\input texinfo
-@documentencoding UTF-8
@settitle GoCheese
@copying
-Copyright @copyright{} 2019-2021 @email{stargrave@@stargrave.org, Sergey Matveev}
+Copyright @copyright{} 2019-2024 @email{stargrave@@stargrave.org, Sergey Matveev}
@end copying
@node Top
@item proxying and caching of missing packages from upstream
@url{https://pypi.org/, PyPI}, conforming to
@url{https://www.python.org/dev/peps/pep-0503/, PEP-0503}
- (Simple Repository API)
+ (Simple Repository API) and
+ @url{https://warehouse.pypa.io/api-reference/json.html, JSON API}
@item hosting of private locally uploaded packages, conforming to
@url{https://warehouse.pypa.io/api-reference/legacy/, Warehouse Legacy API}
@end itemize
files per package. Package deletion, renaming, making it uploadable
(private) is done with simple @command{mkdir}, @command{touch}, etc
commands
-@item Just single statically compiled Go binary
+@item Just single statically compiled Go binary, UCSPI-TCP compatibility,
+ high performance (including HTTP/2, keepalives and TLS session resumption)
@item No configuration file, but several simple command line arguments
@item Consistency (because of atomic synced operations) and integrity
- (because of SHA256 checksums stored nearby)
+ (because of cryptographic checksums stored nearby)
+@item Package's metadata and created times storing for uploaded and
+ proxied packages
@end itemize
Initially it was created as a fork of
@url{https://github.com/c4s4/cheeseshop, cheeseshop},
-but nearly all the code was rewritten. It has huge differences:
+but nearly all the code was rewritten. It is aimed to be replacement for
+@command{PyShop} lacking huge quantity of features, reliability and
+consistency guarantees, workability without deprecated XML-RPC API, and
+suffering performance.
@itemize
-@item Proxying and caching of missing packages, including GPG signatures
-@item @url{https://pythonwheels.com/, Wheel} uploading support
-@item Integrity check of proxied packages: MD5, SHA256, SHA512, BLAKE2b-256
-@item SHA256 checksums for stored packages
-@item Verifying of SHA256 checksum for uploaded packages
-@item Ability to authenticate upstream PyPI by its X.509 certificate's SPKI hash
-@item Storing of uploaded GPG signatures
-@item Secure Argon2i (or SHA256) stored passwords hashing
-@item No YAML configuration, just command-line arguments
-@item No package overwriting ability (as PyPI does too)
-@item Graceful HTTP-server shutdown
-@item Atomic packages store on filesystem
-@item @url{https://cr.yp.to/ucspi-tcp.html, UCSPI-TCP} compatible mode
+
+@item Supports proxying and caching of non-internal packages from the
+upstream PyPI installation.
+
+@item Supports uploading of internal packages through the standard
+Warehouse API, including signatures, metadata and checksums.
+
+@item Supports @url{https://pythonwheels.com/, wheels},
+@url{https://packaging.python.org/specifications/core-metadata/, Metadata}
+with @url{https://www.python.org/dev/peps/pep-0566/, PEP-0566} compatible
+conversion to JSON, multiple (MD5, SHA256, SHA512, BLAKE2b-256) integrity
+checksums storing and verifying during uploading and proxying.
+
+@item Supports Simple and JSON APIs, being able to replace PyPI for all
+downstream clients.
+
+@item Stores package's creation time with solicitude as @code{mtime},
+giving it in HTTP headers and JSON API.
+
+@item TLS and HTTP/2 capable transport to the upstream, with enabled
+keepalives and session resumption TLS tickets. Graceful HTTP server
+shutdown. Can work as a @url{https://cr.yp.to/ucspi-tcp.html, UCSPI-TCP}
+service.
+
+@item Atomic and @code{fsync}ed reliable and consistent updates to the
+filesystem.
+
+@item Has ability to authenticate upstream PyPI by its X.509
+certificate's SPKI hash.
+
+@item User authentication supports passwords either hashed with SHA256
+or strengthened with @url{https://datatracker.ietf.org/doc/html/rfc9106, Argon2i}.
+
@end itemize
Also it contains @file{contrib/pyshop2packages.sh} migration script for
@url{https://www.gnu.org/philosophy/free-sw.html, free software}
licenced under @url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3}.
-Please send questions, bug reports and patches to @url{gocheese@@cypherpunks.ru}.
+Please send questions, bug reports and patches to @url{mailto:gocheese@@cypherpunks.ru}.
@insertcopying
-@menu
-* Install::
-* Usage::
-* Password authentication: Passwords.
-* UCSPI-TCP::
-* TLS support: TLS.
-* Storage format: Storage.
-@end menu
-
@include install.texi
@include usage.texi
@include passwords.texi
-@include ucspi.texi
@include tls.texi
@include storage.texi