minor cleanup based on make check

Adding authorisation options for API access
- ldap currently the only supported method adding authorisation options for local repositories - ldap groups per repo
2026-05-31 04:30:44 +00:00 · 2025-02-15 23:49:45 +01:00 · 2025-02-15 23:49:45 +01:00 · 2025-02-15 22:25:56 +01:00 · 2025-02-15 19:10:42 +01:00 · 2025-02-15 16:23:53 +01:00
35 changed files with 593 additions and 180 deletions
@@ -30,12 +30,12 @@ jobs:
      GOPROXY: "https://proxy.golang.org"

    steps:
-      - name: "Install packages"
+      - name: "Install Packages"
        run: |
          sudo apt-get update
          sudo apt-get install -y --no-install-recommends graphviz gnupg2 gpgv2 git gcc make devscripts python3 python3-requests-unixsocket python3-termcolor python3-swiftclient python3-boto python3-azure-storage python3-etcd3 python3-plyvel flake8

-      - name: "Checkout repository"
+      - name: "Checkout Repository"
        uses: actions/checkout@v4
        with:
          # fetch the whole repo for `git describe` to work
@@ -45,7 +45,7 @@ jobs:
        run: |
          make flake8

-      - name: "Read go version from go.mod"
+      - name: "Read Go Version"
        run: |
          gover=$(sed -n 's/^go \(.*\)/\1/p' go.mod)
          echo "Go Version: $gover"
@@ -91,12 +91,12 @@ jobs:
          sudo mkdir -p /srv ; sudo chown runner /srv
          COVERAGE_DIR=${{ runner.temp }} make system-test

-      - name: "Merge code coverage"
+      - name: "Merge Code Coverage"
        run: |
          go install github.com/wadey/gocovmerge@latest
          ~/go/bin/gocovmerge unit.out ${{ runner.temp }}/*.out > coverage.txt

-      - name: "Upload code coverage"
+      - name: "Upload Code Coverage"
        uses: codecov/codecov-action@v2
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
@@ -148,13 +148,13 @@ jobs:
                          gcc-i686-linux-gnu gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu
          git config --global --add safe.directory "$GITHUB_WORKSPACE"

-      - name: "Checkout repository"
+      - name: "Checkout Repository"
        uses: actions/checkout@v4
        with:
          # fetch the whole repo for `git describe` to work
          fetch-depth: 0

-      - name: "Read go version from go.mod"
+      - name: "Read Go Version"
        run: |
          gover=$(sed -n 's/^go \(.*\)/\1/p' go.mod)
          echo "Go Version: $gover"
@@ -221,13 +221,13 @@ jobs:
          - goos: darwin
            goarch: arm
    steps:
-      - name: "Checkout repository"
+      - name: "Checkout Repository"
        uses: actions/checkout@v4
        with:
          # fetch the whole repo for `git describe` to work
          fetch-depth: 0

-      - name: "Read go version from go.mod"
+      - name: "Read Go Version"
        run: |
          echo "GOVER=$(sed -n 's/^go \(.*\)/\1/p' go.mod)" >> $GITHUB_OUTPUT
        id: goversion
@@ -274,12 +274,31 @@ jobs:
    needs: ci-binary-build
    if: startsWith(github.event.ref, 'refs/tags')
    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+
+      - name: "Get aptly version"
+        env:
+          FORCE_CI: ${{ steps.force_ci.outputs.FORCE_CI }}
+        run: |
+           aptlyver=$(make -s version)
+           echo "Aptly Version: $aptlyver"
+           echo "VERSION=$aptlyver" >> $GITHUB_OUTPUT
+        id: releaseversion
+
      - name: "Download Artifacts"
        uses: actions/download-artifact@v4
        with:
          path: out/

+      - name: "Create Release Notes"
+        run: |
+          echo -e "## Changes\n\n" > out/release-notes.md
+          dpkg-parsechangelog -S Changes | tail -n +4 >> out/release-notes.md
+
      - name: "Release"
        uses: softprops/action-gh-release@v2
        with:
+          name: "Aptly Release ${{ steps.releaseversion.outputs.VERSION }}"
          files: "out/**/aptly_*.zip"
+          body_path: "out/release-notes.md"
@@ -67,11 +67,14 @@ cleanup() {
 }
 trap cleanup EXIT

+sleeptime=5
+retries=60
 wait_task()
 {
    _id=$1
    _success=0
-    for t in `seq 180`
+    sleep $sleeptime
+    for t in `seq $retries`
    do
        jsonret=`curl -fsS -u $aptly_user:$aptly_password ${aptly_api}/api/tasks/$_id`
        _state=`echo $jsonret | jq .State`
@@ -84,7 +87,7 @@ wait_task()
            echo Error: task failed
            return 1
        fi
-        sleep 1
+        sleep $sleeptime
    done
    if [ "$_success" -ne 1 ]; then
        echo Error: task timeout
@@ -68,3 +68,4 @@ List of contributors, in chronological order:
 * Blake Kostner (https://github.com/btkostner)
 * Leigh London (https://github.com/leighlondon)
 * Gordian Schoenherr (https://github.com/schoenherrg)
+* Brett Hawn (https://github.com/bpiraeus)
@@ -140,7 +140,7 @@ dpkg: prepare swagger  ## Build debian packages
 	mkdir -p build && mv ../*.deb build/ ; \
 	cd build && ls -l *.deb

-binaries: prepare swagger  ## Build binary releases (FreeBSD, MacOS, Linux tar)
+binaries: prepare swagger  ## Build binary releases (FreeBSD, macOS, Linux generic)
 	# build aptly
 	GOOS=$(GOOS) GOARCH=$(GOARCH) go build -o build/tmp/aptly -ldflags='-extldflags=-static'
 	# install
@@ -195,7 +195,7 @@ docker-serve:  ## Run development server (auto recompiling) on http://localhost:
 docker-lint:  ## Run golangci-lint in docker container
 	@docker run -it --rm -v ${PWD}:/work/src aptly-dev /work/src/system/docker-wrapper lint

-docker-binaries:  ## Build binary releases (FreeBSD, MacOS, Linux tar) in docker container
+docker-binaries:  ## Build binary releases (FreeBSD, macOS, Linux generic) in docker container
 	@docker run -it --rm -v ${PWD}:/work/src aptly-dev /work/src/system/docker-wrapper binaries

 docker-man:  ## Create man page in docker container
@@ -1,7 +1,3 @@
-=====
-aptly
-=====
-
 .. image:: https://github.com/aptly-dev/aptly/actions/workflows/ci.yml/badge.svg
    :target: https://github.com/aptly-dev/aptly/actions

@@ -14,15 +10,18 @@ aptly
 .. image:: https://goreportcard.com/badge/github.com/aptly-dev/aptly
    :target: https://goreportcard.com/report/aptly-dev/aptly

+aptly
+=====
+
 Aptly is a swiss army knife for Debian repository management.

 .. image:: http://www.aptly.info/img/aptly_logo.png
    :target: http://www.aptly.info/

 Documentation is available at `http://www.aptly.info/ <http://www.aptly.info/>`_. For support please use
-mailing list `aptly-discuss <https://groups.google.com/forum/#!forum/aptly-discuss>`_.
+open `issues <https://github.com/aptly-dev/aptly/issues>`_ or `discussions <https://github.com/aptly-dev/aptly/discussions>`_.

-Aptly features: ("+" means planned features)
+Aptly features:

 * make mirrors of remote Debian/Ubuntu repositories, limiting by components/architectures
 * take snapshots of mirrors at any point in time, fixing state of repository at some moment of time
@@ -32,48 +31,50 @@ Aptly features: ("+" means planned features)
 * filter repository by search query, pulling dependencies when required
 * publish self-made packages as Debian repositories
 * REST API for remote access
-* mirror repositories "as-is" (without resigning with user's key) (+)
-* support for yum repositories (+)

-Current limitations:
+Any contributions are welcome! Please see `CONTRIBUTING.md <CONTRIBUTING.md>`_.

