Managing allowlists#

For Tier 3 SREs, the Python and R software packages that users are allowed to download from the PyPI and CRAN repositories are restricted. Connection to PyPI and CRAN is achieved using Sonatype Nexus Repository.

Packages must be explicitly added to the allowlist for the relevant repository before the users can download the package. Packages not on the allowlist are blocked.

An allowlist is a plain text file, with the name of each allowed package on its own line.

Important

The user must also be able to download any dependencies of any package on the allowlist. You should ensure that any such dependencies are also added to the allowlist.

For example, a minimal CRAN allowlist that permits the user to install the packages data.table, DBI, and RPostgres would be as below.

bit64
blob
data.table
DBI
hms
lubridate
RPostgres
withr

This includes the requested packages and their dependencies.

Viewing allowlists#

To view the current allowlist for a given repository, use dsh allowlist show

dsh allowlist show YOUR_SRE_NAME REPOSITORY_NAME

Uploading and updating an allowlist#

To upload an allowlist, use dsh allowlist upload.

dsh allowlist upload YOUR_SRE_NAME PATH_TO_ALLOWLIST_FILE REPOSITORY_NAME

The local allowlist file does not need to have a specific name.

Example allowlists#

Example allowlists for PyPI and CRAN can be generated using dsh allowlist template

dsh allowlist template REPOSITORY_NAME

Managing allowlists#

Viewing allowlists#

Uploading and updating an allowlist#

Example allowlists#

This Page