Release 2.13.3

since builder intro the triggers are called with merged result, thus it
would lead to duplicated callouts

.bandit-test.yml

@@ -1 +1,6 @@
-skips: ['B101', 'B104', 'B105', 'B106', 'B404']
+skips:
+  - B101
+  - B104
+  - B105
+  - B106
+  - B404

.bandit.yml

@@ -1 +1,3 @@
-skips: ['B404', 'B603']
+skips:
+  - B404
+  - B603

.github/PULL_REQUEST_TEMPLATE.md

@@ -9,5 +9,4 @@ Put `closes #ISSUE` in case if the pull requests solves one of the opened issues
 ### Checklist
 
 - [ ] Tests to cover new code
-- [ ] `make check` passed
-- [ ] `make tests` passed
+- [ ] `tox` passed

.github/workflows/docker.yml

@@ -2,7 +2,8 @@ name: Docker image
 
 on:
   push:
-    branches: [ master ]
+    branches:
+      - master
     tags:
       - '*'
       - '!*rc*'

.github/workflows/release.yml

@@ -24,8 +24,13 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           filter: 'Release \d+\.\d+\.\d+'
 
+      - name: Install dependencies
+        uses: ConorMacBride/install-package@v1.1.0
+        with:
+          apt: tox
+
       - name: Create archive
-        run: make archive
+        run: tox -e archive
         env:
           VERSION: ${{ steps.version.outputs.VERSION }}
 
@@ -35,7 +40,7 @@ jobs:
           body: |
             ${{ steps.changelog.outputs.compareurl }}
             ${{ steps.changelog.outputs.changelog }}
-          files: ahriman-*-src.tar.xz
+          files: dist/ahriman-*.tar.gz
           fail_on_unmatched_files: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/setup.sh

@@ -6,33 +6,33 @@ set -ex
 [[ $1 = "minimal" ]] && MINIMAL_INSTALL=1
 
 # install dependencies
-echo -e '[arcanisrepo]\nServer = http://repo.arcanis.me/$arch\nSigLevel = Never' | tee -a /etc/pacman.conf
+echo -e '[arcanisrepo]\nServer = https://repo.arcanis.me/$arch\nSigLevel = Never' | tee -a /etc/pacman.conf
 # refresh the image
-pacman --noconfirm -Syu
+pacman -Syu --noconfirm
 # main dependencies
-pacman --noconfirm -Sy base-devel devtools git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo python-systemd sudo
+pacman -Sy --noconfirm devtools git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo python-systemd sudo
 # make dependencies
-pacman --noconfirm -Sy python-build python-flit python-installer python-wheel
+pacman -Sy --noconfirm python-build python-flit python-installer python-tox python-wheel
 # optional dependencies
 if [[ -z $MINIMAL_INSTALL ]]; then
     # VCS support
-    pacman --noconfirm -Sy breezy darcs mercurial subversion
+    pacman -Sy --noconfirm breezy darcs mercurial subversion
     # web server
-    pacman --noconfirm -Sy python-aioauth-client python-aiohttp python-aiohttp-apispec-git python-aiohttp-cors python-aiohttp-debugtoolbar python-aiohttp-jinja2 python-aiohttp-security python-aiohttp-session python-cryptography python-jinja
+    pacman -Sy --noconfirm python-aioauth-client python-aiohttp python-aiohttp-apispec-git python-aiohttp-cors python-aiohttp-jinja2 python-aiohttp-security python-aiohttp-session python-cryptography python-jinja
     # additional features
-    pacman --noconfirm -Sy gnupg python-boto3 rsync
+    pacman -Sy --noconfirm gnupg python-boto3 rsync
 fi
 # FIXME since 1.0.4 devtools requires dbus to be run, which doesn't work now in container
 cp "docker/systemd-nspawn.sh" "/usr/local/bin/systemd-nspawn"
 
 # create fresh tarball
-make VERSION=1.0.0 archlinux  # well, it does not really matter which version we will put here
+tox -e archive
 # run makepkg
-mv ahriman-*-src.tar.xz package/archlinux
+mv dist/ahriman-*.tar.gz package/archlinux
 chmod +777 package/archlinux  # because fuck you that's why
 cd package/archlinux
 sudo -u nobody -- makepkg -cf --skipchecksums --noconfirm
-pacman --noconfirm -U ahriman-1.0.0-1-any.pkg.tar.zst
+sudo -u nobody -- makepkg --packagelist | pacman -U --noconfirm -
 # create machine-id which is required by build tools
 systemd-machine-id-setup
 

.github/workflows/setup.yml

@@ -2,9 +2,11 @@ name: Setup
 
 on:
   push:
-    branches: [ master ]
+    branches:
+      - master
   pull_request:
-    branches: [ master ]
+    branches:
+      - master
 
 jobs:
   run-setup-minimal:

.github/workflows/tests.sh

@@ -4,7 +4,7 @@
 set -ex
 
 # install dependencies
-pacman --noconfirm -Syu base-devel python-setuptools python-tox
+pacman --noconfirm -Syu base-devel python-tox
 
 # run test and check targets
-make check tests
+tox

.github/workflows/tests.yml

@@ -2,9 +2,11 @@ name: Tests
 
 on:
   push:
-    branches: [ master ]
+    branches:
+      - master
   pull_request:
-    branches: [ master ]
+    branches:
+      - master
 
 jobs:
   run-tests:

.pylintrc

@@ -83,6 +83,7 @@ limit-inference-results=100
 # usually to register additional checkers.
 load-plugins=pylint.extensions.docparams,
              definition_order,
+             import_order,
 
 # Pickle collected data for later comparisons.
 persistent=yes

.readthedocs.yml

@@ -1,18 +1,10 @@
 version: 2
 
-formats:
-  - pdf
-
 build:
   os: ubuntu-20.04
   tools:
     python: "3.11"
 
-sphinx:
-  builder: html
-  configuration: docs/conf.py
-  fail_on_warning: true
-
 python:
   install:
     - method: pip
@@ -21,3 +13,11 @@ python:
         - docs
         - s3
         - web
+
+formats:
+  - pdf
+
+sphinx:
+  builder: html
+  configuration: docs/conf.py
+  fail_on_warning: true

CONTRIBUTING.md

@@ -19,11 +19,11 @@ There are some strict limitation for suggested pull requests:
 
 ### Code formatting
 
-In order to resolve all difficult cases the `autopep8` is used. You can perform formatting at any time by running `make check` or running `autopep8` command directly.
+In order to resolve all difficult cases the `autopep8` is used. You can perform formatting at any time by running `tox` or running `autopep8` command directly.
 
 ### Code style
 
-Again, the most checks can be performed by `make check` command, though some additional guidelines must be applied:
+Again, the most checks can be performed by `tox` command, though some additional guidelines must be applied:
 
 * Every class, every function (including private and protected), every attribute must be documented. The project follows [Google style documentation](https://google.github.io/styleguide/pyguide.html). The only exception is local functions.
 * Correct way to document function (if a section is empty, e.g. no notes or there are no args, it should be omitted) is the following:
@@ -44,7 +44,7 @@ Again, the most checks can be performed by `make check` command, though some add
   
         Returns:
             int: result with
-                long description
+            long description
   
         Raises:
             RuntimeError: a local function error occurs
@@ -231,19 +231,19 @@ The projects also uses typing checks (provided by `mypy`) and some linter checks
 ### Run automated checks
 
 ```shell
-make check tests
+tox
 ```
 
 ### Generate documentation templates
 
 ```shell
-make specification
+tox -e docs
 ```
 
 ### Create release
 
 ```shell
-make VERSION=x.y.z check tests release
+tox -m release -- x.y.z
 ```
 
-The command above will also run checks first and will generate documentation, tags, etc., and will push them to GitHub. Other things will be handled by GitHub workflows automatically.
+The command above will generate documentation, tags, etc., and will push them to GitHub. Other things will be handled by GitHub workflows automatically.

Dockerfile

@@ -23,8 +23,9 @@ ENV AHRIMAN_VALIDATE_CONFIGURATION="yes"
 ## update pacman.conf with multilib
 RUN echo "[multilib]" >> "/etc/pacman.conf" && \
     echo "Include = /etc/pacman.d/mirrorlist" >> "/etc/pacman.conf"
-## install minimal required packages
-RUN pacman --noconfirm -Syu binutils fakeroot git make sudo
+## refresh packages, install sudo and install packages for building
+RUN pacman -Syu --noconfirm sudo && \
+    pacman -Sy --noconfirm --asdeps fakeroot python-tox
 ## create build user
 RUN useradd -m -d "/home/build" -s "/usr/bin/nologin" build && \
     echo "build ALL=(ALL) NOPASSWD: ALL" > "/etc/sudoers.d/build"
@@ -33,9 +34,9 @@ COPY "docker/install-aur-package.sh" "/usr/local/bin/install-aur-package"
 ## darcs is not installed by reasons, because it requires a lot haskell packages which dramatically increase image size
 RUN pacman -Sy --noconfirm --asdeps devtools git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo && \
     pacman -Sy --noconfirm --asdeps python-build python-flit python-installer python-wheel && \
-    pacman -Sy --noconfirm --asdeps breezy mercurial python-aiohttp python-aiohttp-cors python-boto3 python-cryptography python-jinja python-requests-unixsocket python-systemd rsync subversion && \
-    runuser -u build -- install-aur-package python-aioauth-client python-aiohttp-apispec-git python-aiohttp-jinja2  \
-                                            python-aiohttp-debugtoolbar python-aiohttp-session python-aiohttp-security
+    pacman -Sy --noconfirm --asdeps breezy git mercurial python-aiohttp python-boto3 python-cryptography python-jinja python-requests-unixsocket python-systemd rsync subversion && \
+    runuser -u build -- install-aur-package python-aioauth-client python-aiohttp-apispec-git python-aiohttp-cors \
+                                            python-aiohttp-jinja2 python-aiohttp-session python-aiohttp-security
 
 ## FIXME since 1.0.4 devtools requires dbus to be run, which doesn't work now in container
 COPY "docker/systemd-nspawn.sh" "/usr/local/bin/systemd-nspawn"
@@ -45,8 +46,8 @@ COPY "docker/systemd-nspawn.sh" "/usr/local/bin/systemd-nspawn"
 COPY --chown=build . "/home/build/ahriman"
 ## create package archive and install it
 RUN cd "/home/build/ahriman" && \
-    make VERSION=$(python -c "from src.ahriman import __version__; print(__version__)") archlinux && \
-    cp ./*-src.tar.xz "package/archlinux" && \
+    tox -e archive && \
+    cp ./dist/*.tar.gz "package/archlinux" && \
     cd "package/archlinux" && \
     runuser -u build -- makepkg --noconfirm --install --skipchecksums && \
     cd / && rm -r "/home/build/ahriman"

Makefile

@@ -1,59 +0,0 @@
-.PHONY: archive archlinux check clean directory html release specification tests version
-.DEFAULT_GOAL := archlinux
-
-PROJECT := ahriman
-
-FILES := AUTHORS CONTRIBUTING.md COPYING README.md SECURITY.md package pyproject.toml src web.png
-TARGET_FILES := $(addprefix $(PROJECT)/, $(FILES))
-IGNORE_FILES := package/archlinux src/.mypy_cache
-
-$(TARGET_FILES) : $(addprefix $(PROJECT), %) : $(addprefix ., %) directory version
-	@cp -rp $< $@
-
-archive: archive_directory
-	tar cJf "$(PROJECT)-$(VERSION)-src.tar.xz" "$(PROJECT)"
-	rm -rf "$(PROJECT)"
-
-archive_directory: $(TARGET_FILES)
-	rm -fr $(addprefix $(PROJECT)/, $(IGNORE_FILES))
-	find "$(PROJECT)" -type f -name "*.pyc" -delete
-	find "$(PROJECT)" -depth -type d -name "__pycache__" -execdir rm -rf {} +
-	find "$(PROJECT)" -depth -type d -name "*.egg-info" -execdir rm -rf {} +
-
-archlinux: archive
-	sed -i "s/pkgver=.*/pkgver=$(VERSION)/" package/archlinux/PKGBUILD
-
-check: clean
-	tox -e check
-
-clean:
-	find . -type f -name "$(PROJECT)-*-src.tar.xz" -delete
-	rm -rf "$(PROJECT)"
-
-directory: clean
-	mkdir "$(PROJECT)"
-
-html: specification
-	rm -rf docs/html
-	tox -e docs-html
-
-release: specification archlinux
-	git add package/archlinux/PKGBUILD src/ahriman/__init__.py docs/ahriman-architecture.svg package/share/man/man1/ahriman.1 package/share/bash-completion/completions/_ahriman package/share/zsh/site-functions/_ahriman
-	git commit -m "Release $(VERSION)"
-	git tag "$(VERSION)"
-	git push
-	git push --tags
-
-specification:
-	# make sure that old files are removed
-	find docs -type f -name "$(PROJECT)*.rst" -delete
-	tox -e docs
-
-tests: clean
-	tox -e tests
-
-version:
-ifndef VERSION
-	$(error VERSION is required, but not set)
-endif
-	sed -i 's/^__version__ = .*/__version__ = "$(VERSION)"/' src/ahriman/__init__.py

docs/advanced-usage.rst

@@ -12,7 +12,7 @@ Depending on the goal the package can be used in different ways. Nevertheless, i
    from ahriman.models.repository_id import RepositoryId
 
    repository_id = RepositoryId("x86_64", "aur-clone")
-   configuration = Configuration.from_path(Path("/etc/ahriman.ini"), architecture)
+   configuration = Configuration.from_path(Path("/etc/ahriman.ini"), repository_id)
    database = SQLite.load(configuration)
 
 At this point there are ``configuration`` and ``database`` instances which can be used later at any time anywhere, e.g.

docs/ahriman.application.application.rst

@@ -1,6 +1,14 @@
 ahriman.application.application package
 =======================================
 
+Subpackages
+-----------
+
+.. toctree::
+   :maxdepth: 4
+
+   ahriman.application.application.workers
+
 Submodules
 ----------
 