-* translations are not supported yet
+Installation
+=============

-Install Stable Version
-----------------------
+Aptly can be installed on several operating systems.

-To install aptly on Debian/Ubuntu, add new repository to ``/etc/apt/sources.list``::
+Debian / Ubuntu
+----------------

-    deb http://repo.aptly.info/ squeeze main
+Aptly is provided in the following debian packages:

-And import key that is used to sign the release::
+* **aptly**: Includes the main Aptly binary, man pages, and shell completions
+* **aptly-api**: A systemd service for the REST API, using the global /etc/aptly.conf
+* **aptly-dbg**: Debug symbols for troubleshooting

-    $ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EE727D4449467F0E
+The packages can be installed on official `Debian <https://packages.debian.org/search?keywords=aptly>`_ and `Ubuntu <https://packages.ubuntu.com/search?keywords=aptly>`_ distributions.

-After that you can install aptly as any other software package::
+Upstream Debian Packages
+~~~~~~~~~~~~~~~~~~~~~~~~~

-    $ apt-get update
-    $ apt-get install aptly
+If a newer version (not available in Debian/Ubuntu) of aptly is required, upstream debian packages (built from git tags) can be installed as follows:

-Don't worry about squeeze part in repo name: aptly package should work on Debian squeeze+,
-Ubuntu 10.0+. Package contains aptly binary, man page and bash completion.
+Install the following APT key (as root)::

-Other Binaries
-~~~~~~~~~~~~~~~~~
+    wget -O /etc/apt/keyrings/aptly.asc https://www.aptly.info/pubkey.txt

-Binary executables (depends almost only on libc) are available for download from `GitHub Releases <https://github.com/aptly-dev/aptly/releases>`_.
+Define Release APT sources in ``/etc/apt/sources.list.d/aptly.list``::

-Install CI Version
--------------------
+    deb [signed-by=/etc/apt/keyrings/aptly.asc] http://repo.aptly.info/release DIST main

-More recent versions are available as CI builds (development, might be unstable).
+Where DIST is one of: ``buster``, ``bullseye``, ``bookworm``, ``focal``, ``jammy``, ``noble``

-Debian GNU/Linux
-~~~~~~~~~~~~~~~~~
+Install aptly packages::

-Install the following APT key::
+    apt-get update
+    apt-get install aptly
+    apt-get install aptly-api  # REST API systemd service

-    sudo wget -O /etc/apt/keyrings/aptly.asc https://www.aptly.info/pubkey.txt
+CI Builds
+~~~~~~~~~~
+
+For testing new features or bugfixes, recent builds are available as CI builds (built from master, may be unstable!) and can be installed as follows:

 Define CI APT sources in ``/etc/apt/sources.list.d/aptly-ci.list``::

@@ -81,13 +82,19 @@ Define CI APT sources in ``/etc/apt/sources.list.d/aptly-ci.list``::

 Where DIST is one of: ``buster``, ``bullseye``, ``bookworm``, ``focal``, ``jammy``, ``noble``

-Contributing
------------
+Note: same gpg key is used as for the Upstream Debian Packages.

-Please follow detailed documentation in `CONTRIBUTING.md <CONTRIBUTING.md>`_.
+Other Operating Systems
+------------------------
+
+Binary executables (depends almost only on libc) are available on `GitHub Releases <https://github.com/aptly-dev/aptly/releases>`_ for:
+
+- macOS / darwin (amd64, arm64)
+- FreeBSD (amd64, arm64, 386, arm)
+- Generic Linux (amd64, arm64, 386, arm)

 Integrations
------------
+=============

 Vagrant:

@@ -124,3 +131,7 @@ GUI for aptly API:
 Scala sbt:

 -   `sbt aptly plugin <https://github.com/amalakar/sbt-aptly>`_ by Arup Malakar
+
+Molior:
+
+-   `Molior Debian Build System <https://github.com/molior-dbs/molior>`_ by André Roth
@@ -0,0 +1,16 @@
+# Creating a Release
+
+- create branch release/1.x.y
+- update debian/changelog
+- create PR, merge when approved
+- on updated master, create release:
+```
+version=$(dpkg-parsechangelog -S Version)
+echo Releasing prod version $version
+git tag -a v$version -m 'aptly: release $version'
+git push origin v$version master
+```
+- run swagger locally (`make docker-serve`)
+- copy generated docs/swagger.json to https://github.com/aptly-dev/www.aptly.info/tree/master/static/swagger/aptly_1.x.y.json
+- releae www.aptly.info
+- create release announcement on https://github.com/aptly-dev/aptly/discussions
@@ -0,0 +1,118 @@
+package api
+
+import (
+	"crypto/tls"
+	"fmt"
+	"strings"
+
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-gonic/gin"
+	"github.com/go-ldap/ldap/v3"
+)
+
+func Authorize(username string, password string) (ok bool) {
+	config := context.Config()
+
+	if config.Auth.Type != "" {
+		switch strings.ToLower(config.Auth.Type) {
+		case "ldap":
+			ok = doLdapAuth(username, password)
+		default:
+			return false
+		}
+		if !ok  {
+			return false
+		}
+	}
+	return true
+}
+
+func doLdapAuth(username string, password string) bool {
+	config := context.Config()
+	attributes := []string{"DN", "CN"}
+
+	server := config.Auth.Server
+	dn := config.Auth.LdapDN
+	filter := fmt.Sprintf(config.Auth.LdapFilter, username)
+
+	// connect to ldap server
+	conn, err := ldap.Dial("tcp", server)
+	if err != nil {
+		return false
+	}
+	defer conn.Close()
+
+	// reconnect via tls
+	err = conn.StartTLS(&tls.Config{InsecureSkipVerify: config.Auth.SecureTLS})
+	if err != nil {
+		return false
+	}
+
+	// format our request and then fire it off
+	request := ldap.NewSearchRequest(dn, ldap.ScopeWholeSubtree, 0, 0, 0, false, filter, attributes, nil)
+	search, err := conn.Search(request)
+	if err != nil {
+		return false
+	}
+	// get our modified dn and then check our user for auth
+	udn := search.Entries[0].DN
+	err = conn.Bind(udn, password)
+	if err != nil {
+		return false
+	}
+	return true
+}
+
+func getGroups(c *gin.Context, username string) {
+
+	var groups []string
+	config := context.Config()
+	dn := config.Auth.LdapDN
+	session := sessions.Default(c)
+	// connect to ldap server
+	server := fmt.Sprintf("%s", config.Auth.Server)
+	conn, err := ldap.Dial("tcp", server)
+	if err != nil {
+		return
+	}
+	// reconnect via tls
+	err = conn.StartTLS(&tls.Config{InsecureSkipVerify: true})
+	if err != nil {
+		return
+	}
+	filter := fmt.Sprintf("(|(member=uid=%s,ou=people,dc=llnw,dc=com)(member=uid=%s,ou=people,dc=llnw,dc=com))", username, username)
+	request := ldap.NewSearchRequest(dn, ldap.ScopeWholeSubtree, 0, 0, 0, false, filter, []string{"dn", "cn"}, nil)
+	search, err := conn.Search(request)
+	if err != nil {
+		return
+	}
+	if len(search.Entries) < 1 {
+		return
+	}
+	for _, v := range search.Entries {
+		value := strings.Split(strings.TrimLeft(v.DN, "cn="), ",")[0]
+		groups = append(groups, fmt.Sprintf("%s,", value))
+	}
+	session.Set("Groups", groups)
+}
+
+func checkGroup(c *gin.Context, ldgroup string) bool {
+	session := sessions.Default(c)
+	groups := session.Get("Groups")
+	if ldgroup == "" {
+		return true
+	}
+	for _, v := range groups.([]string) {
+		if strings.Contains(v, ldgroup) {
+			return true
+		}
+	}
+	return false
+}
+
+func CheckGroup(c *gin.Context, ldgroup string) (err error) {
+	if !checkGroup(c, ldgroup) {
+		err = fmt.Errorf("Authorisation Failred")
+	}
+	return err
+}
@@ -267,7 +267,13 @@ func apiPublishRepoOrSnapshot(c *gin.Context) {
 				return
 			}

