vincent/aptly
1
0
Fork 0
mirror of https://github.com/aptly-dev/aptly.git synced 2026-05-06 22:18:28 +00:00
Code Issues Projects Releases Wiki Activity
2,694 Commits 11 Branches 27 Tags
e908531befa13b53bba81bb9fb4f436727c841ef
Commit Graph

17 Commits

Author SHA1 Message Date
Tim Foerster
d616977904 Add SOURCE_DATE_EPOCH support for GPG signers 
Both the external GPG signer (--faked-system-time) and internal Go
OpenPGP signer (signerConfig.Time) now honor SOURCE_DATE_EPOCH,
producing reproducible signatures alongside the plain Release file dates.

Adds system tests for both signer backends verifying byte-identical
Release, Release.gpg and InRelease across repeated publishes.

The signer tests (PublishRepo3[78]Test) are using an ed25519 key because
ed25519 signatures are deterministic by design. The Go openpgp library
uses a random nonce for DSA/ECDSA (see signature.go Sign calls using
config.Random() link below) so those signatures vary across runs
even with a fixed timestamp, making byte-identical verification impossible.

In addition to 49f342878a
Ref: https://github.com/aptly-dev/aptly/pull/1537
Ref: https://github.com/ProtonMail/go-crypto/blob/v1.4.0/openpgp/packet/signature.go#L945-L979
 2026-04-26 14:32:23 +02:00
André Roth
f7057a9517 go1.24: fix lint, unit and system tests 
- development env: base on debian trixie with go1.24
- lint: run with default config
- fix lint errors
- fix unit tests
- fix system test
 2025-04-26 13:29:50 +02:00
André Roth
c1f7e5fe96 handle GpgDisableVerify and ignore-signatures consistently 
and be less verbose
 2024-07-03 18:08:58 +02:00
Paul Cacheux
cfcab13c2a replace golang.org/x/crypto/openpgp with github.com/ProtonMail/go-crypto/openpgp 2023-11-23 11:40:58 +01:00
Mauro Regli
40c242f9d1 Fix: Remove Batch from API options, set to true by default, add comments 
Fixes: #1106
 2023-09-14 10:34:20 +02:00
Markus Muellner
352f4e8772 update golangci-lint and replace deprecated calls to io/ioutil 2022-12-12 10:21:39 +01:00
Benj Fassbind
8046fb1eb9 Fix failing checks 2022-04-05 11:41:14 +02:00
Vítězslav Dvořák
174943cd0f Proposed keyserver changed to functional one #990 2021-11-02 15:01:17 +01:00
Stephan Eicher
aa02c5cbe9 Fix #827 - passhprase typos 2019-09-02 23:26:37 +03:00
Andrey Smirnov
021b6f694b Fix flakey tests related to identity name ordering. 2019-08-07 20:47:52 +03:00
Andrey Smirnov
9f7c1f90ec Support for non-armored detached signatures 2018-09-26 01:36:52 +03:00
Andrey Smirnov
aa3a2ab595 New signing key for aptly repo, and small fixes 
Build on Go 1.10, drop Go 1.7

Remove references to now defunct pgp.mit.edu, fix system test
 2018-03-16 01:27:57 +03:00
Andrey Smirnov
68da8a674a Improve internal PGP provider 
1. Print additional details about keys being used for signing
2. Skip expired keys
3. Add `\n` to logged messages
 2017-07-28 00:53:50 +03:00
Andrey Smirnov
3674e1adee System tests for mirror create/update with internal PGP implementation 2017-07-21 01:09:20 +03:00
Andrey Smirnov
05a5e69483 Fix misspelling 2017-07-21 01:01:58 +03:00
Andrey Smirnov
84a6d573f8 Implement GPG signer 2017-07-21 01:01:58 +03:00
Andrey Smirnov
07fde3177b GoVerifier implementation 2017-07-21 01:01:58 +03:00