GoCheese

GoCheese is Python private package repository and caching proxy.

It serves two purposes:

* proxying and caching of missing packages from upstream
  => PyPI
  conforming to
  => PEP-0503 (Simple Repository API)
  => JSON API
* hosting of private locally uploaded packages, conforming to
  => Warehouse Legacy API

Why could you like it and how it can be better to fit your needs?

* No database required. Only filesystem storage with few simple files
  per package. Package deletion, renaming, making it uploadable
  (private) is done with simple mkdir, touch, etc commands
* Just single statically compiled Go binary, UCSPI-TCP compatibility,
  high performance (including HTTP/2, keepalives and TLS session
  resumption)
* No configuration file, but several simple command line arguments
* Consistency (because of atomic synced operations) and integrity
  (because of cryptographic checksums stored nearby)
* Package's metadata and created times storing for uploaded and proxied
  packages

Initially it was created as a fork of
=> cheeseshop
but nearly all the code was rewritten. It is aimed to be replacement for
PyShop lacking huge quantity of features, reliability and consistency
guarantees, workability without deprecated XML-RPC API, and suffering
performance.

* Supports proxying and caching of non-internal packages from the
  upstream PyPI installation.

* Supports uploading of internal packages through the standard Warehouse
  API, including signatures, metadata and checksums.

* Supports
  => https://pythonwheels.com/
  => https://packaging.python.org/specifications/core-metadata/
  => PEP-0566  compatible
  conversion to JSON, multiple (MD5, SHA256, SHA512, BLAKE2b-256)
  integrity checksums storing and verifying during uploading and proxying.

* Supports Simple and JSON APIs, being able to replace PyPI for all
  downstream clients.

* Stores package's creation time with solicitude as mtime, giving it in
  HTTP headers and JSON API.

*  TLS and HTTP/2 capable transport to the upstream, with enabled
   keepalives and session resumption TLS tickets. Graceful HTTP server
   shutdown. Can work as a service of
   => UCSPI-TCP

*  Atomic and fsync-ed reliable and consistent updates to the filesystem.

* Has ability to authenticate upstream PyPI by its X.509 certificate's
  SPKI hash.

* User authentication supports passwords either hashed with SHA256 or
  strengthened with
  => Argon2i

Also it contains contrib/pyshop2packages.sh migration script for converting
=> Pyshop
database into GoCheese one, including private packages.

GoCheese is
=> copylefted
=> free software
licenced under
=> GNU GPLv3

Please send questions, bug reports and patches to
=> mailto:gocheese@stargrave.org

             [INSTALL] [Usage/] [Passwords] [TLS] [Storage]