+			err = CheckGroup(c, localRepo.LdapGroup)
+			if err != nil {
+				c.AbortWithError(403, err)
+			}
+
 			resources = append(resources, string(localRepo.Key()))
+
 			sources = append(sources, localRepo)
 		}
 	} else {
@@ -95,6 +95,8 @@ type repoCreateParams struct {
 	DefaultComponent string `        json:"DefaultComponent"     example:"main"`
 	// Snapshot name to create repoitory from (optional)
 	FromSnapshot string `            json:"FromSnapshot"         example:""`
+        //
+	LdapGroup           string
 }

 // @Summary Create Repository
@@ -125,6 +127,7 @@ func apiReposCreate(c *gin.Context) {
 	repo := deb.NewLocalRepo(b.Name, b.Comment)
 	repo.DefaultComponent = b.DefaultComponent
 	repo.DefaultDistribution = b.DefaultDistribution
+	repo.LdapGroup = b.LdapGroup

 	collectionFactory := context.NewCollectionFactory()

@@ -173,6 +176,8 @@ type reposEditParams struct {
 	DefaultDistribution *string `        json:"DefaultDistribution"  example:""`
 	// Change Devault Component for publishing
 	DefaultComponent *string `        json:"DefaultComponent"     example:""`
+        //
+	LdapGroup           *string
 }

 // @Summary Update Repository
@@ -199,6 +204,12 @@ func apiReposEdit(c *gin.Context) {
 		return
 	}

+	err = CheckGroup(c, repo.LdapGroup)
+	if err != nil {
+		c.AbortWithError(403, err)
+		return
+	}
+
 	if b.Name != nil {
 		_, err := collection.ByName(*b.Name)
 		if err == nil {
@@ -217,6 +228,9 @@ func apiReposEdit(c *gin.Context) {
 	if b.DefaultComponent != nil {
 		repo.DefaultComponent = *b.DefaultComponent
 	}
+	if b.LdapGroup != nil {
+		repo.LdapGroup = *b.LdapGroup
+	}

 	err = collection.Update(repo)
 	if err != nil {
@@ -276,6 +290,12 @@ func apiReposDrop(c *gin.Context) {
 		return
 	}

+	err = CheckGroup(c, repo.LdapGroup)
+	if err != nil {
+		c.AbortWithError(403, err)
+		return
+	}
+
 	resources := []string{string(repo.Key())}
 	taskName := fmt.Sprintf("Delete repo %s", name)
 	maybeRunTaskInBackground(c, taskName, resources, func(_ aptly.Progress, _ *task.Detail) (*task.ProcessReturnValue, error) {
@@ -365,6 +385,11 @@ func apiReposPackagesAddDelete(c *gin.Context, taskNamePrefix string, cb func(li
 			return &task.ProcessReturnValue{Code: http.StatusInternalServerError, Value: nil}, err
 		}

+		err = CheckGroup(c, repo.LdapGroup)
+		if err != nil {
+			return &task.ProcessReturnValue{Code: 403, Value: nil}, err
+		}
+
 		out.Printf("Loading packages...\n")
 		list, err := deb.NewPackageListFromRefList(repo.RefList(), collectionFactory.PackageCollection(), nil)
 		if err != nil {
@@ -522,6 +547,11 @@ func apiReposPackageFromDir(c *gin.Context) {
 			return &task.ProcessReturnValue{Code: http.StatusInternalServerError, Value: nil}, err
 		}

+		err = CheckGroup(c, repo.LdapGroup)
+		if err != nil {
+			return &task.ProcessReturnValue{Code: 403, Value: nil}, err
+		}
+
 		verifier := context.GetVerifier()

 		var (
@@ -845,6 +875,11 @@ func apiReposIncludePackageFromDir(c *gin.Context) {
 			AbortWithJSONError(c, 404, err)
 			return
 		}
+		err = CheckGroup(c, repo.LdapGroup)
+		if err != nil {
+			c.AbortWithError(403, err)
+			return
+		}

 		resources = append(resources, string(repo.Key()))
 	}
@@ -1,9 +1,12 @@
 package api

 import (
+	"fmt"
+	"log"
 	"net/http"
 	"os"
 	"sync/atomic"
+	"time"

 	"github.com/aptly-dev/aptly/aptly"
 	ctx "github.com/aptly-dev/aptly/context"
@@ -15,6 +18,10 @@ import (
 	"github.com/aptly-dev/aptly/docs"
 	swaggerFiles "github.com/swaggo/files"
 	ginSwagger "github.com/swaggo/gin-swagger"
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
+	"github.com/gin-gonic/gin"
+	uuid "github.com/nu7hatch/gouuid"
 )

 var context *ctx.AptlyContext
@@ -133,105 +140,167 @@ func Router(c *ctx.AptlyContext) http.Handler {
 		api.GET("/healthy", apiHealthy)
 	}

+	// set up cookies and sessions
+	token, err := uuid.NewV4()
+	if err != nil {
+		panic(err)
+	}
+
+	store := cookie.NewStore([]byte(token.String()))
+	router.Use(sessions.Sessions(token.String(), store))
+	// prep our config fetcher ahead of need
+	config := context.Config()
+
+	// prep a logfile if we've set one
+	if config.LogFile != "" {
+		file, err := os.OpenFile(config.LogFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		if err != nil {
+			panic(err)
+		}
+		defer file.Close()
+		log.SetOutput(file)
+	}
+
+	router.GET("/version", apiVersion)
+
+	var username string
+	var password string
+	router.POST("/login", func(c *gin.Context) {
+		session := sessions.Default(c)
+		session.Options(sessions.Options{MaxAge: 30})
+		if config.UseAuth {
+			log.Printf("UseAuth is enabled\n")
+			username = c.PostForm("username")
+			password = c.PostForm("password")
+			if !Authorize(username, password) {
+				c.AbortWithError(403, fmt.Errorf("Authorization Failure"))
+			}
+			log.Printf("%s authorized from %s\n", username, c.ClientIP())
+		}
+		session.Set(token.String(), time.Now().Unix())
+		session.Save()
+		getGroups(c, username)
+		c.String(200, "Authorized!")
+	})
+
+	router.POST("/logout", func(c *gin.Context) {
+		session := sessions.Default(c)
+		session.Options(sessions.Options{MaxAge: -1})
+		session.Save()
+		c.String(200, "Deauthorized")
+	})
+
+	authorize := router.Group("/api", func(c *gin.Context) {
+		session := sessions.Default(c)
+		if config.UseAuth {
+			if session.Get(token.String()) == nil {
+				c.AbortWithError(403, fmt.Errorf("not authorized"))
+			}
+			session.Options(sessions.Options{MaxAge: 30})
+			session.Set(token.String(), time.Now().Unix())
+			session.Save()
+		}
+	})
+
 	{
-		api.GET("/repos", apiReposList)
-		api.POST("/repos", apiReposCreate)
-		api.GET("/repos/:name", apiReposShow)
-		api.PUT("/repos/:name", apiReposEdit)
-		api.DELETE("/repos/:name", apiReposDrop)
+		authorize.GET("/repos", apiReposList)
+		authorize.POST("/repos", apiReposCreate)
+		authorize.GET("/repos/:name", apiReposShow)
+		authorize.PUT("/repos/:name", apiReposEdit)
+		authorize.DELETE("/repos/:name", apiReposDrop)

