2 @documentencoding UTF-8
6 Copyright @copyright{} 2019-2021 @email{stargrave@@stargrave.org, Sergey Matveev}
12 GoCheese is Python private package repository and caching proxy.
14 It serves two purposes:
17 @item proxying and caching of missing packages from upstream
18 @url{https://pypi.org/, PyPI}, conforming to
19 @url{https://www.python.org/dev/peps/pep-0503/, PEP-0503}
20 (Simple Repository API) and
21 @url{https://warehouse.pypa.io/api-reference/json.html, JSON API}
22 @item hosting of private locally uploaded packages, conforming to
23 @url{https://warehouse.pypa.io/api-reference/legacy/, Warehouse Legacy API}
26 Why could you like it and how it can be better to fit your needs?
29 @item No database required. Only filesystem storage with few simple
30 files per package. Package deletion, renaming, making it uploadable
31 (private) is done with simple @command{mkdir}, @command{touch}, etc
33 @item Just single statically compiled Go binary, UCSPI-TCP compatibility,
34 high performance (including HTTP/2, keepalives and TLS session resumption)
35 @item No configuration file, but several simple command line arguments
36 @item Consistency (because of atomic synced operations) and integrity
37 (because of cryptographic checksums stored nearby)
38 @item Package's metadata and created times storing for uploaded and
42 Initially it was created as a fork of
43 @url{https://github.com/c4s4/cheeseshop, cheeseshop},
44 but nearly all the code was rewritten. It is aimed to be replacement for
45 @command{PyShop} lacking huge quantity of features, reliability and
46 consistency guarantees, workability without deprecated XML-RPC API, and
47 suffering performance.
51 @item Supports proxying and caching of non-internal packages from the
52 upstream PyPI installation.
54 @item Supports uploading of internal packages through the standard
55 Warehouse API, including signatures, metadata and checksums.
57 @item Supports @url{https://pythonwheels.com/, wheels}, GPG signatures,
58 @url{https://packaging.python.org/specifications/core-metadata/, Metadata}
59 with @url{https://www.python.org/dev/peps/pep-0566/, PEP-0566} compatible
60 conversion to JSON, multiple (MD5, SHA256, SHA512, BLAKE2b-256) integrity
61 checksums storing and verifying during uploading and proxying.
63 @item Supports Simple and JSON APIs, being able to replace PyPI for all
66 @item Stores package's creation time with solicitude as @code{mtime},
67 giving it in HTTP headers and JSON API.
69 @item TLS and HTTP/2 capable transport to the upstream, with enabled
70 keepalives and session resumption TLS tickets. Graceful HTTP server
71 shutdown. Can work as a @url{https://cr.yp.to/ucspi-tcp.html, UCSPI-TCP}
74 @item Atomic and @code{fsync}ed reliable and consistent updates to the
77 @item Has ability to authenticate upstream PyPI by its X.509
78 certificate's SPKI hash.
80 @item User authentication supports passwords either hashed with SHA256
81 or strengthened with @url{https://datatracker.ietf.org/doc/html/rfc9106, Argon2i}.
85 Also it contains @file{contrib/pyshop2packages.sh} migration script for
86 converting @url{https://pypi.org/project/pyshop/, Pyshop} database into
87 GoCheese one, including private packages.
90 @url{https://www.gnu.org/philosophy/pragmatic.html, copylefted}
91 @url{https://www.gnu.org/philosophy/free-sw.html, free software}
92 licenced under @url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3}.
94 Please send questions, bug reports and patches to @url{gocheese@@cypherpunks.ru}.
100 @include passwords.texi
102 @include storage.texi