@@ -36,6 +44,14 @@ ahriman.application.application.application\_repository module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.application.application.updates\_iterator module
+--------------------------------------------------------
+
+.. automodule:: ahriman.application.application.updates_iterator
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 Module contents
 ---------------
 

docs/ahriman.application.application.workers.rst

@@ -0,0 +1,37 @@
+ahriman.application.application.workers package
+===============================================
+
+Submodules
+----------
+
+ahriman.application.application.workers.local\_updater module
+-------------------------------------------------------------
+
+.. automodule:: ahriman.application.application.workers.local_updater
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.application.application.workers.remote\_updater module
+--------------------------------------------------------------
+
+.. automodule:: ahriman.application.application.workers.remote_updater
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.application.application.workers.updater module
+------------------------------------------------------
+
+.. automodule:: ahriman.application.application.workers.updater
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: ahriman.application.application.workers
+   :members:
+   :no-undoc-members:
+   :show-inheritance:

docs/ahriman.application.handlers.rst

@@ -20,6 +20,14 @@ ahriman.application.handlers.backup module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.application.handlers.change module
+------------------------------------------
+
+.. automodule:: ahriman.application.handlers.change
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.application.handlers.clean module
 -----------------------------------------
 

docs/ahriman.core.database.migrations.rst

@@ -100,6 +100,14 @@ ahriman.core.database.migrations.m011\_repository\_name module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.database.migrations.m012\_last\_commit\_sha module
+---------------------------------------------------------------
+
+.. automodule:: ahriman.core.database.migrations.m012_last_commit_sha
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 Module contents
 ---------------
 

docs/ahriman.core.database.operations.rst

@@ -20,6 +20,14 @@ ahriman.core.database.operations.build\_operations module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.database.operations.changes\_operations module
+-----------------------------------------------------------
+
+.. automodule:: ahriman.core.database.operations.changes_operations
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.core.database.operations.logs\_operations module
 --------------------------------------------------------
 

docs/ahriman.core.distributed.rst

@@ -0,0 +1,45 @@
+ahriman.core.distributed package
+================================
+
+Submodules
+----------
+
+ahriman.core.distributed.distributed\_system module
+---------------------------------------------------
+
+.. automodule:: ahriman.core.distributed.distributed_system
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.core.distributed.worker\_loader\_trigger module
+-------------------------------------------------------
+
+.. automodule:: ahriman.core.distributed.worker_loader_trigger
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.core.distributed.worker\_trigger module
+-----------------------------------------------
+
+.. automodule:: ahriman.core.distributed.worker_trigger
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.core.distributed.workers\_cache module
+----------------------------------------------
+
+.. automodule:: ahriman.core.distributed.workers_cache
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: ahriman.core.distributed
+   :members:
+   :no-undoc-members:
+   :show-inheritance:

docs/ahriman.core.formatters.rst

@@ -20,6 +20,14 @@ ahriman.core.formatters.build\_printer module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.formatters.changes\_printer module
+-----------------------------------------------
+
+.. automodule:: ahriman.core.formatters.changes_printer
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.core.formatters.configuration\_paths\_printer module
 ------------------------------------------------------------
 

docs/ahriman.core.http.rst

@@ -4,6 +4,14 @@ ahriman.core.http package
 Submodules
 ----------
 
+ahriman.core.http.sync\_ahriman\_client module
+----------------------------------------------
+
+.. automodule:: ahriman.core.http.sync_ahriman_client
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.core.http.sync\_http\_client module
 -------------------------------------------
 

docs/ahriman.core.log.rst

@@ -4,14 +4,6 @@ ahriman.core.log package
 Submodules
 ----------
 
-ahriman.core.log.filtered\_access\_logger module
-------------------------------------------------
-
-.. automodule:: ahriman.core.log.filtered_access_logger
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 ahriman.core.log.http\_log\_handler module
 ------------------------------------------
 

docs/ahriman.core.repository.rst

@@ -20,6 +20,14 @@ ahriman.core.repository.executor module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.repository.package\_info module
+--------------------------------------------
+
+.. automodule:: ahriman.core.repository.package_info
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.core.repository.repository module
 -----------------------------------------
 

docs/ahriman.core.rst

@@ -12,6 +12,7 @@ Subpackages
    ahriman.core.build_tools
    ahriman.core.configuration
    ahriman.core.database
+   ahriman.core.distributed
    ahriman.core.formatters
    ahriman.core.gitremote
    ahriman.core.http

docs/ahriman.models.rst

@@ -36,6 +36,14 @@ ahriman.models.build\_status module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.models.changes module
+-----------------------------
+
+.. automodule:: ahriman.models.changes
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.models.context\_key module
 ----------------------------------
 
@@ -244,6 +252,14 @@ ahriman.models.waiter module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.models.worker module
+----------------------------
+
+.. automodule:: ahriman.models.worker
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 Module contents
 ---------------
 

docs/ahriman.web.rst

@@ -30,6 +30,14 @@ ahriman.web.cors module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.web.keys module
+-----------------------
+
+.. automodule:: ahriman.web.keys
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.web.routes module
 -------------------------
 

docs/ahriman.web.schemas.rst

@@ -20,6 +20,22 @@ ahriman.web.schemas.auth\_schema module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.web.schemas.build\_options\_schema module
+-------------------------------------------------
+
+.. automodule:: ahriman.web.schemas.build_options_schema
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.web.schemas.changes\_schema module
+------------------------------------------
+
+.. automodule:: ahriman.web.schemas.changes_schema
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.web.schemas.counters\_schema module
 -------------------------------------------
 
@@ -44,6 +60,14 @@ ahriman.web.schemas.file\_schema module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.web.schemas.info\_schema module
+---------------------------------------
+
+.. automodule:: ahriman.web.schemas.info_schema
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.web.schemas.internal\_status\_schema module
 ---------------------------------------------------
 
@@ -236,6 +260,14 @@ ahriman.web.schemas.versioned\_log\_schema module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.web.schemas.worker\_schema module
+-----------------------------------------
+
+.. automodule:: ahriman.web.schemas.worker_schema
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 Module contents
 ---------------
 

docs/ahriman.web.views.rst

@@ -38,6 +38,14 @@ ahriman.web.views.static module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.web.views.status\_view\_guard module
+--------------------------------------------
+
+.. automodule:: ahriman.web.views.status_view_guard
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 Module contents
 ---------------
 

docs/ahriman.web.views.v1.distributed.rst

@@ -0,0 +1,21 @@
+ahriman.web.views.v1.distributed package
+========================================
+
+Submodules
+----------
+
+ahriman.web.views.v1.distributed.workers module
+-----------------------------------------------
+
+.. automodule:: ahriman.web.views.v1.distributed.workers
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: ahriman.web.views.v1.distributed
+   :members:
+   :no-undoc-members:
+   :show-inheritance:

docs/ahriman.web.views.v1.rst

@@ -7,6 +7,7 @@ Subpackages
 .. toctree::
    :maxdepth: 4
 
+   ahriman.web.views.v1.distributed
    ahriman.web.views.v1.service
    ahriman.web.views.v1.status
    ahriman.web.views.v1.user

docs/ahriman.web.views.v1.status.rst

@@ -4,6 +4,22 @@ ahriman.web.views.v1.status package
 Submodules
 ----------
 
+ahriman.web.views.v1.status.changes module
+------------------------------------------
+
+.. automodule:: ahriman.web.views.v1.status.changes
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.web.views.v1.status.info module
+---------------------------------------
+
+.. automodule:: ahriman.web.views.v1.status.info
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.web.views.v1.status.logs module
 ---------------------------------------
 

docs/architecture.rst

@@ -6,7 +6,7 @@ Package structure
 
 Packages have strict rules of importing:
 
-* ``ahriman.application`` package must not be used anywhere except for itself.
+* ``ahriman.application`` package must not be used outside of this package.
 * ``ahriman.core`` and ``ahriman.models`` packages don't have any import restriction. Actually we would like to totally restrict importing of ``core`` package from ``models``, but it is impossible at the moment.
 * ``ahriman.web`` package is allowed to be imported from ``ahriman.application`` (web handler only, only ``ahriman.web.web`` methods). It also must not be imported globally, only local import is allowed. 
 
@@ -19,10 +19,12 @@ Full dependency diagram:
 ``ahriman.application`` package
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-This package contains application (aka executable) related classes and everything for it. It also contains package called ``ahriman.application.handlers`` in which all available subcommands are described as separated classes derived from base ``ahriman.application.handlers.Handler`` class.
+This package contains application (aka executable) related classes and everything for it. It also contains package called ``ahriman.application.handlers`` in which all available subcommands are described as separated classes derived from the base ``ahriman.application.handlers.Handler`` class.
 
 ``ahriman.application.application.Application`` (god class) is used for any interaction from parsers with repository. It is divided into multiple traits by functions (package related and repository related) in the same package.
 
+``ahriman.application.application.workers`` package contains specific wrappers for local and remote build processes.
+
 ``ahriman.application.ahriman`` contains only command line parses and executes specified ``Handler`` on success, ``ahriman.application.lock.Lock`` is additional class which provides file-based lock and also performs some common checks.
 
 ``ahriman.core`` package
@@ -31,14 +33,15 @@ This package contains application (aka executable) related classes and everythin
 This package contains everything required for the most of application actions and it is separated into several packages:
 
 * ``ahriman.core.alpm`` package controls pacman related functions. It provides wrappers for ``pyalpm`` library and safe calls for repository tools (``repo-add`` and ``repo-remove``). Also this package contains ``ahriman.core.alpm.remote`` package which provides wrapper for remote sources (e.g. AUR RPC and official repositories RPC).
-* ``ahriman.core.auth`` package provides classes for authorization methods used by web mostly. Base class is ``ahriman.core.auth.Auth`` which must be called by ``load`` method.
+* ``ahriman.core.auth`` package provides classes for authorization methods used by web mostly. Base class is ``ahriman.core.auth.Auth`` which must be instantiated by ``load`` method.
 * ``ahriman.core.build_tools`` is a package which provides wrapper for ``devtools`` commands.
 * ``ahriman.core.configuration`` contains extension for standard ``configparser`` library and some validation related classes.
-* ``ahriman.core.database`` is everything including data and schema migrations for database.
+* ``ahriman.core.database`` is everything for database, including data and schema migrations.
+* ``ahriman.core.distributed`` package with triggers and helpers for distributed build system.
 * ``ahriman.core.formatters`` package provides ``Printer`` sub-classes for printing data (e.g. package properties) to stdout which are used by some handlers.
 * ``ahriman.core.gitremote`` is a package with remote PKGBUILD triggers. Should not be called directly.
-* ``ahriman.core.http`` package provides HTTP clients which can be later used by other classes.
-* ``ahriman.core.log`` is a log utils package. It includes logger loader class, custom HTTP based logger and access logger for HTTP services with additional filters.
+* ``ahriman.core.http`` package provides HTTP clients which can be used later by other classes.
+* ``ahriman.core.log`` is a log utils package. It includes logger loader class, custom HTTP based logger and some wrappers.
 * ``ahriman.core.report`` is a package with reporting triggers. Should not be called directly.
 * ``ahriman.core.repository`` contains several traits and base repository (``ahriman.core.repository.Repository`` class) implementation.
 * ``ahriman.core.sign`` package provides sign feature (only gpg calls are available).
@@ -94,7 +97,7 @@ All subcommands are divided into several groups depending on the role they are d
 * ``aur`` (``aur-search``) group is for AUR operations.
 * ``help`` (e.g. ``help``) are system commands.
 * ``package`` subcommands (e.g. ``package-add``) allow to perform single package actions.
-* ``patch`` subcommands (e.g. ``pacth-list``) are the special case of ``package`` subcommands introduced in order to control patches for packages.
+* ``patch`` subcommands (e.g. ``patch-list``) are the special case of ``package`` subcommands introduced in order to control patches for packages.
 * ``repo`` subcommands (e.g. ``repo-check``) usually perform actions on whole repository.
 * ``service`` subcommands (e.g. ``service-setup``) perform actions which are related to whole service managing: create repository, show configuration.
 * ``user`` subcommands (``user-add``) are intended for user management.
@@ -105,7 +108,7 @@ For historical reasons and in order to keep backward compatibility some subcomma
 Filesystem tree
 ---------------
 
-The application supports two types of trees, one is for the legacy configuration (when there were no repository name explicit configuration available) and another one is the new-style tree. This document describes only new-style tree in order to avoid deprecated structures.
+The application supports two types of trees, one is for the legacy configuration (when there were no explicit repository name configuration available) and another one is the new-style tree. This document describes only new-style tree in order to avoid deprecated structures.
 
 Having default root as ``/var/lib/ahriman`` (differs from container though), the directory structure is the following:
 
@@ -141,7 +144,7 @@ There are multiple subdirectories, some of them are commons for any repository,
 
 * ``cache`` is a directory with locally stored PKGBUILD's and VCS packages. It is common for all repositories and architectures.
 * ``chroot/{repository}`` is a chroot directory for ``devtools``. It is specific for each repository, but shared for different architectures inside (the ``devtools`` handles architectures automatically).
-* ``packages/{repository}/{architecture}`` is a directory with prebuilt packages. When package is built, first it will be uploaded to this directory and later will be handled by update process. It is architecture and repository specific.
+* ``packages/{repository}/{architecture}`` is a directory with prebuilt packages. When a package is built, first it will be uploaded to this directory and later will be handled by update process. It is architecture and repository specific.
 * ``pacman/{repository}/{architecture}`` is the repository and architecture specific caches for pacman's databases.
 * ``repository/{repository}/{architecture}`` is a repository packages directory.
 
@@ -155,16 +158,16 @@ The service uses SQLite database in order to store some internal info.
 Database instance
 ^^^^^^^^^^^^^^^^^
 
-All methods related to specific part of database (basically operations per table) are split into different traits located inside ``ahriman.core.database.operations`` package. The base trait ``ahriman.core.database.operations.Operations`` also provides generic methods for database access (e.g. row converters and transactional support).
+All methods related to the specific part of database (basically operations per table) are split into different traits located inside ``ahriman.core.database.operations`` package. The base trait ``ahriman.core.database.operations.Operations`` also provides generic methods for database access (e.g. row converters and transactional support).
 
 The ``ahriman.core.database.SQLite`` class itself derives from all of these traits and implements methods for initialization, including migrations.
 
 Schema and data migrations
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-The schema migration are applied according to current ``pragma user_info`` values, located at ``ahriman.core.database.migrations`` package and named as ``m000_migration_name.py`` (the preceding ``m`` is required in order to import migration content for tests). Additional class ``ahriman.core.database.migrations.Migrations`` reads all migrations automatically and applies them in alphabetical order.
+The schema migrations are applied according to current ``pragma user_info`` values, located at ``ahriman.core.database.migrations`` package and named as ``m000_migration_name.py`` (the preceding ``m`` is required in order to import migration content for tests). Additional class ``ahriman.core.database.migrations.Migrations`` reads all migrations automatically and applies them in alphabetical order.
 
-These migrations can also contain data migrations. Though the recommended way is to migrate data directly from SQL requests, sometimes it is required to have external data (like packages list) in order to set correct data. To do so, special method ``migrate_data`` is used.
+These migrations can also contain data migrations. Though the recommended way is to migrate data directly from SQL queries, sometimes it is required to have external data (like packages list) in order to set correct data. To do so, special method ``migrate_data`` is used.
 
 Type conversions
 ^^^^^^^^^^^^^^^^
@@ -180,15 +183,15 @@ By default package build operations are performed with ``PACKAGER`` which is spe
 
 * If packager is not set, it reads environment variables (e.g. ``SUDO_USER`` and ``USER``), otherwise it uses value from command line.
 * It checks users for the specified username and tries to extract packager variable from it.
-* If packager value has been found, it will be passed as ``PACKAGER`` system variable (sudo configuration required).
+* If packager value has been found, it will be passed as ``PACKAGER`` system variable (additional sudo configuration might be required).
 
 Add new packages or rebuild existing
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-Idea is to copy package to the directory from which it will be handled at the next update run. Different variants are supported:
+Idea is to add package to a build queue from which it will be handled automatically during the next update run. Different variants are supported:
 
-* If supplied argument is file then application moves the file to the directory with built packages. Same rule applies for directory, but in this case it copies every package-like file from the specified directory.
-* If supplied argument is directory and there is ``PKGBUILD`` file there it will be treated as local package. In this case it will queue this package to build and copy source files (``PKGBUILD`` and ``.SRCINFO``) to caches.
+* If supplied argument is file, then application moves the file to the directory with built packages. Same rule applies for directory, but in this case it copies every package-like file from the specified directory.
+* If supplied argument is directory and there is ``PKGBUILD`` file there, it will be treated as local package. In this case it will queue this package to build and copy source files (``PKGBUILD`` and ``.SRCINFO``) to caches.
 * If supplied argument is not file then application tries to lookup for the specified name in AUR and clones it into the directory with manual updates. This scenario can also handle package dependencies which are missing in repositories.
 
 This logic can be overwritten by specifying the ``source`` parameter, which is partially useful if you would like to add package from AUR, but there is local directory cloned from AUR. Also official repositories calls are hidden behind explicit source definition.
@@ -206,7 +209,7 @@ This flow removes package from filesystem, updates repository database and also
 Update packages
 ^^^^^^^^^^^^^^^
 
-This feature is divided into to stages: check AUR for updates and run rebuild for required packages. Whereas check does not do anything except for check itself, update flow is the following:
+This feature is divided into to the following stages: check AUR for updates and run rebuild for required packages. Whereas check does not do anything except for check itself, update flow is the following:
 
 #. Process every built package first. Those packages are usually added manually.
 #. Run sync and report methods.
@@ -222,13 +225,33 @@ This feature is divided into to stages: check AUR for updates and run rebuild fo
 
 After any step any package data is being removed.
 
