From: Sergey Matveev <stargrave@stargrave.org>
Date: Sun, 8 Dec 2019 16:39:29 +0000 (+0300)
Subject: Prepare for website
X-Git-Tag: v2.2.0^0
X-Git-Url: http://www.git.cypherpunks.ru/?p=gocheese.git;a=commitdiff_plain;h=646b1d3a001326dd6b9c6d60c3dbaa5a4d25361f

Prepare for website
---

diff --git a/.gitignore b/.gitignore
index 592ed2d..87d55b6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 gocheese
 gocheese.info
+gocheese.html
diff --git a/INSTALL b/INSTALL
index 843355a..0b69a6c 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,23 +1,28 @@
-    # or use https://git.cypherpunks.ru/git/gocheese.git
-    $ git clone --depth 1 --branch v2.1.0 git://git.cypherpunks.ru/gocheese.git
-    $ cd gocheese
-    $ git tag --verify v2.1.0
-    $ make
+Preferable way is to download tarball with the signature from
+website and, for example, run tests with benchmarks:
 
-gocheese binary and gocheese.info documentation should be built.
-Although you can also use:
+@verbatim
+$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz
+$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz.sig
+$ gpg --verify gocheese-2.2.0.tar.xz.sig gocheese-2.2.0.tar.xz
+$ xz -d < gocheese-2.2.0.tar.xz | tar xf -
+$ make -C gocheese-2.2.0 all test
+@end verbatim
 
-    go get go.cypherpunks.ru/gocheese
 
-but neither PGP-based authentication is performed, nor documentation build.
+You have to verify downloaded tarballs integrity and authenticity to be
+sure that you retrieved trusted and untampered software. GNU Privacy
+Guard is used for that purpose.
 
 For the very first time it is necessary to get signing public key and
-import it for verifying git's tag. Its fingerprint is:
+import it. It is provided below, but you should check alternative
+resources.
 
-    CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
+    pub   rsa2048/0xCD5CD01F55343D88 2019-12-08 [SC]
+          9B27640BA78437EC6D4ACA6CCD5CD01F55343D88
+    uid   GoCheese releases <gocheese@cypherpunks.ru>
 
-You can locate it using:
+    Look in PUBKEY.asc file.
 
-    $ gpg --auto-key-locate dane --locate-keys stargrave at stargrave dot org
-    $ gpg --auto-key-locate wkd --locate-keys stargrave at stargrave dot org
-    $ gpg --auto-key-locate wkd --locate-keys stargrave at gnupg dot net
+    $ gpg --auto-key-locate dane --locate-keys gocheese at cypherpunks dot ru
+    $ gpg --auto-key-locate wkd --locate-keys gocheese at cypherpunks dot ru
diff --git a/Makefile b/Makefile
index aa71341..3fdfbd4 100644
--- a/Makefile
+++ b/Makefile
@@ -1,13 +1,19 @@
 GO ?= go
 MAKEINFO ?= makeinfo
 
+GOPATH != pwd
 VERSION != cat VERSION
+
+MOD = go.cypherpunks.ru/gocheese/v2
 LDFLAGS = -X main.Version=$(VERSION)
 
 all: gocheese gocheese.info
 
-gocheese: gocheese.go
-	GOPATH=$(GOPATH) go build -ldflags "$(LDFLAGS)"
+gocheese:
+	GOPATH=$(GOPATH) go build -o gocheese -ldflags "$(LDFLAGS)" $(MOD)
 
