]> Cypherpunks.ru repositories - gocheese.git/blobdiff - doc/storage.texi
projects / gocheese.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
More convenient trusted-host
[gocheese.git] / doc / storage.texi
diff --git a/doc/storage.texi b/doc/storage.texi
index 46e35bcc7d7c88db059de78619f2a4c3cd47381c..d549f512d20804aae20d6311b05d98a6de641867 100644 (file)
--- a/doc/storage.texi
+++ b/doc/storage.texi
@@ -6,17 +6,19 @@ Root directory has the following hierarchy:
 @verbatim
 root
   +-- public-package
+  |     +- .metadata.rec
   |     +- public-package-0.1.tar.gz.md5
-  |     +- public-package-0.1.tar.gz.blake2_256
-  |     +- public-package-0.1.1.tar.gz.blake2_256
+  |     +- public-package-0.1.tar.gz.blake2b_256
+  |     +- public-package-0.1.1.tar.gz.blake2b_256
   |     +- public-package-0.2.tar.gz
-  |     +- public-package-0.2.tar.gz.asc
   |     +- public-package-0.2.tar.gz.sha256
+  |     +- public-package-0.2.tar.gz.blake2b_256
   +-- private-package
   |     +- .internal
+  |     +- .metadata.rec
   |     +- private-package-0.1.tar.gz
-  |     +- private-package-0.1.tar.gz.asc
   |     +- private-package-0.1.tar.gz.sha256
+  |     +- private-package-0.1.tar.gz.blake2b_256
   |...
 @end verbatim
 
@@ -24,21 +26,28 @@ Each directory is a normalized package name. When you try to list non
 existent directory contents (you are downloading package you have not
 seen before), then GoCheese will download information about package's
 versions with checksums and write them in corresponding
-@file{.sha256}, @file{.blake2_256}, @file{.sha512}, @file{.md5} files.
+@file{.sha256}, @file{.blake2b_256}, @file{.sha512}, @file{.md5} files.
 However no package package tarball is downloaded.
 
+If JSON API is enabled, then metadata is also downloaded and stored in
+@file{.metadata.rec} @url{https://www.gnu.org/software/recutils/, recfile}.
+It fully resembles structure of
+@url{https://packaging.python.org/specifications/core-metadata/, Core Metadata}.
+
 When you request for particular package version, then its tarball is
-downloaded and verified against the stored checksum. But SHA256 is
-forced to be stored and used later.
+downloaded and verified against the stored checksum. But SHA256 is then
+forcefully used later.
 
 For example @file{public-package} has @code{0.1} version, downloaded a
 long time ago with MD5 checksum. @code{0.1.1} version is downloaded more
 recently with BLAKE2b-256 checksum, also storing that checksum for
 @code{0.1}. @code{0.2} version is downloaded tarball, having forced
-SHA256 recalculated checksum. Also upstream has corresponding
-@file{.asc} signature file.
+SHA256 and BLAKE2b-256 recalculated checksums.
 
 @file{private-package} is private package, because it contains
 @file{.internal} file. It can be uploaded and queries to it are not
-proxied to upstream PyPI. You have to create it manually. If you upload
-GPG signature, then it will be also stored.
+proxied to upstream PyPI. You have to create it manually.
+
+Each packages release file has @code{mtime} set to its upload time.
+Package's serial is a sum of @code{mtime}s of the directory and
+@file{.metadata.rec} (if it exists).
Python private package repository and caching proxy