+In case if there are configured workers, the build process itself will be delegated to the remote instances. Packages will be partitioned to the chunks according to the amount of configured workers.
+
+Distributed builds
+^^^^^^^^^^^^^^^^^^
+
+This feature consists of two parts:
+
+* Upload built packages to the node.
+* Delegate packages building to separated nodes.
+
+The upload process is performed via special API endpoint, which is disabled by default, and is performed in several steps:
+
+#. Upload package to temporary file.
+#. Copy content from temporary file to the built package directory with dot (``.``) prefix.
+#. Rename copied file, removing preceding dot.
+
+After success upload, the update process must be called as usual in order to copy built packages to the main repository tree.
+
+On the other side, the delegation uses upload feature, but in addition it also calls external services in order to trigger build process. The packages are separated to chunks based on the amount of the configured workers and their dependencies.
+
 pkgrel bump rules
 ^^^^^^^^^^^^^^^^^
 
 The application is able to automatically bump package release (``pkgrel``) during build process if there is duplicate version in repository. The version will be incremented as following:
 
 #. Get version of the remote package.
-#. Get version of the local package if any.
+#. Get version of the local package if available.
 #. If local version is not set, proceed with remote one.
 #. If local version is set and epoch or package version (``pkgver``) are different, proceed with remote version.
 #. If local version is set and remote version is newer than local one, proceed with remote.
@@ -247,7 +270,7 @@ Configuration
 Enumerations
 ^^^^^^^^^^^^
 
-All enumerations are derived from ``str`` and ``enum.Enum``. Integer enumerations in general are not allowed, because most of operations require conversions from string variable. Derivation from string class is required to make json conversions implicitly (e.g. during calling ``json.dumps`` methods).
+All enumerations are derived from ``enum.StrEnum``. Integer enumerations in general are not allowed, because most of operations require conversions from string variable. Derivation from string based enumeration is required to make json conversions implicitly (e.g. during calling ``json.dumps`` methods).
 
 In addition, some enumerations provide ``from_option`` class methods in order to allow some flexibility while reading configuration options.
 
@@ -319,9 +342,9 @@ There are several supported synchronization providers, currently they are ``rsyn
 
 ``rsync`` provider does not have any specific logic except for running external rsync application with configured arguments. The service does not handle SSH configuration, thus it has to be configured before running application manually.
 
-``s3`` provider uses ``boto3`` package and implements sync feature. The files are stored in architecture directory (e.g. if bucket is ``repository``, packages will be stored in ``repository/aur-clone/x86_64`` for the ``aur-clone`` repository ``x86_64`` architecture), bucket must be created before any action and API key must have permissions to write to the bucket. No external configuration required. In order to upload only changed files the service compares calculated hashes with the Amazon ETags, used realization is described `here <https://teppen.io/2018/10/23/aws_s3_verify_etags/>`_.
+``s3`` provider uses ``boto3`` package and implements sync feature. The files are stored in architecture specific directory (e.g. if bucket is ``repository``, packages will be stored in ``repository/aur-clone/x86_64`` for the ``aur-clone`` repository and ``x86_64`` architecture), bucket must be created before any action and API key must have permissions to write to the bucket. No external configuration required. In order to upload only changed files the service compares calculated hashes with the Amazon ETags, the implementation used is described `here <https://teppen.io/2018/10/23/aws_s3_verify_etags/>`__.
 
-``github`` provider authenticates through basic auth, API key with repository write permissions is required. There will be created a release with the name of the architecture in case if it does not exist; files will be uploaded to the release assets. It also stores array of files and their MD5 checksums in release body in order to upload only changed ones. According to the Github API in case if there is already uploaded asset with the same name (e.g. database files), asset will be removed first.
+``github`` provider authenticates through basic auth, API key with repository write permissions is required. There will be created a release with the name of the architecture in case if it does not exist; files will be uploaded to the release assets. It also stores array of files and their MD5 checksums in release body in order to upload only changed ones. According to the GitHub API in case if there is already uploaded asset with the same name (e.g. database files), asset will be removed first.
 
 Additional features
 ^^^^^^^^^^^^^^^^^^^
@@ -340,8 +363,7 @@ Web application
 Web application requires the following python packages to be installed:
 
 * Core part requires ``aiohttp`` (application itself), ``aiohttp_jinja2`` and ``Jinja2`` (HTML generation from templates).
-* Additional web features also require ``aiohttp-apispec`` (autogenerated documentation), ``aiohttp_cors`` (CORS support, required by documentation)
-* In addition, ``aiohttp_debugtoolbar`` is required for debug panel. Please note that this option does not work together with authorization and basically must not be used in production.
+* Additional web features also require ``aiohttp-apispec`` (autogenerated documentation), ``aiohttp_cors`` (CORS support, required by documentation).
 * In addition, authorization feature requires ``aiohttp_security``, ``aiohttp_session`` and ``cryptography``.
 * In addition to base authorization dependencies, OAuth2 also requires ``aioauth-client`` library.
 * In addition if you would like to disable authorization for local access (recommended way in order to run the application itself with reporting support), the ``requests-unixsocket`` library is required.
@@ -363,7 +385,7 @@ Web views
 
 All web views are defined in separated package and derived from ``ahriman.web.views.base.Base`` class which provides typed interfaces for web application. 
 
-REST API supports both form and JSON data, but the last one is recommended. 
+REST API supports only JSON data.
 
 Different APIs are separated into different packages:
 
@@ -377,12 +399,12 @@ The views are also divided by supporting API versions (e.g. ``v1``, ``v2``).
 Templating
 ^^^^^^^^^^
 
-Package provides base jinja templates which can be overridden by settings. Vanilla templates are actively using bootstrap library.
+Package provides base jinja templates which can be overridden by settings. Vanilla templates actively use bootstrap library.
 
 Requests and scopes
 ^^^^^^^^^^^^^^^^^^^
 
-Service provides optional authorization which can be turned on in settings. In order to control user access there are two levels of authorization - read-only (only GET-like requests) and write (anything) which are provided by each web view directly.
+Service provides optional authorization which can be turned on in settings. In order to control user access there are two levels of authorization - read-only (only GET-like requests) and write (anything), settings for which are provided by each web view directly.
 
 If this feature is configured any request will be prohibited without authentication. In addition, configuration flag ``auth.allow_read_only`` can be used in order to allow read-only operations - reading index page and packages - without authorization.
 
@@ -393,4 +415,4 @@ External calls
 
 Web application provides external calls to control main service. It spawns child process with specific arguments and waits for its termination. This feature must be used either with authorization or in safe (i.e. when status page is not available world-wide) environment.
 
-For most actions it also extracts user from authentication (if provided) and passes it to underlying process.
+For most actions it also extracts user from authentication (if provided) and passes it to the underlying process.

docs/configuration.rst

@@ -39,9 +39,9 @@ It will check current settings on common errors and compare configuration with k
 
 Base configuration settings.
 
-* ``apply_migrations`` - perform migrations on application start, boolean, optional, default ``yes``. Useful if you are using git version. Note, however, that this option must be changed only if you know what to do and going to handle migrations automatically.
-* ``database`` - path to SQLite database, string, required.
-* ``include`` - path to directory with configuration files overrides, string, optional.
+* ``apply_migrations`` - perform database migrations on the application start, boolean, optional, default ``yes``. Useful if you are using git version. Note, however, that this option must be changed only if you know what to do and going to handle migrations manually.
+* ``database`` - path to the application SQLite database, string, required.
+* ``include`` - path to directory with configuration files overrides, string, optional. Files will be read in alphabetical order.
 * ``logging`` - path to logging configuration, string, required. Check ``logging.ini`` for reference.
 
 ``alpm:*`` groups
@@ -50,10 +50,10 @@ Base configuration settings.
 libalpm and AUR related configuration. Group name can refer to architecture, e.g. ``alpm:x86_64`` can be used for x86_64 architecture specific settings.
 
 * ``database`` - path to pacman system database cache, string, required.
-* ``mirror`` - package database mirror used by pacman for syncronization, string, required. This option supports standard pacman substitutions with ``$arch`` and ``$repo``. Note that the mentioned mirror should contain all repositories which are set by ``alpm.repositories`` option.
-* ``repositories`` - list of pacman repositories, space separated list of strings, required.
-* ``root`` - root for alpm library, string, required.
-* ``use_ahriman_cache`` - use local pacman package cache instead of system one, boolean, required. With this option enabled you might want to refresh database periodically (available as additional flag for some subcommands).
+* ``mirror`` - package database mirror used by pacman for synchronization, string, required. This option supports standard pacman substitutions with ``$arch`` and ``$repo``. Note that the mentioned mirror should contain all repositories which are set by ``alpm.repositories`` option.
+* ``repositories`` - list of pacman repositories, used for package search, space separated list of strings, required.
+* ``root`` - root for alpm library, string, required. In the most cases it must point to the system root.
+* ``use_ahriman_cache`` - use local pacman package cache instead of system one, boolean, required. With this option enabled you might want to refresh database periodically (available as additional flag for some subcommands). If set to ``no``, databases must be synchronized manually.
 
 ``auth`` group
 --------------
@@ -64,14 +64,14 @@ Base authorization settings. ``OAuth`` provider requires ``aioauth-client`` libr
 * ``allow_read_only`` - allow requesting status APIs without authorization, boolean, required.
 * ``client_id`` - OAuth2 application client ID, string, required in case if ``oauth`` is used.
 * ``client_secret`` - OAuth2 application client secret key, string, required in case if ``oauth`` is used.
-* ``cookie_secret_key`` - secret key which will be used for cookies encryption, string, optional. It must be 32 url-safe base64-encoded bytes and can be generated as following ``base64.urlsafe_b64encode(os.urandom(32)).decode("utf8")``. If not set, it will be generated automatically; note, however, that in this case, all sessions will be automatically expired during restart.
-* ``max_age`` - parameter which controls both cookie expiration and token expiration inside the service, integer, optional, default is 7 days.
-* ``oauth_icon`` - OAuth2 login button icon, string, optional, default is ``google``. Must be valid `Bootstrap icon <https://icons.getbootstrap.com/>`_ name.
+* ``cookie_secret_key`` - secret key which will be used for cookies encryption, string, optional. It must be 32 bytes URL-safe base64-encoded and can be generated as following ``base64.urlsafe_b64encode(os.urandom(32)).decode("utf8")``. If not set, it will be generated automatically; note, however, that in this case, all sessions will be automatically invalidated during the service restart.
+* ``max_age`` - parameter which controls both cookie expiration and token expiration inside the service in seconds, integer, optional, default is 7 days.
+* ``oauth_icon`` - OAuth2 login button icon, string, optional, default is ``google``. Must be valid `Bootstrap icon <https://icons.getbootstrap.com/>`__ name.
 * ``oauth_provider`` - OAuth2 provider class name as is in ``aioauth-client`` (e.g. ``GoogleClient``, ``GithubClient`` etc), string, required in case if ``oauth`` is used.
 * ``oauth_scopes`` - scopes list for OAuth2 provider, which will allow retrieving user email (which is used for checking user permissions), e.g. ``https://www.googleapis.com/auth/userinfo.email`` for ``GoogleClient`` or ``user:email`` for ``GithubClient``, space separated list of strings, required in case if ``oauth`` is used.
 * ``salt`` - additional password hash salt, string, optional.
 
-Authorized users are stored inside internal database, if any of external provides are used the password field for non-service users must be empty. 
+Authorized users are stored inside internal database, if any of external providers (e.g. ``oauth``) are used, the password field for non-service users must be empty.
 
 ``build:*`` groups
 ------------------
@@ -83,9 +83,10 @@ Build related configuration. Group name can refer to architecture, e.g. ``build:
 * ``ignore_packages`` - list packages to ignore during a regular update (manual update will still work), space separated list of strings, optional.
 * ``makepkg_flags`` - additional flags passed to ``makepkg`` command, space separated list of strings, optional.
 * ``makechrootpkg_flags`` - additional flags passed to ``makechrootpkg`` command, space separated list of strings, optional.
-* ``triggers`` - list of ``ahriman.core.triggers.Trigger`` class implementation (e.g. ``ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger``) which will be loaded and run at the end of processing, space separated list of strings, optional. You can also specify triggers by their paths, e.g. ``/usr/lib/python3.10/site-packages/ahriman/core/report/report.py.ReportTrigger``. Triggers are run in the order of mention.
+* ``triggers`` - list of ``ahriman.core.triggers.Trigger`` class implementation (e.g. ``ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger``) which will be loaded and run at the end of processing, space separated list of strings, optional. You can also specify triggers by their paths, e.g. ``/usr/lib/python3.10/site-packages/ahriman/core/report/report.py.ReportTrigger``. Triggers are run in the order of definition.
 * ``triggers_known`` - optional list of ``ahriman.core.triggers.Trigger`` class implementations which are not run automatically and used only for trigger discovery and configuration validation.
-* ``vcs_allowed_age`` - maximal age in seconds of the VCS packages before their version will be updated with its remote source, integer, optional, default ``604800``.
+* ``vcs_allowed_age`` - maximal age in seconds of the VCS packages before their version will be updated with its remote source, integer, optional, default is 7 days.
+* ``workers`` - list of worker nodes addresses used for build process, space separated list of strings, optional. Each worker address must be valid and reachable URL, e.g. ``https://10.0.0.1:8080``. If none set, the build process will be run on the current node. There is also special trigger which loads this value based on the list of the discovered nodes.
 
 ``repository`` group
 --------------------
@@ -108,28 +109,26 @@ Settings for signing packages or repository. Group name can refer to architectur
 Reporting to web service related settings. In most cases there is fallback to web section settings.
 
 * ``enabled`` - enable reporting to web service, boolean, optional, default ``yes`` for backward compatibility.
-* ``address`` - remote web service address with protocol, string, optional. In case of websocket, the ``http+unix`` scheme and url encoded address (e.g. ``%2Fvar%2Flib%2Fahriman`` for ``/var/lib/ahriman``) must be used, e.g. ``http+unix://%2Fvar%2Flib%2Fahriman%2Fsocket``. In case if none set, it will be guessed from ``web`` section.
+* ``address`` - remote web service address with protocol, string, optional. In case of websocket, the ``http+unix`` scheme and URL encoded address (e.g. ``%2Fvar%2Flib%2Fahriman`` for ``/var/lib/ahriman``) must be used, e.g. ``http+unix://%2Fvar%2Flib%2Fahriman%2Fsocket``. In case if none set, it will be guessed from ``web`` section.
 * ``password`` - password to authorize in web service in order to update service status, string, required in case if authorization enabled.
-* ``suppress_http_log_errors`` - suppress http log errors, boolean, optional, default ``no``. If set to ``yes``, any http log errors (e.g. if web server is not available, but http logging is enabled) will be suppressed.
+* ``suppress_http_log_errors`` - suppress HTTP log errors, boolean, optional, default ``no``. If set to ``yes``, any HTTP log errors (e.g. if web server is not available, but HTTP logging is enabled) will be suppressed.
+* ``timeout`` - HTTP request timeout in seconds, integer, optional, default is ``30``.
 * ``username`` - username to authorize in web service in order to update service status, string, required in case if authorization enabled.
 
 ``web`` group
 -------------
 
-Web server settings. If any of ``host``/``port`` is not set, web integration will be disabled. This feature requires ``aiohttp`` libraries to be installed.
+Web server settings. This feature requires ``aiohttp`` libraries to be installed.
 
