]> Cypherpunks.ru repositories - gocheese.git/blobdiff - doc/storage.texi
projects / gocheese.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Various typos and additions
[gocheese.git] / doc / storage.texi
diff --git a/doc/storage.texi b/doc/storage.texi
index 46e35bcc7d7c88db059de78619f2a4c3cd47381c..87e4101ef9a2dad818d7146dd7bb762fe0ad46b5 100644 (file)
--- a/doc/storage.texi
+++ b/doc/storage.texi
@@ -6,17 +6,21 @@ Root directory has the following hierarchy:
 @verbatim
 root
   +-- public-package
+  |     +- .metadata.rec
   |     +- public-package-0.1.tar.gz.md5
   |     +- public-package-0.1.tar.gz.blake2_256
   |     +- public-package-0.1.1.tar.gz.blake2_256
   |     +- public-package-0.2.tar.gz
   |     +- public-package-0.2.tar.gz.asc
   |     +- public-package-0.2.tar.gz.sha256
+  |     +- public-package-0.2.tar.gz.blake2_256
   +-- private-package
   |     +- .internal
+  |     +- .metadata.rec
   |     +- private-package-0.1.tar.gz
   |     +- private-package-0.1.tar.gz.asc
   |     +- private-package-0.1.tar.gz.sha256
+  |     +- private-package-0.1.tar.gz.blake2_256
   |...
 @end verbatim
 
@@ -27,18 +31,26 @@ versions with checksums and write them in corresponding
 @file{.sha256}, @file{.blake2_256}, @file{.sha512}, @file{.md5} files.
 However no package package tarball is downloaded.
 
+If JSON API is enabled, then metadata is also downloaded and stored in
+@file{.metadata.rec} @url{https://www.gnu.org/software/recutils/, recfile}.
+It fully resembles structure of
+@url{https://packaging.python.org/specifications/core-metadata/, Core Metadata}.
+
 When you request for particular package version, then its tarball is
-downloaded and verified against the stored checksum. But SHA256 is
-forced to be stored and used later.
+downloaded and verified against the stored checksum. But SHA256 is then
+forcefully used later.
 
 For example @file{public-package} has @code{0.1} version, downloaded a
 long time ago with MD5 checksum. @code{0.1.1} version is downloaded more
 recently with BLAKE2b-256 checksum, also storing that checksum for
 @code{0.1}. @code{0.2} version is downloaded tarball, having forced
-SHA256 recalculated checksum. Also upstream has corresponding
-@file{.asc} signature file.
+SHA256 and BLAKE2b-256 recalculated checksums. Also upstream has
+corresponding @file{.asc} signature file.
 
 @file{private-package} is private package, because it contains
 @file{.internal} file. It can be uploaded and queries to it are not
-proxied to upstream PyPI. You have to create it manually. If you upload
-GPG signature, then it will be also stored.
+proxied to upstream PyPI. You have to create it manually.
+
+Each packages release file has @code{mtime} set to its upload time.
+Package's serial is a sum of @code{mtime}s of the directory and
+@file{.metadata.rec} (if it exists).
Python private package repository and caching proxy