chore: update templates metadata

Merge pull request 'Possibilité d'ignorer les vérifications TLS sur les connexions au service Hydra depuis la configuration' (#3 ) from feat/ssl-ignore into develop
Reviewed-on: #3
2023-12-06 12:02:29 +01:00 · 2023-12-06 11:55:57 +01:00 · 2023-12-06 11:55:01 +01:00 · 2023-12-06 11:45:30 +01:00 · 2023-12-06 11:43:58 +01:00 · 2022-11-24 15:32:33 -06:00
13 changed files with 186 additions and 57 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 /bin
 /dist
--- a/50
+++ b/50
@ -0,0 +1,50 @@
@Library('cadoles') _
 pipeline {
  agent {
    dockerfile {
      label 'docker'
      filename 'Dockerfile'
      dir 'misc/ci'
    }
  }
  stages {
    stage('Build and publish packages') {
      when {
        anyOf {
          branch 'master'
          branch 'develop'
        }
      }
      steps {
        script {
          List<String> packagers = ['deb', 'rpm']
          packagers.each { pkgr ->
            sh "make NFPM_PACKAGER='${pkgr}' build package"
          }
          List<String> attachments = sh(returnStdout: true, script: "find dist -type f -name '*.deb' -or -name '*.rpm' -or -name '*.ipk'").split(' ')
          String releaseVersion = sh(returnStdout: true, script: "git describe --always | rev | cut -d '/' -f 1 | rev").trim()
          String releaseBody = """
          _Publication automatisée réalisée par Jenkins._ [Voir le job](${env.RUN_DISPLAY_URL})
          """
          gitea.release('forge-jenkins', 'Cadoles', 'hydra-werther', [
            'attachments': attachments,
            'body': releaseBody,
            'releaseName': "${releaseVersion}",
            'releaseVersion': "${releaseVersion}"
          ])
        }
      }
    }
  }
  post {
    always {
      cleanWs()
    }
  }
 }
--- a/23
+++ b/23
@ -1,4 +1,23 @@
-build:
+PACKAGE_VERSION ?= $(shell git describe --always | rev | cut -d '/' -f 1 | rev)
-	misc/script/build
+NFPM_PACKAGER ?= deb
 build: clean generate
 	CGO_ENABLED=0 misc/script/build
 generate:
 	go generate ./...
 clean:
 	rm -rf bin
 package: dist
 	PACKAGE_VERSION=$(PACKAGE_VERSION) \
 	nfpm package \
 		--config misc/packaging/nfpm.yml \
 		--target ./dist \
 		--packager $(NFPM_PACKAGER)
 dist:
 	mkdir -p dist
 .PHONY: build
--- a/cmd/werther/main.go
+++ b/cmd/werther/main.go
@ -14,6 +14,8 @@ import (
 	"net/url"
 	"os"
 	"crypto/tls"
 	"github.com/i-core/rlog"
 	"github.com/i-core/routegroup"
 	"github.com/i-core/werther/internal/identp"
@ -30,11 +32,12 @@ var version = ""
 // Config is a server's configuration.
 type Config struct {
-	DevMode bool   `envconfig:"dev_mode" default:"false" desc:"a development mode"`
+	DevMode            bool   `envconfig:"dev_mode" default:"false" desc:"Enable development mode"`
-	Listen  string `default:":8080" desc:"a host and port to listen on (<host>:<port>)"`
+	Listen             string `default:":8080" desc:"a host and port to listen on (<host>:<port>)"`
-	Identp  identp.Config
+	InsecureSkipVerify bool   `envconfig:"insecure_skip_verify" default:"false" desc:"Disable TLS verification on Hydra connection"`
-	LDAP    ldapclient.Config
+	Identp             identp.Config
-	Web     web.Config
+	LDAP               ldapclient.Config
 	Web                web.Config
 }
 func main() {
@ -80,6 +83,11 @@ func main() {
 		os.Exit(1)
 	}
 	if cnf.InsecureSkipVerify {
 		log.Warn("All ssl verifications are disabled !")
 		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	}
 	ldap := ldapclient.New(cnf.LDAP)
 	router := routegroup.NewRouter(nosurf.NewPure, rlog.NewMiddleware(log))
--- a/conf/hydra-werther.conf
+++ b/conf/hydra-werther.conf
@ -117,3 +117,15 @@ WERTHER_LDAP_ROLE_BASEDN=ou=groups,dc=myorg,dc=com
  # [type]        String
  # [default]     /
  # [required]
 #WERTHER_LDAP_CONNECTION_TIMEOUT=
  # [description] LDAP server connection timeout
  # [type]        Duration
  # [default]     60s
  # [required]
 # WERTHER_INSECURE_SKIP_VERIFY=
 #   [description] Disable TLS verification on Hydra connection
 #   [type]        True or False
 #   [default]     false
 #   [required]
--- a/internal/hydra/hydra.go
+++ b/internal/hydra/hydra.go
@ -26,6 +26,8 @@ var (
 	ErrChallengeNotFound = errors.New("challenge not found")
 	// ErrChallengeExpired is an error that happens when a challenge is already used.
