+++ /dev/null
-Preferable way is to download tarball with the signature from
-website and, for example, run tests with benchmarks:
-
-@verbatim
-$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz
-$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz.sig
-$ gpg --verify gocheese-2.2.0.tar.xz.sig gocheese-2.2.0.tar.xz
-$ xz -d < gocheese-2.2.0.tar.xz | tar xf -
-$ make -C gocheese-2.2.0 all test
-@end verbatim
-
-
-You have to verify downloaded tarballs integrity and authenticity to be
-sure that you retrieved trusted and untampered software. GNU Privacy
-Guard is used for that purpose.
-
-For the very first time it is necessary to get signing public key and
-import it. It is provided below, but you should check alternative
-resources.
-
- pub rsa2048/0xCD5CD01F55343D88 2019-12-08 [SC]
- 9B27640BA78437EC6D4ACA6CCD5CD01F55343D88
- uid GoCheese releases <gocheese@cypherpunks.ru>
-
- Look in PUBKEY.asc file.
-
- $ gpg --auto-key-locate dane --locate-keys gocheese at cypherpunks dot ru
- $ gpg --auto-key-locate wkd --locate-keys gocheese at cypherpunks dot ru
gocheese:
GOPATH=$(GOPATH) go build -o gocheese -ldflags "$(LDFLAGS)" $(MOD)
-gocheese.info: gocheese.texi
+gocheese.info: *.texi
$(MAKEINFO) -o $@ gocheese.texi
test:
-@node Download
-@unnumbered Download
-
-Preferable way is to download tarball with the signature from
-website and, for example, run tests with benchmarks:
-
-@verbatim
-$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz
-$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-2.2.0.tar.xz.sig
-$ gpg --verify gocheese-2.2.0.tar.xz.sig gocheese-2.2.0.tar.xz
-$ xz -d < gocheese-2.2.0.tar.xz | tar xf -
-$ make -C gocheese-2.2.0 all test
-@end verbatim
-
@multitable {XXXXX} {XXXX-XX-XX} {XXXX KiB} {link sign} {xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
@headitem Version @tab Date @tab Size @tab Tarball @tab SHA256 checksum
@tab @code{5AA24DA6 C03C51BD 5C45CD50 AA1F19B5 6360C892 3ED86F06 D0F2B8FA 4C8CCB5B}
@end multitable
-
-You @strong{have to} verify downloaded tarballs integrity and
-authenticity to be sure that you retrieved trusted and untampered
-software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used
-for that purpose.
-
-For the very first time it is necessary to get signing public key and
-import it. It is provided below, but you should check alternative
-resources.
-
-@verbatim
-pub rsa2048/0xCD5CD01F55343D88 2019-12-08 [SC]
- 9B27640BA78437EC6D4ACA6CCD5CD01F55343D88
-uid GoCheese releases <gocheese@cypherpunks.ru>
-@end verbatim
-
-@itemize
-
-@item
-@verbatim
-$ gpg --auto-key-locate dane --locate-keys gocheese at cypherpunks dot ru
-$ gpg --auto-key-locate wkd --locate-keys gocheese at cypherpunks dot ru
-@end verbatim
-
-@item
-@verbatiminclude PUBKEY.asc
-
-@end itemize
-
-You can obtain development source code with
-@command{git clone git://git.cypherpunks.ru/gocheese.git}.
@url{https://warehouse.pypa.io/api-reference/legacy/, Warehouse Legacy API}
@end itemize
+Why could you like it and how it can be better to fit your needs?
+
+@itemize
+@item No database required. Only filesystem storage with few simple
+ files per package. Package deletion, renaming, making it uploadable
+ (private) is done with simple @command{mkdir}, @command{touch}, etc
+ commands
+@item Just single statically compiled Go binary
+@item No configuration file, but several simple command line arguments
+@item Consistency (because of atomic synced operations) and integrity
+ (because of SHA256 checksums stored nearby)
+@end itemize
+
Initially it was created as a fork of
@url{https://github.com/c4s4/cheeseshop, cheeseshop},
but nearly all the code was rewritten. It has huge differences:
@insertcopying
@menu
-* Download::
+* Install::
* Usage::
* Password authentication: Passwords.
* TLS support: TLS.
* Storage format: Storage.
