gocheese
gocheese.info
+gocheese.html
- # or use https://git.cypherpunks.ru/git/gocheese.git
- $ git clone --depth 1 --branch v2.1.0 git://git.cypherpunks.ru/gocheese.git
- $ cd gocheese
- $ git tag --verify v2.1.0
- $ make
+Preferable way is to download tarball with the signature from
+website and, for example, run tests with benchmarks:
-gocheese binary and gocheese.info documentation should be built.
-Although you can also use:
+@verbatim
+$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz
+$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz.sig
+$ gpg --verify gocheese-2.2.0.tar.xz.sig gocheese-2.2.0.tar.xz
+$ xz -d < gocheese-2.2.0.tar.xz | tar xf -
+$ make -C gocheese-2.2.0 all test
+@end verbatim
- go get go.cypherpunks.ru/gocheese
-but neither PGP-based authentication is performed, nor documentation build.
+You have to verify downloaded tarballs integrity and authenticity to be
+sure that you retrieved trusted and untampered software. GNU Privacy
+Guard is used for that purpose.
For the very first time it is necessary to get signing public key and
-import it for verifying git's tag. Its fingerprint is:
+import it. It is provided below, but you should check alternative
+resources.
- CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF
+ pub rsa2048/0xCD5CD01F55343D88 2019-12-08 [SC]
+ 9B27640BA78437EC6D4ACA6CCD5CD01F55343D88
+ uid GoCheese releases <gocheese@cypherpunks.ru>
-You can locate it using:
+ Look in PUBKEY.asc file.
- $ gpg --auto-key-locate dane --locate-keys stargrave at stargrave dot org
- $ gpg --auto-key-locate wkd --locate-keys stargrave at stargrave dot org
- $ gpg --auto-key-locate wkd --locate-keys stargrave at gnupg dot net
+ $ gpg --auto-key-locate dane --locate-keys gocheese at cypherpunks dot ru
+ $ gpg --auto-key-locate wkd --locate-keys gocheese at cypherpunks dot ru
GO ?= go
MAKEINFO ?= makeinfo
+GOPATH != pwd
VERSION != cat VERSION
+
+MOD = go.cypherpunks.ru/gocheese/v2
LDFLAGS = -X main.Version=$(VERSION)
all: gocheese gocheese.info
-gocheese: gocheese.go
- GOPATH=$(GOPATH) go build -ldflags "$(LDFLAGS)"
+gocheese:
+ GOPATH=$(GOPATH) go build -o gocheese -ldflags "$(LDFLAGS)" $(MOD)
gocheese.info: gocheese.texi
$(MAKEINFO) -o $@ gocheese.texi
+
+test:
+ GOPATH=$(GOPATH) go test $(MOD)/...
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBF3tH7gBCADIBL5PAJeqyNNlQ9qt+RweybmZn+qhvZkk88ud1iy0Suo3D1L0
+VA6MGOzOWtPG69iXVTsTBfasmXmP36fXgXgqqBz5fJgeaRkXo37b1d/FZlITPzne
+xpx6je2/sivNAGTHQJAvlfW5HeFkU16jb1lAoIMuLJ7UojkaJB8qahqO/L72+oAU