 gocheese.info: gocheese.texi
 	$(MAKEINFO) -o $@ gocheese.texi
+
+test:
+	GOPATH=$(GOPATH) go test $(MOD)/...
diff --git a/PUBKEY.asc b/PUBKEY.asc
new file mode 100644
index 0000000..af4caff
--- /dev/null
+++ b/PUBKEY.asc
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBF3tH7gBCADIBL5PAJeqyNNlQ9qt+RweybmZn+qhvZkk88ud1iy0Suo3D1L0
+VA6MGOzOWtPG69iXVTsTBfasmXmP36fXgXgqqBz5fJgeaRkXo37b1d/FZlITPzne
+xpx6je2/sivNAGTHQJAvlfW5HeFkU16jb1lAoIMuLJ7UojkaJB8qahqO/L72+oAU
+D7Srz4ts513wMFLiYh/H7EIUVwuRA/2N2DwKNhZeWFwAux/9tM2VegjnanSneT+J
+ZMw2W1VDWYOtW33xMgDadq+ctKGe5jogt/o294T0q/scgEGHpqeyU1psSxX8+7gJ
+EU45QRM7hjR3v/LK3Bnjap/DPWT8/V0bsjVLABEBAAG0K0dvQ2hlZXNlIHJlbGVh
+c2VzIDxnb2NoZWVzZUBjeXBoZXJwdW5rcy5ydT6JAVcEEwEKAEECGwMMCwoJDQgM
+BwsDBAECBxUKCQgLAwIFFgIBAwACHgECF4AWIQSbJ2QLp4Q37G1KymzNXNAfVTQ9
+iAUCXe0f3AAKCRDNXNAfVTQ9iPK7B/4hGFIEFJtnbGHj5o5fpRtm2uWZ+cVJIIwm
+IJSAT1AkGNkRsSVJb3qCjxP2gxL0zsy1/wFA48kze5LVq3ACpNPE3E0XWmTe+6GJ
+corPcPhIrPqcXPZzuMk2ok80Zp1ghXATZKDHTVKflwGofto0xbSKzQeM11eKn3++
+nPAbpufXMllacpDI2ZK5yXQcekiPtpk+vZWB0Qrie66XxsNrTyLbxlyT1nxXNAZq
+3iih9N0fjG2gkQuUSN/Us+keLJ6A3FuFag7FUMU2RlgchRYfXWga1AcxQVHjg4s+
+WVvSqEhypULvMrNsxbLzM6vL9BSeQzhwVtjmqfE6XpPThzl4Q4A5iHQEEBEKAB0W
+IQTPYOiaWSMeduJjZCKuGoEJ5JhX7wUCXe0gFQAKCRCuGoEJ5JhX74RFAPjM0ArP
+4suISttaR5OFOQM8luMpD3ACGL39jzPDjv5kAP9sUhz4B7RetvlSaQbFLgy8MkKz
+VA9CnQiz0qdcZN1GXokBswQQAQoAHRYhBO/V3uTUaZUnrXG21nwDpYWOD+SqBQJd
+7kxuAAoJEHwDpYWOD+SqgzEL/1sok8tODe/hAS3KT4O/ooPCT7ezSlfoCv2ezvJa
+sRgtNRtBuB/sxb4KOy+Xz9Z9Ctf/HowpkNeL2x0XPlboL8P5h1P2boShfJCLUFqX
+lrfbvqomKGsii89CWAib/qW+h/gNXg0UOD7nl+RwN7fbvmNwpetQdUYlYHRfjFt+
+10dGI2XluWWzrvEms+F1Jo8wYz/dJw2QZ+8/lE/19blCSYIJoe2CJJ2Pn2A2W2tg
+Y5BGZIWPT5DHisAWHlcBDaSzgXCWJ+/fFN2Zz5vkkQkpvtz1zftUojZXkIbiGdKe
+/YJCg6UeTMrKo26UoJYu9IgoTNvaflOPEbMBBponqBU+mGTy48iWkCJMk+Yh+WaX
+DQPpJ7JdKNR/e6g3uvcdZ4QjbQJ8c+h4meBFabY+KUbccszO9VTiEHBsfeXkt+vI
+4MXM0bfCmHxeScB/iT16b/4vtmU4eRXD838E/JLnXKhErrST8vYiPf+JREVX87Q3
+cl5uH/qEbhY+Fb6EiV2syRAyvA==
+=aDrN
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/VERSION b/VERSION
index 7ec1d6d..ccbccc3 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.1.0
+2.2.0
diff --git a/download.texi b/download.texi
new file mode 100644
index 0000000..d43dd66
--- /dev/null
+++ b/download.texi
@@ -0,0 +1,49 @@
+@node Download
+@unnumbered Download
+
+Preferable way is to download tarball with the signature from
+website and, for example, run tests with benchmarks:
+
+@verbatim
+$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz
+$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz.sig
+$ gpg --verify gocheese-2.2.0.tar.xz.sig gocheese-2.2.0.tar.xz
+$ xz -d < gocheese-2.2.0.tar.xz | tar xf -
+$ make -C gocheese-2.2.0 all test
+@end verbatim
+
+@multitable {XXXXX} {XXXX-XX-XX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
+@headitem Version @tab Date @tab Size @tab Tarball @tab SHA256 checksum
+
+@end multitable
+
+You @strong{have to} verify downloaded tarballs integrity and
+authenticity to be sure that you retrieved trusted and untampered
+software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used
+for that purpose.
+
+For the very first time it is necessary to get signing public key and
+import it. It is provided below, but you should check alternative
+resources.
+
+@verbatim
+pub   rsa2048/0xCD5CD01F55343D88 2019-12-08 [SC]
+      9B27640BA78437EC6D4ACA6CCD5CD01F55343D88
+uid   GoCheese releases <gocheese@cypherpunks.ru>
+@end verbatim
+
+@itemize
+
+@item
+@verbatim
+$ gpg --auto-key-locate dane --locate-keys gocheese at cypherpunks dot ru
+$ gpg --auto-key-locate wkd --locate-keys gocheese at cypherpunks dot ru
+@end verbatim
+
+@item
+@verbatiminclude PUBKEY.asc
+
+@end itemize
+
+You can obtain development source code with
+@command{git clone git://git.cypherpunks.ru/gocheese.git}.
diff --git a/go.mod b/go.mod
index a68b743..415514c 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module go.cypherpunks.ru/gocheese
+module go.cypherpunks.ru/gocheese/v2
 
