@@ -176,7 +176,7 @@ Valid `Accept` header field values are described by the following rules:
176176 accept = "application/vnd.swift.registry" [".v" version] ["+" mediatype]
177177```
178178
179- A server SHALL set the ` Content-Type ` and ` Content-Version ` header fields
179+ A server MUST set the ` Content-Type ` and ` Content-Version ` header fields
180180with the corresponding content type and API version number of the response.
181181
182182``` http
@@ -316,6 +316,7 @@ containing the releases for the requested package.
316316HTTP/1.1 200 OK
317317Content-Type: application/json
318318Content-Version: 1
319+ Content-Length: 508
319320Link: <https://github.com/mona/LinkedList>; rel="canonical",
320321 <ssh://git@github.com:mona/LinkedList.git>; rel="alternate",
321322 <https://packages.example.com/mona/LinkedList/1.1.1>; rel="latest-version",
@@ -341,7 +342,7 @@ Link: <https://github.com/mona/LinkedList>; rel="canonical",
341342}
342343```
343344
344- The response body SHALL contain a JSON object
345+ The response body MUST contain a JSON object
345346nested at a top-level ` releases ` key,
346347whose keys are version numbers for releases and
347348whose values are objects containing the following fields:
@@ -426,8 +427,9 @@ Otherwise, a server SHOULD respond with a status code of `404` (Not Found).
426427
427428``` http
428429HTTP/1.1 200 OK
429- Content-Type: application/json
430430Content-Version: 1
431+ Content-Type: application/json
432+ Content-Length: 620
431433Link: <https://packages.example.com/mona/LinkedList/1.1.1>; rel="latest-version",
432434 <https://packages.example.com/mona/LinkedList/1.0.0>; rel="predecessor-version"
433435```
@@ -504,7 +506,6 @@ Content-Type: text/x-swift
504506Content-Disposition: attachment; filename="Package.swift"
505507Content-Length: 361
506508Content-Version: 1
507- ETag: 87e749848e0fc4cfc509e4090ca37773
508509Link: <http://packages.example.com/mona/LinkedList/Package.swift?swift-version=4>; rel="alternate",
509510 <http://packages.example.com/mona/LinkedList/Package.swift?swift-version=4.2>; rel="alternate"
510511
@@ -566,7 +567,6 @@ Content-Type: text/x-swift
566567Content-Disposition: attachment; filename="Package@swift-4.2.swift"
567568Content-Length: 361
568569Content-Version: 1
569- ETag: 24f6cd72352c4201df22a5be356d4d22
570570
571571// swift-tools-version:4.2
572572import PackageDescription
@@ -625,16 +625,15 @@ Content-Disposition: attachment; filename="LinkedList-1.1.1.zip"
625625Content-Length: 2048
626626Content-Version: 1
627627Digest: sha-256=a2ac54cf25fbc1ad0028f03f0aa4b96833b83bb05a14e510892bb27dea4dc812
628- ETag: e61befdd5056d4b8bafa71c5bbb41d71
629628Link: <https://mirror-japanwest.example.com/mona-LinkedList-1.1.1.zip>; rel=duplicate; geo=jp; pri=10; type="application/zip"
630629```
631630
632- A server SHALL respond with a ` Content-Length ` header
631+ A server MUST respond with a ` Content-Length ` header
633632set to the size of the archive in bytes.
634633A client SHOULD terminate any requests whose response exceeds
635634the expected content length.
636635
637- A server SHALL respond with a ` Digest ` header
636+ A server MUST respond with a ` Digest ` header
638637containing a SHA-256 checksum for the source archive.
639638
640639A server SHOULD respond with a ` Content-Disposition ` header
@@ -648,7 +647,7 @@ and caching as described by [RFC 7234].
648647
649648#### 4.4.1. Integrity verification
650649
651- A client SHOULD verify the integrity of a downloaded source archive
650+ A client MUST verify the integrity of a downloaded source archive
652651using the checksum provided in the ` Digest ` header of a response
653652(for example, using the command
654653` echo "$CHECKSUM LinkedList-1.1.1.zip" | shasum -a 256 -c ` ).
@@ -663,15 +662,22 @@ A client MAY use this information
663662to determine its preferred strategy for downloading.
664663
665664A server that indexes but doesn't host packages
666- SHOULD respond with a status code of ` 303 ` (See Other)
665+ MAY respond with a status code of ` 303 ` (See Other)
667666and redirect to a hosted package archive if one is available.
