vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-04-16 18:58:18 +00:00
Code Issues Projects Releases Wiki Activity
2,655 Commits 13 Branches 27 Tags
e2ebcbb02a128389010d7da4ebdcfc30dbedde05
Commit Graph

2655 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Zhang Xiao
e2ebcbb02a Release file: support Version field 
https://wiki.debian.org/DebianRepository/Format#Version

The Version field, if specified, shall be the version of the release.
On the other hand, if not set or set to an empty value, the Version
field will not be included in the Release file.

Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
 2026-03-03 07:38:44 +00:00
André Roth
9defe70190 Merge pull request #1537 from tonobo/reproducible-publish 
Add SOURCE_DATE_EPOCH support for reproducible builds
 2026-02-28 12:46:57 +01:00
André Roth
23943d47e9 Merge pull request #1531 from xzhang1/fix-testcase 
fix `t06_publish/PublishSnapshot43Test_gold` gold error
 2026-02-28 11:44:32 +01:00
Tim Foerster
49f342878a Add SOURCE_DATE_EPOCH support for reproducible builds 
Implement support for the SOURCE_DATE_EPOCH environment variable as
specified by reproducible-builds.org. When set, this variable overrides
the current timestamp in the Release file's Date and Valid-Until fields,
enabling reproducible filesystem publishes.

- Read SOURCE_DATE_EPOCH environment variable in Publish()
- Use the epoch timestamp for both Date and Valid-Until fields
- Gracefully fallback to current time if unset or invalid
- Add comprehensive tests for valid and invalid SOURCE_DATE_EPOCH values
 2026-02-20 07:24:52 +01:00
Zhang Xiao
1f29c65a95 fix t06_publish/PublishSnapshot43Test_gold gold error 
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
 2026-02-03 07:12:04 +00:00
André Roth
a65f79eb79 Merge pull request #1479 from abregar/issues-309-691 
Add config key for 'gpgKeys' and allow multiple keyRefs when signing with gpg, fixing Issues #309 and #691
 2026-01-26 11:58:03 +01:00
André Roth
c6a9f82358 multi sign: add test 2026-01-26 11:26:40 +01:00
Ales Bregar
1702537979 clearer REST api docs, put whitespace to docs to show that keyId strings are trimmed 2026-01-24 10:55:15 +01:00
Ales Bregar
12604b9379 updating REST api with multiple gpg keys support, due backwards compatibility introducing CSV under same key (gpg-key) 2026-01-24 10:55:15 +01:00
Ales Bregar
9b523e6bd5 review fix 2026-01-24 10:55:15 +01:00
Ales Bregar
aa030e3f36 system test t12_api sends empty keyRef string, making gpg fail 2026-01-24 10:55:15 +01:00
Ales Bregar
8e739524b0 system test unexpected string fix (would be helpful, but not changing the test just for this) 2026-01-24 10:55:15 +01:00
Ales Bregar
4ba4c0cba6 system test configuration fix 2026-01-24 10:55:15 +01:00
Ales Bregar
48d02918c1 documentation updated 2026-01-24 10:55:15 +01:00
Ales Bregar
d672bfa317 white space revert to minimize change 2026-01-24 10:55:15 +01:00
Ales Bregar
9a90038dd2 - #309 adding gpgKeys config key, accepting array of keyRef, cli args has precedence 
- #691 adding handling of multiple keyRefs when signing with gpg
 2026-01-24 10:55:15 +01:00
André Roth
7d23196f76 Merge pull request #1529 from aptly-dev/fix/deadlocks 
tasklist: fix deadlocks
 2026-01-20 21:28:00 +01:00
André Roth
2c6812934e tasklist: fix deadlocks 
* lock correct resources
* unlock list before queueing
 2026-01-18 19:31:26 +01:00
André Roth
60f3eb151b Merge pull request #1484 from xzhang1/update_label 
Support updating label and origin domain of publish
 2026-01-17 11:44:32 +01:00
André Roth
0db9797c4e add test 2026-01-16 14:50:09 +01:00
Zhang Xiao
a2ffffedc1 Support updating label and origin domain of publish 
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
 2026-01-16 14:50:09 +01:00
André Roth
19b98c62c1 Merge pull request #1504 from bwitt/error_outofspace 
Return error on out of space
 2026-01-16 14:49:20 +01:00
André Roth
06fea598e1 ci: fail on failed coverage upload 2026-01-16 13:15:43 +01:00
André Roth
9a6f06d23e unit-test: use /smallfs when non-root 2026-01-11 21:19:24 +01:00
André Roth
67f6a0e458 ci: provide 1MB /smallfs to docker 2026-01-11 21:19:24 +01:00
André Roth
a57e2aecd7 ci: run unit tests in docker 
- run separate unit-test job
- build docker
- allow make docker-unit-tests in ci
 2026-01-11 21:19:13 +01:00
Brian Witt
1e7c15b69b error on out of space 2026-01-11 14:26:56 +01:00
André Roth
a70f572efd docs: update PR tempalte 2026-01-11 14:02:24 +01:00
André Roth
8c183b45c6 Merge pull request #1524 from jay7x/patch-1 
Update Puppet module references in README
 2026-01-11 13:06:46 +01:00
Yury Bushmelev
a8f7f58dab Update Puppet module references in README 
Removed outdated Puppet module references and added an actively
maintained one.
 2026-01-07 13:52:12 +08:00
André Roth
31fe26de5e Merge pull request #1461 from aptly-dev/dependabot/go_modules/github.com/cloudflare/circl-1.6.1 
build(deps): bump github.com/cloudflare/circl from 1.4.0 to 1.6.1
 2026-01-04 18:14:13 +01:00
André Roth
eb1b770dc2 Merge pull request #1506 from aptly-dev/dependabot/go_modules/golang.org/x/crypto-0.45.0 
build(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0
 2026-01-04 17:56:40 +01:00
dependabot[bot]
abb2ad635f build(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.36.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.36.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-04 16:30:54 +00:00
dependabot[bot]
a75df0a697 build(deps): bump github.com/cloudflare/circl from 1.4.0 to 1.6.1 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.4.0 to 1.6.1.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.4.0...v1.6.1)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-04 16:29:56 +00:00
André Roth
ea797f8ebe Merge pull request #1518 from LebedevRI/inrelease-signedby 
`InRelease` file: support `Signed-By` field
 2026-01-04 12:46:35 +01:00
Roman Lebedev
a4cc9211d6 InRelease file: support Signed-By field 
https://wiki.debian.org/DebianRepository/Format#Signed-By says:
> **Signed-By**
> An optional field containing a comma separated list of
> OpenPGP key fingerprints to be used for validating
> the next Release file. The fingerprints must consist
> only of hex digits and may not contain spaces.
> The fingerprint specifies either the key the Release file
> must be signed with or the key the signature key must be
> a subkey of. The later match can be disabled by appending
> an exclamation mark to the fingerprint.
>
> If the field is present, a client should only accept future updates
> to the repository that are signed with keys listed in the field.
> The field should be ignored if the Valid-Until field is not present
> or if it is expired.

