vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-05-06 22:18:28 +00:00
Code Issues Projects Releases Wiki Activity
2,669 Commits 11 Branches 27 Tags
3c5e83366aeb70c3010fdbeecd9edcd47df1c3bf
Commit Graph

63 Commits

Author SHA1 Message Date
dependabot[bot] 3c5e83366a build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 
Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.67.1 to 1.97.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.67.1...service/s3/v1.97.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.97.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-26 13:12:54 +00:00
Tim Foerster d616977904 Add SOURCE_DATE_EPOCH support for GPG signers 
Both the external GPG signer (--faked-system-time) and internal Go
OpenPGP signer (signerConfig.Time) now honor SOURCE_DATE_EPOCH,
producing reproducible signatures alongside the plain Release file dates.

Adds system tests for both signer backends verifying byte-identical
Release, Release.gpg and InRelease across repeated publishes.

The signer tests (PublishRepo3[78]Test) are using an ed25519 key because
ed25519 signatures are deterministic by design. The Go openpgp library
uses a random nonce for DSA/ECDSA (see signature.go Sign calls using
config.Random() link below) so those signatures vary across runs
even with a fixed timestamp, making byte-identical verification impossible.

In addition to 49f342878a
Ref: https://github.com/aptly-dev/aptly/pull/1537
Ref: https://github.com/ProtonMail/go-crypto/blob/v1.4.0/openpgp/packet/signature.go#L945-L979
 2026-04-26 14:32:23 +02:00
dependabot[bot] 76adbe49e0 build(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.6.1 to 1.6.3.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.6.1...v1.6.3)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-26 12:00:02 +00:00
André Roth 31fe26de5e Merge pull request #1461 from aptly-dev/dependabot/go_modules/github.com/cloudflare/circl-1.6.1 
build(deps): bump github.com/cloudflare/circl from 1.4.0 to 1.6.1
 2026-01-04 18:14:13 +01:00
dependabot[bot] abb2ad635f build(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.36.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.36.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-04 16:30:54 +00:00
dependabot[bot] a75df0a697 build(deps): bump github.com/cloudflare/circl from 1.4.0 to 1.6.1 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.4.0 to 1.6.1.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.4.0...v1.6.1)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-04 16:29:56 +00:00
Ato Araki af483d1165 feat(http): add GCP authentication for ar+https scheme 2025-12-17 12:57:17 +09:00
dependabot[bot] 887ce71005 Bump golang.org/x/net from 0.33.0 to 0.38.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-01 09:14:39 +00:00
dependabot[bot] cb72e2d70f Bump golang.org/x/crypto from 0.31.0 to 0.35.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.31.0 to 0.35.0.
- [Commits](https://github.com/golang/crypto/compare/v0.31.0...v0.35.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.35.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-05-01 08:15:38 +00:00
André Roth ae5379d84a go: use version 1.24 2025-04-25 14:20:13 +02:00
André Roth 9ef217b351 ci: use go 1.23 compatible with gocovmerge 2025-04-20 11:38:33 +02:00
André Roth cc32e79f2a Merge pull request #1423 from mikelolasagasti/google-uuid 
Switch to google/uuid module
 2025-01-11 23:56:23 +01:00
Mikel Olasagasti Uranga 7074fc8856 Switch to google/uuid module 
Current used github.com/pborman/uuid hasn't seen any updates in years.

Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>
 2025-01-11 23:18:50 +01:00
André Roth cad4233d0d Bump github.com/gin-gonic/gin from 1.7.7 to 1.9.1 
Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.7.7 to 1.9.1.
- [Release notes](https://github.com/gin-gonic/gin/releases)
- [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gin-gonic/gin/compare/v1.7.7...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/gin-gonic/gin
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
# Conflicts:
#	go.mod
#	go.sum
 2025-01-11 21:48:14 +01:00
dependabot[bot] 4076941bd7 Bump golang.org/x/net from 0.28.0 to 0.33.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.28.0 to 0.33.0.
- [Commits](https://github.com/golang/net/compare/v0.28.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-11 15:58:10 +01:00
August Feng 0b5a627c84 update goleveldb dependency 2025-01-11 14:35:28 +01:00
dependabot[bot] b49630d6fc Bump golang.org/x/crypto from 0.26.0 to 0.31.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.26.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.26.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-12 00:24:55 +00:00
André Roth a880a88fc0 yaml config 2024-12-11 12:02:52 +01:00
Leigh London 36121e5643 Bulk patch aws/aws-sdk-go-v2 dependencies 2024-11-19 14:59:26 +11:00
André Roth e2cbd637b8 use new azure-sdk 2024-11-17 17:43:20 +01:00
André Roth 7742980426 use specific go version 
As of Go 1.21, toolchain versions must use the 1.N.P syntax.
 2024-10-11 12:56:08 +02:00
André Roth ac2dd1dfd3 go mod tidy 2024-10-08 01:22:10 +02:00
André Roth 8b8eb57555 update etcd go mod 
to be compatible with debian version
 2024-10-03 01:15:56 +02:00
André Roth bdabfa1071 go mod tidy 2024-10-01 01:32:56 +02:00
dependabot[bot] 96e60ae540 build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.64.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.64.0...v1.64.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-09-24 16:41:06 +02:00
André Roth 88f4101866 update or downgrade go modules to match debian versions 
- use go 1.22 (as available also in bookworm-backports)
- do not install go mods in docker
 2024-09-24 10:14:39 +02:00
dependabot[bot] a7690c375e Bump google.golang.org/grpc from 1.38.0 to 1.56.3 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.38.0 to 1.56.3.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.38.0...v1.56.3)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-08-01 22:15:17 +02:00
hudeng 78172d11d7 feat: Add etcd database support 
improve concurrent access and high availability of aptly with the help of the characteristics of etcd
 2024-07-31 22:16:00 +02:00
Paul Cacheux 5353890b24 use tagged version of ProtonMail/go-crypto in go.mod 2024-05-15 16:41:35 +02:00
André Roth 27013c0b2b apply go mod tidy 2024-04-24 16:46:16 +02:00
André Roth 756c499314 fix go mod tidy and use go 1.19 
let's be compatible with debian/bookworm
 2024-04-24 16:46:16 +02:00
Ryan Gonzalez 8ab8398c50 Use github.com/saracen/walker for file walk operations 
In some local tests w/ a slowed down filesystem, this massively cut down
on the time to clean up a repository by ~3x, bringing a total 'publish
update' time from ~16s to ~13s.

Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
 2024-04-24 16:46:16 +02:00
dependabot[bot] ff8f79f883 Bump golang.org/x/net from 0.17.0 to 0.23.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-20 22:51:50 +02:00
dependabot[bot] 940538e39b Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-04-11 23:34:38 +02:00
dependabot[bot] 1001ca92c8 Bump golang.org/x/crypto from 0.14.0 to 0.17.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-06 21:19:55 +01:00
dependabot[bot] d060ad7200 Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.3.3 to 1.3.7.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.7)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-06 20:50:27 +01:00
André Roth d7cc9b89d1 system tests: use repository mirrors on S3 for reproducibility 
no direct internet download from apt repositories,
which over time will change or cease to exist.

also migrate to gpg2 on newer ubuntu.
 2024-02-05 13:04:45 +01:00
Paul Cacheux cfcab13c2a replace golang.org/x/crypto/openpgp with github.com/ProtonMail/go-crypto/openpgp 2023-11-23 11:40:58 +01:00
dependabot[bot] f1649a647b Bump golang.org/x/net from 0.15.0 to 0.17.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.15.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-11-01 19:32:49 +00:00
Sylvain Baubeau 3aaf0a8c44 Switch to aws-sdk-go-v2 2023-10-24 15:30:52 +02:00
Mauro Regli 972bf6b3cf Update Golang to 1.21 and dependencies 2023-09-21 11:25:18 +02:00
Sjoerd Simons 1df8cff842 Update go-xz to 0.1.0 
Older versions go-xz didn't wait for child processes meaning for exery
unpack action a defunct xz would stick around. This got fixed in 0.1.0

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
 2023-05-19 19:49:54 +02:00
Markus Muellner 8e62195eb5 implement structured logging 2023-02-20 13:42:50 +01:00
dependabot[bot] 0c749922c9 Bump github.com/aws/aws-sdk-go from 1.33.0 to 1.34.0 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.33.0 to 1.34.0.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/v1.34.0/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.33.0...v1.34.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-20 13:07:27 +01:00
dependabot[bot] 81582bffd2 Bump github.com/aws/aws-sdk-go from 1.25.0 to 1.33.0 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.25.0 to 1.33.0.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/v1.33.0/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.25.0...v1.33.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-10 16:36:03 +01:00
Adam Bambuch abf8abb59b upgrade go-xz go module 2022-08-04 10:48:20 +02:00
Benj Fassbind 1d4e6183be Capture coverage of integration tests 
To capture the coverage also for the integration tests,
a test only executing the cmd.Run function is used.

The test always exits with code 0 and prints the
real exit code to stdout. Otherwise no coverage
report is generated.

Those changes enable a more accurate coverage report
for future contributions.
 2022-07-13 08:33:48 +02:00
Sjoerd Simons 2aca913e92 Use parallel gzip instead of gzip for compression 
golangs compress/gzip isn't a parallel implementation, so it's quite a
bit slower on most modern servers then pgzip. The below benchmark
run shows that publishing a debian bullseye mirror snapshot (amd64, arm64,
armhf, source) shows a gain of about 35% in publishing time (when skipping
bz2 using MR #1081)

```
 hyperfine -w 1 -m 3 -L aptly aptly-nobz2,aptly-nobz2-pgzip -p "{aptly} -config aptly.conf publish drop bullseye || true" "{aptly} -config aptly.conf  publish snapshot --skip-bz2=true --skip-contents --skip-signing bullseye"
Benchmark 1: aptly-nobz2 -config aptly.conf  publish snapshot --skip-bz2=true --skip-contents --skip-signing bullseye
  Time (mean ± σ):     35.548 s ±  0.378 s    [User: 39.465 s, System: 10.046 s]
  Range (min … max):   35.149 s … 35.902 s    3 runs

Benchmark 2: aptly-nobz2-pgzip -config aptly.conf  publish snapshot --skip-bz2=true --skip-contents --skip-signing bullseye
  Time (mean ± σ):     26.592 s ±  0.069 s    [User: 42.207 s, System: 9.676 s]
  Range (min … max):   26.521 s … 26.660 s    3 runs

Summary
  'aptly-nobz2-pgzip -config aptly.conf  publish snapshot --skip-bz2=true --skip-contents --skip-signing bullseye' ran
    1.34 ± 0.01 times faster than 'aptly-nobz2 -config aptly.conf  publish snapshot --skip-bz2=true --skip-contents --skip-signing bullseye'
```

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
 2022-06-21 15:43:58 +02:00
Sjoerd Simons 26254a0ad8 Run go mod tidy 
Seems go.mod had some modules that are no longer used since the last
version bumps? Running `make modules` or really `go mod tidy`
automagically cleans those up.

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
 2022-06-21 15:43:58 +02:00
Benj Fassbind f519ecded7 Update azure dependency 2022-06-20 12:50:24 +02:00