 	ErrChallengeExpired = errors.New("challenge expired")
 	//ErrServiceUnavailable is an error that happens when the hydra admin service is unavailable
 	ErrServiceUnavailable = errors.New("hydra service unavailable")
 )
 type reqType string
@ -52,6 +54,7 @@ func initiateRequest(typ reqType, hydraURL string, fakeTLSTermination bool, chal
 	if err != nil {
 		return nil, err
 	}
 	u, err := parseURL(hydraURL)
 	if err != nil {
 		return nil, err
@ -145,6 +148,8 @@ func checkResponse(resp *http.Response) error {
 		return ErrChallengeNotFound
 	case 409:
 		return ErrChallengeExpired
 	case 503:
 		return ErrServiceUnavailable
 	default:
 		var rs struct {
 			Message string `json:"error"`
--- a/internal/identp/identp.go
+++ b/internal/identp/identp.go
@ -11,6 +11,7 @@ package identp
 import (
 	"context"
 	"fmt"
 	"net/http"
 	"net/url"
 	"strings"
@ -127,7 +128,8 @@ func newLoginStartHandler(rproc oa2LoginReqProcessor, tmplRenderer TemplateRende
 				return
 			}
 			log.Infow("Failed to initiate an OAuth2 login request", zap.Error(err), "challenge", challenge)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+			errMsg := fmt.Sprintf("%s - %s - %s", http.StatusText(http.StatusInternalServerError), err, errors.Cause(err))
 			http.Error(w, errMsg, http.StatusInternalServerError)
 			return
 		}
 		log.Infow("A login request is initiated", "challenge", challenge, "username", ri.Subject)
@ -171,7 +173,7 @@ func newLoginEndHandler(ra oa2LoginReqAcceptor, auther authenticator, tmplRender
 		data := LoginTmplData{
 			CSRFToken: nosurf.Token(r),
 			Challenge: challenge,
-			LoginURL:  r.URL.String(),
+			LoginURL:  strings.TrimPrefix(r.URL.String(), "/"),
 		}
 		username, password := r.Form.Get("username"), r.Form.Get("password")
--- a/internal/ldapclient/ldapclient.go
+++ b/internal/ldapclient/ldapclient.go
@ -48,19 +48,20 @@ type connector interface {
 // Config is a LDAP configuration.
 type Config struct {
-	Endpoints       []string          `envconfig:"endpoints" required:"true" desc:"a LDAP's server URLs as \"<address>:<port>\""`
+	Endpoints         []string          `envconfig:"endpoints" required:"true" desc:"a LDAP's server URLs as \"<address>:<port>\""`
-	BindDN          string            `envconfig:"binddn" desc:"a LDAP bind DN"`
+	BindDN            string            `envconfig:"binddn" desc:"a LDAP bind DN"`
-	BindPass        string            `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"`
+	BindPass          string            `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"`
-	BaseDN          string            `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"`
+	BaseDN            string            `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"`
-	UserSearchQuery string            `envconfig:"user_search_query" desc:"the user search query" default:"(&(|(objectClass=organizationalPerson)(objectClass=inetOrgPerson))(|(uid=%[1]s)(mail=%[1]s)(userPrincipalName=%[1]s)(sAMAccountName=%[1]s)))"`
+	UserSearchQuery   string            `envconfig:"user_search_query" desc:"the user search query" default:"(&(|(objectClass=organizationalPerson)(objectClass=inetOrgPerson))(|(uid=%[1]s)(mail=%[1]s)(userPrincipalName=%[1]s)(sAMAccountName=%[1]s)))"`
-	AttrClaims      map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"`
+	AttrClaims        map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"`
-	RoleBaseDN      string            `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"`
+	RoleBaseDN        string            `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"`
-	RoleSearchQuery string            `envconfig:"role_search_query" desc:"the role search query" default:"(|(&(|(objectClass=group)(objectClass=groupOfNames))(member=%[1]s))(&(objectClass=groupOfUniqueNames)(uniqueMember=%[1]s)))"`
+	RoleSearchQuery   string            `envconfig:"role_search_query" desc:"the role search query" default:"(|(&(|(objectClass=group)(objectClass=groupOfNames))(member=%[1]s))(&(objectClass=groupOfUniqueNames)(uniqueMember=%[1]s)))"`
-	RoleAttr        string            `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"`
+	RoleAttr          string            `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"`
-	RoleClaim       string            `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
+	RoleClaim         string            `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
-	CacheSize       int               `envconfig:"cache_size" default:"512" desc:"a user info cache's size in KiB"`
+	CacheSize         int               `envconfig:"cache_size" default:"512" desc:"a user info cache's size in KiB"`
-	CacheTTL        time.Duration     `envconfig:"cache_ttl" default:"30m" desc:"a user info cache TTL"`
+	CacheTTL          time.Duration     `envconfig:"cache_ttl" default:"30m" desc:"a user info cache TTL"`
-	IsTLS           bool              `envconfig:"is_tls" default:"false" desc:"should LDAP connection be established via TLS"`
+	IsTLS             bool              `envconfig:"is_tls" default:"false" desc:"should LDAP connection be established via TLS"`
 	ConnectionTimeout time.Duration     `envconfig:"connection_timeout" default:"60s" desc:"LDAP server connection timeout"`
 }
 // Client is a LDAP client (compatible with Active Directory).
