]> Cypherpunks.ru repositories - gocheese.git/blobdiff - doc/storage.texi
projects / gocheese.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
More convenient trusted-host
[gocheese.git] / doc / storage.texi
diff --git a/doc/storage.texi b/doc/storage.texi
index 215db8ddb5d346f375c065078e41a9ad4fbab336..d549f512d20804aae20d6311b05d98a6de641867 100644 (file)
--- a/doc/storage.texi
+++ b/doc/storage.texi
@@ -8,17 +8,17 @@ root
   +-- public-package
   |     +- .metadata.rec
   |     +- public-package-0.1.tar.gz.md5
-  |     +- public-package-0.1.tar.gz.blake2_256
-  |     +- public-package-0.1.1.tar.gz.blake2_256
+  |     +- public-package-0.1.tar.gz.blake2b_256
+  |     +- public-package-0.1.1.tar.gz.blake2b_256
   |     +- public-package-0.2.tar.gz
-  |     +- public-package-0.2.tar.gz.asc
   |     +- public-package-0.2.tar.gz.sha256
+  |     +- public-package-0.2.tar.gz.blake2b_256
   +-- private-package
   |     +- .internal
   |     +- .metadata.rec
   |     +- private-package-0.1.tar.gz
-  |     +- private-package-0.1.tar.gz.asc
   |     +- private-package-0.1.tar.gz.sha256
+  |     +- private-package-0.1.tar.gz.blake2b_256
   |...
 @end verbatim
 
@@ -26,12 +26,13 @@ Each directory is a normalized package name. When you try to list non
 existent directory contents (you are downloading package you have not
 seen before), then GoCheese will download information about package's
 versions with checksums and write them in corresponding
-@file{.sha256}, @file{.blake2_256}, @file{.sha512}, @file{.md5} files.
+@file{.sha256}, @file{.blake2b_256}, @file{.sha512}, @file{.md5} files.
 However no package package tarball is downloaded.
 
-If JSON API is enabled, them metadata is also downloaded and stored in
+If JSON API is enabled, then metadata is also downloaded and stored in
 @file{.metadata.rec} @url{https://www.gnu.org/software/recutils/, recfile}.
-It fully resembles Core Metadata structure.
+It fully resembles structure of
+@url{https://packaging.python.org/specifications/core-metadata/, Core Metadata}.
 
 When you request for particular package version, then its tarball is
 downloaded and verified against the stored checksum. But SHA256 is then
@@ -41,12 +42,12 @@ For example @file{public-package} has @code{0.1} version, downloaded a
 long time ago with MD5 checksum. @code{0.1.1} version is downloaded more
 recently with BLAKE2b-256 checksum, also storing that checksum for
 @code{0.1}. @code{0.2} version is downloaded tarball, having forced
-SHA256 recalculated checksum. Also upstream has corresponding
-@file{.asc} signature file.
+SHA256 and BLAKE2b-256 recalculated checksums.
 
 @file{private-package} is private package, because it contains
 @file{.internal} file. It can be uploaded and queries to it are not
-proxied to upstream PyPI. You have to create it manually. If you upload
-GPG signature, then it will be also stored.
+proxied to upstream PyPI. You have to create it manually.
 
 Each packages release file has @code{mtime} set to its upload time.
+Package's serial is a sum of @code{mtime}s of the directory and
+@file{.metadata.rec} (if it exists).
Python private package repository and caching proxy