GoCheese ¶

GoCheese is Python private package repository and caching proxy.

It serves two purposes:

proxying and caching of missing packages from upstream PyPI, conforming to PEP-0503 (Simple Repository API) and JSON API
hosting of private locally uploaded packages, conforming to Warehouse Legacy API

Why could you like it and how it can be better to fit your needs?

No database required. Only filesystem storage with few simple files per package. Package deletion, renaming, making it uploadable (private) is done with simple mkdir, touch, etc commands
Just single statically compiled Go binary, UCSPI-TCP compatibility, high performance (including HTTP/2, keepalives and TLS session resumption)
No configuration file, but several simple command line arguments
Consistency (because of atomic synced operations) and integrity (because of cryptographic checksums stored nearby)
Package’s metadata and created times storing for uploaded and proxied packages

Initially it was created as a fork of cheeseshop, but nearly all the code was rewritten. It is aimed to be replacement for PyShop lacking huge quantity of features, reliability and consistency guarantees, workability without deprecated XML-RPC API, and suffering performance.

Supports proxying and caching of non-internal packages from the upstream PyPI installation.
Supports uploading of internal packages through the standard Warehouse API, including signatures, metadata and checksums.
Supports wheels, Metadata with PEP-0566 compatible conversion to JSON, multiple (MD5, SHA256, SHA512, BLAKE2b-256) integrity checksums storing and verifying during uploading and proxying.
Supports Simple and JSON APIs, being able to replace PyPI for all downstream clients.
Stores package’s creation time with solicitude as mtime, giving it in HTTP headers and JSON API.
TLS and HTTP/2 capable transport to the upstream, with enabled keepalives and session resumption TLS tickets. Graceful HTTP server shutdown. Can work as a UCSPI-TCP service.
Atomic and fsynced reliable and consistent updates to the filesystem.
Has ability to authenticate upstream PyPI by its X.509 certificate’s SPKI hash.
User authentication supports passwords either hashed with SHA256 or strengthened with Argon2i.

Also it contains contrib/pyshop2packages.sh migration script for converting Pyshop database into GoCheese one, including private packages.

GoCheese is copylefted free software licenced under GNU GPLv3.

Please send questions, bug reports and patches to mailto:gocheese@cypherpunks.su.

• Install:
• Usage:
• Passwords:
• TLS:
• Storage: