mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-10-31 14:31:02 +00:00
Code Issues Projects Releases Packages Wiki Activity
20,621 commits 22 branches 265 tags 223 MiB
Commit graph

12 commits

Author SHA1 Message Date
Exploding Dragon
471265c4e0 Add signature support for the RPM module (#4780) 
This pull request comes from https://github.com/go-gitea/gitea/pull/27069.

If the rpm package does not contain a matching gpg signature, the installation will fail. See ([gitea/gitea#27031](https://github.com/go-gitea/gitea/issues/27031)) , now auto-signing all new rpm uploads.

This option is turned off by default for compatibility.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4780): <!--number 4780 --><!--line 0 --><!--description QWRkIHNpZ25hdHVyZSBzdXBwb3J0IGZvciB0aGUgUlBNIG1vZHVsZQ==-->Add signature support for the RPM module<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4780
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
 2024-08-02 05:56:57 +00:00
Gusted
45341ee9ce
 		[CHORE] Use github.com/ProtonMail/go-crypto 
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
 and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
 2024-07-15 17:27:37 +02:00
KN4CK3R
461d8b53c2
 		Fix some RPM registry flaws (#28782) 
Related #26984
(https://github.com/go-gitea/gitea/pull/26984#issuecomment-1889588912)

Fix admin cleanup message.
Fix models `Get` not respecting default values.
Rebuild RPM repository files after cleanup.
Do not add RPM group to package version name.
Force stable sorting of Alpine/Debian/RPM repository data.
Fix missing deferred `Close`.
Add tests for multiple RPM groups.
Removed non-cached `ReplaceAllStringRegex`.

If there are multiple groups available, it's stated in the package
installation screen:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/8f132760-882c-4ab8-9678-77e47dfc4415)
 2024-01-19 11:37:10 +00:00
Exploding Dragon
ba4d0b8ffb
 		Support for grouping RPMs using paths (#26984) 
The current rpm repository places all packages in the same repository,
and different systems (el7,f34) may hit packages that do not belong to
this distribution ( #25304 ) , which now supports grouping of rpm.

![图片](https://github.com/go-gitea/gitea/assets/33776693/d1e1d99f-7799-4b2b-a19b-cb2a5c692914)

Fixes #25304 .
Fixes #27056 .

Refactor: [#25866](https://github.com/go-gitea/gitea/pull/25866)
 2024-01-12 03:16:05 +00:00
KN4CK3R
ff5106d700
 		Fix possible nil pointer access (#28428) 
There could be a nil pointer exception if the file is not found because
that specific error is suppressed but not handled.
 2023-12-12 13:51:33 +00:00
KN4CK3R
dfa77ac020
 		Fix RPM/Debian signature key creation (#28352) 
Fixes #28324

The name parameter can't contain some characters
(https://github.com/keybase/go-crypto/blob/master/openpgp/keys.go#L680)
but is optional. Therefore just use an empty string.
 2023-12-05 00:48:01 +00:00
KN4CK3R
ab3f6c1bac
 		Close all hashed buffers (#27787) 
Add missing `.Close()` calls. The current code does not delete the
temporary files if the data grows over 32mb.
 2023-10-25 21:24:24 +02:00
JakobDev
7047df36d4
 		Another round of db.DefaultContext refactor (#27103) 
Part of #27065

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
 2023-09-25 13:17:37 +00:00
JakobDev
c548dde205
 		More refactoring of db.DefaultContext (#27083) 
Next step of #27065
 2023-09-15 06:13:19 +00:00
Chongyi Zheng
ac2f8c9ac6
 		Reduce some allocations in type conversion (#26772) 2023-08-29 00:43:16 +08:00
Peter Verraedt
48cd82b759
 		Fix version in rpm repodata/primary.xml.gz (#26009) 
The version listed in rpm repodata should only contain the rpm version
(1.0.0) and not the combination of version and release (1.0.0-2). We
correct this behaviour in primary.xml.gz, filelists.xml.gz and
others.xml.gz.

Signed-off-by: Peter Verraedt <peter@verraedt.be>
 2023-07-21 19:41:38 +00:00
KN4CK3R
05209f0d1d
 		Add RPM registry (#23380) 
Fixes #20751

This PR adds a RPM package registry. You can follow [this
tutorial](https://opensource.com/article/18/9/how-build-rpm-packages) to
build a *.rpm package for testing.

This functionality is similar to the Debian registry (#22854) and
therefore shares some methods. I marked this PR as blocked because it
should be merged after #22854.


![grafik](https://user-images.githubusercontent.com/1666336/223806549-d8784fd9-9d79-46a2-9ae2-f038594f636a.png)
 2023-05-05 20:33:37 +00:00