-		api.GET("/repos/:name/packages", apiReposPackagesShow)
-		api.POST("/repos/:name/packages", apiReposPackagesAdd)
-		api.DELETE("/repos/:name/packages", apiReposPackagesDelete)
+		authorize.GET("/repos/:name/packages", apiReposPackagesShow)
+		authorize.POST("/repos/:name/packages", apiReposPackagesAdd)
+		authorize.DELETE("/repos/:name/packages", apiReposPackagesDelete)

-		api.POST("/repos/:name/file/:dir/:file", apiReposPackageFromFile)
-		api.POST("/repos/:name/file/:dir", apiReposPackageFromDir)
-		api.POST("/repos/:name/copy/:src/:file", apiReposCopyPackage)
+		authorize.POST("/repos/:name/file/:dir/:file", apiReposPackageFromFile)
+		authorize.POST("/repos/:name/file/:dir", apiReposPackageFromDir)
+		authorize.POST("/repos/:name/copy/:src/:file", apiReposCopyPackage)

-		api.POST("/repos/:name/include/:dir/:file", apiReposIncludePackageFromFile)
-		api.POST("/repos/:name/include/:dir", apiReposIncludePackageFromDir)
+		authorize.POST("/repos/:name/include/:dir/:file", apiReposIncludePackageFromFile)
+		authorize.POST("/repos/:name/include/:dir", apiReposIncludePackageFromDir)

-		api.POST("/repos/:name/snapshots", apiSnapshotsCreateFromRepository)
+		authorize.POST("/repos/:name/snapshots", apiSnapshotsCreateFromRepository)
 	}

 	{
-		api.POST("/mirrors/:name/snapshots", apiSnapshotsCreateFromMirror)
+		authorize.POST("/mirrors/:name/snapshots", apiSnapshotsCreateFromMirror)
 	}

 	{
-		api.GET("/mirrors", apiMirrorsList)
-		api.GET("/mirrors/:name", apiMirrorsShow)
-		api.GET("/mirrors/:name/packages", apiMirrorsPackages)
-		api.POST("/mirrors", apiMirrorsCreate)
-		api.PUT("/mirrors/:name", apiMirrorsUpdate)
-		api.DELETE("/mirrors/:name", apiMirrorsDrop)
+		authorize.GET("/mirrors", apiMirrorsList)
+		authorize.GET("/mirrors/:name", apiMirrorsShow)
+		authorize.GET("/mirrors/:name/packages", apiMirrorsPackages)
+		authorize.POST("/mirrors", apiMirrorsCreate)
+		authorize.PUT("/mirrors/:name", apiMirrorsUpdate)
+		authorize.DELETE("/mirrors/:name", apiMirrorsDrop)
 	}

 	{
-		api.POST("/gpg/key", apiGPGAddKey)
+		authorize.POST("/gpg/key", apiGPGAddKey)
 	}

 	{
-		api.GET("/s3", apiS3List)
+		authorize.GET("/s3", apiS3List)
 	}

 	{
-		api.GET("/files", apiFilesListDirs)
-		api.POST("/files/:dir", apiFilesUpload)
-		api.GET("/files/:dir", apiFilesListFiles)
-		api.DELETE("/files/:dir", apiFilesDeleteDir)
-		api.DELETE("/files/:dir/:name", apiFilesDeleteFile)
+		authorize.GET("/files", apiFilesListDirs)
+		authorize.POST("/files/:dir", apiFilesUpload)
+		authorize.GET("/files/:dir", apiFilesListFiles)
+		authorize.DELETE("/files/:dir", apiFilesDeleteDir)
+		authorize.DELETE("/files/:dir/:name", apiFilesDeleteFile)
 	}

 	{
-		api.GET("/publish", apiPublishList)
-		api.GET("/publish/:prefix/:distribution", apiPublishShow)
-		api.POST("/publish", apiPublishRepoOrSnapshot)
-		api.POST("/publish/:prefix", apiPublishRepoOrSnapshot)
-		api.PUT("/publish/:prefix/:distribution", apiPublishUpdateSwitch)
-		api.DELETE("/publish/:prefix/:distribution", apiPublishDrop)
-		api.POST("/publish/:prefix/:distribution/sources", apiPublishAddSource)
-		api.GET("/publish/:prefix/:distribution/sources", apiPublishListChanges)
-		api.PUT("/publish/:prefix/:distribution/sources", apiPublishSetSources)
-		api.DELETE("/publish/:prefix/:distribution/sources", apiPublishDropChanges)
-		api.PUT("/publish/:prefix/:distribution/sources/:component", apiPublishUpdateSource)
-		api.DELETE("/publish/:prefix/:distribution/sources/:component", apiPublishRemoveSource)
-		api.POST("/publish/:prefix/:distribution/update", apiPublishUpdate)
+		authorize.GET("/publish", apiPublishList)
+		authorize.GET("/publish/:prefix/:distribution", apiPublishShow)
+		authorize.POST("/publish", apiPublishRepoOrSnapshot)
+		authorize.POST("/publish/:prefix", apiPublishRepoOrSnapshot)
+		authorize.PUT("/publish/:prefix/:distribution", apiPublishUpdateSwitch)
+		authorize.DELETE("/publish/:prefix/:distribution", apiPublishDrop)
+		authorize.POST("/publish/:prefix/:distribution/sources", apiPublishAddSource)
+		authorize.GET("/publish/:prefix/:distribution/sources", apiPublishListChanges)
+		authorize.PUT("/publish/:prefix/:distribution/sources", apiPublishSetSources)
+		authorize.DELETE("/publish/:prefix/:distribution/sources", apiPublishDropChanges)
+		authorize.PUT("/publish/:prefix/:distribution/sources/:component", apiPublishUpdateSource)
+		authorize.DELETE("/publish/:prefix/:distribution/sources/:component", apiPublishRemoveSource)
+		authorize.POST("/publish/:prefix/:distribution/update", apiPublishUpdate)
 	}

 	{
-		api.GET("/snapshots", apiSnapshotsList)
-		api.POST("/snapshots", apiSnapshotsCreate)
-		api.PUT("/snapshots/:name", apiSnapshotsUpdate)
-		api.GET("/snapshots/:name", apiSnapshotsShow)
-		api.GET("/snapshots/:name/packages", apiSnapshotsSearchPackages)
-		api.DELETE("/snapshots/:name", apiSnapshotsDrop)
-		api.GET("/snapshots/:name/diff/:withSnapshot", apiSnapshotsDiff)
-		api.POST("/snapshots/:name/merge", apiSnapshotsMerge)
-		api.POST("/snapshots/:name/pull", apiSnapshotsPull)
+		authorize.GET("/snapshots", apiSnapshotsList)
+		authorize.POST("/snapshots", apiSnapshotsCreate)
+		authorize.PUT("/snapshots/:name", apiSnapshotsUpdate)
+		authorize.GET("/snapshots/:name", apiSnapshotsShow)
+		authorize.GET("/snapshots/:name/packages", apiSnapshotsSearchPackages)
+		authorize.DELETE("/snapshots/:name", apiSnapshotsDrop)
+		authorize.GET("/snapshots/:name/diff/:withSnapshot", apiSnapshotsDiff)
+		authorize.POST("/snapshots/:name/merge", apiSnapshotsMerge)
+		authorize.POST("/snapshots/:name/pull", apiSnapshotsPull)
 	}

 	{
-		api.GET("/packages/:key", apiPackagesShow)
-		api.GET("/packages", apiPackages)
+		authorize.GET("/packages/:key", apiPackagesShow)
+		authorize.GET("/packages", apiPackages)
 	}

