This PR provides a cloudflared.repo template that can simply then be
added to yum repos by running
```
sudo dnf config-manager --add-repo
```
removing the requirement for yum installers to handcraft this or run
echo commands.
This addresses https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2841557
by updating yaml v3 to latest version.
It also stops using yaml v2 directly (we were using both v2 and v3 mixed).
We still rely on yaml v2 indirectly, via urfave cli, though.
Note that the security vulnerability does not affect v2.
This PR mostly raises exceptions so we are aware if release deb or
release pkgs fail. It also makes release_version optional if backup pkgs
are not needed.
We now keep the gpg key inputs configurable. This PR imports base64
encoded gpg details into the build environment and uses this information
to sign the linux builds.
This PR extends release_pkgs.py to now also support uploading rpm based
assets to R2. The packages are not signed yet and will be done in a
subsequent PR.
This PR
- Packs the .rpm assets into relevant directories
- Calls createrepo on them to make them yum repo ready
- Uploads them to R2
The publish to brew core prints a URL with a PR that does the change
in github to brew core formula for cloudflared. It then tries to open
the browser, which obviously fails in CI.
So this adds a flag for it to skip opening the browser.
It's not clear how the PR will be opened, it seems like it must be
done by a human.
But at least this won't fail the build.
The way apt works is:
1. It looks at the release file based on the `deb` added to sources.list.
2. It uses this release file to find the relative location of Packages or Packages.gz
3. It uses the pool information from packages to find the relative location of where the .deb file is located and then downloads and installs it.
This PR seeks to take advantage of this information by simply arranging
the files in a way apt expects thereby eliminating the need for an
orchestrating endpoint.
This PR does the following:
1. Creates packages.gz, signed InRelease files for debs in
built_artifacts for configured debian releases.
2. Uploads them to Cloudflare R2.
3. Adds a Workers KV entry that talks about where these assets are
uploaded.
This commit adds the tunnel details to RPC register connection response
so we can have access to some of the details associacted to the tunnel
that only the edge knows.
Currently this is limited to knowing if the tunnel is remotely managed
or not. In the future we could extend this with more information.