X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=gocheese.texi;h=587e9431cc02846c4720ca1e8db9b9cc15dfc157;hb=0f9f81e55a5db0fa50b539554b078ae4ffdb29bd;hp=626c0e37c1611bcc76dc856d4e2c936dc7dd96da;hpb=646b1d3a001326dd6b9c6d60c3dbaa5a4d25361f;p=gocheese.git

diff --git a/gocheese.texi b/gocheese.texi
index 626c0e3..587e943 100644
--- a/gocheese.texi
+++ b/gocheese.texi
@@ -3,7 +3,7 @@
 @settitle GoCheese
 
 @copying
-Copyright @copyright{} 2019 @email{stargrave@@stargrave.org, Sergey Matveev}
+Copyright @copyright{} 2019-2021 @email{stargrave@@stargrave.org, Sergey Matveev}
 @end copying
 
 @node Top
@@ -22,6 +22,19 @@ It serves two purposes:
     @url{https://warehouse.pypa.io/api-reference/legacy/, Warehouse Legacy API}
 @end itemize
 
+Why could you like it and how it can be better to fit your needs?
+
+@itemize
+@item No database required. Only filesystem storage with few simple
+    files per package. Package deletion, renaming, making it uploadable
+    (private) is done with simple @command{mkdir}, @command{touch}, etc
+    commands
+@item Just single statically compiled Go binary
+@item No configuration file, but several simple command line arguments
+@item Consistency (because of atomic synced operations) and integrity
+    (because of SHA256 checksums stored nearby)
+@end itemize
+
 Initially it was created as a fork of
 @url{https://github.com/c4s4/cheeseshop, cheeseshop},
 but nearly all the code was rewritten. It has huge differences:
@@ -32,6 +45,7 @@ but nearly all the code was rewritten. It has huge differences:
 @item Integrity check of proxied packages: MD5, SHA256, SHA512, BLAKE2b-256
 @item SHA256 checksums for stored packages
 @item Verifying of SHA256 checksum for uploaded packages
+@item Ability to authenticate upstream PyPI with its X.509 certificate's hash
 @item Storing of uploaded GPG signatures
 @item Secure Argon2i (or SHA256) stored passwords hashing
 @item No YAML configuration, just command-line arguments
@@ -40,37 +54,38 @@ but nearly all the code was rewritten. It has huge differences:
 @item Atomic packages store on filesystem
 @end itemize
 
-Also it contains @file{pyshop2packages.sh} migration script for
+Also it contains @file{contrib/pyshop2packages.sh} migration script for
 converting @url{https://pypi.org/project/pyshop/, Pyshop} database into
 GoCheese one, including private packages.
 
-GoCheese is free software, licenced under
-@url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3}:
-see the file COPYING for copying conditions.
+GoCheese is
+@url{https://www.gnu.org/philosophy/pragmatic.html, copylefted}
+@url{https://www.gnu.org/philosophy/free-sw.html, free software}
+licenced under @url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3}.
 
 Please send questions, bug reports and patches to @url{gocheese@@cypherpunks.ru}.
 
 @insertcopying
 
 @menu
-* Download::
+* Install::
 * Usage::
 * Password authentication: Passwords.
 * TLS support: TLS.
 * Storage format: Storage.
 @end menu
 
-@include download.texi
+@include install.texi
 
 @node Usage
 @unnumbered Usage
 
 To use it for download purposes, just configure your @file{pip.conf}:
 
-@verbatim
+@example
 [install]
 index-url = http://gocheese.host:8080/simple/
-@end verbatim
+@end example
 
 @option{-refresh} URL (@code{/simple/} by default) automatically
 refreshes metainformation (available versions and their checksums)
@@ -83,21 +98,21 @@ package files.
 
 You can upload packages to it with @url{https://pypi.org/project/twine/, twine}:
 
-@verbatim
+@example
 twine upload
     --repository-url http://gocheese.host:8080/simple/ \
     --username spam \
     --password foo dist/tarball.tar.gz
-@end verbatim
+@end example
 
 Or you can store it permanently in @file{.pypirc}:
 
-@verbatim
+@example
 [pypi]
 repository: https://gocheese.host/simple/
 username: spam
 password: foo
-@end verbatim
+@end example
 
 If @command{twine} sends SHA256 checksum in the request, then uploaded
 file is checked against it.
@@ -106,6 +121,9 @@ Pay attention that you have to manually create corresponding private
 package directory! You are not allowed to upload anything explicitly
 flagged as internal package.
 
+It is advisable to run GoCheese under some kind of
+@url{http://cr.yp.to/daemontools.html, daemontools}.
+
 @node Passwords
 @unnumbered Password authentication
 
@@ -113,9 +131,9 @@ Password authentication is required for packages uploading.
 You have to store your authentication data in @option{-passwd} file in
 following format:
 
-@verbatim
+@example
 username:hashed-password
-@end verbatim
+@end example
 
 Empty lines and having @verb{|#|} at the beginning are skipped.
 
@@ -126,8 +144,8 @@ Supported hashing algorithms are:
 @item @url{https://www.argon2i.com/, Argon2i} (recommended one!)
     To get Argon2i hashed-password you can use any of following tools:
     @itemize
-    @item @url{https://github.com/balakhonova/argon2i,
-        go get github.com/balakhonova/argon2i} (Go)
+    @item go get @url{https://github.com/balakhonova/argon2i,
+        github.com/balakhonova/argon2i} (Go)
     @item @url{https://github.com/p-h-c/phc-winner-argon2} (C)
     @end itemize
     Example user @code{foo} with password @code{bar} can have the
@@ -140,13 +158,14 @@ foo:$argon2i$v=19$m=32768,t=3,p=4$OGU5MTM3YjVlYzQwZjhkZA$rVn53v6Ckpf7WH0676ZQLr9
 @item SHA256
     You can use your operating system tools:
 
-@verbatim
+@example
 # BSD-based systems:
 $ echo -n "password" | sha256
 
 # GNU/Linux-based systems
 $ echo -n "password" | sha256sum
-@end verbatim
+@end example
+
     Example user @code{foo} with password @code{bar} will have the
     following password file entry:
 
@@ -158,10 +177,11 @@ foo:$sha256$fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9
 
 You can refresh passwords by sending @code{SIGHUP} signal to the working daemon:
 
-@verbatim
+@example
 $ pkill -HUP gocheese
 $ kill -HUP `pidof gocheese`
-@end verbatim
+$ svc -h /var/service/gocheese
+@end example
 
 Before refreshing it's recommended to check @option{-passwd} file with
 @option{-passwd-check} option to prevent daemon failure.
@@ -175,7 +195,7 @@ negotiation, Keep-Alives, modern ciphersuites and ECC.
 
 For example generate some self-signed certificate using GnuTLS toolset:
 
-@verbatim
+@example
 $ certtool --generate-privkey --ecc --outfile prv.pem
 $ cert_template=`mktemp`
 $ echo cn=gocheese.host > $cert_template
@@ -186,7 +206,7 @@ $ certtool \
     --outfile=cert.pem
 $ rm $cert_template
 $ gocheese -tls-cert cert.pem -tls-key prv.pem [...]
-@end verbatim
+@end example
 
 @node Storage
 @unnumbered Storage format