 go 1.12
 
diff --git a/gocheese.texi b/gocheese.texi
index f4668d7..626c0e3 100644
--- a/gocheese.texi
+++ b/gocheese.texi
@@ -2,6 +2,10 @@
 @documentencoding UTF-8
 @settitle GoCheese
 
+@copying
+Copyright @copyright{} 2019 @email{stargrave@@stargrave.org, Sergey Matveev}
+@end copying
+
 @node Top
 @top
 
@@ -23,17 +27,17 @@ Initially it was created as a fork of
 but nearly all the code was rewritten. It has huge differences:
 
 @itemize
-@item proxying and caching of missing packages, including GPG signatures
+@item Proxying and caching of missing packages, including GPG signatures
 @item @url{https://pythonwheels.com/, Wheel} uploading support
-@item integrity check of proxied packages: MD5, SHA256, SHA512, BLAKE2b-256
+@item Integrity check of proxied packages: MD5, SHA256, SHA512, BLAKE2b-256
 @item SHA256 checksums for stored packages
-@item verifying of SHA256 checksum for uploaded packages
-@item storing of uploaded GPG signatures
-@item secure Argon2i (or SHA256) stored passwords hashing
-@item no YAML configuration, just command-line arguments
-@item no package overwriting ability (as PyPI does too)
-@item atomic packages store on filesystem
-@item graceful HTTP-server shutdown
+@item Verifying of SHA256 checksum for uploaded packages
+@item Storing of uploaded GPG signatures
+@item Secure Argon2i (or SHA256) stored passwords hashing
+@item No YAML configuration, just command-line arguments
+@item No package overwriting ability (as PyPI does too)
+@item Graceful HTTP-server shutdown
+@item Atomic packages store on filesystem
 @end itemize
 
 Also it contains @file{pyshop2packages.sh} migration script for
@@ -44,13 +48,20 @@ GoCheese is free software, licenced under
 @url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3}:
 see the file COPYING for copying conditions.
 
+Please send questions, bug reports and patches to @url{gocheese@@cypherpunks.ru}.
+
+@insertcopying
+
 @menu
+* Download::
 * Usage::
 * Password authentication: Passwords.
 * TLS support: TLS.
 * Storage format: Storage.
 @end menu
 
