KN4CK3R
232179aa3d
Do not escape relative path in RPM primary index ( #32038 )
...
Fixes #32021
Do not escape the relative path.
(cherry picked from commit f528df944bb9436afcb9272add2ee0cccefbdb55)
(cherry picked from commit 0cafec4c7a
)
2024-09-27 08:13:29 +00:00
Exploding Dragon
471265c4e0
Add signature support for the RPM module ( #4780 )
...
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/valkey/valkey:7.2.5-alpine3.19 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:redis:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch port:6379]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
This pull request comes from https://github.com/go-gitea/gitea/pull/27069 .
If the rpm package does not contain a matching gpg signature, the installation will fail. See ([gitea/gitea#27031 ](https://github.com/go-gitea/gitea/issues/27031 )) , now auto-signing all new rpm uploads.
This option is turned off by default for compatibility.
<!--start release-notes-assistant-->
## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-- >
- Features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/4780 ): <!--number 4780 --><!--line 0 --><!--description QWRkIHNpZ25hdHVyZSBzdXBwb3J0IGZvciB0aGUgUlBNIG1vZHVsZQ==-->Add signature support for the RPM module<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4780
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-02 05:56:57 +00:00
Gusted
45341ee9ce
[CHORE] Use github.com/ProtonMail/go-crypto
...
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
2024-07-15 17:27:37 +02:00
KN4CK3R
461d8b53c2
Fix some RPM registry flaws ( #28782 )
...
Related #26984
(https://github.com/go-gitea/gitea/pull/26984#issuecomment-1889588912 )
Fix admin cleanup message.
Fix models `Get` not respecting default values.
Rebuild RPM repository files after cleanup.
Do not add RPM group to package version name.
Force stable sorting of Alpine/Debian/RPM repository data.
Fix missing deferred `Close`.
Add tests for multiple RPM groups.
Removed non-cached `ReplaceAllStringRegex`.
If there are multiple groups available, it's stated in the package
installation screen:
![grafik](https://github.com/go-gitea/gitea/assets/1666336/8f132760-882c-4ab8-9678-77e47dfc4415 )
2024-01-19 11:37:10 +00:00
Exploding Dragon
ba4d0b8ffb
Support for grouping RPMs using paths ( #26984 )
...
The current rpm repository places all packages in the same repository,
and different systems (el7,f34) may hit packages that do not belong to
this distribution ( #25304 ) , which now supports grouping of rpm.
![图片](https://github.com/go-gitea/gitea/assets/33776693/d1e1d99f-7799-4b2b-a19b-cb2a5c692914 )
Fixes #25304 .
Fixes #27056 .
Refactor: [#25866 ](https://github.com/go-gitea/gitea/pull/25866 )
2024-01-12 03:16:05 +00:00
KN4CK3R
ff5106d700
Fix possible nil pointer access ( #28428 )
...
There could be a nil pointer exception if the file is not found because
that specific error is suppressed but not handled.
2023-12-12 13:51:33 +00:00
KN4CK3R
dfa77ac020
Fix RPM/Debian signature key creation ( #28352 )
...
Fixes #28324
The name parameter can't contain some characters
(https://github.com/keybase/go-crypto/blob/master/openpgp/keys.go#L680 )
but is optional. Therefore just use an empty string.
2023-12-05 00:48:01 +00:00
KN4CK3R
ab3f6c1bac
Close all hashed buffers ( #27787 )
...
Add missing `.Close()` calls. The current code does not delete the
temporary files if the data grows over 32mb.
2023-10-25 21:24:24 +02:00
JakobDev
7047df36d4
Another round of db.DefaultContext
refactor ( #27103 )
...
Part of #27065
---------
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-09-25 13:17:37 +00:00
JakobDev
c548dde205
More refactoring of db.DefaultContext
( #27083 )
...
Next step of #27065
2023-09-15 06:13:19 +00:00
Chongyi Zheng
ac2f8c9ac6
Reduce some allocations in type conversion ( #26772 )
2023-08-29 00:43:16 +08:00
Peter Verraedt
48cd82b759
Fix version in rpm repodata/primary.xml.gz ( #26009 )
...
The version listed in rpm repodata should only contain the rpm version
(1.0.0) and not the combination of version and release (1.0.0-2). We
correct this behaviour in primary.xml.gz, filelists.xml.gz and
others.xml.gz.
Signed-off-by: Peter Verraedt <peter@verraedt.be>
2023-07-21 19:41:38 +00:00
KN4CK3R
05209f0d1d
Add RPM registry ( #23380 )
...
Fixes #20751
This PR adds a RPM package registry. You can follow [this
tutorial](https://opensource.com/article/18/9/how-build-rpm-packages ) to
build a *.rpm package for testing.
This functionality is similar to the Debian registry (#22854 ) and
therefore shares some methods. I marked this PR as blocked because it
should be merged after #22854 .
![grafik](https://user-images.githubusercontent.com/1666336/223806549-d8784fd9-9d79-46a2-9ae2-f038594f636a.png )
2023-05-05 20:33:37 +00:00