to make it a bit easier to configure access to the enterprise repositories.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
[ T: added missing use statement for format_err ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
by making the --id parameter optional, and structuring the output accordingly.
since pools are per base-dir, GC only needs to run once per base-dir instead of
for each mirror entry.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
a Path(Buf)'s Debug formatting already contains double quotes, no need to quote
it a second time..
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
there are still repositories out there that are using things like DSA/RSA-1024
and SHA1, so let's allow POM users to opt into accepting those insecure
cryptographic parameters, but keep the default settings secure.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
e.g., when encoutering a key that is self-signed with SHA-1 (which is not that
uncommon for non-distro repositories that have an old key), instead of the
following:
----8<----
Fetching Release/Release.gpg files
-> GET 'https://download.ceph.com/debian-quincy//dists/bullseye/Release.gpg'..
-> GET 'https://download.ceph.com/debian-quincy//dists/bullseye/Release'..
Verifying 'Release(.gpg)' signature using provided repository key..
Subkey of 08B73419AC32B4E966C1A330E84AC2C0460F3994 not bound: No binding signature at time 2022-10-17T22:41:10Z
Error: encountered 1 error(s)
---->8----
which only gives us a rought idea that something is wrong with a key signature,
we now get the following:
----8<----
Fetching Release/Release.gpg files
-> GET 'https://download.ceph.com/debian-quincy//dists/bullseye/Release.gpg'..
-> GET 'https://download.ceph.com/debian-quincy//dists/bullseye/Release'..
Verifying 'Release(.gpg)' signature using provided repository key..
Subkey of 08B73419AC32B4E966C1A330E84AC2C0460F3994 not bound: No binding signature at time 2022-10-17T22:41:10Z
Caused by:
0: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
1: SHA1 is not considered secure since 2023-02-01T00:00:00Z
Error: No valid signature found.
---->8----
which shows us that the key signature was rejected because it's SHA-1, and the
(default and currently only) policy doesn't allow that (anymore).
the output is also improved in case the Release file is signed multiple times
and none of the signatures are accepted.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit adds support for HTTP proxies, configurable via the
ALL_PROXY environment variable.
For example:
$ ALL_PROXY="localhost:3128" proxmox-offline-mirror mirror <...>
Note: `ureq` seems to use HTTP CONNECT for *all* connections, including
HTTP on port 80. Proxies need to be configured to allow that - Squid by
default allows CONNECT only for HTTPS on port 443.
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
It's internal to the fn and the types are all written out
and visible so it's arguably fine this way.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
similar to `proxmox-offline-mirror medium status <ID>`, but limited to
the information that is stored on the medium itself. this command can be
used to get a quick overview over what's on a medium, or for automated
setup of the contained repositories.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
the default/fallback was a remnant from a no-longer-employed
"copy-helper-to-medium" deployment strategy.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
with a somewhat sensible default of filtering the games and debug
sections - which already reduces a mirror of PVE + Debian bullseye by
about 27% (105GB->77GB).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
so that a single filter 'games' covers all related sections for a stock
Debian repository.
this also has the side-effect that package downloads are now batched by
component.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
strictly speaking InRelease is required, and Release optional, but that
might not be true for older repositories. treat failure to fetch either
as non-fatal, provided the other is available.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
similar to the binary package one, but with one additional layer since
each source package consists of 2-3 files, not a single .deb file.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
to keep the size of mirror snapshots down by excluding unnecessary files
(e.g., games data, browsers, debug packages, ..).
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
one for diffing two relative paths within a pool (e.g., for comparing
snapshots), one for diffing two pools (e.g., for diffing mirror and
mirror on medium), and one for listing paths.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
that creates a new snapshot for each configured mirror, collecting the
results and printing a summary at the end. this should be suitable for
usage in a cron job or timer-triggered unit, with no output on stderr
for 100% OK execution runs.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
in dry-run mode, creating a snapshot will download (but not persist) the
Release files and any indices referenced within, but not download the
package files themselves. instead, any URLs that would still need to be
fetched are printed, and the statistics about to-be-fetched files and
bytes is updated accordingly.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