+D7Srz4ts513wMFLiYh/H7EIUVwuRA/2N2DwKNhZeWFwAux/9tM2VegjnanSneT+J
+ZMw2W1VDWYOtW33xMgDadq+ctKGe5jogt/o294T0q/scgEGHpqeyU1psSxX8+7gJ
+EU45QRM7hjR3v/LK3Bnjap/DPWT8/V0bsjVLABEBAAG0K0dvQ2hlZXNlIHJlbGVh
+c2VzIDxnb2NoZWVzZUBjeXBoZXJwdW5rcy5ydT6JAVcEEwEKAEECGwMMCwoJDQgM
+BwsDBAECBxUKCQgLAwIFFgIBAwACHgECF4AWIQSbJ2QLp4Q37G1KymzNXNAfVTQ9
+iAUCXe0f3AAKCRDNXNAfVTQ9iPK7B/4hGFIEFJtnbGHj5o5fpRtm2uWZ+cVJIIwm
+IJSAT1AkGNkRsSVJb3qCjxP2gxL0zsy1/wFA48kze5LVq3ACpNPE3E0XWmTe+6GJ
+corPcPhIrPqcXPZzuMk2ok80Zp1ghXATZKDHTVKflwGofto0xbSKzQeM11eKn3++
+nPAbpufXMllacpDI2ZK5yXQcekiPtpk+vZWB0Qrie66XxsNrTyLbxlyT1nxXNAZq
+3iih9N0fjG2gkQuUSN/Us+keLJ6A3FuFag7FUMU2RlgchRYfXWga1AcxQVHjg4s+
+WVvSqEhypULvMrNsxbLzM6vL9BSeQzhwVtjmqfE6XpPThzl4Q4A5iHQEEBEKAB0W
+IQTPYOiaWSMeduJjZCKuGoEJ5JhX7wUCXe0gFQAKCRCuGoEJ5JhX74RFAPjM0ArP
+4suISttaR5OFOQM8luMpD3ACGL39jzPDjv5kAP9sUhz4B7RetvlSaQbFLgy8MkKz
+VA9CnQiz0qdcZN1GXokBswQQAQoAHRYhBO/V3uTUaZUnrXG21nwDpYWOD+SqBQJd
+7kxuAAoJEHwDpYWOD+SqgzEL/1sok8tODe/hAS3KT4O/ooPCT7ezSlfoCv2ezvJa
+sRgtNRtBuB/sxb4KOy+Xz9Z9Ctf/HowpkNeL2x0XPlboL8P5h1P2boShfJCLUFqX
+lrfbvqomKGsii89CWAib/qW+h/gNXg0UOD7nl+RwN7fbvmNwpetQdUYlYHRfjFt+
+10dGI2XluWWzrvEms+F1Jo8wYz/dJw2QZ+8/lE/19blCSYIJoe2CJJ2Pn2A2W2tg
+Y5BGZIWPT5DHisAWHlcBDaSzgXCWJ+/fFN2Zz5vkkQkpvtz1zftUojZXkIbiGdKe
+/YJCg6UeTMrKo26UoJYu9IgoTNvaflOPEbMBBponqBU+mGTy48iWkCJMk+Yh+WaX
+DQPpJ7JdKNR/e6g3uvcdZ4QjbQJ8c+h4meBFabY+KUbccszO9VTiEHBsfeXkt+vI
+4MXM0bfCmHxeScB/iT16b/4vtmU4eRXD838E/JLnXKhErrST8vYiPf+JREVX87Q3
+cl5uH/qEbhY+Fb6EiV2syRAyvA==
+=aDrN
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+@node Download
+@unnumbered Download
+
+Preferable way is to download tarball with the signature from
+website and, for example, run tests with benchmarks:
+
+@verbatim
+$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz
+$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz.sig
+$ gpg --verify gocheese-2.2.0.tar.xz.sig gocheese-2.2.0.tar.xz
+$ xz -d < gocheese-2.2.0.tar.xz | tar xf -
+$ make -C gocheese-2.2.0 all test
+@end verbatim
+
+@multitable {XXXXX} {XXXX-XX-XX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
+@headitem Version @tab Date @tab Size @tab Tarball @tab SHA256 checksum
+
+@end multitable
+
+You @strong{have to} verify downloaded tarballs integrity and
+authenticity to be sure that you retrieved trusted and untampered
+software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used
+for that purpose.
+
+For the very first time it is necessary to get signing public key and
+import it. It is provided below, but you should check alternative
+resources.