 * ``address`` - optional address in form ``proto://host:port`` (``port`` can be omitted in case of default ``proto`` ports), will be used instead of ``http://{host}:{port}`` in case if set, string, optional. This option is required in case if ``OAuth`` provider is used.
-* ``debug`` - enable debug toolbar, boolean, optional, default ``no``.
-* ``debug_check_host`` - check hosts to access debug toolbar, boolean, optional, default ``no``.
-* ``debug_allowed_hosts`` - allowed hosts to get access to debug toolbar, space separated list of string, optional.
 * ``enable_archive_upload`` - allow to upload packages via HTTP (i.e. call of ``/api/v1/service/upload`` uri), boolean, optional, default ``no``.
 * ``host`` - host to bind, string, optional.
-* ``index_url`` - full url of the repository index page, string, optional.
+* ``index_url`` - full URL of the repository index page, string, optional.
 * ``max_body_size`` - max body size in bytes to be validated for archive upload, integer, optional. If not set, validation will be disabled.
 * ``port`` - port to bind, integer, optional.
+* ``service_only`` - disable status routes (including logs), boolean, optional, default ``no``.
 * ``static_path`` - path to directory with static files, string, required.
 * ``templates`` - path to templates directories, space separated list of strings, required.
-* ``timeout`` - HTTP request timeout in seconds, integer, optional, default is ``30``.
 * ``unix_socket`` - path to the listening unix socket, string, optional. If set, server will create the socket on the specified address which can (and will) be used by application. Note, that unlike usual host/port configuration, unix socket allows to perform requests without authorization.
 * ``unix_socket_unsafe`` - set unsafe (o+w) permissions to unix socket, boolean, optional, default ``yes``. This option is enabled by default, because it is supposed that unix socket is created in safe environment (only web service is supposed to be used in unsafe), but it can be disabled by configuration.
 * ``wait_timeout`` - wait timeout in seconds, maximum amount of time to be waited before lock will be free, integer, optional.
@@ -146,10 +145,10 @@ Keyring generator plugin
 
 * ``type`` - type of the generator, string, optional, must be set to ``keyring-generator`` if exists.
 * ``description`` - keyring package description, string, optional, default is ``repo PGP keyring``, where ``repo`` is the repository name.
-* ``homepage`` - url to homepage location if any, string, optional.
+* ``homepage`` - URL to homepage location if any, string, optional.
 * ``license`` - list of licenses which are applied to this package, space separated list of strings, optional, default is ``Unlicense``.
 * ``package`` - keyring package name, string, optional, default is ``repo-keyring``, where ``repo`` is the repository name.
-* ``packagers`` - list of packagers keys, space separated list of strings, optional, if not set, the ``key_*`` options from ``sign`` group will be used.
+* ``packagers`` - list of packagers keys, space separated list of strings, optional, if not set, the user keys from database will be used.
 * ``revoked`` - list of revoked packagers keys, space separated list of strings, optional.
 * ``trusted`` - list of master keys, space separated list of strings, optional, if not set, the ``key`` option from ``sign`` group will be used.
 
@@ -165,7 +164,7 @@ Mirrorlist generator plugin
 
 * ``type`` - type of the generator, string, optional, must be set to ``mirrorlist-generator`` if exists.
 * ``description`` - mirrorlist package description, string, optional, default is ``repo mirror list for use by pacman``, where ``repo`` is the repository name.
-* ``homepage`` - url to homepage location if any, string, optional.
+* ``homepage`` - URL to homepage location if any, string, optional.
 * ``license`` - list of licenses which are applied to this package, space separated list of strings, optional, default is ``Unlicense``.
 * ``package`` - mirrorlist package name, string, optional, default is ``repo-mirrorlist``, where ``repo`` is the repository name.
 * ``path`` - absolute path to generated mirrorlist file, string, optional, default is ``/etc/pacman.d/repo-mirrorlist``, where ``repo`` is the repository name.
@@ -176,10 +175,10 @@ Mirrorlist generator plugin
 
 Remote git source synchronization settings. Unlike ``Upload`` triggers those triggers are used for PKGBUILD synchronization - fetch from remote repository PKGBUILDs before updating process.
 
-It supports authorization; to do so you'd need to prefix the url with authorization part, e.g. ``https://key:token@github.com/arcan1s/ahriman.git``. It is highly recommended to use application tokens instead of your user authorization details. Alternatively, you can use any other option supported by git, e.g.:
+It supports authorization; to do so you'd need to prefix the URL with authorization part, e.g. ``https://key:token@github.com/arcan1s/ahriman.git``. It is highly recommended to use application tokens instead of your user authorization details. Alternatively, you can use any other option supported by git, e.g.:
 
 * by SSH key: generate SSH key as ``ahriman`` user and put public part of it to the repository keys.
-* by git credentials helper: consult with the `related man page <https://git-scm.com/docs/gitcredentials>`_.
+* by git credentials helper: consult with the `related man page <https://git-scm.com/docs/gitcredentials>`__.
 
 Available options are:
 
@@ -188,7 +187,7 @@ Available options are:
 Remote pull trigger
 ^^^^^^^^^^^^^^^^^^^
 
-* ``pull_url`` - url of the remote repository from which PKGBUILDs can be pulled before build process, string, required.
+* ``pull_url`` - URL of the remote repository from which PKGBUILDs can be pulled before build process, string, required.
 * ``pull_branch`` - branch of the remote repository from which PKGBUILDs can be pulled before build process, string, optional, default is ``master``.
 
 ``remote-push`` group
@@ -196,10 +195,10 @@ Remote pull trigger
 
 Remote git source synchronization settings. Same as remote pull triggers those triggers are used for PKGBUILD synchronization - push updated PKGBUILDs to the remote repository after build process.
 
-It supports authorization; to do so you'd need to prefix the url with authorization part, e.g. ``https://key:token@github.com/arcan1s/ahriman.git``. It is highly recommended to use application tokens instead of your user authorization details. Alternatively, you can use any other option supported by git, e.g.:
+It supports authorization; to do so you'd need to prefix the URL with authorization part, e.g. ``https://key:token@github.com/arcan1s/ahriman.git``. It is highly recommended to use application tokens instead of your user authorization details. Alternatively, you can use any other option supported by git, e.g.:
 
 * by SSH key: generate SSH key as ``ahriman`` user and put public part of it to the repository keys.
-* by git credentials helper: consult with the `related man page <https://git-scm.com/docs/gitcredentials>`_.
+* by git credentials helper: consult with the `related man page <https://git-scm.com/docs/gitcredentials>`__.
 
 Available options are:
 
@@ -210,7 +209,7 @@ Remote push trigger
 
 * ``commit_email`` - git commit email, string, optional, default is ``ahriman@localhost``.
 * ``commit_user`` - git commit user, string, optional, default is ``ahriman``.
-* ``push_url`` - url of the remote repository to which PKGBUILDs should be pushed after build process, string, required.
+* ``push_url`` - URL of the remote repository to which PKGBUILDs should be pushed after build process, string, required.
 * ``push_branch`` - branch of the remote repository to which PKGBUILDs should be pushed after build process, string, optional, default is ``master``.
 
 ``report`` group
@@ -314,9 +313,9 @@ This feature requires GitHub key creation (see below). Section name must be eith
 * ``owner`` - GitHub repository owner, string, required.
 * ``password`` - created GitHub API key. In order to create it do the following:
 
-  #. Go to `settings page <https://github.com/settings/profile>`_.
-  #. Switch to `developers settings <https://github.com/settings/apps>`_.
-  #. Switch to `personal access tokens <https://github.com/settings/tokens>`_.
+  #. Go to `settings page <https://github.com/settings/profile>`__.
+  #. Switch to `developers settings <https://github.com/settings/apps>`__.
+  #. Switch to `personal access tokens <https://github.com/settings/tokens>`__.
   #. Generate new token. Required scope is ``public_repo`` (or ``repo`` for private repository support).
 
 * ``repository`` - GitHub repository name, string, required. Repository must be created before any action and must have active branch (e.g. with readme).
@@ -352,4 +351,13 @@ Requires ``boto3`` library to be installed. Section name must be either ``s3`` (
 * ``chunk_size`` - chunk size for calculating entity tags, integer, optional, default 8 * 1024 * 1024.
 * ``object_path`` - path prefix for stored objects, string, optional. If none set, the prefix as in repository tree will be used.
 * ``region`` - bucket region (e.g. ``eu-central-1``), string, required.
-* ``secret_key`` - AWS secret access key, string, required.
+* ``secret_key`` - AWS secret access key, string, required.
+
+``worker`` group
+----------------
+
+This section controls settings for ``ahriman.core.distributed.WorkerTrigger`` plugin.
+
+* ``address`` - address of the instance, string, required. Must be reachable for the master instance.
+* ``identifier`` - unique identifier of the instance, string, optional.
+* ``time_to_live`` - amount of time which remote worker will be considered alive in seconds, integer, optional, default is ``60``. The ping interval will be set automatically equal this value divided by 4.

docs/faq.rst

@@ -25,6 +25,15 @@ Long answer
 
 The idea is to install the package as usual, create working directory tree, create configuration for ``sudo`` and ``devtools``. Detailed description of the setup instruction can be found :doc:`here <setup>`.
 
+Run as daemon
+"""""""""""""
+
+The alternative way (though not recommended) is to run service instead of timer:
+
+.. code-block:: shell
+
+   systemctl enable --now ahriman-daemon@x86_64-aur-clone
+
 How to validate settings
 ^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -34,7 +43,7 @@ There is special command which can be used in order to validate current configur
 
    ahriman service-config-validate --exit-code
 
-This command will print found errors, based on `cerberus <https://docs.python-cerberus.org/>`_, e.g.:
+This command will print found errors, based on `cerberus <https://docs.python-cerberus.org/>`__, e.g.:
 
 .. code-block:: shell
 
@@ -76,7 +85,7 @@ the ``extra-i686-build`` command will be used for ``i686`` architecture. You can
 How to generate build reports
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-Normally you probably like to generate only one report for the specific type, e.g. only one email report. In order to do it you will need to have the following configuration:
+Normally you would probably like to generate only one report for the specific type, e.g. only one email report. In order to do so you will need to have the following configuration:
 
 .. code-block:: ini
 
@@ -114,8 +123,8 @@ But for some cases you would like to have multiple different reports with the sa
    type = email
    ...
 
-How do I add new package
-^^^^^^^^^^^^^^^^^^^^^^^^
+How to add new package
+^^^^^^^^^^^^^^^^^^^^^^
 
 .. code-block:: shell
 
@@ -139,6 +148,18 @@ TL;DR
 
 Before using this command you will need to create local directory, put ``PKGBUILD`` there and generate ``.SRCINFO`` by using ``makepkg --printsrcinfo > .SRCINFO`` command. These packages will be stored locally and *will be ignored* during automatic update; in order to update the package you will need to run ``package-add`` command again.
 
+How to copy package from another repository
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+As simple as add package from archive. Considering case when you would like to copy package ``package`` with version ``ver-rel`` from repository ``source-repository`` to ``target-respository`` (same architecture), the command will be following:
+
+.. code-block:: shell
+
+   sudo -u ahriman ahriman -r target-repository package-add /var/lib/ahriman/repository/source-repository/x86_64/package-ver-rel-x86_64.pkg.tar.zst
+
+In addition, you can remove source package as usual later.
+
+This feature in particular useful if for managing multiple repositories like ``[testing]`` and ``[extra]``.
 
 How to fetch PKGBUILDs from remote repository
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -153,7 +174,9 @@ For that purpose you could use ``RemotePullTrigger`` trigger. To do so you will
    [gitremote]
    pull_url = https://github.com/username/repository
 
-During the next application run it will fetch repository from the specified url and will try to find packages there which can be used as local sources.
+During the next application run it will fetch repository from the specified URL and will try to find packages there which can be used as local sources.
+
+This feature can be also used to build packages which are not listed in AUR, the example of the feature use can be found `here <https://github.com/arcan1s/ahriman/tree/master/recipes/pull>`__.
 
 How to push updated PKGBUILDs to remote repository
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -168,7 +191,7 @@ For that purpose you'd need to use another trigger called ``RemotePushTrigger``.
    [gitremote]
    push_url = https://github.com/username/repository
 
-Unlike ``RemotePullTrigger`` trigger, the ``RemotePushTrigger`` more likely will require authorization. It is highly recommended to use application tokens for that instead of using your password (e.g. for Github you can generate tokens `here <https://github.com/settings/tokens>`_ with scope ``public_repo``). Authorization can be supplied by using authorization part of the url, e.g. ``https://key:token@github.com/username/repository``.
+Unlike ``RemotePullTrigger`` trigger, the ``RemotePushTrigger`` more likely will require authorization. It is highly recommended to use application tokens for that instead of using your password (e.g. for GitHub you can generate tokens `here <https://github.com/settings/tokens>`__ with scope ``public_repo``). Authorization can be supplied by using authorization part of the URL, e.g. ``https://key:token@github.com/username/repository``.
 
 How to change PKGBUILDs before build
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -189,8 +212,10 @@ Alternatively you can create full-diff patches, which are calculated by using ``
 
 #.
    Clone sources from AUR.
+
 #.
    Make changes you would like to (e.g. edit ``PKGBUILD``, add external patches).
+
 #.
    Run command
 
@@ -211,11 +236,11 @@ The ``--variable`` argument accepts variables in shell like format: quotation an
 How to build package from official repository
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-So it is the same as adding any other package, but due to restrictions you must specify source explicitly, e.g.:
+It is the same as adding any other package, but due to restrictions you must specify source explicitly, e.g.:
 
 .. code-block:: shell
 
-   sudo -u ahriman ahriman package-add pacman -s repository
+   sudo -u ahriman ahriman package-add pacman --source repository
 
 This feature is heavily depends on local pacman cache. In order to use this feature it is recommended to either run ``pacman -Sy`` before the interaction or use internal application cache with ``--refresh`` flag.
 
@@ -237,6 +262,27 @@ Normally the service handles VCS packages correctly, however it requires additio
 
    pacman -S breezy darcs mercurial subversion
 
+How to review changes before build
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In this scenario, the update process must be separated into several stages. First, it is required to check updates:
+
+.. code-block:: shell
+
+   sudo -u ahriman ahriman repo-check
+
+During the check process, the service will generate changes from the last known commit and will send it to remote service. In order to verify source files changes, the web interface or special subcommand can be used:
+
+.. code-block:: shell
+
+   ahriman package-changes ahriman
+
+After validation, the operator can run update process with approved list of packages, e.g.:
+
+.. code-block:: shell
+
+   sudo -u ahriman ahriman repo-update ahriman
+
 How to remove package
 ^^^^^^^^^^^^^^^^^^^^^
 
@@ -251,7 +297,7 @@ Remove commands also remove any package files (patches, caches etc).
 How to sign repository
 ^^^^^^^^^^^^^^^^^^^^^^
 
-Repository sign feature is available in several configurations. The recommended way is just to sign repository database file by single key instead of trying to sign each package. However, the steps are pretty same, just configuration is a bit differ. For more details about options kindly refer to :doc:`configuration reference <configuration>`.
+Repository sign feature is available in several configurations. The recommended way is just to sign repository database file by single key instead of trying to sign each package. However, the steps are pretty same, just configuration is a bit different. For more details about options kindly refer to :doc:`configuration reference <configuration>`.
 
 #.
    First you would need to create the key on your local machine:
@@ -263,10 +309,10 @@ Repository sign feature is available in several configurations. The recommended
    This command will prompt you for several questions. Most of them may be left default, but you will need to fill real name and email address with some data. Because at the moment the service doesn't support passphrases, it must be left blank.
 
