From 870decf5b24cae444450c4105ad807b44b6676ca Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Fri, 6 Dec 2019 16:01:19 +0300 Subject: [PATCH] Documentation actualize --- gocheese.texi | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/gocheese.texi b/gocheese.texi index e1a7966..6cf12bc 100644 --- a/gocheese.texi +++ b/gocheese.texi @@ -31,7 +31,7 @@ but nearly all the code was rewritten. It has huge differences: packaged @item graceful HTTP-server shutdown @item no YAML configuration, just command-line arguments -@item no package overwriting ability (as PyPI does) +@item no package overwriting ability (as PyPI does too) @end itemize Also it contains @file{pyshop2packages.sh} migration script for @@ -59,12 +59,16 @@ To use it for download purposes, just configure your @file{pip.conf}: index-url = http://gocheese.host:8080/simple/ @end verbatim -@option{-refresh} URL behaves the same way as @option{-simple} one, but -is always refreshes package versions from PyPI when listing it. You can -use it to forcefully update known package versions. +@option{-refresh} URL (@code{/simple/} by default) automatically +refreshes metainformation (available versions and their checksums) +from the upstream, when queried for package directory listing. +@option{-norefresh} prevents upstream queries. -You can upload packages to it with -@url{https://pypi.org/project/twine/, twine}: +@option{-gpgupdate} is useful mainly for migrated for Pyshop migrated +repositories. It forces GPG signature files downloading for all existing +package files. + +You can upload packages to it with @url{https://pypi.org/project/twine/, twine}: @verbatim twine upload @@ -73,13 +77,18 @@ twine upload --password foo dist/tarball.tar.gz @end verbatim +Or you can store it permanently in @file{.pypirc}: + +@verbatim +[pypi] +repository: https://gocheese.host/simple/ +username: spam +password: foo +@end verbatim + If @command{twine} sends SHA256 checksum in the request, then uploaded file is checked against it. -@option{-gpgupdate} is useful mainly for migrated from Pyshop -repositories. It forces GPG signature files downloading for all existing -package files. - @node Passwords @unnumbered Password authentication @@ -172,9 +181,10 @@ root +-- public-package | +- public-package-0.1.tar.gz.sha256 | +- public-package-0.2.tar.gz + | +- public-package-0.2.tar.gz.asc | +- public-package-0.2.tar.gz.sha256 +-- private-package - | +- .private + | +- .internal | +- private-package-0.1.tar.gz | +- private-package-0.1.tar.gz.sha256 |... @@ -189,8 +199,10 @@ files. However no package package tarball is downloaded. When you request for particular package version, then its tarball is downloaded and verified against the checksum. For example in the root directory above we have downloaded only @file{public-package-0.2}. +If upstream has corresponding @file{.asc} file, then it also will be +downloaded. -Private packages contain @file{.private} file, indicating that it must +Private packages contain @file{.internal} file, indicating that it must not be asked in PyPI if required version is missing. You have to create it manually. -- 2.44.0