X-Git-Url: http://www.git.cypherpunks.ru/?p=gocheese.git;a=blobdiff_plain;f=gocheese.texi;h=e1a796681e268f8c574da77124faf303f10d81f4;hp=c671c000a729ddef54c041f6ab24a2ca1f28bdb4;hb=48325fb9a20dcc7fab91c6f3c86618e19057254e;hpb=673c17d507d6ee68bab9a126b8948a1f6334365a diff --git a/gocheese.texi b/gocheese.texi index c671c00..e1a7966 100644 --- a/gocheese.texi +++ b/gocheese.texi @@ -10,11 +10,12 @@ GoCheese is Python private package repository and caching proxy. It serves two purposes: @itemize -@item hosting of private locally uploaded packages (conforming to - @url{https://www.python.org/dev/peps/pep-0503/, PEP-0503} (Simple - Repository API)) @item proxying and caching of missing packages from upstream - @url{https://pypi.org/, PyPI} + @url{https://pypi.org/, PyPI}, conforming to + @url{https://www.python.org/dev/peps/pep-0503/, PEP-0503} + (Simple Repository API) +@item hosting of private locally uploaded packages, conforming to + @url{https://warehouse.pypa.io/api-reference/legacy/, Warehouse Legacy API} @end itemize Initially it was created as a fork of @@ -22,22 +23,29 @@ Initially it was created as a fork of but nearly all the code was rewritten. It has huge differences: @itemize -@item proxying and caching of missing packages +@item proxying and caching of missing packages, including GPG signatures +@item @url{https://pythonwheels.com/, Wheel} uploading support @item atomic packages store on filesystem -@item SHA256-checksummed packages (both uploaded and proxied one) +@item SHA256-checksummed packages: storing checksums, giving them back, + verifying stored files integrity, verifying checksum of uploaded + packaged @item graceful HTTP-server shutdown -@item no TLS support @item no YAML configuration, just command-line arguments @item no package overwriting ability (as PyPI does) @end itemize +Also it contains @file{pyshop2packages.sh} migration script for +converting @url{https://pypi.org/project/pyshop/, Pyshop} database into +GoCheese one, including private packages. + GoCheese is free software, licenced under -@url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3} conditions: +@url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3}: see the file COPYING for copying conditions. @menu * Usage:: * Password authentication: Passwords. +* TLS support: TLS. * Storage format: Storage. @end menu @@ -62,9 +70,16 @@ You can upload packages to it with twine upload --repository-url http://gocheese.host:8080/simple/ \ --username spam \ - --passwd foo dist/tarball.tar.gz + --password foo dist/tarball.tar.gz @end verbatim +If @command{twine} sends SHA256 checksum in the request, then uploaded +file is checked against it. + +@option{-gpgupdate} is useful mainly for migrated from Pyshop +repositories. It forces GPG signature files downloading for all existing +package files. + @node Passwords @unnumbered Password authentication @@ -125,6 +140,28 @@ $ kill -HUP `pidof gocheese` Before refreshing it's recommended to check @option{-passwd} file with @option{-passwd-check} option to prevent daemon failure. +@node TLS +@unnumbered TLS support + +You can enable TLS support by specifying PEM-encoded X.509 certificate +and private key files. Go's TLS implementation supports TLS 1.3, HTTP/2 +negotiation, Keep-Alives, modern ciphersuites and ECC. + +For example generate some self-signed certificate using GnuTLS toolset: + +@verbatim +$ certtool --generate-privkey --ecc --outfile prv.pem +$ cert_template=`mktemp` +$ echo cn=gocheese.host > $cert_template +$ certtool \ + --generate-self-signed \ + --load-privkey=prv.pem \ + --template $cert_template \ + --outfile=cert.pem +$ rm $cert_template +$ gocheese -tls-cert cert.pem -tls-key prv.pem [...] +@end verbatim + @node Storage @unnumbered Storage format