@ -75,11 +76,12 @@ func New(cnf Config) *Client {
 	return &Client{
 		Config: cnf,
 		connector: &ldapConnector{
-			BaseDN:          cnf.BaseDN,
+			BaseDN:            cnf.BaseDN,
-			UserSearchQuery: cnf.UserSearchQuery,
+			UserSearchQuery:   cnf.UserSearchQuery,
-			RoleBaseDN:      cnf.RoleBaseDN,
+			RoleBaseDN:        cnf.RoleBaseDN,
-			IsTLS:           cnf.IsTLS,
+			IsTLS:             cnf.IsTLS,
-			RoleSearchQuery: cnf.RoleSearchQuery,
+			RoleSearchQuery:   cnf.RoleSearchQuery,
 			ConnectionTimeout: cnf.ConnectionTimeout,
 		},
 		cache: freecache.NewCache(cnf.CacheSize * 1024),
 	}
@ -193,7 +195,7 @@ func (cli *Client) FindOIDCClaims(ctx context.Context, username string) (map[str
 		return nil, err
 	}
-	roles := make(map[string]interface{})
+	roles := make([]map[string]interface{}, 0)
 	for _, entry := range entries {
 		roleDN, ok := entry["dn"].(string)
 		if !ok || roleDN == "" {
@ -211,21 +213,8 @@ func (cli *Client) FindOIDCClaims(ctx context.Context, username string) (map[str
 		if n < k || !strings.EqualFold(roleDN[n-k:], cli.RoleBaseDN) {
 			panic("You should never see that")
 		}
 		// The DN without the role's base DN must contain a CN and OU
 		// where the CN is for uniqueness only, and the OU is an application id.
 		path := strings.Split(roleDN[:n-k-1], ",")
 		if len(path) != 2 {
 			log.Infow("A role's DN without the role's base DN must contain two nodes only",
 				"roleBaseDN", cli.RoleBaseDN, "roleDN", roleDN)
 			continue
 		}
 		appID := path[1][len("OU="):]
-		var appRoles []interface{}
+		roles = append(roles, entry)
 		if v := roles[appID]; v != nil {
 			appRoles = v.([]interface{})
 		}
 		roles[appID] = append(appRoles, entry[cli.RoleAttr])
 	}
 	claims[cli.RoleClaim] = roles
@ -304,15 +293,16 @@ func (cli *Client) findBasicUserDetails(cn conn, username string, attrs []string
 }
 type ldapConnector struct {
-	BaseDN          string
+	BaseDN            string
-	RoleBaseDN      string
+	RoleBaseDN        string
-	IsTLS           bool
+	IsTLS             bool
-	UserSearchQuery string
+	UserSearchQuery   string
-	RoleSearchQuery string
+	RoleSearchQuery   string
 	ConnectionTimeout time.Duration
 }
 func (c *ldapConnector) Connect(ctx context.Context, addr string) (conn, error) {
-	d := net.Dialer{Timeout: ldap.DefaultTimeout}
+	d := net.Dialer{Timeout: c.ConnectionTimeout}
 	tcpcn, err := d.DialContext(ctx, "tcp", addr)
 	if err != nil {
 		return nil, err
--- a/internal/web/templates.go
+++ b/internal/web/templates.go
@ -89,7 +89,7 @@ func loginTmpl() (*asset, error) {
 		return nil, err
 	}
-	info := bindataFileInfo{name: "login.tmpl", size: 1376, mode: os.FileMode(0664), modTime: time.Unix(1598432745, 0)}
+	info := bindataFileInfo{name: "login.tmpl", size: 1376, mode: os.FileMode(0644), modTime: time.Unix(1632751659, 0)}
 	a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x96, 0x82, 0x4c, 0x6a, 0xc3, 0x92, 0x44, 0x14, 0x82, 0xe7, 0x9a, 0xa8, 0xc8, 0x81, 0x35, 0x91, 0x53, 0xa8, 0x9, 0xe5, 0x8, 0xd5, 0xf, 0x5c, 0x48, 0x31, 0xde, 0xbf, 0xb7, 0x65, 0x23, 0xa9}}
 	return a, nil
 }
@ -109,7 +109,7 @@ func staticFontsRobotoLightTtf() (*asset, error) {
 		return nil, err
 	}
-	info := bindataFileInfo{name: "static/fonts/Roboto-Light.ttf", size: 170012, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)}