 	{
-		api.GET("/graph.:ext", apiGraph)
+		authorize.GET("/graph.:ext", apiGraph)
 	}
 	{
-		api.POST("/db/cleanup", apiDbCleanup)
+		authorize.POST("/db/cleanup", apiDbCleanup)
 	}
 	{
-		api.GET("/tasks", apiTasksList)
-		api.POST("/tasks-clear", apiTasksClear)
-		api.GET("/tasks-wait", apiTasksWait)
-		api.GET("/tasks/:id/wait", apiTasksWaitForTaskByID)
-		api.GET("/tasks/:id/output", apiTasksOutputShow)
-		api.GET("/tasks/:id/detail", apiTasksDetailShow)
-		api.GET("/tasks/:id/return_value", apiTasksReturnValueShow)
-		api.GET("/tasks/:id", apiTasksShow)
-		api.DELETE("/tasks/:id", apiTasksDelete)
+		authorize.GET("/tasks", apiTasksList)
+		authorize.POST("/tasks-clear", apiTasksClear)
+		authorize.GET("/tasks-wait", apiTasksWait)
+		authorize.GET("/tasks/:id/wait", apiTasksWaitForTaskByID)
+		authorize.GET("/tasks/:id/output", apiTasksOutputShow)
+		authorize.GET("/tasks/:id/detail", apiTasksDetailShow)
+		authorize.GET("/tasks/:id/return_value", apiTasksReturnValueShow)
+		authorize.GET("/tasks/:id", apiTasksShow)
+		authorize.DELETE("/tasks/:id", apiTasksDelete)
 	}

 	return router
@@ -251,6 +251,12 @@ func apiSnapshotsCreateFromRepository(c *gin.Context) {
 		return
 	}

+	err = CheckGroup(c, repo.LdapGroup)
+	if err != nil {
+		c.AbortWithError(403, err)
+		return
+	}
+
 	// including snapshot resource key
 	resources := []string{string(repo.Key()), "S" + b.Name}
 	taskName := fmt.Sprintf("Create snapshot of repo %s", name)
@@ -12,7 +12,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/lease"
 	"github.com/aptly-dev/aptly/aptly"
 	"github.com/aptly-dev/aptly/utils"
-	"github.com/pborman/uuid"
+	"github.com/google/uuid"
 	"github.com/pkg/errors"
 )

@@ -179,7 +179,7 @@ func (storage *PublishedStorage) Filelist(prefix string) ([]string, error) {
 // Internal copy or move implementation
 func (storage *PublishedStorage) internalCopyOrMoveBlob(src, dst string, metadata map[string]*string, move bool) error {
 	const leaseDuration = 30
-	leaseID := uuid.NewRandom().String()
+	leaseID := uuid.NewString()

 	serviceClient := storage.az.client.ServiceClient()
 	containerClient := serviceClient.NewContainerClient(storage.az.container)
@@ -18,6 +18,7 @@ func aptlyRepoCreate(cmd *commander.Command, args []string) error {
 	repo := deb.NewLocalRepo(args[0], context.Flags().Lookup("comment").Value.String())
 	repo.DefaultDistribution = context.Flags().Lookup("distribution").Value.String()
 	repo.DefaultComponent = context.Flags().Lookup("component").Value.String()
+	repo.LdapGroup = context.Flags().Lookup("ldap-group").Value.String()

 	uploadersFile := context.Flags().Lookup("uploaders-file").Value.Get().(string)
 	if uploadersFile != "" {
@@ -79,6 +80,7 @@ Example:
 	cmd.Flag.String("distribution", "", "default distribution when publishing")
 	cmd.Flag.String("component", "main", "default component when publishing")
 	cmd.Flag.String("uploaders-file", "", "uploaders.json to be used when including .changes into this repository")
+	cmd.Flag.String("ldap-group", "", "ldap group that owns the repo, leave empty to allow ALL")

 	return cmd
 }
@@ -39,6 +39,8 @@ func aptlyRepoEdit(cmd *commander.Command, args []string) error {
 			repo.DefaultComponent = flag.Value.String()
 		case "uploaders-file":
 			uploadersFile = pointer.ToString(flag.Value.String())
+		case "ldap-group":
+			repo.LdapGroup = flag.Value.String()
 		}
 	})

@@ -82,6 +84,7 @@ Example:
 	cmd.Flag.String("distribution", "", "default distribution when publishing")
 	cmd.Flag.String("component", "", "default component when publishing")
 	cmd.Flag.String("uploaders-file", "", "uploaders.json to be used when including .changes into this repository")
+	cmd.Flag.String("ldap-group", "", "ldap group that owns the repo, leave empty to allow ALL")

 	return cmd
 }
@@ -45,6 +45,7 @@ func aptlyRepoShowTxt(_ *commander.Command, args []string) error {
 	fmt.Printf("Comment: %s\n", repo.Comment)
 	fmt.Printf("Default Distribution: %s\n", repo.DefaultDistribution)
 	fmt.Printf("Default Component: %s\n", repo.DefaultComponent)
+	fmt.Printf("Ldap Group: %s\n", repo.LdapGroup)
 	if repo.Uploaders != nil {
 		fmt.Printf("Uploaders: %s\n", repo.Uploaders)
 	}
@@ -242,6 +242,7 @@ local keyring="*-keyring=[gpg keyring to use when verifying Release file (could
                local create_edit=("-comment=[any text that would be used to described local repository]:comment: "
                            "-component=[default component when publishing]:component:($components)"
                            "-distribution=[default distribution when publishing]:distribution:($dists)"
+                            "-ldap-group=[ldap group for repo actions, empty by default]:ldap-group"
                            $aptly_uploaders
                            )

@@ -1,11 +1,11 @@
 package etcddb

 import (
-	"github.com/aptly-dev/aptly/database"
-	"github.com/pborman/uuid"
-	clientv3 "go.etcd.io/etcd/client/v3"
-
 	"fmt"
+
+	"github.com/aptly-dev/aptly/database"
+	"github.com/google/uuid"
+	clientv3 "go.etcd.io/etcd/client/v3"
 )

 type EtcDStorage struct {
@@ -16,7 +16,7 @@ type EtcDStorage struct {

 // CreateTemporary creates new DB of the same type in temp dir
 func (s *EtcDStorage) CreateTemporary() (database.Storage, error) {
-	tmp := uuid.NewRandom().String()
+	tmp := uuid.NewString()
 	return &EtcDStorage{
 		url:       s.url,
 		db:        s.db,
@@ -7,7 +7,7 @@ import (
 	"io"

 	"github.com/aptly-dev/aptly/database"
-	"github.com/pborman/uuid"
+	"github.com/google/uuid"
 )

 // ContentsIndex calculates mapping from files to packages, with sorting and aggregation
@@ -20,7 +20,7 @@ type ContentsIndex struct {
 func NewContentsIndex(db database.Storage) *ContentsIndex {
 	return &ContentsIndex{
 		db:     db,
-		prefix: []byte(uuid.New()),
+		prefix: []byte(uuid.NewString()),
 	}
 }

@@ -7,7 +7,7 @@ import (
 	"log"

 	"github.com/aptly-dev/aptly/database"
-	"github.com/pborman/uuid"
+	"github.com/google/uuid"
 	"github.com/ugorji/go/codec"
 )

@@ -27,12 +27,14 @@ type LocalRepo struct {
 	Uploaders *Uploaders `codec:"Uploaders,omitempty" json:"-"`
 	// "Snapshot" of current list of packages
 	packageRefs *PackageRefList
+	// ldap group for repos
+	LdapGroup string `codec:",ldap-group"`
 }