 #.
-   The command above will generate key and print its hash, something like ``8BE91E5A773FB48AC05CC1EDBED105AED6246B39``. Copy it.
+   The command above will generate key and print its fingerprint, something like ``8BE91E5A773FB48AC05CC1EDBED105AED6246B39``. Copy it.
 
 #.
-   Export your private key by using the hash above:
+   Export your private key by using the fingerprint above:
 
    .. code-block:: shell
 
@@ -364,13 +410,15 @@ Example of the status page configuration is the following (status service is usi
        }
    }
 
+Some more examples can be found in configuration `recipes <https://github.com/arcan1s/ahriman/tree/master/recipes>`__.
+
 Docker image
 ------------
 
 We provide official images which can be found under:
 
 * docker registry ``arcan1s/ahriman``;
-* ghcr.io registry ``ghcr.io/arcan1s/ahriman``;
+* ghcr.io registry ``ghcr.io/arcan1s/ahriman``.
 
 These images are totally identical.
 
@@ -394,7 +442,7 @@ The action can be specified during run, e.g.:
 
    docker run --privileged -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest package-add ahriman --now
 
-For more details please refer to docker FAQ.
+For more details please refer to the docker FAQ.
 
 Environment variables
 ^^^^^^^^^^^^^^^^^^^^^
@@ -413,11 +461,11 @@ The following environment variables are supported:
 * ``AHRIMAN_POSTSETUP_COMMAND`` - if set, the command which will be called (as root) after the setup command, but before any other actions.
 * ``AHRIMAN_PRESETUP_COMMAND`` - if set, the command which will be called (as root) right before the setup command.
 * ``AHRIMAN_REPOSITORY`` - repository name, default is ``aur-clone``.
-* ``AHRIMAN_REPOSITORY_SERVER`` - optional override for the repository url. Useful if you would like to download packages from remote instead of local filesystem.
+* ``AHRIMAN_REPOSITORY_SERVER`` - optional override for the repository URL. Useful if you would like to download packages from remote instead of local filesystem.
 * ``AHRIMAN_REPOSITORY_ROOT`` - repository root. Because of filesystem rights it is required to override default repository root. By default, it uses ``ahriman`` directory inside ahriman's home, which can be passed as mount volume.
 * ``AHRIMAN_UNIX_SOCKET`` - full path to unix socket which is used by web server, default is empty. Note that more likely you would like to put it inside ``AHRIMAN_REPOSITORY_ROOT`` directory (e.g. ``/var/lib/ahriman/ahriman/ahriman-web.sock``) or to ``/tmp``.
 * ``AHRIMAN_USER`` - ahriman user, usually must not be overwritten, default is ``ahriman``.
-* ``AHRIMAN_VALIDATE_CONFIGURATION`` - if set validate service configuration
+* ``AHRIMAN_VALIDATE_CONFIGURATION`` - if set (default) validate service configuration.
 
 You can pass any of these variables by using ``-e`` argument, e.g.:
 
@@ -434,7 +482,7 @@ There is special ``repo-daemon`` subcommand which emulates systemd timer and wil
 
    docker run --privileged -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest repo-daemon
 
-This command uses same rules as ``repo-update``, thus, e.g. requires ``--privileged`` flag.
+This command uses same rules as ``repo-update``, thus, e.g. requires ``--privileged`` flag. Check also `examples <https://github.com/arcan1s/ahriman/tree/master/recipes/daemon>`__.
 
 Web service setup
 ^^^^^^^^^^^^^^^^^
@@ -461,6 +509,8 @@ Otherwise, you would need to pass ``AHRIMAN_PORT`` and mount container network t
 
    docker run --privileged --net=host -e AHRIMAN_PORT=8080 -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest
 
+Simple server with authentication can be found in `examples <https://github.com/arcan1s/ahriman/tree/master/recipes/web>`__ too.
+
 Mutli-repository web service
 """"""""""""""""""""""""""""
 
@@ -476,22 +526,26 @@ The command above will also create configuration for the repository named ``aur-
 
 Note, however, that the command above is only required in case if the service is going to be used to run subprocesses. Otherwise, everything else (web interface, status, etc) will be handled as usual.
 
+Configuration `example <https://github.com/arcan1s/ahriman/tree/master/recipes/multirepo>`__.
+
 Non-x86_64 architecture setup
 -----------------------------
 
 The following section describes how to setup ahriman with architecture different from x86_64, as example i686. For most cases you have base repository available, e.g. archlinux32 repositories for i686 architecture; in case if base repository is not available, steps are a bit different, however, idea remains the same.
 
+The example of setup with docker compose can be found `here <https://github.com/arcan1s/ahriman/tree/master/recipes/i686>`__.
+
 Physical server setup
 ^^^^^^^^^^^^^^^^^^^^^
 
-In this example we are going to use files and packages which are provided by official repositories of the used architecture. Note, that versions might be different, thus you need to find correct versions on the distribution web site, e.g. `archlinux32 packages <https://www.archlinux32.org/packages/>`_.
+In this example we are going to use files and packages which are provided by official repositories of the used architecture. Note, that versions might be different, thus you need to find correct versions on the distribution web site, e.g. `archlinux32 packages <https://www.archlinux32.org/packages/>`__.
 
 #.
    First, considering having base Arch Linux system, we need to install keyring for the specified repositories, e.g.:
 
    .. code-block:: shell
 
-      wget http://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
+      wget https://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
       pacman -U archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
 
 #.
@@ -499,7 +553,7 @@ In this example we are going to use files and packages which are provided by off
 
    .. code-block:: shell
 
-      wget http://pool.mirror.archlinux32.org/i686/extra/devtools-20221208-1.2-any.pkg.tar.zst
+      wget https://pool.mirror.archlinux32.org/i686/extra/devtools-20221208-1.2-any.pkg.tar.zst
       pacman -U devtools-20221208-1.2-any.pkg.tar.zst
 
    Alternatively, you can create your own ``makepkg`` configuration and save it as ``/usr/share/devtools/makepkg.conf.d/i686.conf``.
@@ -509,7 +563,7 @@ In this example we are going to use files and packages which are provided by off
 
    .. code-block:: shell
 
-      ahriman -a i686 service-setup --mirror 'http://de.mirror.archlinux32.org/$arch/$repo'--no-multilib ...
+      ahriman -a i686 service-setup --mirror 'https://de.mirror.archlinux32.org/$arch/$repo'--no-multilib ...
 
    In addition to usual options, you need to specify the following options:
 
@@ -544,8 +598,8 @@ There are two possible ways to achieve same setup, by using docker container. Th
    .. code-block:: dockerfile
 
       RUN pacman --noconfirm -Sy wget
-      RUN wget http://pool.mirror.archlinux32.org/i686/extra/devtools-20221208-1.2-any.pkg.tar.zst && pacman --noconfirm -U devtools-20221208-1.2-any.pkg.tar.zst
-      RUN wget http://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-20230705-1.0-any.pkg.tar.zst && pacman --noconfirm -U archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
+      RUN wget https://pool.mirror.archlinux32.org/i686/extra/devtools-20221208-1.2-any.pkg.tar.zst && pacman --noconfirm -U devtools-20221208-1.2-any.pkg.tar.zst
+      RUN wget https://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-20230705-1.0-any.pkg.tar.zst && pacman --noconfirm -U archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
 
 #.
    At that point you should have full ``Dockerfile`` like:
@@ -557,8 +611,8 @@ There are two possible ways to achieve same setup, by using docker container. Th
       RUN pacman-key --init
 
       RUN pacman --noconfirm -Sy wget
-      RUN wget http://pool.mirror.archlinux32.org/i686/extra/devtools-20221208-1.2-any.pkg.tar.zst && pacman --noconfirm -U devtools-20221208-1.2-any.pkg.tar.zst
-      RUN wget http://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-20230705-1.0-any.pkg.tar.zst && pacman --noconfirm -U archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
+      RUN wget https://pool.mirror.archlinux32.org/i686/extra/devtools-20221208-1.2-any.pkg.tar.zst && pacman --noconfirm -U devtools-20221208-1.2-any.pkg.tar.zst
+      RUN wget https://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-20230705-1.0-any.pkg.tar.zst && pacman --noconfirm -U archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
 
 #.
    After that you can build you own container, e.g.:
@@ -572,7 +626,7 @@ There are two possible ways to achieve same setup, by using docker container. Th
 
    .. code-block:: shell
 
-      docker run --privileged -p 8080:8080 -e AHRIMAN_ARCHITECTURE=i686 -e AHRIMAN_PACMAN_MIRROR='http://de.mirror.archlinux32.org/$arch/$repo' -e AHRIMAN_MULTILIB= ahriman-i686:latest
+      docker run --privileged -p 8080:8080 -e AHRIMAN_ARCHITECTURE=i686 -e AHRIMAN_PACMAN_MIRROR='https://de.mirror.archlinux32.org/$arch/$repo' -e AHRIMAN_MULTILIB= ahriman-i686:latest
 
 Remote synchronization
 ----------------------
@@ -589,8 +643,8 @@ There are several choices:
 
        server {
            location / {
-               root /var/lib/ahriman/repository/;
                autoindex on;
+               root /var/lib/ahriman/repository/;
            }
        }
 
@@ -605,7 +659,7 @@ There are several choices:
        [rsync]
        remote = 192.168.0.1:/srv/repo
 
-   After that just add ``/srv/repo`` to the ``pacman.conf`` as usual. You can also upload to S3 (``Server = https://s3.eu-central-1.amazonaws.com/repository/aur-clone/x86_64``) or to Github (``Server = https://github.com/ahriman/repository/releases/download/aur-clone-x86_64``).
+   After that just add ``/srv/repo`` to the ``pacman.conf`` as usual. You can also upload to S3 (``Server = https://s3.eu-central-1.amazonaws.com/repository/aur-clone/x86_64``) or to GitHub (``Server = https://github.com/ahriman/repository/releases/download/aur-clone-x86_64``).
 
 How to sync to S3
 ^^^^^^^^^^^^^^^^^
@@ -618,10 +672,10 @@ How to sync to S3
       pacman -S python-boto3
 
 #. 
-   Create a bucket.
+   Create a bucket (e.g. ``repository``).
 
 #. 
-   Create user with write access to the bucket:
+   Create an user with write access to the bucket:
 
    .. code-block::
 
@@ -673,7 +727,7 @@ In order to configure S3 on custom domain with SSL (and some other features, lik
 
 #. Configure S3 as described above.
 #. In bucket properties, enable static website hosting with hosting type "Host a static website".
-#. Go to AWS Certificate Manager and create public ceritificate on your domain. Validate domain as suggested.
+#. Go to AWS Certificate Manager and create public certificate on your domain. Validate domain as suggested.
 #. Go to CloudFront and create distribution. The following settings are required:
 
    * Origin domain choose S3 bucket.
@@ -683,14 +737,16 @@ In order to configure S3 on custom domain with SSL (and some other features, lik
 
 #. Point DNS record to CloudFront address.
 
-How to sync to Github releases
+How to sync to GitHub releases
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 #. 
    Create a repository.
-#. 
-   `Create API key <https://github.com/settings/tokens>`_ with scope ``public_repo``.
-#. 
+
+#.
+   `Create API key <https://github.com/settings/tokens>`__ with scope ``public_repo``.
+
+#.
    Configure the service as following:
 
    .. code-block:: ini
@@ -769,7 +825,7 @@ How to post build report to telegram
       yay -S --asdeps python-jinja
 
 #. 
-   Register bot in telegram. You can do it by talking with `@BotFather <https://t.me/botfather>`_. For more details please refer to `official documentation <https://core.telegram.org/bots>`_.
+   Register bot in telegram. You can do it by starting chat with `@BotFather <https://t.me/botfather>`__. For more details please refer to `official documentation <https://core.telegram.org/bots>`__.
 
 #. 
    Optionally (if you want to post message in chat):
@@ -779,7 +835,7 @@ How to post build report to telegram
    #. Make your channel public
 
 #. 
-   Get chat id if you want to use by numerical id or just use id prefixed with ``@`` (e.g. ``@ahriman``). If you are not using chat the chat id is your user id. If you don't want to make channel public you can use `this guide <https://stackoverflow.com/a/33862907>`_.
+   Get chat id if you want to use by numerical id or just use id prefixed with ``@`` (e.g. ``@ahriman``). If you are not using chat the chat id is your user id. If you don't want to make channel public you can use `this guide <https://stackoverflow.com/a/33862907>`__.
 
 #. 
    Configure the service:
@@ -794,15 +850,15 @@ How to post build report to telegram
       chat_id = @ahriman
       link_path = http://example.com/aur-clone/x86_64
 
-   ``api_key`` is the one sent by `@BotFather <https://t.me/botfather>`_, ``chat_id`` is the value retrieved from previous step.
+   ``api_key`` is the one sent by `@BotFather <https://t.me/botfather>`__, ``chat_id`` is the value retrieved from previous step.
 
 If you did everything fine you should receive the message with the next update. Quick credentials check can be done by using the following command:
 
 .. code-block:: shell
 
-   curl 'https://api.telegram.org/bot${CHAT_ID}/sendMessage?chat_id=${API_KEY}&text=hello'
+   curl 'https://api.telegram.org/bot{api_key}/sendMessage?chat_id={chat_id}&text=hello'
 
-(replace ``${CHAT_ID}`` and ``${API_KEY}`` with the values from configuration).
+(replace ``{chat_id}`` and ``{api_key}`` with the values from configuration).
 
 Distributed builds
 ------------------
@@ -854,6 +910,8 @@ Worker nodes configuration
    * Worker #1: ``A``.
    * Worker #2: ``B`` and ``C``.
 
+   Hint: ``repo-tree`` subcommand provides ``--partitions`` argument.
+
 #.
    Each worker must be configured to upload files to master node:
 
@@ -925,7 +983,7 @@ You can sign packages on worker nodes and then signatures will be synced to mast
 
 Note, however, that in this case, signatures will not be validated on master node and just will be copied to repository tree.
 
-If you would like to sign only database files (aka repository sign), it has to be configured on master node only as usual, e.g.:
+If you would like to sign only database files (aka repository sign), it has to be configured only on master node as usual, e.g.:
 
 .. code-block:: ini
 
@@ -941,7 +999,7 @@ Master node config (``master.ini``) as:
 .. code-block:: ini
 
    [auth]
-   target = mapping
+   target = configuration
 
    [web]
    enable_archive_upload = yes
@@ -978,7 +1036,7 @@ The user ``worker-user`` has been created additionally. Worker node config (``wo
    [build]
    triggers = ahriman.core.gitremote.RemotePullTrigger ahriman.core.upload.UploadTrigger ahriman.core.report.ReportTrigger ahriman.core.gitremote.RemotePushTrigger
 
-The address above (``http://172.17.0.1:8080``) is something available for worker container.
+The address above (``http://172.17.0.1:8080``) is somewhat available for worker container.
 
 Command to run worker node:
 
@@ -988,6 +1046,8 @@ Command to run worker node:
 
 The command above will successfully build ``ahriman`` package, upload it on master node and, finally, will update master node repository.
 
+Check proof-of-concept setup `here <https://github.com/arcan1s/ahriman/tree/master/recipes/distributed-manual>`__.
+
 Addition of new package and repository update
 """""""""""""""""""""""""""""""""""""""""""""
 
@@ -1001,6 +1061,126 @@ This action must be done in two steps:
 #. Remove package on worker.
 #. Remove package on master node.
 