+	info := bindataFileInfo{name: "static/fonts/Roboto-Light.ttf", size: 170012, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
 	a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xdb, 0x2, 0x9, 0x6a, 0x91, 0xc2, 0xa, 0xb6, 0x2d, 0x45, 0x90, 0x1, 0xa1, 0x5, 0x9b, 0xc8, 0xd7, 0x8c, 0xaa, 0x35, 0xd6, 0x37, 0xdc, 0x91, 0x49, 0x4c, 0x44, 0x40, 0x81, 0x5a, 0x6a, 0xc1}}
 	return a, nil
 }
@ -129,7 +129,7 @@ func staticFontsRobotoLightWoff() (*asset, error) {
 		return nil, err
 	}
-	info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff", size: 93468, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)}
+	info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff", size: 93468, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
 	a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x77, 0xad, 0xe0, 0x48, 0xda, 0x36, 0xf1, 0x3, 0xa5, 0x20, 0x45, 0x5a, 0xcb, 0xd2, 0xf, 0x26, 0xbd, 0x45, 0xd6, 0xf1, 0xc4, 0x21, 0x5, 0x4a, 0x5d, 0x92, 0x6f, 0x55, 0x65, 0x25, 0x16, 0x35}}
 	return a, nil
 }
@ -149,7 +149,7 @@ func staticFontsRobotoLightWoff2() (*asset, error) {
 		return nil, err
 	}
-	info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff2", size: 64272, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)}
+	info := bindataFileInfo{name: "static/fonts/Roboto-Light.woff2", size: 64272, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
 	a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x1a, 0x87, 0xc0, 0x97, 0xd1, 0xa3, 0x42, 0xec, 0x1b, 0x1a, 0x40, 0x6, 0x6d, 0x4d, 0xbe, 0x9d, 0x6f, 0x14, 0x49, 0x2d, 0x78, 0x80, 0x5d, 0xe2, 0xa1, 0xb5, 0x7d, 0xaf, 0x8b, 0x28, 0xd6, 0x40}}
 	return a, nil
 }
@ -169,7 +169,7 @@ func staticScriptJs() (*asset, error) {
 		return nil, err
 	}
-	info := bindataFileInfo{name: "static/script.js", size: 1240, mode: os.FileMode(0644), modTime: time.Unix(1565090829, 0)}
+	info := bindataFileInfo{name: "static/script.js", size: 1240, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
 	a := &asset{bytes: bytes, info: info, digest: [32]uint8{0x21, 0x83, 0x40, 0xc4, 0xb1, 0x4e, 0x2c, 0xf8, 0x84, 0x11, 0x9b, 0x80, 0xc2, 0xe6, 0xab, 0xb5, 0xf8, 0xd5, 0x3b, 0xc9, 0x2e, 0x5b, 0x12, 0x7, 0x29, 0x2f, 0x21, 0x5f, 0x59, 0x35, 0xf7, 0xad}}
 	return a, nil
 }
@ -189,7 +189,7 @@ func staticStyleCss() (*asset, error) {
 		return nil, err
 	}
-	info := bindataFileInfo{name: "static/style.css", size: 5966, mode: os.FileMode(0644), modTime: time.Unix(1574945279, 0)}
+	info := bindataFileInfo{name: "static/style.css", size: 5966, mode: os.FileMode(0644), modTime: time.Unix(1631861563, 0)}
 	a := &asset{bytes: bytes, info: info, digest: [32]uint8{0xdf, 0x10, 0x89, 0x7e, 0x7, 0xd2, 0xf2, 0xcc, 0xa2, 0x4e, 0xcf, 0x1, 0x63, 0x75, 0x97, 0xa1, 0x1c, 0x36, 0x4e, 0x34, 0x44, 0x85, 0x53, 0x93, 0xd4, 0x40, 0x69, 0x5f, 0x78, 0x30, 0x17, 0x8f}}
 	return a, nil
 }
--- a/misc/ci/Dockerfile
+++ b/misc/ci/Dockerfile
@ -0,0 +1,9 @@
 FROM alpine:3.16
 RUN apk add --no-cache make git curl jq bash openssl go zip
 RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
 RUN wget https://github.com/goreleaser/nfpm/releases/download/v2.20.0/nfpm_2.20.0_Linux_x86_64.tar.gz \
    && tar -xzf nfpm_2.20.0_Linux_x86_64.tar.gz -C /usr/local/bin \
    && chmod +x /usr/local/bin/nfpm
--- a/misc/packaging/nfpm.yml