For both the CLI tools and JSON, the field is taken as a string verbatim.

When specified, we must also provide `Valid-Until` field,
and i'm not sure there is an 'infinity' value for it,
so 100 years will have to do?

Fixes https://github.com/aptly-dev/aptly/issues/1497
 2025-12-30 06:06:48 +03:00
André Roth
836d9f3b8b Merge pull request #1509 from thunder-coding/dpkg-compliant-version-compare 
make version comparision more similar to that of dpkg
 2025-12-26 16:56:11 +01:00
André Roth
61650e5b3b Merge branch 'master' into dpkg-compliant-version-compare 2025-12-26 16:55:52 +01:00
André Roth
4e457aa570 Merge pull request #1513 from gaby/add-latest-flag-to-makecmdmirrorupdate 
feat: Support for only downloading the latest version of packages
 2025-12-26 16:26:43 +01:00
André Roth
fe70da9c08 Merge branch 'master' into add-latest-flag-to-makecmdmirrorupdate 2025-12-26 16:26:01 +01:00
André Roth
4b57e65658 Merge pull request #1505 from atotto/feature/mirror-from-google-artifact-registry 
feat(http): add Google Artifact Registry authentication for ar+https scheme
 2025-12-26 16:13:01 +01:00
Ato Araki
bcd81eeae4 update AUTHORS 2025-12-17 12:57:17 +09:00
Ato Araki
af483d1165 feat(http): add GCP authentication for ar+https scheme 2025-12-17 12:57:17 +09:00
André Roth
6b8651fda2 Merge pull request #1510 from LeiCraft/fix-swagger-pascalcase 
Fix swagger property casing
 2025-12-15 10:23:41 +01:00
Juan Calderon-Perez
de699aebe5 Update AUTHORS list 2025-12-11 09:42:15 -05:00
Juan Calderon-Perez
0021cf876b Harden latest-only filtering 2025-12-11 07:20:37 -05:00
Linus Fischer
32b601bde6 Fix swagger property casing 2025-12-02 11:03:28 +00:00
Yaksh Bariya
b464e7f80b give myself some credit as well 
Cause I'm nice :)
 2025-12-01 00:33:04 +05:30
Yaksh Bariya
e0f282aca9 make version comparision more similar to that of dpkg 
Initially found by automated repository health checks used by Termux
in https://github.com/termux/termux-packages/issues/27472

The root problem was 4.3.5a comparing less than 4.3.5-rc1-1 by aptly
According to debian "4.3.5a" > "4.3.5-rc1-1"

This is because dpkg splits hyphen for revision at the first hyphen,
whereas aptly was splitting at the last hyphen which is different from
dpkg's behaviour.

dpkg behaviour: https://git.dpkg.org/cgit/dpkg/dpkg.git/tree/lib/dpkg/parsehelp.c#n242

Perhaps this wasn't detected as there was broken tests in the repository
since the initial commit of aptly. This also fixes those tests
 2025-12-01 00:28:37 +05:30
André Roth
ba65daf6cb Merge pull request #1480 from alguimodd/s3-reupload-fix 
feat(s3): add publishedPrefix to pathCache to avoid reupload of files
 2025-11-11 19:00:31 +01:00