Metadata, mtime support. Massive refactoring

[gocheese.git] / doc / storage.texi

diff --git a/doc/storage.texi b/doc/storage.texi
index 46e35bcc7d7c88db059de78619f2a4c3cd47381c..215db8ddb5d346f375c065078e41a9ad4fbab336 100644 (file)
--- a/doc/storage.texi
+++ b/doc/storage.texi
@@ -6,6 +6,7 @@ Root directory has the following hierarchy:
 @verbatim
 root
   +-- public-package
+  |     +- .metadata.rec
   |     +- public-package-0.1.tar.gz.md5
   |     +- public-package-0.1.tar.gz.blake2_256
   |     +- public-package-0.1.1.tar.gz.blake2_256
@@ -14,6 +15,7 @@ root
   |     +- public-package-0.2.tar.gz.sha256
   +-- private-package
   |     +- .internal
+  |     +- .metadata.rec
   |     +- private-package-0.1.tar.gz
   |     +- private-package-0.1.tar.gz.asc
   |     +- private-package-0.1.tar.gz.sha256
@@ -27,9 +29,13 @@ versions with checksums and write them in corresponding
 @file{.sha256}, @file{.blake2_256}, @file{.sha512}, @file{.md5} files.
 However no package package tarball is downloaded.
 
+If JSON API is enabled, them metadata is also downloaded and stored in
+@file{.metadata.rec} @url{https://www.gnu.org/software/recutils/, recfile}.
+It fully resembles Core Metadata structure.
+
 When you request for particular package version, then its tarball is
-downloaded and verified against the stored checksum. But SHA256 is
-forced to be stored and used later.
+downloaded and verified against the stored checksum. But SHA256 is then
+forcefully used later.
 
 For example @file{public-package} has @code{0.1} version, downloaded a
 long time ago with MD5 checksum. @code{0.1.1} version is downloaded more
@@ -42,3 +48,5 @@ SHA256 recalculated checksum. Also upstream has corresponding
 @file{.internal} file. It can be uploaded and queries to it are not
 proxied to upstream PyPI. You have to create it manually. If you upload
 GPG signature, then it will be also stored.
+
+Each packages release file has @code{mtime} set to its upload time.