peezy-tech/jojo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-05-12 22:10:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
22822 commits 27 branches 286 tags 266 MiB
Commit graph

7 commits

Author SHA1 Message Date
Mathieu Fenniak
63ec90b0ef [v11.0/forgejo] feat: Replace mholt/archiver/v3 with mholt/archives (#7025) (#10043) 
**Backport:** #7025

Resolves #6266

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7025
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>
Co-committed-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>

Backported due to `make security-check` failing in `v11.0/forgejo` branch due to a new registered vulnerability in the github.com/nwaples/rardecode.

```
/home/forgejo/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.3.linux-amd64/bin/go run golang.org/x/vuln/cmd/govulncheck@v1  ./...
=== Symbol Results ===
Vulnerability #1: GO-2025-4020
    DoS risk due to unrestricted RAR dictionary sizes in
    github.com/nwaples/rardecode
  More info: https://pkg.go.dev/vuln/GO-2025-4020
  Module: github.com/nwaples/rardecode
    Found in: github.com/nwaples/rardecode@v1.1.3
    Fixed in: N/A
    Example traces found:
      #1: modules/git/repo_commit.go:263:24: git.Repository.CommitsByFileAndRange calls io.ReadFull, which eventually calls rardecode.cipherBlockReader.Read
      #2: modules/packages/arch/metadata.go:22:2: arch.init calls archiver.init, which calls rardecode.init
      #3: modules/git/repo_language_stats.go:198:32: git.Repository.GetLanguageStats calls bytes.Buffer.ReadFrom, which calls rardecode.limitedReader.Read
Your code is affected by 1 vulnerability from 1 module.
This scan also found 1 vulnerability in packages you import and 0
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
exit status 3
make: *** [Makefile:526: security-check] Error 1
```

Co-authored-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10043
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
 2025-11-10 17:30:23 +01:00
forgejo-backport-action
e286457990 [v11.0/forgejo] chore: branding import path (#7354) 
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/7337

- Massive replacement of changing `code.gitea.io/gitea` to `forgejo.org`.
- Resolves forgejo/discussions#258

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7354
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
 2025-03-27 20:13:05 +00:00
dragon
37a300b105 Add support for indexing arch files 2024-12-09 11:34:50 +08:00
dragon
a3ef037ccb clean style and add more tests 2024-08-26 11:13:22 +08:00
dragon
600c703ef4 Fix arch OptDepends version check and add gzip compression 2024-08-26 10:45:24 +08:00
Exploding Dragon
87d50eca87 feat: support grouping by any path for arch package (#4903) 
Previous arch package grouping was not well-suited for complex or multi-architecture environments. It now supports the following content:

- Support grouping by any path.
- New support for packages in `xz` format.
- Fix clean up rules

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4903): <!--number 4903 --><!--line 0 --><!--description c3VwcG9ydCBncm91cGluZyBieSBhbnkgcGF0aCBmb3IgYXJjaCBwYWNrYWdl-->support grouping by any path for arch package<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4903
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
 2024-08-11 10:35:11 +00:00
Exploding Dragon
f17194ca91 Arch packages implementation (#4785) 
This PR is from https://github.com/go-gitea/gitea/pull/31037

This PR was originally created by @d1nch8g , and the original source code comes from https://ion.lc/core/gitea.

This PR adds a package registry for [Arch Linux](https://archlinux.org/) packages with support for package files, [signatures](https://wiki.archlinux.org/title/Pacman/Package_signing), and automatic [pacman-database](https://archlinux.org/pacman/repo-add.8.html) management.

Features:

1. Push any ` tar.zst ` package and Gitea sign it.
2. Delete endpoint for specific package version and all related files
3. Supports trust levels with `SigLevel = Required`.
4. Package UI with instructions to connect to the new pacman database and visualised package metadata

![](/attachments/810ca6df-bd20-44c2-bdf7-95e94886d750)

You can follow [this tutorial](https://wiki.archlinux.org/title/Creating_packages) to build a *.pkg.tar.zst package for testing

docs pr: https://codeberg.org/forgejo/docs/pulls/791

Co-authored-by: d1nch8g@ion.lc
Co-authored-by: @KN4CK3R
Co-authored-by: @mahlzahn
Co-authored-by: @silverwind
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4785
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
 2024-08-04 06:16:29 +00:00