GoCheese is Python private package repository and caching proxy.
It serves two purposes:
- proxying and caching of missing packages from upstream
PyPI, conforming to
PEP-0503
(Simple Repository API)
- hosting of private locally uploaded packages, conforming to
Warehouse Legacy API
Why could you like it and how it can be better to fit your needs?
- No database required. Only filesystem storage with few simple
files per package. Package deletion, renaming, making it uploadable
(private) is done with simple
mkdir
, touch
, etc
commands
- Just single statically compiled Go binary
- No configuration file, but several simple command line arguments
- Consistency (because of atomic synced operations) and integrity
(because of SHA256 checksums stored nearby)
Initially it was created as a fork of
cheeseshop,
but nearly all the code was rewritten. It has huge differences:
- Proxying and caching of missing packages, including GPG signatures
- Wheel uploading support
- Integrity check of proxied packages: MD5, SHA256, SHA512, BLAKE2b-256
- SHA256 checksums for stored packages
- Verifying of SHA256 checksum for uploaded packages
- Ability to authenticate upstream PyPI with its X.509 certificate’s hash
- Storing of uploaded GPG signatures
- Secure Argon2i (or SHA256) stored passwords hashing
- No YAML configuration, just command-line arguments
- No package overwriting ability (as PyPI does too)
- Graceful HTTP-server shutdown
- Atomic packages store on filesystem
Also it contains contrib/pyshop2packages.sh migration script for
converting Pyshop database into
GoCheese one, including private packages.
GoCheese is
copylefted
free software
licenced under GNU GPLv3.
Please send questions, bug reports and patches to gocheese@cypherpunks.ru.
Copyright © 2019-2021 Sergey Matveev