 // NewLocalRepo creates new instance of Debian local repository
 func NewLocalRepo(name string, comment string) *LocalRepo {
 	return &LocalRepo{
-		UUID:    uuid.New(),
+		UUID:    uuid.NewString(),
 		Name:    name,
 		Comment: comment,
 	}
@@ -54,6 +56,14 @@ func (repo *LocalRepo) NumPackages() int {
 	return repo.packageRefs.Len()
 }

+// LdapGroup returns the ldapgroup if any for the repo
+func (repo *LocalRepo) GetLDGroup() string {
+	if repo.LdapGroup != "" {
+		return fmt.Sprintf("[%s]", repo.LdapGroup)
+	}
+	return ""
+}
+
 // RefList returns package list for repo
 func (repo *LocalRepo) RefList() *PackageRefList {
 	return repo.packageRefs
@@ -12,7 +12,7 @@ import (
 	"strings"
 	"time"

-	"github.com/pborman/uuid"
+	"github.com/google/uuid"
 	"github.com/ugorji/go/codec"

 	"github.com/aptly-dev/aptly/aptly"
@@ -354,7 +354,7 @@ func walkUpTree(source interface{}, collectionFactory *CollectionFactory) (rootD
 func NewPublishedRepo(storage, prefix, distribution string, architectures []string,
 	components []string, sources []interface{}, collectionFactory *CollectionFactory, multiDist bool) (*PublishedRepo, error) {
 	result := &PublishedRepo{
-		UUID:          uuid.New(),
+		UUID:          uuid.NewString(),
 		Storage:       storage,
 		Architectures: architectures,
 		Sources:       make(map[string]string),
@@ -20,7 +20,7 @@ import (
 	"github.com/aptly-dev/aptly/http"
 	"github.com/aptly-dev/aptly/pgp"
 	"github.com/aptly-dev/aptly/utils"
-	"github.com/pborman/uuid"
+	"github.com/google/uuid"
 	"github.com/ugorji/go/codec"
 )

@@ -84,7 +84,7 @@ type RemoteRepo struct {
 func NewRemoteRepo(name string, archiveRoot string, distribution string, components []string,
 	architectures []string, downloadSources bool, downloadUdebs bool, downloadInstaller bool) (*RemoteRepo, error) {
 	result := &RemoteRepo{
-		UUID:              uuid.New(),
+		UUID:              uuid.NewString(),
 		Name:              name,
 		ArchiveRoot:       archiveRoot,
 		Distribution:      distribution,
@@ -11,7 +11,7 @@ import (

 	"github.com/aptly-dev/aptly/database"
 	"github.com/aptly-dev/aptly/utils"
-	"github.com/pborman/uuid"
+	"github.com/google/uuid"
 	"github.com/ugorji/go/codec"
 )

@@ -45,12 +45,12 @@ type Snapshot struct {

 // NewSnapshotFromRepository creates snapshot from current state of repository
 func NewSnapshotFromRepository(name string, repo *RemoteRepo) (*Snapshot, error) {
-	if repo.packageRefs == nil || repo.packageRefs.Len() == 0 {
+	if repo.packageRefs == nil {
 		return nil, errors.New("mirror not updated")
 	}

 	return &Snapshot{
-		UUID:                 uuid.New(),
+		UUID:                 uuid.NewString(),
 		Name:                 name,
 		CreatedAt:            time.Now(),
 		SourceKind:           SourceRemoteRepo,
@@ -66,7 +66,7 @@ func NewSnapshotFromRepository(name string, repo *RemoteRepo) (*Snapshot, error)
 // NewSnapshotFromLocalRepo creates snapshot from current state of local repository
 func NewSnapshotFromLocalRepo(name string, repo *LocalRepo) (*Snapshot, error) {
 	snap := &Snapshot{
-		UUID:        uuid.New(),
+		UUID:        uuid.NewString(),
 		Name:        name,
 		CreatedAt:   time.Now(),
 		SourceKind:  SourceLocalRepo,
@@ -95,7 +95,7 @@ func NewSnapshotFromRefList(name string, sources []*Snapshot, list *PackageRefLi
 	}

 	return &Snapshot{
-		UUID:        uuid.New(),
+		UUID:        uuid.NewString(),
 		Name:        name,
 		CreatedAt:   time.Now(),
 		SourceKind:  "snapshot",
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+set -e
+
+# source debconf library
+. /usr/share/debconf/confmodule
+
+case "$1" in
+    purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+	# only remove aptly-api user and its homedir on purge
+	if [ "${1}" = "purge" ] ; then
+	    userdel -r aptly-api
+	fi
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+#DEBHELPER#
+
+exit 0
@@ -228,7 +228,7 @@ s3_publish_endpoints:
    #     # Encryption Method (optional)
    #     # Server-side encryption method, defaults to none. Currently
    #     # the only available encryption method is `AES256`
-    #     encryption_method: none
+    #     encryption_method: ""
    #     # Plus Workaround (optional)
    #     # Workaround misbehavior in apt and Amazon S3 for files with `+` in filename by
    #     # creating two copies of package files with `+` in filename: one original
@@ -1,3 +1,13 @@
+aptly (1.6.1) stable; urgency=medium
+
+  * update golang-github-syndtr-goleveldb-dev dependency (v1.0.1-0.20220721030215-126854af5e6d) to fix segfault on arm64
+    (bug in golang-github-golang-snappy-dev)
+  * allow snapshotting empty mirrors again (regression)
+  * debian compliance: add postrm (note: `apt purge aptly-api` will remove all data in ~aptly-api/)
+  * update other dependencies (x/net 0.33.0, gin-gonic/gin 1.9.1)
+
+ -- André Roth <neolynx@gmail.com>  Sat, 15 Feb 2025 13:03:16 +0100
+
 aptly (1.6.0) stable; urgency=medium

  * support reading filters from file or stdin
@@ -45,7 +45,6 @@ Build-Depends: bash-completion,
               golang-github-munnerz-goautoneg-dev,
               golang-github-mxk-go-flowrate-dev,
               golang-github-ncw-swift-dev,
-               golang-github-pborman-uuid-dev,
               golang-github-pelletier-go-toml,
               golang-github-pkg-errors-dev,
               golang-github-prometheus-client-golang-dev,
@@ -9,7 +9,7 @@ import (
 	"sync"
 	"syscall"

-	"github.com/pborman/uuid"
+	"github.com/google/uuid"
 	"github.com/saracen/walker"

 	"github.com/aptly-dev/aptly/aptly"
@@ -417,7 +417,7 @@ func (pool *PackagePool) FullPath(path string) string {

 // GenerateTempPath generates temporary path for download (which is fast to import into package pool later on)
 func (pool *PackagePool) GenerateTempPath(filename string) (string, error) {
-	random := uuid.NewRandom().String()
+	random := uuid.NewString()

