The Python package repository accelerating software development at CERN
- Duration:
- 30 minutes
Abstract
Python’s expressive syntax, ease of use, and powerful ecosystem of third-party packages are all major contributing factors to its thriving use for accelerator controls at CERN. Providing access to this rich ecosystem in a protected environment, whilst also allowing developers to augment this with internally developed packages is a key enabling service. Existing open-source solutions didn’t meet our needs, and the evolving Package index standardisation, as well as exposure to dependency confusion attacks, left us searching for a more modular and flexible approach.
In this presentation we will demonstrate the Python package upload, index, and browsing services developed at CERN. We will discuss the gradual transition from our existing repository service (based on Nexus), and demonstrate - with the help of recent packaging PEPs - the flexibility that modularising the services has brought, helping us to meet our needs for local specialisation and enhanced security measures.
Description
CERN, the European Organization for Nuclear Research, operates the largest particle physics laboratory in the world, including the 27km long Large Hadron Collider (LHC). Python is increasingly at the heart of CERN’s accelerator control software, with hundreds of domain specialists using Python on a daily basis to research, engineer and operate this world-leading facility.
Python’s expressive syntax, ease of use, and powerful ecosystem of third-party packages are all major contributing factors to its success. Providing access to this rich ecosystem in a protected environment, whilst also allowing developers to augment this with internally developed packages is a key enabling service. Existing open-source solutions didn’t meet our needs, and the evolving Package index standardisation as well as exposure to dependency confusion attacks, left us wishing for a more modular and flexible approach.
In this presentation we will demonstrate the Python package upload, index, and browsing services developed at CERN, and will show that modularising the service gives greater opportunities for local specialisation and enhanced security approaches, as well as offering easy evaluation and adoption of PEP-standardised packaging enhancements. Starting from an existing package repository setup (based on Nexus), we will present the steps taken to gradually introduce this modular infrastructure using specific packaging PEPs to demonstrate the existing challenges and motivation.
We will look at code snippets that we are able to inject into the package index definition, and get into fine detail about recent packaging PEPs (e.g., PEP-658) in order to build the case that modularity is essential to build package index services that can evolve with the standards, and which can be adapted to the specific needs of an organisation such as CERN (e.g., specific authentication methods, resource ownership, network segregation).
Finally, we will demonstrate our package browsing service, which is a FastAPI-based web service offering a browser on a “Simple Index” (PEP-503) package repository which mimics the look-and-feel of PyPI.org.