GoCheese is Python private package repository and caching proxy.
-
-It serves two purposes:
-
-* hosting of private locally uploaded packages
- (conforming to PEP-0503 (Simple Repository API))
-* proxying and caching of missing packages from upstream PyPI
-
-To use it, just configure your pip.conf:
-
- [install]
- index-url = http://gocheese.host:8080/simple/
-
-You can upload packages to it with twine:
-
- twine upload
- --repository-url http://gocheese.host:8080/simple/ \
- --username spam \
- --passwd foo dist/tarball.tar.gz
-
-You have to store your authentication data in a file (specified
-with -passwd option) with following format:
-
- username:hashed-password
-
-Supported hashing algorithms are SHA256 and Argon2i.
-It's recommended to use Argon2i.
-
-To get Argon2i hashed-password you can use any of following tools:
-
- https://github.com/balakhonova/argon2i (Go)
- https://github.com/p-h-c/phc-winner-argon2 (C)
-
-To get SHA256 hashed-password you can use your operating system tools:
-
- echo -n 'password' | sha256 - for BSD-based systems
- echo -n 'password' | sha256sum - for Linux-based systems
-
-For example user "foo" with password "bar" can have the following
-hashed passwords:
-
- foo:$sha256$fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9
- foo:$argon2i$v=19$m=32768,t=3,p=4$OGU5MTM3YjVlYzQwZjhkZA$rVn53v6Ckpf7WH0676ZQLr9Hbm6VH3YnL6I9ONJcIIU
-
-Root directory has the following hierarchy:
-
- root
- +-- public-package
- | +- public-package-0.1.tar.gz.sha256
- | +- public-package-0.2.tar.gz
- | +- public-package-0.2.tar.gz.sha256
- +-- private-package
- | +- .private
- | +- private-package-0.1.tar.gz
- | +- private-package-0.1.tar.gz.sha256
- |...
-
-Each directory is a package name. When you trie to list unexistent
-directory contents (you are downloading package you have not seen
-before), then GoCheese will download all its package versions with
-checksums and write then in .sha256 files. So you know what versions are
-available at the moment. When you asks for particular package, then its
-tarball is really downloaded and verified against the checksum. For
-example in the root directory above we have downloaded only
-public-package-0.2. Private packages contain .private file, indicating
-that it must not be asked in PyPI if required version is missing.
-
--refresh URL behaves the same way as -simple one, but is always
-refreshes package versions from PyPI when listing it. You can use it to
-forcefully update package version.
-
-Initially it was created as a fork of https://github.com/c4s4/cheeseshop,
-but nearly all the code was rewritten. It has huge differences:
-
-* no TLS support
-* no YAML configuration, just command-line arguments
-* no package overwriting ability
-* atomic packages store on filesystem
-* proxying and caching of missing packages
-* SHA256-checksummed packages (both uploaded and proxied one)
-
-GoCheese is free software: see the file COPYING for copying conditions.
+See doc/gocheese.info and INSTALL for more documentation.