mirror of
https://github.com/aptly-dev/aptly.git
synced 2026-01-12 03:21:33 +00:00
bb2db7e500
The added "aptly publish repo" option "-access-by-hash" publishes the index files (Packages*, Sources*) also as hardlinked hashes. Example: /dists/yakkety/main/binary-amd64/by-hash/SHA512/31833ec39acc... The Release files indicate this with the option "Acquire-By-Hash: yes" This is used by apt >= 1.2.0 and prevents the "Hash sum mismatch" race condition between a server side "aptly publish repo" and "apt-get update" on a client. See: http://www.chiark.greenend.org.uk/~cjwatson/blog/no-more-hash-sum-mismatch-errors.html This implementation uses symlinks in the by-hash/*/ directory for keeping only two versions of the index files and deleting older files automatically. Note: this only works with aptly.FileSystemPublishedStorage Closes: #536 Signed-off-by: André Roth <neolynx@gmail.com>
237 lines
8.0 KiB
Go
237 lines
8.0 KiB
Go
package cmd
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/smira/aptly/aptly"
|
|
"github.com/smira/aptly/deb"
|
|
"github.com/smira/aptly/utils"
|
|
"github.com/smira/commander"
|
|
"github.com/smira/flag"
|
|
)
|
|
|
|
func aptlyPublishSnapshotOrRepo(cmd *commander.Command, args []string) error {
|
|
var err error
|
|
|
|
components := strings.Split(context.Flags().Lookup("component").Value.String(), ",")
|
|
|
|
if len(args) < len(components) || len(args) > len(components)+1 {
|
|
cmd.Usage()
|
|
return commander.ErrCommandError
|
|
}
|
|
|
|
var param string
|
|
if len(args) == len(components)+1 {
|
|
param = args[len(components)]
|
|
args = args[0 : len(args)-1]
|
|
} else {
|
|
param = ""
|
|
}
|
|
storage, prefix := deb.ParsePrefix(param)
|
|
|
|
var (
|
|
sources = []interface{}{}
|
|
message string
|
|
)
|
|
|
|
if cmd.Name() == "snapshot" { // nolint: goconst
|
|
var (
|
|
snapshot *deb.Snapshot
|
|
emptyWarning = false
|
|
parts = []string{}
|
|
)
|
|
|
|
for _, name := range args {
|
|
snapshot, err = context.CollectionFactory().SnapshotCollection().ByName(name)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to publish: %s", err)
|
|
}
|
|
|
|
err = context.CollectionFactory().SnapshotCollection().LoadComplete(snapshot)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to publish: %s", err)
|
|
}
|
|
|
|
sources = append(sources, snapshot)
|
|
parts = append(parts, snapshot.Name)
|
|
|
|
if snapshot.NumPackages() == 0 {
|
|
emptyWarning = true
|
|
}
|
|
}
|
|
|
|
if len(parts) == 1 {
|
|
message = fmt.Sprintf("Snapshot %s has", parts[0])
|
|
} else {
|
|
message = fmt.Sprintf("Snapshots %s have", strings.Join(parts, ", "))
|
|
|
|
}
|
|
|
|
if emptyWarning {
|
|
context.Progress().Printf("Warning: publishing from empty source, architectures list should be complete, it can't be changed after publishing (use -architectures flag)\n")
|
|
}
|
|
} else if cmd.Name() == "repo" { // nolint: goconst
|
|
var (
|
|
localRepo *deb.LocalRepo
|
|
emptyWarning = false
|
|
parts = []string{}
|
|
)
|
|
|
|
for _, name := range args {
|
|
localRepo, err = context.CollectionFactory().LocalRepoCollection().ByName(name)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to publish: %s", err)
|
|
}
|
|
|
|
err = context.CollectionFactory().LocalRepoCollection().LoadComplete(localRepo)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to publish: %s", err)
|
|
}
|
|
|
|
sources = append(sources, localRepo)
|
|
parts = append(parts, localRepo.Name)
|
|
|
|
if localRepo.NumPackages() == 0 {
|
|
emptyWarning = true
|
|
}
|
|
}
|
|
|
|
if len(parts) == 1 {
|
|
message = fmt.Sprintf("Local repo %s has", parts[0])
|
|
} else {
|
|
message = fmt.Sprintf("Local repos %s have", strings.Join(parts, ", "))
|
|
|
|
}
|
|
|
|
if emptyWarning {
|
|
context.Progress().Printf("Warning: publishing from empty source, architectures list should be complete, it can't be changed after publishing (use -architectures flag)\n")
|
|
}
|
|
} else {
|
|
panic("unknown command")
|
|
}
|
|
|
|
distribution := context.Flags().Lookup("distribution").Value.String()
|
|
origin := context.Flags().Lookup("origin").Value.String()
|
|
notAutomatic := context.Flags().Lookup("notautomatic").Value.String()
|
|
butAutomaticUpgrades := context.Flags().Lookup("butautomaticupgrades").Value.String()
|
|
|
|
published, err := deb.NewPublishedRepo(storage, prefix, distribution, context.ArchitecturesList(), components, sources, context.CollectionFactory())
|
|
if err != nil {
|
|
return fmt.Errorf("unable to publish: %s", err)
|
|
}
|
|
if origin != "" {
|
|
published.Origin = origin
|
|
}
|
|
if notAutomatic != "" {
|
|
published.NotAutomatic = notAutomatic
|
|
}
|
|
if butAutomaticUpgrades != "" {
|
|
published.ButAutomaticUpgrades = butAutomaticUpgrades
|
|
}
|
|
published.Label = context.Flags().Lookup("label").Value.String()
|
|
|
|
published.SkipContents = context.Config().SkipContentsPublishing
