Auth-protected repositories #125

New Issue

Jef Roosens · 2022-04-11T15:44:10+02:00

Jef Roosens commented

2022-04-11 15:44:10 +02:00

Using the XferCommand option in pacman.conf, it's possible to change what command Pacman uses to download files from the server. This combined with the fact that GNU wget can read credentials from a netrc file could allow the user to add a HTTP basic auth-protected repository to Pacman.

This does raise a couple questions:

How would a user configure this authentication for their Vieter instance?
Would this mean having to disable public repos by default?
Is it worth having separate passwords for each repository or would we e.g. use the repository name as the username & the API key as password?

Using the `XferCommand` option in `pacman.conf`, it's possible to change what command Pacman uses to download files from the server. This combined with the fact that GNU wget can read credentials from a netrc file could allow the user to add a HTTP basic auth-protected repository to Pacman. This does raise a couple questions: * How would a user configure this authentication for their Vieter instance? * Would this mean having to disable public repos by default? * Is it worth having separate passwords for each repository or would we e.g. use the repository name as the username & the API key as password?

Jef Roosens added the

enhancement

label 2022-04-11 15:44:10 +02:00

Jef Roosens added this to the 0.3.0 milestone 2022-04-11 16:22:23 +02:00

Jef Roosens modified the milestone from 0.3.0 to 0.4.0

2022-04-20 09:52:29 +02:00

Jef Roosens removed this from the 0.4.0 milestone 2022-06-13 16:09:30 +02:00

Sign in to join this conversation.