload} command are uploaded.
-The \command{upload} command uses the username and password stored in
-the file \file{\$HOME/.pypirc}, see section~\ref{pypirc}.
+The \command{upload} command uses the username, password, and repository
+URL from the \file{\$HOME/.pypirc} file (see section~\ref{pypirc} for
+more on this file).
+
+You can use the \programopt{--sign} option to tell \command{upload} to
+sign each uploaded file using GPG (GNU Privacy Guard). The
+\program{gpg} program must be available for execution on the system
+\envvar{PATH}. You can also specify which key to use for signing
+using the \programopt{--identity=\var{name}} option.
+
+Other \command{upload} options include
+\programopt{--repository=\var{url}} (which lets you override the
+repository setting from \file{\$HOME/.pypirc}), and
+\programopt{--show-response} (which displays the full response text
+from the PyPI server for help in debugging upload problems).
\chapter{Examples}
\label{examples}
'display full response text from server'),
('sign', 's',
'sign files to upload using gpg'),
+ ('identity=', 'i', 'GPG identity used to sign files'),
]
boolean_options = ['show-response', 'sign']
self.repository = ''
self.show_response = 0
self.sign = False
+ self.identity = None
def finalize_options(self):
+ if self.identity and not self.sign:
+ raise DistutilsOptionError(
+ "Must use --sign for --identity to have meaning"
+ )
if os.environ.has_key('HOME'):
rc = os.path.join(os.environ['HOME'], '.pypirc')
if os.path.exists(rc):
def upload_file(self, command, pyversion, filename):
# Sign if requested
if self.sign:
- spawn(("gpg", "--detach-sign", "-a", filename),
+ gpg_args = ["gpg", "--detach-sign", "-a", filename]
+ if self.identity:
+ gpg_args[2:2] = ["--local-user", self.identity]
+ spawn(gpg_args,
dry_run=self.dry_run)
# Fill in the data - send all the meta-data in case we need to
projects / python / commitdiff