|
|
|
|
if context.Flags().IsSet("skip-contents") {
|
|
published.SkipContents = context.Flags().Lookup("skip-contents").Value.Get().(bool)
|
|
}
|
|
|
|
if context.Flags().IsSet("access-by-hash") {
|
|
published.AccessByHash = context.Flags().Lookup("access-by-hash").Value.Get().(bool)
|
|
}
|
|
|
|
duplicate := context.CollectionFactory().PublishedRepoCollection().CheckDuplicate(published)
|
|
if duplicate != nil {
|
|
context.CollectionFactory().PublishedRepoCollection().LoadComplete(duplicate, context.CollectionFactory())
|
|
return fmt.Errorf("prefix/distribution already used by another published repo: %s", duplicate)
|
|
}
|
|
|
|
signer, err := getSigner(context.Flags())
|
|
if err != nil {
|
|
return fmt.Errorf("unable to initialize GPG signer: %s", err)
|
|
}
|
|
|
|
forceOverwrite := context.Flags().Lookup("force-overwrite").Value.Get().(bool)
|
|
if forceOverwrite {
|
|
context.Progress().ColoredPrintf("@rWARNING@|: force overwrite mode enabled, aptly might corrupt other published repositories sharing " +
|
|
"the same package pool.\n")
|
|
}
|
|
|
|
err = published.Publish(context.PackagePool(), context, context.CollectionFactory(), signer, context.Progress(), forceOverwrite)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to publish: %s", err)
|
|
}
|
|
|
|
err = context.CollectionFactory().PublishedRepoCollection().Add(published)
|
|
if err != nil {
|
|
return fmt.Errorf("unable to save to DB: %s", err)
|
|
}
|
|
|
|
var repoComponents string
|
|
prefix, repoComponents, distribution = published.Prefix, strings.Join(published.Components(), " "), published.Distribution
|
|
if prefix == "." {
|
|
prefix = ""
|
|
} else if !strings.HasSuffix(prefix, "/") {
|
|
prefix += "/"
|
|
}
|
|
|
|
context.Progress().Printf("\n%s been successfully published.\n", message)
|
|
|
|
if localStorage, ok := context.GetPublishedStorage(storage).(aptly.FileSystemPublishedStorage); ok {
|
|
context.Progress().Printf("Please setup your webserver to serve directory '%s' with autoindexing.\n",
|
|
localStorage.PublicPath())
|
|
}
|
|
|
|
context.Progress().Printf("Now you can add following line to apt sources:\n")
|
|
context.Progress().Printf(" deb http://your-server/%s %s %s\n", prefix, distribution, repoComponents)
|
|
if utils.StrSliceHasItem(published.Architectures, deb.ArchitectureSource) {
|
|
context.Progress().Printf(" deb-src http://your-server/%s %s %s\n", prefix, distribution, repoComponents)
|
|
}
|
|
context.Progress().Printf("Don't forget to add your GPG key to apt with apt-key.\n")
|
|
context.Progress().Printf("\nYou can also use `aptly serve` to publish your repositories over HTTP quickly.\n")
|
|
|
|
return err
|
|
}
|
|
|
|
func makeCmdPublishSnapshot() *commander.Command {
|
|
cmd := &commander.Command{
|
|
Run: aptlyPublishSnapshotOrRepo,
|
|
UsageLine: "snapshot <name> [[<endpoint>:]<prefix>]",
|
|
Short: "publish snapshot",
|
|
Long: `
|
|
Command publishes snapshot as Debian repository ready to be consumed
|
|
by apt tools. Published repostiories appear under rootDir/public directory.
|
|
Valid GPG key is required for publishing.
|
|
|
|
Multiple component repository could be published by specifying several
|
|
components split by commas via -component flag and multiple snapshots
|
|
as the arguments:
|
|
|
|
aptly publish snapshot -component=main,contrib snap-main snap-contrib
|
|
|
|
Example:
|
|
|
|
$ aptly publish snapshot wheezy-main
|
|
`,
|
|
Flag: *flag.NewFlagSet("aptly-publish-snapshot", flag.ExitOnError),
|
|
}
|
|
cmd.Flag.String("distribution", "", "distribution name to publish")
|
|
cmd.Flag.String("component", "", "component name to publish (for multi-component publishing, separate components with commas)")
|
|
cmd.Flag.String("gpg-key", "", "GPG key ID to use when signing the release")
|
|
cmd.Flag.Var(&keyRingsFlag{}, "keyring", "GPG keyring to use (instead of default)")
|
|
cmd.Flag.String("secret-keyring", "", "GPG secret keyring to use (instead of default)")
|
|
cmd.Flag.String("passphrase", "", "GPG passhprase for the key (warning: could be insecure)")
|
|
cmd.Flag.String("passphrase-file", "", "GPG passhprase-file for the key (warning: could be insecure)")
|
|
cmd.Flag.Bool("batch", false, "run GPG with detached tty")
|
|
cmd.Flag.Bool("skip-signing", false, "don't sign Release files with GPG")
|
|
cmd.Flag.Bool("skip-contents", false, "don't generate Contents indexes")
|
|
cmd.Flag.String("origin", "", "overwrite origin name to publish")
|
|
cmd.Flag.String("notautomatic", "", "overwrite value for NotAutomatic field")
|
|
cmd.Flag.String("butautomaticupgrades", "", "overwrite value for ButAutomaticUpgrades field")
|
|
cmd.Flag.String("label", "", "label to publish")
|
|
cmd.Flag.Bool("force-overwrite", false, "overwrite files in package pool in case of mismatch")
|
|
|
|
return cmd
|
|
}
|