\input texinfo
@settitle GoCheese

@copying
Copyright @copyright{} 2019-2024 @email{stargrave@@stargrave.org, Sergey Matveev}
@end copying

@node Top
@top GoCheese

GoCheese is Python private package repository and caching proxy.

It serves two purposes:

@itemize
@item proxying and caching of missing packages from upstream
    @url{https://pypi.org/, PyPI}, conforming to
    @url{https://www.python.org/dev/peps/pep-0503/, PEP-0503}
    (Simple Repository API) and
    @url{https://warehouse.pypa.io/api-reference/json.html, JSON API}
@item hosting of private locally uploaded packages, conforming to
    @url{https://warehouse.pypa.io/api-reference/legacy/, Warehouse Legacy API}
@end itemize

Why could you like it and how it can be better to fit your needs?

@itemize
@item No database required. Only filesystem storage with few simple
    files per package. Package deletion, renaming, making it uploadable
    (private) is done with simple @command{mkdir}, @command{touch}, etc
    commands
@item Just single statically compiled Go binary, UCSPI-TCP compatibility,
    high performance (including HTTP/2, keepalives and TLS session resumption)
@item No configuration file, but several simple command line arguments
@item Consistency (because of atomic synced operations) and integrity
    (because of cryptographic checksums stored nearby)
@item Package's metadata and created times storing for uploaded and
    proxied packages
@end itemize

Initially it was created as a fork of
@url{https://github.com/c4s4/cheeseshop, cheeseshop},
but nearly all the code was rewritten. It is aimed to be replacement for
@command{PyShop} lacking huge quantity of features, reliability and
consistency guarantees, workability without deprecated XML-RPC API, and
suffering performance.

@itemize

@item Supports proxying and caching of non-internal packages from the
upstream PyPI installation.

@item Supports uploading of internal packages through the standard
Warehouse API, including signatures, metadata and checksums.

@item Supports @url{https://pythonwheels.com/, wheels},
@url{https://packaging.python.org/specifications/core-metadata/, Metadata}
with @url{https://www.python.org/dev/peps/pep-0566/, PEP-0566} compatible
conversion to JSON, multiple (MD5, SHA256, SHA512, BLAKE2b-256) integrity
checksums storing and verifying during uploading and proxying.

@item Supports Simple and JSON APIs, being able to replace PyPI for all
downstream clients.

@item Stores package's creation time with solicitude as @code{mtime},
giving it in HTTP headers and JSON API.

@item TLS and HTTP/2 capable transport to the upstream, with enabled
keepalives and session resumption TLS tickets. Graceful HTTP server
shutdown. Can work as a @url{https://cr.yp.to/ucspi-tcp.html, UCSPI-TCP}
service.

@item Atomic and @code{fsync}ed reliable and consistent updates to the
filesystem.

@item Has ability to authenticate upstream PyPI by its X.509
certificate's SPKI hash.

@item User authentication supports passwords either hashed with SHA256
or strengthened with @url{https://datatracker.ietf.org/doc/html/rfc9106, Argon2i}.

@end itemize

Also it contains @file{contrib/pyshop2packages.sh} migration script for
converting @url{https://pypi.org/project/pyshop/, Pyshop} database into
GoCheese one, including private packages.

GoCheese is
@url{https://www.gnu.org/philosophy/pragmatic.html, copylefted}
@url{https://www.gnu.org/philosophy/free-sw.html, free software}
licenced under @url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3}.

Please send questions, bug reports and patches to @url{mailto:gocheese@@cypherpunks.ru}.

@insertcopying

@include install.texi
@include usage.texi
@include passwords.texi
@include tls.texi
@include storage.texi

@bye