X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=README;h=555b19b3bb800e76c7549aaf02504fb646931a15;hb=58cc9588d92ab293d301e7267851bd9c4167e508;hp=8d5ce9501d732f2ef85b0d1110075e1ebd027e63;hpb=9e662204b6bd8cafdd2bbfe7534573d828eaef2b;p=gocheese.git diff --git a/README b/README index 8d5ce95..555b19b 100644 --- a/README +++ b/README @@ -16,7 +16,55 @@ You can upload packages to it with twine: twine upload --repository-url http://gocheese.host:8080/simple/ \ --username spam \ - --password foo dist/tarball.tar.gz + --passwd foo dist/tarball.tar.gz + +-refresh URL behaves the same way as -simple one, but is always +refreshes package versions from PyPI when listing it. You can use it to +forcefully update package version. + +Initially it was created as a fork of https://github.com/c4s4/cheeseshop, +but nearly all the code was rewritten. It has huge differences: + +* no TLS support +* no YAML configuration, just command-line arguments +* no package overwriting ability +* atomic packages store on filesystem +* proxying and caching of missing packages +* SHA256-checksummed packages (both uploaded and proxied one) + +GoCheese is free software: see the file COPYING for copying conditions. + + Password authentication + ======================= + +You have to store your authentication data in a file (specified +with -passwd option) with following format: + + username:hashed-password + +Supported hashing algorithms are SHA256 and Argon2i. +It's recommended to use Argon2i. + +To get Argon2i hashed-password you can use any of following tools: + + https://github.com/balakhonova/argon2i (Go) + https://github.com/p-h-c/phc-winner-argon2 (C) + +To get SHA256 hashed-password you can use your operating system tools: + + # BSD-based systems: + $ echo -n 'password' | sha256 + # GNU/Linux-based systems + $ echo -n 'password' | sha256sum + +For example user "foo" with password "bar" can have the following +hashed passwords: + + foo:$sha256$fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9 + foo:$argon2i$v=19$m=32768,t=3,p=4$OGU5MTM3YjVlYzQwZjhkZA$rVn53v6Ckpf7WH0676ZQLr9Hbm6VH3YnL6I9ONJcIIU + + On-disk storage format + ====================== Root directory has the following hierarchy: @@ -40,20 +88,3 @@ tarball is really downloaded and verified against the checksum. For example in the root directory above we have downloaded only public-package-0.2. Private packages contain .private file, indicating that it must not be asked in PyPI if required version is missing. - --refresh URL behaves the same way as -simple one, but is always -refreshes package versions from PyPI when listing it. You can use it to -forcefully update package version. - -Initially it was created as a fork of https://github.com/c4s4/cheeseshop, -but nearly all the code was rewritten. It has huge differences: - -* no TLS support -* no YAML configuration, just command-line arguments -* no package overwriting ability -* no MD5-hashed passwords -* atomic packages store on filesystem -* proxying and caching of missing packages -* SHA256-checksummed packages (both uploaded and proxied one) - -GoCheese is free software: see the file COPYING for copying conditions.