+++ b/misc/packaging/nfpm.yml
@ -0,0 +1,21 @@
 name: "hydra-werther"
 arch: "amd64"
 platform: "linux"
 version: "${PACKAGE_VERSION}"
 section: "default"
 priority: "extra"
 maintainer: "Cadoles <contact@cadoles.com>"
 description: |
  PostgreSQL automated backup scripts
 vendor: "Cadoles"
 homepage: "https://forge.cadoles.com/Cadoles/postgres-backup"
 license: "AGPL-3.0"
 contents:
  - src: bin/werther_linux_amd64
    dst: /usr/bin/hydra-werther
  - src: conf/hydra-werther.conf
    dst: /etc/hydra-werther/hydra-werther.conf
  - src: misc/packaging/systemd/hydra-werther.service
    dst: /usr/lib/systemd/system/hydra-werther.service
--- a/misc/packaging/systemd/hydra-werther.service
+++ b/misc/packaging/systemd/hydra-werther.service
@ -0,0 +1,12 @@
 [Unit]
 Description=Run Hydra Werther login/consent/logout app
 After=network-online.target
 [Service]
 Type=simple
 EnvironmentFile=/etc/hydra-werther/hydra-werther.conf
 ExecStart=/usr/bin/hydra-werther
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target
--- a/misc/script/build
+++ b/misc/script/build
@ -18,4 +18,4 @@ do
    fi
 done
-(cd bin && sha256sum *.{tar.gz,zip} > werther_checksums.txt)
+(cd bin && sha256sum *.{tar.gz,zip} > werther_checksums.txt || exit 0)
Author	SHA1	Message	Date
William Petit	d74f81224d	chore: update templates metadata All checks were successful Cadoles/hydra-werther/pipeline/head This commit looks good Details	2023-12-06 12:02:29 +01:00
wpetit	885d18ebb0	Merge pull request 'Possibilité d'ignorer les vérifications TLS sur les connexions au service Hydra depuis la configuration' (#3 ) from feat/ssl-ignore into develop All checks were successful Cadoles/hydra-werther/pipeline/head This commit looks good Details Reviewed-on: #3	2023-12-06 11:55:57 +01:00
Philippe Caseiro	271d62dc27	feat: configurable ignore of tls verification for hydra connections All checks were successful Cadoles/hydra-werther/pipeline/pr-develop This commit looks good Details	2023-12-06 11:55:01 +01:00
wpetit	592749eebf	Merge pull request 'Délai de connexion au serveur LDAP configurable' (#2 ) from ldap-configurable-timeout into develop All checks were successful Cadoles/hydra-werther/pipeline/head This commit looks good Details Reviewed-on: #2	2023-12-06 11:45:30 +01:00
William Petit	24b66a12ef	feat: add configurable ldap connection timeout All checks were successful Cadoles/hydra-werther/pipeline/head This commit looks good Details Cadoles/hydra-werther/pipeline/pr-develop This commit looks good Details	2023-12-06 11:43:58 +01:00
William Petit	194c1864c4	fix: configuration path in package All checks were successful Cadoles/hydra-werther/pipeline/head This commit looks good Details	2022-11-24 15:32:33 -06:00
William Petit	b940aae071	chore: add nfpm based packing recipe All checks were successful Cadoles/hydra-werther/pipeline/head This commit looks good Details	2022-11-03 15:30:40 -06:00
William Petit	eab0b72431	chore: add generate command to updates embedded assets	2021-09-27 16:22:10 +02:00
William Petit	3525b4bcb5	fix: trim login url when displaying error message	2021-09-27 16:21:33 +02:00
William Petit	138e818429	Send all retrieved groups 'as-is' in claims	2021-09-24 15:54:10 +02:00
William Petit	c7599a8faa	chore: allow build of only specific distribution without error	2021-09-17 11:46:07 +02:00