X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=README;h=494f25ef6da81ea9b034d16cb3f162827263a9dc;hb=f09b230b51e78ab5e25bc5e39b2d0e6162af9ef2;hp=643279ca63f643d7d8c2dea550b4bb1807ec1ac6;hpb=bb73b0ffb472af0f90676aa24fd092475485565e;p=gocheese.git diff --git a/README b/README index 643279c..494f25e 100644 --- a/README +++ b/README @@ -18,12 +18,31 @@ You can upload packages to it with twine: --username spam \ --passwd foo dist/tarball.tar.gz +-refresh URL behaves the same way as -simple one, but is always +refreshes package versions from PyPI when listing it. You can use it to +forcefully update package version. + +Initially it was created as a fork of https://github.com/c4s4/cheeseshop, +but nearly all the code was rewritten. It has huge differences: + +* no TLS support +* no YAML configuration, just command-line arguments +* no package overwriting ability +* atomic packages store on filesystem +* proxying and caching of missing packages +* SHA256-checksummed packages (both uploaded and proxied one) + +GoCheese is free software: see the file COPYING for copying conditions. + + Password authentication + ======================= + You have to store your authentication data in a file (specified with -passwd option) with following format: username:hashed-password -Supported hashing algorithms are sha256 and Argon2i. +Supported hashing algorithms are SHA256 and Argon2i. It's recommended to use Argon2i. To get Argon2i hashed-password you can use any of following tools: @@ -33,8 +52,10 @@ To get Argon2i hashed-password you can use any of following tools: To get SHA256 hashed-password you can use your operating system tools: - echo -n 'password' | sha256 - for BSD-based systems - echo -n 'password' | sha256sum - for Linux-based systems + # BSD-based systems: + $ echo -n 'password' | sha256 + # GNU/Linux-based systems + $ echo -n 'password' | sha256sum For example user "foo" with password "bar" can have the following hashed passwords: @@ -42,6 +63,16 @@ hashed passwords: foo:$sha256$fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9 foo:$argon2i$v=19$m=32768,t=3,p=4$OGU5MTM3YjVlYzQwZjhkZA$rVn53v6Ckpf7WH0676ZQLr9Hbm6VH3YnL6I9ONJcIIU +While daemon working you can refresh -passwd file with SIGHUP: + + $ kill -HUP `pidof gocheese` + +Before refreshing it's recommended to check -passwd file with -passwd-check +option to prevent daemon failure. + + On-disk storage format + ====================== + Root directory has the following hierarchy: root @@ -64,19 +95,3 @@ tarball is really downloaded and verified against the checksum. For example in the root directory above we have downloaded only public-package-0.2. Private packages contain .private file, indicating that it must not be asked in PyPI if required version is missing. - --refresh URL behaves the same way as -simple one, but is always -refreshes package versions from PyPI when listing it. You can use it to -forcefully update package version. - -Initially it was created as a fork of https://github.com/c4s4/cheeseshop, -but nearly all the code was rewritten. It has huge differences: - -* no TLS support -* no YAML configuration, just command-line arguments -* no package overwriting ability -* atomic packages store on filesystem -* proxying and caching of missing packages -* SHA256-checksummed packages (both uploaded and proxied one) - -GoCheese is free software: see the file COPYING for copying conditions.