+
+@verbatim
+pub rsa2048/0xCD5CD01F55343D88 2019-12-08 [SC]
+ 9B27640BA78437EC6D4ACA6CCD5CD01F55343D88
+uid GoCheese releases <gocheese@cypherpunks.ru>
+@end verbatim
+
+@itemize
+
+@item
+@verbatim
+$ gpg --auto-key-locate dane --locate-keys gocheese at cypherpunks dot ru
+$ gpg --auto-key-locate wkd --locate-keys gocheese at cypherpunks dot ru
+@end verbatim
+
+@item
+@verbatiminclude PUBKEY.asc
+
+@end itemize
+
+You can obtain development source code with
+@command{git clone git://git.cypherpunks.ru/gocheese.git}.
-module go.cypherpunks.ru/gocheese
+module go.cypherpunks.ru/gocheese/v2
go 1.12
@documentencoding UTF-8
@settitle GoCheese
+@copying
+Copyright @copyright{} 2019 @email{stargrave@@stargrave.org, Sergey Matveev}
+@end copying
+
@node Top
@top
but nearly all the code was rewritten. It has huge differences:
@itemize
-@item proxying and caching of missing packages, including GPG signatures
+@item Proxying and caching of missing packages, including GPG signatures
@item @url{https://pythonwheels.com/, Wheel} uploading support
-@item integrity check of proxied packages: MD5, SHA256, SHA512, BLAKE2b-256
+@item Integrity check of proxied packages: MD5, SHA256, SHA512, BLAKE2b-256
@item SHA256 checksums for stored packages
-@item verifying of SHA256 checksum for uploaded packages
-@item storing of uploaded GPG signatures
-@item secure Argon2i (or SHA256) stored passwords hashing
-@item no YAML configuration, just command-line arguments
-@item no package overwriting ability (as PyPI does too)
-@item atomic packages store on filesystem
-@item graceful HTTP-server shutdown
+@item Verifying of SHA256 checksum for uploaded packages
+@item Storing of uploaded GPG signatures
+@item Secure Argon2i (or SHA256) stored passwords hashing
+@item No YAML configuration, just command-line arguments
+@item No package overwriting ability (as PyPI does too)
+@item Graceful HTTP-server shutdown
+@item Atomic packages store on filesystem
@end itemize
Also it contains @file{pyshop2packages.sh} migration script for
@url{https://www.gnu.org/licenses/gpl-3.0.html, GNU GPLv3}:
see the file COPYING for copying conditions.
+Please send questions, bug reports and patches to @url{gocheese@@cypherpunks.ru}.
+
+@insertcopying
+
@menu
+* Download::
* Usage::
* Password authentication: Passwords.
* TLS support: TLS.
* Storage format: Storage.
@end menu
+@include download.texi
+
@node Usage
@unnumbered Usage
--- /dev/null
+#!/bin/sh -ex
+
+cur=$(pwd)
+tmp=$(mktemp -d)
+release=$1
+[ -n "$release" ]
+
+git clone . $tmp/gocheese-$release
+cd $tmp/gocheese-$release
+git checkout v$release
+
+mod_name=$(sed -n 's/^module //p' go.mod)
+crypto_mod_path=$(sed -n 's#^require \(golang.org/x/crypto\) \(.*\)$#\1@\2#p' go.mod)
+mkdir -p src/$mod_name
+mv *.go go.mod go.sum src/$mod_name
+
+mods="
+golang.org/x/crypto
+golang.org/x/net
+"
+for mod in $mods; do
+ mod_path=$(sed -n "s# // indirect## ; s#^ \($mod\) \(.*\)\$#\1@\2#p" src/$mod_name/go.mod)
+ [ -n "$mod_path" ]
+ mkdir -p src/$mod