@end menu
-@include download.texi
+@include install.texi
@node Usage
@unnumbered Usage
To use it for download purposes, just configure your @file{pip.conf}:
-@verbatim
+@example
[install]
index-url = http://gocheese.host:8080/simple/
-@end verbatim
+@end example
@option{-refresh} URL (@code{/simple/} by default) automatically
refreshes metainformation (available versions and their checksums)
You can upload packages to it with @url{https://pypi.org/project/twine/, twine}:
-@verbatim
+@example
twine upload
--repository-url http://gocheese.host:8080/simple/ \
--username spam \
--password foo dist/tarball.tar.gz
-@end verbatim
+@end example
Or you can store it permanently in @file{.pypirc}:
-@verbatim
+@example
[pypi]
repository: https://gocheese.host/simple/
username: spam
password: foo
-@end verbatim
+@end example
If @command{twine} sends SHA256 checksum in the request, then uploaded
file is checked against it.
You have to store your authentication data in @option{-passwd} file in
following format:
-@verbatim
+@example
username:hashed-password
-@end verbatim
+@end example
Empty lines and having @verb{|#|} at the beginning are skipped.
@item SHA256
You can use your operating system tools:
-@verbatim
+@example
# BSD-based systems:
$ echo -n "password" | sha256
# GNU/Linux-based systems
$ echo -n "password" | sha256sum
-@end verbatim
+@end example
+
Example user @code{foo} with password @code{bar} will have the
following password file entry:
You can refresh passwords by sending @code{SIGHUP} signal to the working daemon:
-@verbatim
+@example
$ pkill -HUP gocheese
$ kill -HUP `pidof gocheese`
-@end verbatim
+@end example
Before refreshing it's recommended to check @option{-passwd} file with
@option{-passwd-check} option to prevent daemon failure.
For example generate some self-signed certificate using GnuTLS toolset:
-@verbatim
+@example
$ certtool --generate-privkey --ecc --outfile prv.pem
$ cert_template=`mktemp`
$ echo cn=gocheese.host > $cert_template
--outfile=cert.pem
$ rm $cert_template
$ gocheese -tls-cert cert.pem -tls-key prv.pem [...]
-@end verbatim
+@end example
@node Storage
@unnumbered Storage format
--- /dev/null
+@node Install
+@unnumbered Install
+
+@set VERSION 2.2.0
+
+Preferable way is to download tarball with the signature from
+website and, for example, run tests with benchmarks:
+
+@example
+$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-@value{VERSION}.tar.xz
+$ [fetch|wget] http://gocheese.cypherpunks.ru/gocheese-@value{VERSION}.tar.xz.sig
+$ gpg --verify gocheese-@value{VERSION}.tar.xz.sig gocheese-@value{VERSION}.tar.xz
+$ xz -d < gocheese-@value{VERSION}.tar.xz | tar xf -
+$ make -C gocheese-@value{VERSION} all test
+@end example
+
+@include download.texi
+
+You @strong{have to} verify downloaded tarballs integrity and
+authenticity to be sure that you retrieved trusted and untampered
+software. @url{https://www.gnupg.org/, GNU Privacy Guard} is used
+for that purpose.
+
+For the very first time it is necessary to get signing public key and
+import it. It is provided below, but you should check alternative
+resources.
+
+@verbatim
+pub rsa2048/0xCD5CD01F55343D88 2019-12-08 [SC]
+ 9B27 640B A784 37EC 6D4A CA6C CD5C D01F 5534 3D88
+uid GoCheese releases <gocheese@cypherpunks.ru>
+@end verbatim
+
+@itemize
+
+@item
+@example
+$ gpg --auto-key-locate dane --locate-keys gocheese at cypherpunks dot ru
+$ gpg --auto-key-locate wkd --locate-keys gocheese at cypherpunks dot ru
+@end example
+
+@item
+@verbatiminclude PUBKEY.asc
+
+@end itemize
+
+You can obtain development source code with
+@command{git clone git://git.cypherpunks.ru/gocheese.git}.
mv $tmp/golang.org src
cat > download.texi <<EOF
-@node Download
-@unnumbered Download
You can obtain releases source code prepared tarballs on
@url{http://gocheese.cypherpunks.ru/}.
EOF
make gocheese.info
-rm -rf .git .gitignore style.css makedist* www.mk
+texi=$(mktemp)
+cat > $texi <<EOF
+\input texinfo
+@documentencoding UTF-8
+@settitle INSTALL
+@include install.texi
+@bye
+EOF
+sed -i.tmp "s/@verbatiminclude PUBKEY.asc/Look in PUBKEY.asc file./" install.texi
+makeinfo --plaintext -o INSTALL $texi
+rm $texi install.texi.tmp
+
+rm -rf .git .gitignore style.css makedist.sh www.mk
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;