2 GoCheese -- Python private package repository and caching proxy
3 Copyright (C) 2019-2021 Sergey Matveev <stargrave@stargrave.org>
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, version 3 of the License.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>.
38 // https://warehouse.pypa.io/api-reference/legacy.html
40 HTMLRootTmpl = template.Must(template.New("root").Parse(`<!DOCTYPE html>
43 <meta name="pypi:repository-version" content="1.0">
44 <title>Simple index</title>
46 <body>{{$Refresh := .RefreshURLPath}}{{range .Packages}}
47 <a href="{{$Refresh}}{{.}}/">{{.}}</a><br/>
52 HTMLReleasesTmpl = template.Must(template.New("list").Parse(`<!DOCTYPE html>
55 <meta name="pypi:repository-version" content="1.0">
56 <title>Links for {{.PkgName}}</title>
58 <body>{{$Refresh := .RefreshURLPath}}{{$PkgName := .PkgName}}{{range .Releases}}
59 <a href="{{$Refresh}}{{$PkgName}}/{{.Filename -}}
60 #{{range $a, $d := .Digests}}{{$a}}={{$d}}{{end -}}
61 {{with .HasSig}} data-gpg-sig=true{{end}}">{{.Filename}}</a><br/>
66 KnownExts = []string{".tar.bz2", ".tar.gz", ".whl", ".zip", ".egg",
67 ".exe", ".dmg", ".msi", ".rpm", ".deb", ".tgz"}
70 func listRoot(w http.ResponseWriter, r *http.Request) {
71 files, err := ioutil.ReadDir(Root)
73 log.Println("error", r.RemoteAddr, "root", err)
74 http.Error(w, err.Error(), http.StatusInternalServerError)
77 packages := make([]string, 0, len(files))
78 for _, f := range files {
79 packages = append(packages, f.Name())
81 sort.Strings(packages)
83 err = HTMLRootTmpl.Execute(&buf, struct {
87 RefreshURLPath: *RefreshURLPath,
91 log.Println("error", r.RemoteAddr, "root", err)
92 http.Error(w, err.Error(), http.StatusInternalServerError)
98 type PkgReleaseInfoByName []*PkgReleaseInfo
100 func (a PkgReleaseInfoByName) Len() int {
104 func (a PkgReleaseInfoByName) Swap(i, j int) {
105 a[i], a[j] = a[j], a[i]
108 func (a PkgReleaseInfoByName) Less(i, j int) bool {
109 if a[i].Version == a[j].Version {
110 return a[i].Filename < a[j].Filename
112 return a[i].Version < a[j].Version
115 // Version format is too complicated: https://www.python.org/dev/peps/pep-0386/
116 // So here is very simple parser working good enough for most packages
117 func filenameToVersion(fn string) string {
118 fn = strings.TrimSuffix(fn, GPGSigExt)
120 for _, ext := range KnownExts {
121 trimmed = strings.TrimSuffix(fn, ext)
127 cols := strings.Split(fn, "-")
128 for i := 0; i < len(cols); i++ {
129 if len(cols[i]) == 0 {
132 if ('0' <= cols[i][0]) && (cols[i][0] <= '9') {
142 func listDir(pkgName string, doSize bool) (int64, []*PkgReleaseInfo, error) {
143 dirPath := filepath.Join(Root, pkgName)
144 entries, err := os.ReadDir(dirPath)
148 files := make(map[string]fs.DirEntry, len(entries))
149 for _, entry := range entries {
153 if entry.Name()[0] == '.' {
156 files[entry.Name()] = entry
158 releaseFiles := make(map[string]*PkgReleaseInfo)
159 for _, algo := range KnownHashAlgos {
160 for fn, entry := range files {
162 return 0, nil, errors.New("killed")
164 if !strings.HasSuffix(fn, "."+algo) {
168 digest, err := ioutil.ReadFile(filepath.Join(dirPath, fn))
172 fnClean := strings.TrimSuffix(fn, "."+algo)
173 release := releaseFiles[fnClean]
175 fi, err := entry.Info()
179 release = &PkgReleaseInfo{
181 Version: filenameToVersion(fnClean),
182 UploadTimeISO8601: fi.ModTime().UTC().Truncate(
184 ).Format(time.RFC3339),
185 Digests: make(map[string]string),
187 releaseFiles[fnClean] = release
188 if entry, exists := files[fnClean]; exists {
190 fi, err := entry.Info()
194 release.Size = fi.Size()
196 delete(files, fnClean)
198 if _, exists := files[fnClean+GPGSigExt]; exists {
199 release.HasSig = true
200 delete(files, fnClean+GPGSigExt)
203 release.Digests[algo] = hex.EncodeToString(digest)
206 releases := make([]*PkgReleaseInfo, 0, len(releaseFiles))
207 for _, release := range releaseFiles {
208 releases = append(releases, release)
210 sort.Sort(PkgReleaseInfoByName(releases))
211 fi, err := os.Stat(dirPath)
215 serial := fi.ModTime().Unix()
216 if fi, err = os.Stat(filepath.Join(dirPath, MetadataFile)); err == nil {
217 serial += fi.ModTime().Unix()
219 return serial, releases, nil
223 w http.ResponseWriter,
226 autorefresh, gpgUpdate bool,
228 dirPath := filepath.Join(Root, pkgName)
230 if !refreshDir(w, r, pkgName, "", gpgUpdate) {
233 } else if _, err := os.Stat(dirPath); os.IsNotExist(err) &&
234 !refreshDir(w, r, pkgName, "", false) {
237 serial, releases, err := listDir(pkgName, false)
239 log.Println("error", r.RemoteAddr, "list", pkgName, err)
240 http.Error(w, err.Error(), http.StatusInternalServerError)
243 for _, release := range releases {
244 singleDigest := make(map[string]string)
245 if digest, exists := release.Digests[HashAlgoSHA256]; exists {
246 singleDigest[HashAlgoSHA256] = digest
247 } else if digest, exists := release.Digests[HashAlgoSHA512]; exists {
248 singleDigest[HashAlgoSHA512] = digest
249 } else if digest, exists := release.Digests[HashAlgoBLAKE2b256]; exists {
250 singleDigest[HashAlgoBLAKE2b256] = digest
252 singleDigest = release.Digests
254 release.Digests = singleDigest
257 err = HTMLReleasesTmpl.Execute(&buf, struct {
258 RefreshURLPath string
260 Releases []*PkgReleaseInfo
262 RefreshURLPath: *RefreshURLPath,
267 log.Println("error", r.RemoteAddr, "list", pkgName, err)
268 http.Error(w, err.Error(), http.StatusInternalServerError)
271 w.Header().Set("X-PyPI-Last-Serial", strconv.FormatInt(serial, 10))
273 w.Write([]byte(fmt.Sprintf("<!--SERIAL %d-->\n", serial)))