+ ( cd $GOPATH/pkg/mod/$mod_path ; tar cf - --exclude ".git*" * ) | tar xfC - src/$mod
+ chmod -R +w src/$mod
+done
+
+for mod in golang.org/x/sys; do
+ mod_path=$(sed -n "s#^\($mod\) \(.*\) h1:.*\$#\1@\2#p" src/$mod_name/go.sum | sed /go.mod/d | sort -n -r | sed -n 1p)
+ [ -n "$mod_path" ]
+ mkdir -p src/$mod
+ ( cd $GOPATH/pkg/mod/$mod_path ; tar cf - --exclude ".git*" * ) | tar xfC - src/$mod
+ chmod -R +w src/$mod
+done
+
+cat > $tmp/includes <<EOF
+golang.org/x/crypto/AUTHORS
+golang.org/x/crypto/argon2
+golang.org/x/crypto/blake2b
+golang.org/x/crypto/CONTRIBUTORS
+golang.org/x/crypto/go.mod
+golang.org/x/crypto/go.sum
+golang.org/x/crypto/LICENSE
+golang.org/x/crypto/PATENTS
+golang.org/x/crypto/README.md
+golang.org/x/net/AUTHORS
+golang.org/x/net/CONTRIBUTORS
+golang.org/x/net/go.mod
+golang.org/x/net/go.sum
+golang.org/x/net/LICENSE
+golang.org/x/net/netutil
+golang.org/x/net/PATENTS
+golang.org/x/net/README.md
+golang.org/x/sys/AUTHORS
+golang.org/x/sys/CONTRIBUTORS
+golang.org/x/sys/cpu
+golang.org/x/sys/go.mod
+golang.org/x/sys/LICENSE
+golang.org/x/sys/PATENTS
+golang.org/x/sys/README.md
+EOF
+tar cfCI - src $tmp/includes | tar xfC - $tmp
+rm -fr src/golang.org $tmp/includes
+mv $tmp/golang.org src
+
+cat > download.texi <<EOF
+@node Download
+@unnumbered Download
+You can obtain releases source code prepared tarballs on
+@url{http://gocheese.cypherpunks.ru/}.
+EOF
+make gocheese.info
+
+rm -rf .git .gitignore style.css makedist* www.mk
+
+find . -type d -exec chmod 755 {} \;
+find . -type f -exec chmod 644 {} \;
+chmod +x pyshop2packages.sh
+
+cd ..
+tar cvf gocheese-"$release".tar --uid=0 --gid=0 --numeric-owner gocheese-"$release"
+xz -9 gocheese-"$release".tar
+gpg --detach-sign --sign --local-user CD5CD01F55343D88 gocheese-"$release".tar.xz
+
+tarball=gocheese-"$release".tar.xz
+size=$(( $(stat -f %z $tarball) / 1024 ))
+hash=$(gpg --print-md SHA256 < $tarball)
+release_date=$(date "+%Y-%m-%d")
+
+cat <<EOF
+An entry for documentation:
+@item @ref{Release $release, $release} @tab $release_date @tab $size KiB
+@tab @url{gocheese-${release}.tar.xz, link} @url{gocheese-${release}.tar.xz.sig, sign}
+@tab @code{$hash}
+EOF
+
+mv $tmp/$tarball $tmp/"$tarball".sig $cur/gocheese.html/
--- /dev/null
+<style type="text/css"><!--
+body {
+ margin: auto;
+ width: 80em;
+ background-color: #AEBECE;
+}
+h1, h2, h3, h4 { text-align: center }
+h1, h2, h3, h4, strong { color: #900090 }
+pre { background-color: #CCCCCC }
+table, th, td { border: 1px solid black }
+--></style>
--- /dev/null
+MAKEINFO ?= makeinfo
+
+CSS != cat style.css
+
+all: gocheese.html
+
+gocheese.html: *.texi
+ rm -f gocheese.html/*.html
+ $(MAKEINFO) --html \
+ --set-customization-variable CSS_LINES='$(CSS)' \
+ --set-customization-variable SHOW_TITLE=0 \
+ --set-customization-variable USE_ACCESSKEY=0 \
+ --set-customization-variable DATE_IN_HEADER=1 \
+ --set-customization-variable TOP_NODE_UP_URL=index.html \
+ --set-customization-variable CLOSE_QUOTE_SYMBOL=\" \
+ --set-customization-variable OPEN_QUOTE_SYMBOL=\" \
+ -o gocheese.html gocheese.texi