GoCheese is Python private package repository and caching proxy.
It serves two purposes:
- proxying and caching of missing packages from upstream
PyPI, conforming to
(Simple Repository API) and
- hosting of private locally uploaded packages, conforming to
Warehouse Legacy API
Why could you like it and how it can be better to fit your needs?
- No database required. Only filesystem storage with few simple
files per package. Package deletion, renaming, making it uploadable
(private) is done with simple
- Just single statically compiled Go binary, UCSPI-TCP compatibility,
high performance (including HTTP/2, keepalives and TLS session resumption)
- No configuration file, but several simple command line arguments
- Consistency (because of atomic synced operations) and integrity
(because of cryptographic checksums stored nearby)
- Package’s metadata and created times storing for uploaded and
Initially it was created as a fork of
but nearly all the code was rewritten. It is aimed to be replacement for
PyShop lacking huge quantity of features, reliability and
consistency guarantees, workability without deprecated XML-RPC API, and
- Supports proxying and caching of non-internal packages from the
upstream PyPI installation.
- Supports uploading of internal packages through the standard
Warehouse API, including signatures, metadata and checksums.
- Supports wheels, GPG signatures,
with PEP-0566 compatible
conversion to JSON, multiple (MD5, SHA256, SHA512, BLAKE2b-256) integrity
checksums storing and verifying during uploading and proxying.
- Supports Simple and JSON APIs, being able to replace PyPI for all
- Stores package’s creation time with solicitude as
giving it in HTTP headers and JSON API.
- TLS and HTTP/2 capable transport to the upstream, with enabled
keepalives and session resumption TLS tickets. Graceful HTTP server
shutdown. Can work as a UCSPI-TCP
- Atomic and
fsynced reliable and consistent updates to the
- Has ability to authenticate upstream PyPI by its X.509
certificate’s SPKI hash.
- User authentication supports passwords either hashed with SHA256
or strengthened with Argon2i.
Also it contains contrib/pyshop2packages.sh migration script for
converting Pyshop database into
GoCheese one, including private packages.
licenced under GNU GPLv3.
Please send questions, bug reports and patches to firstname.lastname@example.org.
Copyright © 2019-2022 Sergey Matveev