+@include download.texi
+
 @node Usage
 @unnumbered Usage
 
diff --git a/makedist.sh b/makedist.sh
new file mode 100755
index 0000000..d43af83
--- /dev/null
+++ b/makedist.sh
@@ -0,0 +1,98 @@
+#!/bin/sh -ex
+
+cur=$(pwd)
+tmp=$(mktemp -d)
+release=$1
+[ -n "$release" ]
+
+git clone . $tmp/gocheese-$release
+cd $tmp/gocheese-$release
+git checkout v$release
+
+mod_name=$(sed -n 's/^module //p' go.mod)
+crypto_mod_path=$(sed -n 's#^require \(golang.org/x/crypto\) \(.*\)$#\1@\2#p' go.mod)
+mkdir -p src/$mod_name
+mv *.go go.mod go.sum src/$mod_name
+
+mods="
+golang.org/x/crypto
+golang.org/x/net
+"
+for mod in $mods; do
+    mod_path=$(sed -n "s# // indirect## ; s#^	\($mod\) \(.*\)\$#\1@\2#p" src/$mod_name/go.mod)
+    [ -n "$mod_path" ]
+    mkdir -p src/$mod
+    ( cd $GOPATH/pkg/mod/$mod_path ; tar cf - --exclude ".git*" * ) | tar xfC - src/$mod
+    chmod -R +w src/$mod
+done
+
+for mod in golang.org/x/sys; do
+    mod_path=$(sed -n "s#^\($mod\) \(.*\) h1:.*\$#\1@\2#p" src/$mod_name/go.sum | sed /go.mod/d | sort -n -r | sed -n 1p)
+    [ -n "$mod_path" ]
+    mkdir -p src/$mod
+    ( cd $GOPATH/pkg/mod/$mod_path ; tar cf - --exclude ".git*" * ) | tar xfC - src/$mod
+    chmod -R +w src/$mod
+done
+
+cat > $tmp/includes <<EOF
+golang.org/x/crypto/AUTHORS
+golang.org/x/crypto/argon2
+golang.org/x/crypto/blake2b
+golang.org/x/crypto/CONTRIBUTORS
+golang.org/x/crypto/go.mod
+golang.org/x/crypto/go.sum
+golang.org/x/crypto/LICENSE
+golang.org/x/crypto/PATENTS
+golang.org/x/crypto/README.md
+golang.org/x/net/AUTHORS
+golang.org/x/net/CONTRIBUTORS
+golang.org/x/net/go.mod
+golang.org/x/net/go.sum
+golang.org/x/net/LICENSE
+golang.org/x/net/netutil
+golang.org/x/net/PATENTS
+golang.org/x/net/README.md
+golang.org/x/sys/AUTHORS
+golang.org/x/sys/CONTRIBUTORS
+golang.org/x/sys/cpu
+golang.org/x/sys/go.mod
+golang.org/x/sys/LICENSE
+golang.org/x/sys/PATENTS
+golang.org/x/sys/README.md
+EOF
+tar cfCI - src $tmp/includes | tar xfC - $tmp
+rm -fr src/golang.org $tmp/includes
+mv $tmp/golang.org src
+
+cat > download.texi <<EOF
+@node Download
+@unnumbered Download
+You can obtain releases source code prepared tarballs on
+@url{http://gocheese.cypherpunks.ru/}.
+EOF
+make gocheese.info
+
+rm -rf .git .gitignore style.css makedist* www.mk
+
+find . -type d -exec chmod 755 {} \;
+find . -type f -exec chmod 644 {} \;
+chmod +x pyshop2packages.sh
+
+cd ..
+tar cvf gocheese-"$release".tar --uid=0 --gid=0 --numeric-owner gocheese-"$release"
+xz -9 gocheese-"$release".tar
+gpg --detach-sign --sign --local-user CD5CD01F55343D88 gocheese-"$release".tar.xz
+
+tarball=gocheese-"$release".tar.xz
+size=$(( $(stat -f %z $tarball) / 1024 ))
+hash=$(gpg --print-md SHA256 < $tarball)
+release_date=$(date "+%Y-%m-%d")
+
+cat <<EOF
+An entry for documentation:
+@item @ref{Release $release, $release} @tab $release_date @tab $size KiB
+@tab @url{gocheese-${release}.tar.xz, link} @url{gocheese-${release}.tar.xz.sig, sign}
+@tab @code{$hash}
+EOF
+
+mv $tmp/$tarball $tmp/"$tarball".sig $cur/gocheese.html/
diff --git a/style.css b/style.css
new file mode 100644
index 0000000..0dec0f2
--- /dev/null
+++ b/style.css
@@ -0,0 +1,11 @@
+<style type="text/css"><!--
+body {
+    margin: auto;
+    width: 80em;
+    background-color: #AEBECE;
+}
+h1, h2, h3, h4 { text-align: center }
+h1, h2, h3, h4, strong { color: #900090 }
+pre { background-color: #CCCCCC }
+table, th, td { border: 1px solid black }
+--></style>
diff --git a/www.mk b/www.mk
new file mode 100644
index 0000000..db7632b
--- /dev/null
+++ b/www.mk
@@ -0,0 +1,17 @@
+MAKEINFO ?= makeinfo
+
+CSS != cat style.css
+
+all: gocheese.html
+
+gocheese.html: *.texi
+	rm -f gocheese.html/*.html
+	$(MAKEINFO) --html \
+		--set-customization-variable CSS_LINES='$(CSS)' \
+		--set-customization-variable SHOW_TITLE=0 \
+		--set-customization-variable USE_ACCESSKEY=0 \
+		--set-customization-variable DATE_IN_HEADER=1 \
+		--set-customization-variable TOP_NODE_UP_URL=index.html \
+		--set-customization-variable CLOSE_QUOTE_SYMBOL=\" \
+		--set-customization-variable OPEN_QUOTE_SYMBOL=\" \
+		-o gocheese.html gocheese.texi