--username spam \
--passwd foo dist/tarball.tar.gz
+-refresh URL behaves the same way as -simple one, but is always
+refreshes package versions from PyPI when listing it. You can use it to
+forcefully update package version.
+
+Initially it was created as a fork of https://github.com/c4s4/cheeseshop,
+but nearly all the code was rewritten. It has huge differences:
+
+* no TLS support
+* no YAML configuration, just command-line arguments
+* no package overwriting ability
+* atomic packages store on filesystem
+* proxying and caching of missing packages
+* SHA256-checksummed packages (both uploaded and proxied one)
+
+GoCheese is free software: see the file COPYING for copying conditions.
+
+ Password authentication
+ =======================
+
You have to store your authentication data in a file (specified
with -passwd option) with following format:
username:hashed-password
-Supported hashing algorithms are sha256 and Argon2i.
+Supported hashing algorithms are SHA256 and Argon2i.
It's recommended to use Argon2i.
To get Argon2i hashed-password you can use any of following tools:
To get SHA256 hashed-password you can use your operating system tools:
- echo -n 'password' | sha256 - for BSD-based systems
- echo -n 'password' | sha256sum - for Linux-based systems
+ # BSD-based systems:
+ $ echo -n 'password' | sha256
+ # GNU/Linux-based systems
+ $ echo -n 'password' | sha256sum
For example user "foo" with password "bar" can have the following
hashed passwords:
foo:$sha256$fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9
foo:$argon2i$v=19$m=32768,t=3,p=4$OGU5MTM3YjVlYzQwZjhkZA$rVn53v6Ckpf7WH0676ZQLr9Hbm6VH3YnL6I9ONJcIIU
+While daemon working you can refresh -passwd file with SIGHUP:
+
+ $ kill -HUP `pidof gocheese`
+
+Before refreshing it's recommended to check -passwd file with -passwd-check
+option to prevent daemon failure
+
+ On-disk storage format
+ ======================
+
Root directory has the following hierarchy:
root
example in the root directory above we have downloaded only
public-package-0.2. Private packages contain .private file, indicating
that it must not be asked in PyPI if required version is missing.
-
--refresh URL behaves the same way as -simple one, but is always
-refreshes package versions from PyPI when listing it. You can use it to
-forcefully update package version.
-
-Initially it was created as a fork of https://github.com/c4s4/cheeseshop,
-but nearly all the code was rewritten. It has huge differences:
-
-* no TLS support
-* no YAML configuration, just command-line arguments
-* no package overwriting ability
-* atomic packages store on filesystem
-* proxying and caching of missing packages
-* SHA256-checksummed packages (both uploaded and proxied one)
-
-GoCheese is free software: see the file COPYING for copying conditions.