GoCheese is Python private package repository and caching proxy.
It serves two purposes:
- proxying and caching of missing packages from upstream
PyPI, conforming to
(Simple Repository API)
- hosting of private locally uploaded packages, conforming to
Warehouse Legacy API
Why could you like it and how it can be better to fit your needs?
- No database required. Only filesystem storage with few simple
files per package. Package deletion, renaming, making it uploadable
(private) is done with simple
- Just single statically compiled Go binary
- No configuration file, but several simple command line arguments
- Consistency (because of atomic synced operations) and integrity
(because of SHA256 checksums stored nearby)
Initially it was created as a fork of
but nearly all the code was rewritten. It has huge differences:
- Proxying and caching of missing packages, including GPG signatures
- Wheel uploading support
- Integrity check of proxied packages: MD5, SHA256, SHA512, BLAKE2b-256
- SHA256 checksums for stored packages
- Verifying of SHA256 checksum for uploaded packages
- Storing of uploaded GPG signatures
- Secure Argon2i (or SHA256) stored passwords hashing
- No YAML configuration, just command-line arguments
- No package overwriting ability (as PyPI does too)
- Graceful HTTP-server shutdown
- Atomic packages store on filesystem
Also it contains contrib/pyshop2packages.sh migration script for
converting Pyshop database into
GoCheese one, including private packages.
GoCheese is free software, licenced under
see the file COPYING for copying conditions.
Please send questions, bug reports and patches to firstname.lastname@example.org.
Copyright © 2019-2020 Sergey Matveev