668667
669668``` http
670669HTTP/1.1 303 See Other
671670Content-Version: 1
671+ Content-Length: 2048
672+ Digest: sha-256=a2ac54cf25fbc1ad0028f03f0aa4b96833b83bb05a14e510892bb27dea4dc812
672673Location: https://packages.example.com/mona/LinkedList/1.1.1.zip
673674```
674675
676+ The client SHOULD consider the ` Digest ` and ` Content-Length ` headers
677+ sent in the response to be authoritative for the redirected resource.
678+ The client MUST NOT follow redirects that downgrade to an insecure connection.
679+ The client SHOULD limit the number of redirects to prevent a redirect loop.
680+
675681<a name =" endpoint-5 " ></a >
676682
677683### 4.5 Lookup package identifiers registered for a URL
@@ -708,7 +714,7 @@ Content-Version: 1
708714}
709715```
710716
711- The response body SHALL contain an array of package identifier strings
717+ The response body MUST contain an array of package identifier strings
712718nested at a top-level ` identifiers ` key.
713719
714720It is RECOMMENDED for clients and servers to support
@@ -770,6 +776,7 @@ paths:
770776 tags :
771777 - Package
772778 summary : List package releases
779+ operationId : listPackageReleases
773780 parameters :
774781 - name : Content-Type
775782 in : header
@@ -783,6 +790,9 @@ paths:
783790 headers :
784791 Content-Version :
785792 $ref : " #/components/headers/contentVersion"
793+ Content-Length :
794+ schema :
795+ type : integer
786796 content :
787797 application/json :
788798 schema :
@@ -801,6 +811,7 @@ paths:
801811 tags :
802812 - Release
803813 summary : Fetch release metadata
814+ operationId : fetchReleaseMetadata
804815 parameters :
805816 - name : Content-Type
806817 in : header
@@ -814,6 +825,9 @@ paths:
814825 headers :
815826 Content-Version :
816827 $ref : " #/components/headers/contentVersion"
828+ Content-Length :
829+ schema :
830+ type : integer
817831 content :
818832 application/json :
819833 schema :
@@ -832,6 +846,7 @@ paths:
832846 tags :
833847 - Release
834848 summary : Fetch manifest for a package release
849+ operationId : fetchManifestForPackageRelease
835850 parameters :
836851 - name : Content-Type
837852 in : header
@@ -855,9 +870,6 @@ paths:
855870 type : integer
856871 Content-Version :
857872 $ref : " #/components/headers/contentVersion"
858- Etag :
859- schema :
860- type : string
861873 Link :
862874 schema :
863875 type : string
@@ -879,6 +891,7 @@ paths:
879891 tags :
880892 - Release
881893 summary : Download source archive
894+ operationId : downloadSourceArchive
882895 parameters :
883896 - name : Content-Type
884897 in : header
@@ -908,9 +921,6 @@ paths:
908921 required : true
909922 schema :
910923 type : string
911- Etag :
912- schema :
913- type : string
914924 Link :
915925 schema :
916926 type : string
@@ -919,6 +929,8 @@ paths:
919929 schema :
920930 type : string
921931 format : binary
932+ 3XX :
933+ $ref : " #/components/responses/redirect"
922934 4XX :
923935 $ref : " #/components/responses/problemDetails"
924936 /identifiers :
@@ -928,6 +940,7 @@ paths:
928940 tags :
929941 - Package
930942 summary : Lookup package identifiers registered for a URL
943+ operationId : lookupPackageIdentifiersByURL
931944 parameters :
932945 - name : Content-Type
933946 in : header
@@ -1012,10 +1025,27 @@ components:
10121025 Content-Language :
10131026 schema :
10141027 type : string
1028+ Content-Length :
1029+ schema :
1030+ type : integer
10151031 content :
10161032 application/problem+json :
10171033 schema :
10181034 $ref : " #/components/schemas/problem"
1035+ redirect :
1036+ description : A server redirect.
1037+ headers :
1038+ Content-Version :
1039+ $ref : " #/components/headers/contentVersion"
1040+ Location :
1041+ schema :
1042+ type : string
1043+ Digest :
1044+ schema :
1045+ type : string
1046+ Content-Length :
1047+ schema :
1048+ type : integer
10191049 parameters :
10201050 scope :
10211051 name : scope
0 commit comments