+Delegate builds to remote workers
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This setup heavily uses upload feature described above and, in addition, also delegates build process automatically to build machines. Same as above, there must be at least two instances available (``master`` and ``worker``), however, all ``worker`` nodes must be run in the web service mode.
+
+Master node configuration
+"""""""""""""""""""""""""
+
+In addition to the configuration above, the worker list must be defined in configuration file (``build.workers`` option), i.e.:
+
+.. code-block:: ini
+
+   [build]
+   workers = https://worker1.example.com https://worker2.example.com
+
+   [web]
+   enable_archive_upload = yes
+   wait_timeout = 0
+
+In the example above, ``https://worker1.example.com`` and ``https://worker2.example.com`` are remote ``worker`` node addresses available for ``master`` node.
+
+In case if authentication is required (which is recommended way to setup it), it can be set by using ``status`` section as usual.
+
+Worker nodes configuration
+""""""""""""""""""""""""""
+
+It is required to point to the master node repository, otherwise internal dependencies will not be handled correctly. In order to do so, the ``--server`` argument (or ``AHRIMAN_REPOSITORY_SERVER`` environment variable for docker images) can be used.
+
+Also, in case if authentication is enabled, the same user with the same password must be created for all workers.
+
+It is also recommended to set ``web.wait_timeout`` to infinite in case of multiple conflicting runs and ``service_only`` to ``yes`` in order to disable status endpoints.
+
+Other settings are the same as mentioned above.
+
+Triple node minimal docker example
+""""""""""""""""""""""""""""""""""
+
+In this example, all instances are run on the same machine with address ``172.17.0.1`` with ports available outside of container. Master node config (``master.ini``) as:
+
+.. code-block:: ini
+
+   [auth]
+   target = configuration
+
+   [status]
+   username = builder-user
+   password = very-secure-password
+
+   [build]
+   workers = http://172.17.0.1:8081 http://172.17.0.1:8082
+
+   [web]
+   enable_archive_upload = yes
+   wait_timeout = 0
+
+Command to run master node:
+
+.. code-block:: shell
+
+   docker run --privileged -p 8080:8080 -e AHRIMAN_PORT=8080 -v master.ini:/etc/ahriman.ini.d/overrides.ini arcan1s/ahriman:latest web
+
+Worker nodes (applicable for all workers) config (``worker.ini``) as:
+
+.. code-block:: ini
+
+   [auth]
+   target = configuration
+
+   [status]
+   address = http://172.17.0.1:8080
+   username = builder-user
+   password = very-secure-password
+
+   [upload]
+   target = remote-service
+
+   [remote-service]
+
+   [report]
+   target = remote-call
+
+   [remote-call]
+   manual = yes
+   wait_timeout = 0
+
+   [web]
+   service_only = yes
+
+   [build]
+   triggers = ahriman.core.upload.UploadTrigger ahriman.core.report.ReportTrigger
+
+Command to run worker nodes (considering there will be two workers, one is on ``8081`` port and other is on ``8082``):
+
+.. code-block:: ini
+
+   docker run --privileged -p 8081:8081 -e AHRIMAN_PORT=8081 -v worker.ini:/etc/ahriman.ini.d/overrides.ini arcan1s/ahriman:latest web
+   docker run --privileged -p 8082:8082 -e AHRIMAN_PORT=8082 -v worker.ini:/etc/ahriman.ini.d/overrides.ini arcan1s/ahriman:latest web
+
+Unlike the previous setup, it doesn't require to mount repository root for ``worker`` nodes, because they don't use it anyway.
+
+Check proof-of-concept setup `here <https://github.com/arcan1s/ahriman/tree/master/recipes/distributed>`__.
+
+Addition of new package, package removal, repository update
+"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+
+In all scenarios, update process must be run only on ``master`` node. Unlike the manually distributed packages described above, automatic update must be enabled only for ``master`` node.
+
+Automatic worker nodes discovery
+""""""""""""""""""""""""""""""""
+
+Instead of setting ``build.workers`` option it is also possible to configure services to load worker list dynamically. To do so, the ``ahriman.core.distributed.WorkerLoaderTrigger`` and ``ahriman.core.distributed.WorkerTrigger`` must be used for ``master`` and ``worker`` nodes repsectively. See recipes for more details.
+
+Known limitations
+"""""""""""""""""
+
+* Workers don't support local packages. However, it is possible to build custom packages by providing sources by using ``ahriman.core.gitremote.RemotePullTrigger`` trigger.
+* No dynamic nodes discovery. In case if one of worker nodes is unavailable, the build process will fail.
+* No pkgrel bump on conflicts.
+* The identical user must be created for all workers. However, the ``master`` node user can be different from this one.
+
 Maintenance packages
 --------------------
 
@@ -1037,7 +1217,7 @@ The application provides special plugin which generates keyring package. This pl
 
    where ``aur-clone`` is your repository name.
 
-This plugin might have some issues, in case of any of them, kindly create `new issue <https://github.com/arcan1s/ahriman/issues/new/choose>`_.
+This plugin might have some issues, in case of any of them, kindly create `new issue <https://github.com/arcan1s/ahriman/issues/new/choose>`__.
 
 Generate mirrorlist package
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -1110,7 +1290,7 @@ How to enable basic authorization
       yay -S --asdeps python-aiohttp-security python-aiohttp-session python-cryptography
 
 #. 
-   Configure the service to enable authorization (``salt`` can be generated as any random string and optional):
+   Configure the service to enable authorization:
 
    .. code-block:: ini
 
@@ -1118,17 +1298,17 @@ How to enable basic authorization
       target = configuration
       salt = somerandomstring
 
-   The ``salt`` parameter is optional, but recommended.
+   The ``salt`` parameter is optional, but recommended, and can be set to any (random) string.
 
 #.
-   In order to provide access for reporting from application instances you can (recommended way) use unix sockets by configuring the following (note, that it requires ``python-requests-unixsocket`` package to be installed):
+   In order to provide access for reporting from application instances you can (the recommended way) use unix sockets by the following configuration (note, that it requires ``python-requests-unixsocket`` package to be installed):
 
    .. code-block:: ini
 
       [web]
       unix_socket = /var/lib/ahriman/ahriman-web.sock
 
-   This socket path must be available for web service instance and must be available for application instances (e.g. in case if you are using docker container, see above, you need to be sure that the socket is passed to the root filesystem).
+   This socket path must be available for web service instance and must be available for all application instances (e.g. in case if you are using docker container - see above - you need to make sure that the socket is passed to the root filesystem).
 
    By the way, unix socket variable will be automatically set in case if ``--web-unix-socket`` argument is supplied to the ``setup`` subcommand.
 
@@ -1161,7 +1341,8 @@ How to enable OAuth authorization
 
 #. 
    Create OAuth web application, download its ``client_id`` and ``client_secret``.
-#. 
+
+#.
    Guess what? Install dependencies:
 
    .. code-block:: shell
@@ -1243,21 +1424,34 @@ The service provides several commands aim to do easy repository backup and resto
 
       sudo -u ahriman ahriman repo-rebuild --from-database
 
+Use cases
+---------
+
+There is a collection of some specific recipes which can be found in `the repository <https://github.com/arcan1s/ahriman/tree/master/recipes>`__.
+
+Most of them can be run (``AHRIMAN_PASSWORD`` environment variable is required in the most setups) as simple as:
+
+.. code-block:: shell
+
+   AHRIMAN_PASSWORD=demo docker compose up
+
+Note, however, they are just an examples of specific configuration for specific cases and they are never intended to be used as is in real environment.
+
 Other topics
 ------------
 
 How does it differ from %another-manager%?
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-Short answer - I do not know. Also for some references credits to `Alad <https://github.com/AladW>`_, he `did <https://wiki.archlinux.org/title/User:Alad/Local_repo_tools>`_ really good investigation of existing alternatives.
+Short answer - I do not know. Also for some references credits to `Alad <https://github.com/AladW>`__, he `did <https://wiki.archlinux.org/title/User:Alad/Local_repo_tools>`__ really good investigation of existing alternatives.
 
-`arch-repo-manager <https://github.com/Martchus/arch-repo-manager>`_
-""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+`arch-repo-manager <https://github.com/Martchus/arch-repo-manager>`__
+"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 
-Looks actually pretty good, in case if I would find it, I would probably didn't start this project, most of features (like web interface or additional helpers) are already implemented or planned to be. However, this project seems to be at early alpha stage (as for Nov 2022), written in C++ (not pro or con) and misses code documentation.
+Looks actually pretty good, in case if I would find it, I would probably didn't start this project; the most of features (like web interface or additional helpers) are already implemented or planned to be. However, this project seems to be at early alpha stage (as for Nov 2022), written in C++ (not pro or con) and misses documentation.
 
-`archrepo2 <https://github.com/lilydjwg/archrepo2>`_
-""""""""""""""""""""""""""""""""""""""""""""""""""""
+`archrepo2 <https://github.com/lilydjwg/archrepo2>`__
+"""""""""""""""""""""""""""""""""""""""""""""""""""""
 
 Don't know, haven't tried it. But it lacks of documentation at least.
 
@@ -1266,8 +1460,8 @@ Don't know, haven't tried it. But it lacks of documentation at least.
 * ``archrepo2`` actively uses direct shell calls and ``yaourt`` components.
 * ``archrepo2`` has constantly running process instead of timer process (it is not pro or con).
 
-`repoctl <https://github.com/cassava/repoctl>`_
-"""""""""""""""""""""""""""""""""""""""""""""""
+`repoctl <https://github.com/cassava/repoctl>`__
+""""""""""""""""""""""""""""""""""""""""""""""""
 
 * ``ahriman`` has web interface.
 * ``repoctl`` does not have reporting feature.
@@ -1278,13 +1472,13 @@ Don't know, haven't tried it. But it lacks of documentation at least.
 * ``repoctl`` is able to store old packages.
 * Ability to host repository from same command in ``repoctl`` vs external services (e.g. nginx) in ``ahriman``.
 
-`repod <https://gitlab.archlinux.org/archlinux/repod>`_
-"""""""""""""""""""""""""""""""""""""""""""""""""""""""
+`repod <https://gitlab.archlinux.org/archlinux/repod>`__
+""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 
 Official tool provided by distribution, has clean logic, but it is just a helper for ``repo-add``, e.g. it doesn't work with AUR and all packages builds have to be handled separately.
 
-`repo-scripts <https://github.com/arcan1s/repo-scripts>`_
-"""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+`repo-scripts <https://github.com/arcan1s/repo-scripts>`__
+""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 
 Though originally I've created ahriman by trying to improve the project, it still lacks a lot of features:
 
@@ -1296,8 +1490,8 @@ Though originally I've created ahriman by trying to improve the project, it stil
 
 ...and so on. ``repo-scripts`` also has bad architecture and bad quality code and uses out-of-dated ``yaourt`` and ``package-query``.
 
-`toolbox <https://github.com/chaotic-aur/toolbox>`_
-"""""""""""""""""""""""""""""""""""""""""""""""""""
+`toolbox <https://github.com/chaotic-aur/toolbox>`__
+""""""""""""""""""""""""""""""""""""""""""""""""""""
 
 It is automation tools for ``repoctl`` mentioned above. Except for using shell it looks pretty cool and also offers some additional features like patches, remote synchronization (isn't it?) and reporting.
 
@@ -1316,7 +1510,7 @@ You can also ask to forward logs to ``stderr``, just set ``--log-handler`` flag,
 
    ahriman --log-handler console ...
 
-You can even configure logging as you wish, but kindly refer to python ``logging`` module `configuration <https://docs.python.org/3/library/logging.config.html>`_.
+You can even configure logging as you wish, but kindly refer to python ``logging`` module `configuration <https://docs.python.org/3/library/logging.config.html>`__.
 
 The application uses java concept to log messages, e.g. class ``Application`` imported from ``ahriman.application.application`` package will have logger called ``ahriman.application.application.Application``. In order to e.g. change logger name for whole application package it is possible to change values for ``ahriman.application`` package; thus editing ``ahriman`` logger configuration will change logging for whole application (unless there are overrides for another logger).
 
@@ -1337,9 +1531,9 @@ The application loads web views dynamically, so it is possible relatively easy e
 #. Put file into ``ahriman.web.views`` package.
 #. Restart application.
 
-For more details about implementation and possibilities, kindly refer to module documentation and source code and `aiohttp documentation <https://docs.aiohttp.org/en/stable/>`_.
+For more details about implementation and possibilities, kindly refer to module documentation and source code and `aiohttp documentation <https://docs.aiohttp.org/en/stable/>`__.
 
 I did not find my question
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-`Create an issue <https://github.com/arcan1s/ahriman/issues>`_ with type **Question**.
+`Create an issue <https://github.com/arcan1s/ahriman/issues>`__ with type **Question**.

docs/index.rst

@@ -1,7 +1,7 @@
 Welcome to ahriman's documentation!
 ===================================
 
-Wrapper for managing custom repository inspired by `repo-scripts <https://github.com/arcan1s/repo-scripts>`_.
+Wrapper for managing custom repository inspired by `repo-scripts <https://github.com/arcan1s/repo-scripts>`__.
 
 Features
 --------
@@ -20,9 +20,9 @@ Features
 Live demos
 ----------
 
-* `Build status page <https://ahriman-demo.arcanis.me>`_. You can login as ``demo`` user by using ``demo`` password. Note, however, you will not be able to run tasks. `HTTP API documentation <https://ahriman-demo.arcanis.me/api-docs>`_ is also available.
-* `Repository index <https://repo.arcanis.me/x86_64/index.html>`_.
-* `Telegram feed <https://t.me/arcanisrepo>`_.
+* `Build status page <https://ahriman-demo.arcanis.me>`__. You can login as ``demo`` user by using ``demo`` password. Note, however, you will not be able to run tasks. `HTTP API documentation <https://ahriman-demo.arcanis.me/api-docs>`__ is also available.
+* `Repository index <https://repo.arcanis.me/x86_64/index.html>`__.
+* `Telegram feed <https://t.me/arcanisrepo>`__.
 
 Contents
 --------

docs/triggers.rst

@@ -1,7 +1,7 @@
 Triggers
 ========
 
-The package provides ability to write custom extensions which will be run on (the most) actions, e.g. after updates. By default ahriman provides three types of extensions - reporting, files uploading and PKGBUILD syncronization. Each extension must derive from the ``ahriman.core.triggers.Trigger`` class and should implement at least one of the abstract methods:
+The package provides ability to write custom extensions which will be run on (the most) actions, e.g. after updates. By default ahriman provides three types of extensions - reporting, files uploading and PKGBUILD synchronization. Each extension must derive from the ``ahriman.core.triggers.Trigger`` class and should implement at least one of the abstract methods:
 
 * ``on_result`` - trigger action which will be called after build process, the build result and the list of repository packages will be supplied as arguments.
 * ``on_start`` - trigger action which will be called right before the start of the application process.
@@ -14,6 +14,16 @@ Built-in triggers
 
 For the configuration details and settings explanation kindly refer to the :doc:`documentation <configuration>`.
 
+``ahriman.core.distributed.WorkerLoaderTrigger``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Special trigger to be used to load workers from database on the start of the application rather than configuration. If the option is already set, it will skip processing.
+
+``ahriman.core.distributed.WorkerTrigger``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Another trigger for the distributed system, which registers itself as remote worker, calling remote service periodically.
+
 ``ahriman.core.gitremote.RemotePullTrigger``
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -39,7 +49,7 @@ Generator for keyring package. This trigger will extract keys from local keychai
 ``ahriman.core.support.MirrorlistTrigger``
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-Simple generator for mirrorlist package, based on the urls which were set by configuration. This trigger will generate sources including PKGBUILD, which can be used later for package building.
+Simple generator for mirrorlist package, based on the URLs which were set by configuration. This trigger will generate sources including PKGBUILD, which can be used later for package building.
 
 ``ahriman.core.upload.UploadTrigger``
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -83,9 +93,9 @@ The ``context`` also implements collection methods such as ``__iter__`` and ``__
 Trigger example
 ---------------
 
-Lets consider example of reporting trigger (e.g. `slack <https://slack.com/>`_, which provides easy HTTP API for integration triggers).
+Lets consider example of reporting trigger (e.g. `slack <https://slack.com/>`__, which provides easy HTTP API for integration triggers).
 
