IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
APT doesn't mind a repository with either "/" or "./" as suite/distribution,
such as
deb https://example.com/debian ./
in that case, the 'dists' part of the URL and the trailing slash (which would
be encoded as '_') is dropped in the file name in '/var/lib/apt/lists/'.
Other suite values with a trailing or leading '/' are rejected with an error by APT:
E: Malformed entry 1 in sources file /etc/apt/sources.list.d/test.list (absolute Suite Component)
E: The list of sources could not be read.
so this should be the only special case requiring handling.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
APT will not store the InRelease file in some cases, and some repositories
might not even have one in the first place.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
A build-system that needs all build-dependencies even for a simple
make clean invocation is a PITA..
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The old 'main' component stays valid, pointing to no-subscription,
which means the is_referenced_repository() check needs a special case
for it. It will eventually go away, together with the handles for
Quincy.
Alternatively, the standard repository's info() could've been changed
to return multiple possible components, similar to URLs, but as
opposed to URLs, there could be a standard repository that wants to
have multiple components and it feels a bit unnatural, because
multiple components are usually not aliases of the same. And adapting
is_referenced_repository() would be needed here too. So overall, the
above alternative just felt better.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
This mostly serves as documentation for the API call to be
implemented across our products. It's otherwise already just
a oneliner on the TfaConfig.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Use a custom result type to return success/failure and the
need to save the user data to the caller, while having
logged the error messages rather than returning them.
We count general TFA failures and also TOTP specifically,
and lock the user out of their 2nd factors on too many
failures.
To this end, all errors are now treated as failures.
While technically we can have crypto errors the user might
not be able to cause, we can't always know, and not all
errors are guaranteed to be a host side configuration issue,
so instead, all errors (since they are rare) now now counted
as a regular TFA error.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
TfaUserData uses `#[serde(deny_unknown_fields)]`, so we add
this now, but using it will require explicitly enabling it.
If the TOTP count is high, the user should be locked out of
TOTP entirely until they use a recovery key to reset the
count.
If a user's TFA try count is too high, they should get rate
limited.
In both cases they should receive some kind of notification.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>