 	return filepath.Join(pool.rootPath, random[0:2], random[2:4], random[4:]+filename), nil
 }
@@ -8,8 +8,8 @@ require (
 	github.com/awalterschulze/gographviz v2.0.1+incompatible
 	github.com/cavaliergopher/grab/v3 v3.0.1
 	github.com/cheggaaa/pb v1.0.25
-	github.com/gin-gonic/gin v1.9.0
-	github.com/go-playground/validator/v10 v10.11.2 // indirect
+	github.com/gin-gonic/gin v1.9.1
+	github.com/go-playground/validator/v10 v10.14.0 // indirect
 	github.com/h2non/filetype v1.1.3
 	github.com/jlaffaye/ftp v0.2.0 // indirect
 	github.com/kjk/lzma v0.0.0-20120628231508-2a7c55cad4a2
@@ -21,7 +21,6 @@ require (
 	github.com/mkrautz/goar v0.0.0-20150919110319-282caa8bd9da
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f
 	github.com/ncw/swift v1.0.53
-	github.com/pborman/uuid v1.2.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.20.0
 	github.com/rs/zerolog v1.29.1
@@ -30,7 +29,7 @@ require (
 	github.com/smira/flag v0.0.0-20170926215700-695ea5e84e76
 	github.com/smira/go-ftp-protocol v0.0.0-20140829150050-066b75c2b70d
 	github.com/smira/go-xz v0.1.0
-	github.com/syndtr/goleveldb v1.0.1-0.20200815110645-5c35d600f0ca
+	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d
 	github.com/ugorji/go/codec v1.2.11
 	github.com/wsxiaoys/terminal v0.0.0-20160513160801-0940f3fc43a0
 	golang.org/x/crypto v0.31.0 // indirect
@@ -60,13 +59,14 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bytedance/sonic v1.8.0 // indirect
+	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/cloudflare/circl v1.4.0 // indirect
 	github.com/coreos/go-semver v0.3.0 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/fatih/color v1.17.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.19.6 // indirect
@@ -77,16 +77,15 @@ require (
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/golang/snappy v0.0.2 // indirect
-	github.com/google/uuid v1.6.0 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/mailru/easyjson v0.7.6 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
@@ -103,8 +102,8 @@ require (
 	go.etcd.io/etcd/client/pkg/v3 v3.5.15 // indirect
 	go.uber.org/multierr v1.10.0 // indirect
 	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/arch v0.0.0-20210923205945-b76863e36670 // indirect
-	golang.org/x/net v0.28.0 // indirect
+	golang.org/x/arch v0.3.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
@@ -124,6 +123,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.46
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.67.1
 	github.com/aws/smithy-go v1.22.1
+	github.com/google/uuid v1.6.0
 	github.com/swaggo/files v1.0.1
 	github.com/swaggo/gin-swagger v1.6.0
 	github.com/swaggo/swag v1.16.3
@@ -64,8 +64,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
-github.com/bytedance/sonic v1.8.0 h1:ea0Xadu+sHlu7x5O3gKhRpQ1IKiMrSiHttPF0ybECuA=
-github.com/bytedance/sonic v1.8.0/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
+github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
+github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
 github.com/cavaliergopher/grab/v3 v3.0.1 h1:4z7TkBfmPjmLAAmkkAZNX/6QJ1nNFdv3SdIHXju0Fr4=
 github.com/cavaliergopher/grab/v3 v3.0.1/go.mod h1:1U/KNnD+Ft6JJiYoYBAimKH2XrYptb8Kl3DFGmsjpq4=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@@ -75,6 +75,9 @@ github.com/cheggaaa/pb v1.0.25/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXH
 github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cloudflare/circl v1.4.0 h1:BV7h5MgrktNzytKmWjpOtdYrf0lkkbF8YMlBGPhJQrY=
 github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=
@@ -89,14 +92,17 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
 github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
+github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
+github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
+github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/gin-contrib/gzip v0.0.6 h1:NjcunTcGAj5CO1gn4N8jHOSIeRFHIbn51z6K+xaN4d4=
 github.com/gin-contrib/gzip v0.0.6/go.mod h1:QOJlmV2xmayAjkNS2Y8NQsMneuRShOU/kjovCXNuzzk=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.9.0 h1:OjyFBKICoexlu99ctXNR2gg+c5pKrKMuyjgARg9qeY8=
-github.com/gin-gonic/gin v1.9.0/go.mod h1:W1Me9+hsUSyj3CePGrd1/QrKJMSJ1Tu/0hFEH89961k=
+github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
+github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@@ -113,8 +119,9 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU=
-github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s=
+github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
+github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
 github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -129,18 +136,20 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
-github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.2 h1:aeE13tS0IiQgFjYdoL8qN3K1N2bXXtI6Vi51/y7BpMw=
-github.com/golang/snappy v0.0.2/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/h2non/filetype v1.1.3 h1:FKkx9QbD7HR/zjK1Ia5XiBsq9zdLi5Kf3zGyFTAFkGg=
@@ -151,6 +160,7 @@ github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/jlaffaye/ftp v0.2.0 h1:lXNvW7cBu7R/68bknOX3MrRIIqZ61zELs1P2RAiA3lg=
 github.com/jlaffaye/ftp v0.2.0/go.mod h1:is2Ds5qkhceAPy2xD6RLI6hmp/qysSoymZ+Z2uTnspI=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -163,8 +173,9 @@ github.com/kjk/lzma v0.0.0-20120628231508-2a7c55cad4a2 h1:TVZQgMi+I83S3rCuE65Hnm
 github.com/kjk/lzma v0.0.0-20120628231508-2a7c55cad4a2/go.mod h1:phT/jsRPBAEqjAibu1BurrabCBNTYiVI+zbmyCZJY6Q=
 github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
 github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
-github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
+github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -177,8 +188,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
+github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
@@ -208,17 +219,20 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+
 github.com/ncw/swift v1.0.53 h1:luHjjTNtekIEvHg5KdAFIBaH7bWfNkefwFnpDffSIks=
 github.com/ncw/swift v1.0.53/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA=
-github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
+github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g=
-github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
+github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
+github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
+github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
 github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
 github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
@@ -259,11 +273,14 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
@@ -273,8 +290,8 @@ github.com/swaggo/gin-swagger v1.6.0 h1:y8sxvQ3E20/RCyrXeFfg60r6H0Z+SwpTjMYsMm+z
 github.com/swaggo/gin-swagger v1.6.0/go.mod h1:BG00cCEy294xtVpyIAHG6+e2Qzj/xKlRdOqDkvq0uzo=
 github.com/swaggo/swag v1.16.3 h1:PnCYjPCah8FK4I26l2F/KQ4yz3sILcVUN3cTlBFA9Pg=
 github.com/swaggo/swag v1.16.3/go.mod h1:DImHIuOFXKpMFAQjcC7FG4m3Dg4+QuUgUzJmKjI/gRk=
-github.com/syndtr/goleveldb v1.0.1-0.20200815110645-5c35d600f0ca h1:Ld/zXl5t4+D69SiV4JoN7kkfvJdOWlPpfxrzxpLMoUk=
-github.com/syndtr/goleveldb v1.0.1-0.20200815110645-5c35d600f0ca/go.mod h1:u2MKkTVTVJWe5D1rCvame8WqhBd88EuIwODJZ1VHCPM=
+github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs=
+github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
@@ -296,8 +313,9 @@ go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
 go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
 go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
-golang.org/x/arch v0.0.0-20210923205945-b76863e36670 h1:18EFjUmQOcUvxNYSkA6jO9VAiXCnxFY6NyDX0bHDmkU=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
+golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -317,17 +335,19 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200813134508-3edf25e44fcc/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -343,16 +363,20 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -369,7 +393,6 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
@@ -383,6 +406,7 @@ golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
@@ -391,8 +415,8 @@ golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxb
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 h1:RFiFrvy37/mpSpdySBDrUdipW/dHwsRwh3J3+A9VgT4=
 google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
@@ -405,6 +429,8 @@ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQ
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
 google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -341,6 +341,7 @@ The legacy json configuration is still supported (and also supports comments):
      // Storage. First, publishing endpoints should be described in the aptly
      // configuration file. Each endpoint has its name and associated settings.
      "AzurePublishEndpoints": {
+<<<<<<< HEAD
        // // Endpoint Name
        // "test": {

@@ -392,12 +393,26 @@ The legacy json configuration is still supported (and also supports comments):
        // // See: Azure documentation https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string
        // // defaults to "https://<accountName>.blob.core.windows.net"
        // "endpoint": ""
-      }
+      },
+
+      // Authorization for repos may be configured for ldap groups (and is extensible for others),
+      // default is no authorization.
+      "Auth": {
+        // // auth type, only supports ldap currently
+        // "authType: "",
+        // // auth server to use (eg. ldaps://ldap.example.com)
+        // "server\": "",
+        // // DN for ldap searches
+        // "ldapDN\": "",
+        // // ldap filter
+        // "ldapFilter": "",
+        // // enable secureTLS, default is off
+        // "secureTLS": false
+       }

