feat: add support for sha256 and sha512 htpasswd formats
Fixes issue #3495
We currently support only bcrypt htpasswd hashes, however bcrypt is not
FIPS-140 approved since it uses Blowfish.
This PR adds support for sha256 and sha512 formats and enforces that
bcrypt be disabled when fips140 mode is enabled.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
Since the job for triaging stale issues started running last week, it has been mainly running for recent issues.
Also 30 days of issue inactivity is too low at this moment.
Update to 90 days, and force it to start processing older issues/PRs first.
Increase the number of operations per execution, processing more issues/PRs per run.
Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
Description
====================
zot currently stores session cookies in memory or in a local directory.
For cases where the session cookies should be independent of the
instance where they were created such as multiple instances of zot, or a
fully stateless zot instance, there is a need to support a remote
session storage.
This change adds support for using Redis and Redis-compatible services as a
remote session driver as well as introduces a new configuration option
for it.
What has changed
=======================
- New config added under Auth config to specify configuration for
the session driver.
- Examples README updated with details of the new Auth config.
- The config supports only 2 drivers in this change - local and redis
- Using the local driver is backwards compatible and behaves the same
way that zot currently works for local session storage.
- Omitting this config does not result in an error. In this case, zot
behaves as it normally does for local session storage.
- When configured, zot can use redis for persisting cookie
information for zot UI.
- The cookie in the store is deleted on logout or after the max
expiry time for the cookie.
- Configuration for the redis session driver accepts the same configuration
values as that of the remote meta cache.
- A separate connection is established for the session driver. An
existing connection for meta cache will not be re-used for the
session driver.
- A key prefix is configurable for the redis session driver. The value will be
converted into a string for use. If no value is provided, a default
prefix of "zotsession" will be used.
- Redis sessions does not support hash key or encryption in this change.
- New BATS test added to verify zot behavior with Redis session store.
- Github workflow updated to install valkey-tools dependency for BATS.
Signed-off-by: Vishwas Rajashekar <dev@vrajashkr.com>
This workflow is failing. We will revisit once the default username
includes the docker group.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* feat(freebsd): add support native freebsd container images
Fixes issue #1663
freebsd is now building and releasing official freebsd OCI container
images
https://hub.docker.com/r/freebsd/freebsd-runtime/tags
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* fix: add freebsd support in publish workflow
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* fix: bump stacker version
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* fix: disable non-functional darwin OCI image builds
darwin OCI images are non-functional until we get a usable base image.
Remove them.
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
* fix: set freebsd-static as base image for FreeBSD images
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
---------
Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
- fix log folder names used by nightly jobs
- fix attempt to install containerd.io in the redis pipeline (which conflicts with containerd)
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* feat: show more error information in zb output
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore(ci): gc stress tests to save logs as artifacts
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* chore: add benchmark results to job summaries
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* fix: count and show zb errors
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
* ci: fix the flaky coverage of the redis logger
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
---------
Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Ramkumar Chinchani