-In order to post message to slack we will need a specific trigger url (something like ``https://hooks.slack.com/services/company_id/trigger_id``), channel (e.g. ``#archrepo``) and username (``repo-bot``).
+In order to post message to slack we will need a specific trigger URL (something like ``https://hooks.slack.com/services/company_id/trigger_id``), channel (e.g. ``#archrepo``) and username (``repo-bot``).
 
 As it has been mentioned, our trigger must derive from specific class:
 
@@ -139,4 +149,4 @@ After that run application as usual and receive notification in your slack chann
 Trigger configuration schema
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-Triggers can expose their configuration schema. It can be achieved by implementing ``CONFIGURATION_SCHEMA`` class variable according to `cerberus <https://docs.python-cerberus.org/>`_ documentation. For more details and examples, please refer to built-in triggers implementations.
+Triggers can expose their configuration schema. It can be achieved by implementing ``CONFIGURATION_SCHEMA`` class variable according to `cerberus <https://docs.python-cerberus.org/>`__ documentation. For more details and examples, please refer to built-in triggers implementations.

package/archlinux/PKGBUILD

@@ -1,7 +1,7 @@
 # Maintainer: Evgeniy Alekseev
 
 pkgname='ahriman'
-pkgver=2.12.2
+pkgver=2.13.3
 pkgrel=1
 pkgdesc="ArcH linux ReposItory MANager"
 arch=('any')
@@ -16,7 +16,6 @@ optdepends=('breezy: -bzr packages support'
             'python-aiohttp: web server'
             'python-aiohttp-apispec>=3.0.0: web server'
             'python-aiohttp-cors: web server'
-            'python-aiohttp-debugtoolbar: web server with enabled debug panel'
             'python-aiohttp-jinja2: web server'
             'python-aiohttp-security: web server with authorization'
             'python-aiohttp-session: web server with authorization'
@@ -27,7 +26,7 @@ optdepends=('breezy: -bzr packages support'
             'python-systemd: journal support'
             'rsync: sync by using rsync'
             'subversion: -svn packages support')
-source=("https://github.com/arcan1s/ahriman/releases/download/$pkgver/$pkgname-$pkgver-src.tar.xz"
+source=("https://github.com/arcan1s/ahriman/releases/download/$pkgver/$pkgname-$pkgver.tar.gz"
         'ahriman.sysusers'
         'ahriman.tmpfiles')
 install="$pkgname.install"
@@ -35,13 +34,13 @@ backup=('etc/ahriman.ini'
         'etc/ahriman.ini.d/logging.ini')
 
 build() {
-  cd "$pkgname"
+  cd "$pkgname-$pkgver"
 
   python -m build --wheel --no-isolation
 }
 
 package() {
-  cd "$pkgname"
+  cd "$pkgname-$pkgver"
 
   python -m installer --destdir="$pkgdir" "dist/$pkgname-$pkgver-py3-none-any.whl"
 

package/lib/systemd/system/ahriman-daemon@.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=ArcH linux ReposItory MANager (%i)
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/ahriman --repository-id "%I" repo-daemon --no-changes --refresh
+User=ahriman
+Group=ahriman
+
+[Install]
+WantedBy=multi-user.target

package/lib/systemd/system/ahriman@.service

@@ -2,6 +2,6 @@
 Description=ArcH linux ReposItory MANager (%i)
 
 [Service]
-ExecStart=/usr/bin/ahriman --repository-id "%I" repo-update --refresh
+ExecStart=/usr/bin/ahriman --repository-id "%I" repo-update --no-changes --refresh
 User=ahriman
-Group=ahriman
+Group=ahriman

package/lib/systemd/system/ahriman@.timer

@@ -6,4 +6,4 @@ OnCalendar=daily
 RandomizedDelaySec=3600
 
 [Install]
-WantedBy=timers.target
+WantedBy=timers.target

package/share/ahriman/settings/ahriman.ini

@@ -1,88 +1,352 @@
 [settings]
+; Relative path to directory with configuration files overrides. Overrides will be applied in alphabetic order.
 include = ahriman.ini.d
+; Relative path to configuration used by logging package.
 logging = ahriman.ini.d/logging.ini
-apply_migrations = yes
+; Perform database migrations on the application start. Do not touch this option unless you know what are you doing.
+;apply_migrations = yes
+; Path to the application SQLite database.
 database = /var/lib/ahriman/ahriman.db
 
 [alpm]
+; Path to pacman system database cache.
 database = /var/lib/pacman
+; Arch linux mirror used by local pacman for synchronization.
 mirror = https://geo.mirror.pkgbuild.com/$repo/os/$arch
+; Space separated list of pacman repositories to search for packages.
 repositories = core extra multilib
+; Pacman's root directory. In the most cases it must point to the system root.
 root = /
+; Use local packages cache. If this option is enabled, the service will be able to synchronize databases (available
+; as additional option for some subcommands). If set to no, databases must be synchronized manually.
 use_ahriman_cache = yes
 
 [auth]
+; Authentication provider, must be one of disabled, configuration, oauth.
 target = disabled
-max_age = 604800
-oauth_provider = GoogleClient
-oauth_scopes = https://www.googleapis.com/auth/userinfo.email
+; Allow read-only endpoint to be called without authentication.
 allow_read_only = yes
+; OAuth2 application client ID and secret. Required if oauth is used.
+;client_id =
+;client_secret =
+; Cookie secret key to be used for cookies encryption. Must be valid 32 bytes URL-safe base64-encoded string.
+; If not set, it will be generated automatically.
+;cookie_secret_key =
+; Authentication cookie expiration in seconds.
+;max_age = 604800
+; OAuth2 provider icon for the web interface.
+;oauth_icon = google
+; OAuth2 provider class name, one of provided by aioauth-client. Required if oauth is used.
+;oauth_provider = GoogleClient
+; Scopes list for OAuth2 provider. Required if oauth is used.
+;oauth_scopes = https://www.googleapis.com/auth/userinfo.email
+; Optional password salt.
+;salt =
 
 [build]
-archbuild_flags =
-ignore_packages =
-makechrootpkg_flags =
+; List of additional flags passed to archbuild command.
+;archbuild_flags =
+; List of packages to be ignored during automatic updates.
+;ignore_packages =
+; List of additional flags passed to makechrootpkg command.
+;makechrootpkg_flags =
+; List of additional flags passed to makepkg command.
 makepkg_flags = --nocolor --ignorearch
+; List of enabled triggers in the order of calls.
 triggers = ahriman.core.gitremote.RemotePullTrigger ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger ahriman.core.gitremote.RemotePushTrigger
-triggers_known = ahriman.core.gitremote.RemotePullTrigger ahriman.core.gitremote.RemotePushTrigger ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger ahriman.core.support.KeyringTrigger ahriman.core.support.MirrorlistTrigger
-vcs_allowed_age = 604800
+; List of well-known triggers. Used only for configuration purposes.
+triggers_known = ahriman.core.distributed.WorkerLoaderTrigger ahriman.core.distributed.WorkerRegisterTrigger ahriman.core.distributed.WorkerTrigger ahriman.core.distributed.WorkerUnregisterTrigger ahriman.core.gitremote.RemotePullTrigger ahriman.core.gitremote.RemotePushTrigger ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger ahriman.core.support.KeyringTrigger ahriman.core.support.MirrorlistTrigger
+; Maximal age in seconds of the VCS packages before their version will be updated with its remote source.
+;vcs_allowed_age = 604800
+; List of worker nodes addresses used for build process, e.g.:
+;     workers = http://10.0.0.1:8080 http://10.0.0.3:8080
+; Empty list means run on the local instance.
+;workers =
 
 [repository]
+; Application root.
 root = /var/lib/ahriman
 
 [sign]
+; Enable repository or package signing. Must be one of repository, package.
 target =
-
-[keyring]
-target =
-
-[mirrorlist]
-target =
-
-[remote-pull]
-target =
-
-[remote-push]
-target =
-
-[report]
-target = console
-
-[console]
-use_utf = yes
-
-[email]
-no_empty_report = yes
-template = email-index.jinja2
-templates = /usr/share/ahriman/templates
-ssl = disabled
-
-[html]
-template = repo-index.jinja2
-templates = /usr/share/ahriman/templates
+; PGP key used for signing as default.
+;key =
 
 [status]
+; Global switch to enable or disable status reporting.
 enabled = yes
+; Address of the remote service, e.g.:
+;     address = http://1.0.0.1:8080
+; In case if unix sockets are used, it might point to the valid socket with encoded path, e.g.:
+;     address = http+unix://%2Fvar%2Flib%2Fahriman%2Fsocket
+;address =
+; Optional password for authentication (if enabled).
+;password =
+; Do not log HTTP errors if occurs.
 suppress_http_log_errors = yes
-
-[telegram]
-template = telegram-index.jinja2
-templates = /usr/share/ahriman/templates
-
-[upload]
-target =
-
-[rsync]
-command = rsync --archive --compress --partial --delete
-
-[s3]
-chunk_size = 8388608
+; HTTP request timeout in seconds.
+;timeout = 30
+; Optional username for authentication (if enabled).
+;username =
 
 [web]
-debug = no
-debug_check_host = no
-debug_allowed_hosts =
+; External address of the web service. Will be used for some features like OAuth. If none set will be generated as
+;     address = http://web.host:web.port
+;address =
+; Enable file upload endpoint used by some triggers.
+;enable_archive_upload = no
+; Address to bind the server.
 host = 127.0.0.1
+; Full URL to the repository index page used by templates.
+;index_url =
+; Max file size in bytes which can be uploaded to the server.
+;max_body_size =
+; Port to listen. Must be set, if the web service is enabled.
+;port =
+; Disable status (e.g. package status, logs, etc) endpoints. Useful for build only modes.
+;service_only = no
+; Path to directory with static files.
 static_path = /usr/share/ahriman/templates/static
+; List of directories with templates.
 templates = /usr/share/ahriman/templates
-unix_socket_unsafe = yes
+; Path to unix socket. If none set, unix socket will be disabled.
+;unix_socket =
+; Allow unix socket to be world readable.
+;unix_socket_unsafe = yes
+; Maximum amount of time in seconds to be waited before lock will be free, used by spawned processes (0 is infinite).
+;wait_timeout =
+
+[keyring]
+; List of configuration section names for keyring generator plugin, e.g.:
+;     target = keyring-trigger
+target =
+
+; Keyring generator trigger sample.
+;[keyring-trigger]
+; Generator type name.
+;type = keyring-generator
+; Optional keyring package description.
+;description=
+; Optional URL to the repository homepage.
+;homepage=
+; Keyring package licenses list.
+;license = Unlicense
+; Optional keyring package name.
+;package =
+; Optional packager PGP keys list. If none set, it will read from database.
+;packagers =
+; List of revoked PGP keys.
+;revoked =
+; List of master PGP keys. If none set, the sign.key value will be used.
+;trusted =
+
+[mirrorlist]
+; List of configuration section names for mirrorlist generator plugin, e.g.:
+;     target = mirrorlist-trigger
+target =
+
+; Mirror list generator trigger sample.
+;[mirrorlist-trigger]
+; Generator type name.
+;type = mirrorlist-generator
+; Optional mirrorlist package description.
+;description=
+; Optional URL to the repository homepage.
+;homepage=
+; Mirrorlist package licenses list.
+;license = Unlicense
+; Optional mirrorlist package name.
+;package =
+; Absolute path to generated mirrorlist file, usually path inside /etc/pacman.d directory.
+;path =
+; List of repository mirrors.
+;servers =
+
+[remote-pull]
+; List of configuration section names for git remote pull plugin, e.g.:
+;     target = remote-pull-trigger
+target =
+
+; git remote pull trigger sample.
+;[remote-pull-trigger]
+; Valid URL to pull repository, e.g.:
+;     pull_url = https://github.com/arcan1s/arcanisrepo.git
+;pull_url =
+; Remote branch to pull.
+;pull_branch = master
+
+[remote-push]
+; List of configuration section names for git remote push plugin, e.g.:
+;     target = remote-push-trigger
+target =
+
+; git remote push trigger sample.
+;[remote-push-trigger]
+; Author commit email.
+;commit_email = ahriman@localhost
+; Author commit user.
+;commit_user = ahriman
+; Valid URL to push repository, e.g.:
+;     push_url = https://key:token@github.com/arcan1s/arcanisrepo.git
+; Note, that more likely authentication must be enabled.
+;push_url =
+; Remote branch to push.
+;push_branch = master
+
+[report]
+; List of configuration section names for reporting plugin.
+target = console
+
+; Console reporting trigger configuration sample.
+[console]
+; Trigger type name
+;type = console
+; Use utf8 symbols in output.
+use_utf = yes
+
+; Email reporting trigger configuration sample.
+[email]
+; Trigger type name
+;type = email
+; Optional URL to the repository homepage.
+;homepage=
+; SMTP server address.
+;host =
+; Prefix for packages links. Link to a package will be formed as link_path / filename.
+;link_path =
+; Skip report generation if no packages were updated.
+;no_empty_report = yes
+; SMTP password.
+;password =
+; SMTP server port.
+;port =
+; List of emails to receive the reports.
+;receivers =
+; Sender email.
+;sender =
+; SMTP server SSL mode, one of ssl, starttls, disabled.
+;ssl = disabled
+; Template name to be used.
+template = email-index.jinja2
+; Template name to be used for full packages list generation (same as HTML report).
+;template_full =
+; List of directories with templates.
+templates = /usr/share/ahriman/templates
+; SMTP user.
+;user =
+
+; HTML reporting trigger configuration sample.
+[html]
+; Trigger type name
+;type = html
+; Optional URL to the repository homepage.
+;homepage=
+; Prefix for packages links. Link to a package will be formed as link_path / filename.
+;link_path =
+; Output path for the HTML report.
+;path =
+; Template name to be used.
+template = repo-index.jinja2
+; List of directories with templates.
+templates = /usr/share/ahriman/templates
+
+; Remote service callback trigger configuration sample.
+[remote-call]
+; Trigger type name
+;type = remote-call
+; Call for AUR packages update.
+;aur = no
+; Call for local packages update.
+;local = no
+; Call for manual packages update.
+;manual = no
+; Wait until remote process will be terminated in seconds.
+;wait_timeout = -1
+
+; Telegram reporting trigger configuration sample.
+[telegram]
+; Trigger type name
+;type = telegram
+; Telegram bot API key.
+;api_key =
+; Telegram chat ID.
+;chat_id =
+; Optional URL to the repository homepage.
+;homepage=
+; Prefix for packages links. Link to a package will be formed as link_path / filename.
+;link_path =
+; Template name to be used.
+template = telegram-index.jinja2
+; Telegram specific template mode, one of MarkdownV2, HTML or Markdown.
+;template_type = HTML
+; List of directories with templates.
+templates = /usr/share/ahriman/templates
+; HTTP request timeout in seconds.
+;timeout = 30
+
+[upload]
+; List of configuration section names for remote upload plugin, e.g.:
+;     target = rsync s3
+target =
+
+; GitHub upload trigger configuration sample.
+[github]
+; Trigger type name
+;type = github
+; GitHub repository owner username.
+;owner =
+; GitHub API key. public_repo (repo) scope is required.
+;password =
+; GitHub repository name.
+;repository =
+; HTTP request timeout in seconds.
+;timeout = 30
+; Include repository name to release name (recommended).
+;use_full_release_name = no
+; GitHub authentication username.
+;username =
+
+; Remote instance upload trigger configuration sample.
+[remote-service]
+; Trigger type name
+;type = remote-service
+; HTTP request timeout in seconds.
+;timeout = 30
+
+; rsync upload trigger configuration sample.
+[rsync]
+; Trigger type name
+;type = rsync
+; rsync command to run.
+command = rsync --archive --compress --partial --delete
+; Remote address and directory to sync, e.g.:
+;     remote = ahriman@10.0.0.1:/srv/repo
+;remote =
+
+; S3 upload trigger configuration sample.
+[s3]
+; Trigger type name
+;type = s3
+; AWS services access key.
+;access_key =
+; AWS S3 bucket name.
+;bucket =
+; Chunk size tp calculate ETags. Do not edit this value.
+;chunk_size = 8388608
+; Optional path prefix for stored objects.
+;object_path =
+; AWS S3 bucket region.
+;region =
+; AWS services secret key.
+;secret_key =
+
+; Remote worker configuration sample.
+;[worker]
+; Remotely reachable address of this instance, e.g.:
+;     address = http://10.0.0.1:8080
+;address =
+; Unique identifier of this instance if any.
+;identifier =
+; Maximum amount of time in seconds after which worker will be considered offline in case of no reports.
+;time_to_live = 60

package/share/ahriman/settings/ahriman.ini.d/logging.ini

@@ -36,7 +36,7 @@ level = DEBUG
 qualname = root
 
 [logger_http]
-level = DEBUG
+level = WARNING
 qualname = http
 propagate = 0
 

package/share/ahriman/templates/build-status.jinja2

@@ -15,7 +15,7 @@
 
         <div class="container">
             <nav class="navbar navbar-expand-lg">
-                <div class="navbar-brand"><img src="/static/logo.svg" width="30" height="30" alt=""> ahriman</div>
+                <div class="navbar-brand"><img src="/static/logo.svg" width="30" height="30" alt=""></div>
                 <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#repositories-navbar-supported-content" aria-controls="repositories-navbar-supported-content" aria-expanded="false" aria-label="Toggle navigation">
                     <span class="navbar-toggler-icon"></span>
                 </button>

package/share/ahriman/templates/build-status/alerts.jinja2

@@ -1,7 +1,7 @@
 <script>
     const alertPlaceholder = $("#alert-placeholder");
 
