Expand on the "Manual" repository example #1951
Description
Issue Description
https://packaging.python.org/en/latest/guides/hosting-your-own-index/ mentions hosting release artifacts as static files, but it doesn't mention that relying on the default index pages generated by something like http.server may result in lock files that don't contain expected artifact hashes (e.g. uv won't download the artifacts if hashes are not provided by the index server, it just omits the hashes from the affected lockfile)
Adding the hashes to a pre-generated project detail page is intentionally straightforward, so I don't think it would be unreasonable to actually cover how to do that:
<!DOCTYPE html>
<html lang="en">
<head>
<title>Links for local_project</title>
</head>
<body>
<h1>Links for local_project</h1>
<a href="./local_project-1.0-cp311-cp311-win_arm64.whl#sha256=eb8a8cd0d4667994ac218a1ed5faca4a634670f1500bbc9401cd212654efeaae" >local_project-1.0-cp311-cp311-win_arm64.whl</a><br />
</body>
</html>Extracting the wheel metadata files and including them in the index entries is a little bit more involved, but also potentially worth documenting.
Finally, the mention of dumb_pypi should probably be moved up to this section rather than being left in the main self-hosting table (since it's actually a tool for translating a list of artifacts into a static simple repository API structure rather than being a server in its own right)
Code of Conduct
- I am aware that participants in this repository must follow the PSF Code of Conduct.