    // End of config
    }

-
 ## PACKAGE QUERY

 Some commands accept package queries to identify list of packages to process.
@@ -228,7 +228,7 @@ s3_publish_endpoints:
    #     # Encryption Method (optional)
    #     # Server-side encryption method, defaults to none. Currently
    #     # the only available encryption method is `AES256`
-    #     encryption_method: none
+    #     encryption_method: ""
    #     # Plus Workaround (optional)
    #     # Workaround misbehavior in apt and Amazon S3 for files with `+` in filename by
    #     # creating two copies of package files with `+` in filename: one original
@@ -0,0 +1,3 @@
+
+Snapshot oh-snap successfully created.
+You can run 'aptly publish snapshot oh-snap' to publish snapshot as Debian repository.
@@ -106,3 +106,14 @@ class CreateSnapshot9Test(BaseTest):
        "aptly repo create local-repo",
    ]
    runCmd = "aptly snapshot create snap9 from repo local-repo"
+
+
+class CreateSnapshot10Test(BaseTest):
+    """
+    create snapshot: from empty mirror
+    """
+    fixtureCmds = [
+        "aptly mirror create -ignore-signatures non-free http://repo.aptly.info/system-tests/security.debian.org/debian-security bookworm-security updates/non-free",
+        "aptly mirror update -ignore-signatures non-free"
+    ]
+    runCmd = "aptly snapshot create oh-snap from mirror non-free"
@@ -13,6 +13,7 @@ import (

 // ConfigStructure is structure of main configuration
 type ConfigStructure struct { // nolint: maligned
+<<<<<<< HEAD
 	// General
 	RootDir              string   `json:"rootDir"                       yaml:"root_dir"`
 	LogLevel             string   `json:"logLevel"                      yaml:"log_level"`
@@ -63,6 +64,10 @@ type ConfigStructure struct { // nolint: maligned
 	SwiftPublishRoots      map[string]SwiftPublishRoot      `json:"SwiftPublishEndpoints"         yaml:"swift_publish_endpoints"`
 	AzurePublishRoots      map[string]AzureEndpoint         `json:"AzurePublishEndpoints"         yaml:"azure_publish_endpoints"`
 	PackagePoolStorage     PackagePoolStorage               `json:"packagePoolStorage"            yaml:"packagepool_storage"`
+
+        // Authentication
+	UseAuth                bool                             `json:"useAuth"`
+	Auth                   AAuth                            `json:"Auth"`
 }

 // DBConfig
@@ -211,9 +216,19 @@ type AzureEndpoint struct {
 	Endpoint    string `json:"endpoint"     yaml:"endpoint"`
 }

+type AAuth struct {
+	Type       string `json:"authType"`
+	Server     string `json:"server"`
+	LdapDN     string `json:"ldapDN"`
+	LdapFilter string `json:"ldapFilter"`
+	SecureTLS  bool   `json:"secureTLS"`
+}
+
 // Config is configuration for aptly, shared by all modules
 var Config = ConfigStructure{
 	RootDir:                filepath.Join(os.Getenv("HOME"), ".aptly"),
+	LogFile:                "",
+	UseAuth:                false, // should we enable auth
 	DownloadConcurrency:    4,
 	DownloadLimit:          0,
 	Downloader:             "default",
@@ -243,6 +258,7 @@ var Config = ConfigStructure{
 	LogFormat:              "default",
 	ServeInAPIMode:         false,
 	EnableSwaggerEndpoint:  false,
+	Auth:                   AAuth{},
 }

 // LoadConfig loads configuration from json file
@@ -155,7 +155,15 @@ func (s *ConfigSuite) TestSaveConfig(c *C) {
 		"  \"packagePoolStorage\": {\n" +
 		"    \"type\": \"local\",\n" +
 		"    \"path\": \"/tmp/aptly-pool\"\n" +
-		"  }\n" +
+		"  },\n" +
+		"  \"useAuth\": false,\n"+
+		"  \"Auth\": {\n"+
+		"    \"authType\": \"\",\n"+
+		"    \"server\": \"\",\n"+
+		"    \"ldapDN\": \"\",\n"+
+		"    \"ldapFilter\": \"\",\n"+
+		"    \"secureTLS\": false\n"+
+		"  }\n"+
 		"}")
 }
Author	SHA1	Message	Date
bpiraeus	8fa1922477	minor cleanup based on make check	2025-02-15 23:49:45 +01:00
bpiraeus	836137f15d	Adding authorisation options for API access - ldap currently the only supported method adding authorisation options for local repositories - ldap groups per repo	2025-02-15 23:49:45 +01:00
André Roth	ab18da351d	ci: add release notes and update Releasing.md	2025-02-15 22:25:56 +01:00
André Roth	1abb735bfa	Merge pull request #1430 from aptly-dev/release/1.6.1 Release/1.6.1	2025-02-15 19:10:42 +01:00
André Roth	9397d8ab36	add releasing doc	2025-02-15 16:23:53 +01:00
André Roth	82300d6944	update changelog	2025-02-15 16:17:37 +01:00
André Roth	cf3841e35c	Merge pull request #1425 from aptly-dev/fix/debian-compliance postrm: remove aptly-api user and home directory on purge	2025-01-24 00:49:15 +01:00
Sébastien Delafond	1a0bffdc51	postrm: remove aptly-api user and home directory on purge	2025-01-22 21:48:02 +01:00
André Roth	666b5c9700	Merge pull request #1422 from aptly-dev/fix/empty-mirror-snapshot Allow snapshotting empty mirrors	2025-01-13 12:36:01 +01:00
André Roth	2eabc6045f	go mod tidy	2025-01-12 00:05:00 +01:00
André Roth	cc32e79f2a	Merge pull request #1423 from mikelolasagasti/google-uuid Switch to google/uuid module	2025-01-11 23:56:23 +01:00
Mikel Olasagasti Uranga	7074fc8856	Switch to google/uuid module Current used github.com/pborman/uuid hasn't seen any updates in years. Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>	2025-01-11 23:18:50 +01:00
André Roth	a7d85e5905	Merge pull request #1187 from aptly-dev/dependabot/go_modules/github.com/gin-gonic/gin-1.9.1 Bump github.com/gin-gonic/gin from 1.7.7 to 1.9.1	2025-01-11 22:15:59 +01:00
André Roth	cad4233d0d	Bump github.com/gin-gonic/gin from 1.7.7 to 1.9.1 Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.7.7 to 1.9.1. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](https://github.com/gin-gonic/gin/compare/v1.7.7...v1.9.1) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> # Conflicts: # go.mod # go.sum	2025-01-11 21:48:14 +01:00
André Roth	9b9894c07d	update README	2025-01-11 21:33:40 +01:00
André Roth	8546cf31ce	add test: snapshot empty mirror	2025-01-11 20:00:42 +01:00
André Roth	aa0830ff0c	Revert "fix empty mirror check" This reverts commit `09a44ba409`.	2025-01-11 19:17:28 +01:00
dependabot[bot]	4076941bd7	Bump golang.org/x/net from 0.28.0 to 0.33.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.28.0 to 0.33.0. - [Commits](https://github.com/golang/net/compare/v0.28.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2025-01-11 15:58:10 +01:00
André Roth	4170c9e995	update README	2025-01-11 15:58:10 +01:00
André Roth	a862192bc4	ci: more relaxed aptly upload	2025-01-11 15:58:10 +01:00
André Roth	5a18428666	aptly.conf: fix s3 example	2025-01-11 15:25:53 +01:00
August Feng	0b5a627c84	update goleveldb dependency	2025-01-11 14:35:28 +01:00