twine upload
--repository-url http://gocheese.host:8080/simple/ \
--username spam \
- --password foo dist/tarball.tar.gz
+ --passwd foo dist/tarball.tar.gz
+
+You have to store your authentication data in a file (specified
+with -passwd option) with following format:
+
+ username:hashed-password
+
+Supported hashing algorithms are sha256 and Argon2i.
+It's recommended to use Argon2i.
+
+To get Argon2i hashed-password you can use any of following tools:
+
+ https://github.com/balakhonova/argon2i (Go)
+ https://github.com/p-h-c/phc-winner-argon2 (C)
+
+To get SHA256 hashed-password you can use your operating system tools:
+
+ echo -n 'password' | sha256 - for BSD-based systems
+ echo -n 'password' | sha256sum - for Linux-based systems
+
+For example user "foo" with password "bar" can have the following
+hashed passwords:
+
+ foo:$sha256$fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9
+ foo:$argon2i$v=19$m=32768,t=3,p=4$OGU5MTM3YjVlYzQwZjhkZA$rVn53v6Ckpf7WH0676ZQLr9Hbm6VH3YnL6I9ONJcIIU
Root directory has the following hierarchy:
* no TLS support
* no YAML configuration, just command-line arguments
* no package overwriting ability
-* no MD5-hashed passwords
* atomic packages store on filesystem
* proxying and caching of missing packages
* SHA256-checksummed packages (both uploaded and proxied one)