It has been found that in some cases additional packages have been added
as dependencies, like usr/share/applications, usr/lib/cmake, etc
This commit adds an ability to blacklist specific paths from processing
Add naive implementation of user password check by calling su command.
Also change some authentication method to require username to be string
instead of optional string
The feature is implemented as supplying !debug option to makepkg when
generating package list. In this case debug packages still will be
built, however, they will not be added to the repository
It is fine when application is able to log request, however, normally it
produces a lot noise, which has been handled by adding special logger.
However, nowadays it requires a lot endpoints to be filtered and doesn't
provide any choice.
Instead of it lets disable access logger by default and let users decide
do they need or not to see access log messages
* Allow to use single web instance for any repository
* some improvements
* drop includes from user home directory, introduce new variables to docker
The old solution didn't actually work as expected, because devtools
configuration belongs to filesystem (as well as sudo one), so it was
still required to run setup command.
In order to handle additional repositories, the POSTSETUP and PRESETUP
commands variables have been introduced. FAQ has been updated as well
* raise 404 in case if repository is unknown
* allow to use one application for multiple repositories
* update tests
* handle None append argument everywhere
* rewrite repository definition logic
* drop optional flags from docs
* support of new schema in systemd units
* add migration docs and ability to migrate tree automatically
* use repostory id instead
* verbose multiarchitectureerror
* object path support for s3 sync
* fix tests after rebase
* add support of remote task tracking
* add remote call trigger implementation
* docs update
* add cross-service upload
* add notes about user
* add more ability to control upload
* multipart upload with signatures as well as safe file save
* configuration reference update
* rename watcher methods
* erase logs based on current package version
Old implementation has used process id instead, but it leads to log
removal in case of remote process trigger
* add --server flag for setup command
* restore behavior of the httploghandler
This field is required in order to pass config validation in case if
section name differs from default one. Also by default keyring_generator
and mirrorlist_generator have been renamed to keyring-generator and
mirrorlist-generator respectively for consistence
It makes sense to read some values from environment. In particular this
feature is useful in case of running application in containers in ci/cd
See #108 for more details
Used implementation of the hasher includes salt itself, thus additional
salt is optional and can be safely (in terms of security) treat as empty
string
This commit also extends configuration of the multilib option, adding
the ability to exlcude multilib repository from repositories list
Note, that in order to support repository list and mirror correctly,
alpm configuration section is now architectture specific
Some commands have been moved to another group and thus having another
default name (old subcommands are still available...for now):
* daemon -> repo-daemon
* key-import -> service-key-import
* repo-clean -> service-clean
* repo-config -> service-config
* repo-config-validate -> service-config-validate
* repo-setup -> service-setup
* repo-shell -> service-shell
* version -> help-version
Some commands were made unsafe in old versions, but nowadays they can be
run without having special privileges.
There was also a bug in which status commands were not available if you
are not ahriman user and unix socket is used. It has been fixed by
switching to manual socket creation (see also
https://github.com/aio-libs/aiohttp/issues/4155)
* Unlike older version, currently service will always try to pull AUR
package to check version. Previously if no-vcs flag is set, it would
ignore VCS packages completelly
* Introduce build.vcs_allowed_age option. If set, it will skip version
calculation if package age (now - build_date) is less than this value
* Improve some wording (again)
* Change default type for refresh option to False (does not affect
behavior)
* Update docstrings to reflect last changes
* Configuration.__convert_path has been replaced by shlex
* aiosecurity functions support kwargs now
This feature can be used for unauthorized access to apis - e.g. for
reporting service if it is run on the same machine. Since now it becomes
recommended way for the interprocess communication, thus some options
(e.g. creating user with as-service flag) are no longer available now
The issue appears together with --intent-to-add flag for adding new
files. Original testing has been performed by having already added new
files, thus it passed all checks.
This commit also adds `commit_author` option which will allow to
overwrite the author.
By default this feature is enabled. On the first run it will copy (if
exists) databases from filesystem to local cache (one per each
architecture). Later it will use this cache for all alpm operations. In
order to update this cache, some commands (mainly package building)
provide `-y`/`--refresh` option which has same semantics as pacman -Sy
does.
Note however that due to extending `Pacman` class some methods were
renamed in order to be more descriptive:
* `Pacman.all_packages` -> `Pacman.packages`
* `Pacman.get` -> `Pacman.package_get`
This commit also adds multilib repository to the default docker image
which was missed.
The issue appears when there is no boto, jinja and some other libraries
are not installed because the classes which use these libraries are
still being imported inside the package file. The fix removes those
imports from package root, because they should not be here, in fact,
content of report and upload packages must be imported only inside the
trigger class and only if they are actually required
This commit also adds setuptools as required dependency since it is used
for some parsers (previously it was provided dependency)