-    function createAlert(title, message, clz) {
+    function createAlert(title, message, clz, action) {
         const wrapper = document.createElement("div");
         wrapper.classList.add("toast", clz);
         wrapper.role = "alert";
@@ -23,7 +23,7 @@
         const toast = new bootstrap.Toast(wrapper);
         wrapper.addEventListener("hidden.bs.toast", () => {
             wrapper.remove();  // bootstrap doesn't remove elements
-            reload();
+            (action || reload)();
         });
         toast.show();
     }
@@ -38,8 +38,8 @@
         createAlert(title, description(details), "text-bg-danger");
     }
 
-    function showSuccess(title, description) {
-        createAlert(title, description, "text-bg-success");
+    function showSuccess(title, description, action) {
+        createAlert(title, description, "text-bg-success", action);
     }
 
 </script>

package/share/ahriman/templates/build-status/login-modal.jinja2

@@ -1,7 +1,7 @@
 <div id="login-modal" tabindex="-1" role="dialog" class="modal fade">
     <div class="modal-dialog" role="document">
         <div class="modal-content">
-            <form action="/api/v1/login" method="post">
+            <form id="login-form" onsubmit="return false">
                 <div class="modal-header">
                     <h4 class="modal-title">Login</h4>
                     <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="close"></button>
@@ -26,7 +26,7 @@
                     </div>
                 </div>
                 <div class="modal-footer">
-                    <button class="btn btn-primary"><i class="bi bi-person"></i> login</button>
+                    <button type="submit" class="btn btn-primary" onclick="login()"><i class="bi bi-person"></i> login</button>
                 </div>
             </form>
         </div>
@@ -34,16 +34,45 @@
 </div>
 
 <script>
-    const passwordInput = $("#login-password");
+    const loginModal = $("#login-modal");
+    const loginForm = $("#login-form");
+    loginModal.on("hidden.bs.modal", () => {
+        loginForm.trigger("reset");
+    });
+
+    const loginPasswordInput = $("#login-password");
+    const loginUsernameInput = $("#login-username");
     const showHidePasswordButton = $("#login-show-hide-password-button");
 
+    function login() {
+        const password = loginPasswordInput.val();
+        const username = loginUsernameInput.val();
+
+        if (username && password) {
+            $.ajax({
+                url: "/api/v1/login",
+                data: JSON.stringify({username: username, password: password}),
+                type: "POST",
+                contentType: "application/json",
+                success: _ => {
+                    loginModal.modal("hide");
+                    showSuccess("Logged in", `Successfully logged in as ${username}`, () => location.href = "/");
+                },
+                error: (jqXHR, _, errorThrown) => {
+                    const message = _ => `Could not login as ${username}`;
+                    showFailure("Login error", message, jqXHR, errorThrown);
+                },
+            });
+        }
+    }
+
     function showPassword() {
-        if (passwordInput.attr("type") === "password") {
-            passwordInput.attr("type", "text");
+        if (loginPasswordInput.attr("type") === "password") {
+            loginPasswordInput.attr("type", "text");
             showHidePasswordButton.removeClass("bi-eye");
             showHidePasswordButton.addClass("bi-eye-slash");
         } else {
-            passwordInput.attr("type", "password");
+            loginPasswordInput.attr("type", "password");
             showHidePasswordButton.removeClass("bi-eye-slash");
             showHidePasswordButton.addClass("bi-eye");
         }

package/share/ahriman/templates/build-status/package-info-modal.jinja2

@@ -36,13 +36,27 @@
 
                 <hr class="col-12">
 
-                <h3>Environment variables</h3>
-                <div id="package-info-variables-div" class="form-group row"></div>
+                <div id="package-info-variables-block" hidden>
+                    <h3>Environment variables</h3>
+                    <div id="package-info-variables-div" class="form-group row"></div>
 
-                <hr class="col-12">
+                    <hr class="col-12">
+                </div>
 
-                <h3>Build logs</h3>
-                <pre class="language-logs"><samp id="package-info-logs-input" class="pre-scrollable language-logs"></samp><button id="package-info-logs-copy-button" type="button" class="btn language-logs" onclick="copyLogs()"><i class="bi bi-clipboard"></i> copy</button></pre>
+                <nav>
+                    <div class="nav nav-tabs" role="tablist">
+                        <button id="package-info-logs-button" class="nav-link active" data-bs-toggle="tab" data-bs-target="#package-info-logs" type="button" role="tab" aria-controls="package-info-logs" aria-selected="true"><h3>Build logs</h3></button>
+                        <button id="package-info-changes-button" class="nav-link" data-bs-toggle="tab" data-bs-target="#package-info-changes" type="button" role="tab" aria-controls="package-info-changes" aria-selected="false"><h3>Changes</h3></button>
+                    </div>
+                </nav>
+                <div class="tab-content" id="nav-tabContent">
+                    <div id="package-info-logs" class="tab-pane fade show active" role="tabpanel" aria-labelledby="package-info-logs-button" tabindex="0">
+                        <pre class="language-console"><code id="package-info-logs-input" class="pre-scrollable language-console"></code><button id="package-info-logs-copy-button" type="button" class="btn language-console" onclick="copyLogs()"><i class="bi bi-clipboard"></i> copy</button></pre>
+                    </div>
+                    <div id="package-info-changes" class="tab-pane fade" role="tabpanel" aria-labelledby="package-info-changes-button" tabindex="0">
+                        <pre class="language-diff"><code id="package-info-changes-input" class="pre-scrollable language-diff"></code><button id="package-info-changes-copy-button" type="button" class="btn language-diff" onclick="copyChanges()"><i class="bi bi-clipboard"></i> copy</button></pre>
+                    </div>
+                </div>
             </div>
             <div class="modal-footer">
                 <button id="package-info-update-button" type="submit" class="btn btn-success" onclick="packageInfoUpdate()" data-bs-dismiss="modal" hidden><i class="bi bi-play"></i><span class="d-none d-sm-inline"> update</span></button>
@@ -68,9 +82,11 @@
         packageInfoUpstreamUrl.empty();
         packageInfoVersion.empty();
 
+        packageInfoVariablesBlock.attr("hidden", true);
         packageInfoVariablesDiv.empty();
 
         packageInfoLogsInput.empty();
+        packageInfoChangesInput.empty();
 
         packageInfoModal.trigger("reset");
 
@@ -80,6 +96,9 @@
     const packageInfoLogsInput = $("#package-info-logs-input");
     const packageInfoLogsCopyButton = $("#package-info-logs-copy-button");
 
+    const packageInfoChangesInput = $("#package-info-changes-input");
+    const packageInfoChangesCopyButton = $("#package-info-changes-copy-button");
+
     const packageInfoAurUrl = $("#package-info-aur-url");
     const packageInfoDepends = $("#package-info-depends");
     const packageInfoGroups = $("#package-info-groups");
@@ -89,8 +108,14 @@
     const packageInfoUpstreamUrl = $("#package-info-upstream-url");
     const packageInfoVersion = $("#package-info-version");
 
+    const packageInfoVariablesBlock = $("#package-info-variables-block");
     const packageInfoVariablesDiv = $("#package-info-variables-div");
 
+    async function copyChanges() {
+        const changes = packageInfoChangesInput.text();
+        await copyToClipboard(changes, packageInfoChangesCopyButton);
+    }
+
     async function copyLogs() {
         const logs = packageInfoLogsInput.text();
         await copyToClipboard(logs, packageInfoLogsCopyButton);
@@ -142,6 +167,24 @@
         packageInfoVariablesDiv.append(variableInput);
     }
 
+    function loadChanges(packageBase, onFailure) {
+        $.ajax({
+            url: `/api/v1/packages/${packageBase}/changes`,
+            data: {
+                architecture: repository.architecture,
+                repository: repository.repository,
+            },
+            type: "GET",
+            dataType: "json",
+            success: response => {
+                const changes = response.changes;
+                packageInfoChangesInput.text(changes || "");
+                packageInfoChangesInput.map((_, el) => hljs.highlightElement(el));
+            },
+            error: onFailure,
+        });
+    }
+
     function loadLogs(packageBase, onFailure) {
         $.ajax({
             url: `/api/v2/packages/${packageBase}/logs`,
@@ -156,6 +199,7 @@
                     return `[${new Date(1000 * log_record.created).toISOString()}] ${log_record.message}`;
                 });
                 packageInfoLogsInput.text(logs.join("\n"));
+                packageInfoLogsInput.map((_, el) => hljs.highlightElement(el));
             },
             error: onFailure,
         });
@@ -228,6 +272,7 @@
             success: response => {
                 packageInfoVariablesDiv.empty();
                 response.map(patch => insertVariable(packageBase, patch));
+                packageInfoVariablesBlock.attr("hidden", response.length === 0);
             },
             error: onFailure,
         });
@@ -260,6 +305,7 @@
         loadPackage(packageBase, onFailure);
         loadPatches(packageBase, onFailure);
         loadLogs(packageBase, onFailure);
+        loadChanges(packageBase, onFailure)
 
         if (isPackageBaseSet) packageInfoModal.modal("show");
     }

package/share/ahriman/templates/utils/bootstrap-scripts.jinja2

@@ -15,6 +15,8 @@
 <script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/resizable/bootstrap-table-resizable.js" integrity="sha384-wd8Vc6Febikdnsnk9vthRWRvMwffw246vhqiqNO3aSNe1maTEA07Vh3zAQiSyDji" crossorigin="anonymous" type="application/javascript"></script>
 <script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/filter-control/bootstrap-table-filter-control.js" integrity="sha384-NIqcjpr/3eZI1iNzz7hgT5rgp70qFUzkZffeCgVva9gi80B5vqcm7gn+8QvlWxko" crossorigin="anonymous" type="application/javascript"></script>
 
+<script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/highlight.min.js" integrity="sha384-F/bZzf7p3Joyp5psL90p/p89AZJsndkSoGwRpXcZhleCWhd8SnRuoYo4d0yirjJp" crossorigin="anonymous" type="application/javascript"></script>
+
 <script>
     async function copyToClipboard(text, button) {
         if (navigator.clipboard === undefined) {

package/share/ahriman/templates/utils/style.jinja2

@@ -11,6 +11,8 @@
 
 <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.css" integrity="sha384-zLkQsiLfAQqGeIJeKLC+rcCR1YoYaQFLCL7cLDUoKE1ajKJzySpjzWGfYS2vjSG+" crossorigin="anonymous" type="text/css">
 
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/styles/github.min.css" integrity="sha384-eFTL69TLRZTkNfYZOLM+G04821K1qZao/4QLJbet1pP4tcF+fdXq/9CdqAbWRl/L" crossorigin="anonymous" type="text/css">
+
 <style>
     .pre-scrollable {
         display: block;

package/share/bash-completion/completions/_ahriman

@@ -1,6 +1,6 @@
 # AUTOMATICALLY GENERATED by `shtab`
 
-_shtab_ahriman_subparsers=('aur-search' 'search' 'help-commands-unsafe' 'help' 'help-updates' 'help-version' 'version' 'package-add' 'add' 'package-update' 'package-remove' 'remove' 'package-status' 'status' 'package-status-remove' 'package-status-update' 'status-update' 'patch-add' 'patch-list' 'patch-remove' 'patch-set-add' 'repo-backup' 'repo-check' 'check' 'repo-create-keyring' 'repo-create-mirrorlist' 'repo-daemon' 'daemon' 'repo-rebuild' 'rebuild' 'repo-remove-unknown' 'remove-unknown' 'repo-report' 'report' 'repo-restore' 'repo-sign' 'sign' 'repo-status-update' 'repo-sync' 'sync' 'repo-tree' 'repo-triggers' 'repo-update' 'update' 'service-clean' 'clean' 'repo-clean' 'service-config' 'config' 'repo-config' 'service-config-validate' 'config-validate' 'repo-config-validate' 'service-key-import' 'key-import' 'service-repositories' 'service-run' 'run' 'service-setup' 'init' 'repo-init' 'repo-setup' 'setup' 'service-shell' 'shell' 'service-tree-migrate' 'user-add' 'user-list' 'user-remove' 'web')
+_shtab_ahriman_subparsers=('aur-search' 'search' 'help-commands-unsafe' 'help' 'help-updates' 'help-version' 'version' 'package-add' 'add' 'package-update' 'package-changes' 'package-changes-remove' 'package-remove' 'remove' 'package-status' 'status' 'package-status-remove' 'package-status-update' 'status-update' 'patch-add' 'patch-list' 'patch-remove' 'patch-set-add' 'repo-backup' 'repo-check' 'check' 'repo-create-keyring' 'repo-create-mirrorlist' 'repo-daemon' 'daemon' 'repo-rebuild' 'rebuild' 'repo-remove-unknown' 'remove-unknown' 'repo-report' 'report' 'repo-restore' 'repo-sign' 'sign' 'repo-status-update' 'repo-sync' 'sync' 'repo-tree' 'repo-triggers' 'repo-update' 'update' 'service-clean' 'clean' 'repo-clean' 'service-config' 'config' 'repo-config' 'service-config-validate' 'config-validate' 'repo-config-validate' 'service-key-import' 'key-import' 'service-repositories' 'service-run' 'run' 'service-setup' 'init' 'repo-init' 'repo-setup' 'setup' 'service-shell' 'shell' 'service-tree-migrate' 'user-add' 'user-list' 'user-remove' 'web')
 
 _shtab_ahriman_option_strings=('-h' '--help' '-a' '--architecture' '-c' '--configuration' '--force' '-l' '--lock' '--log-handler' '-q' '--quiet' '--report' '--no-report' '-r' '--repository' '--unsafe' '-V' '--version' '--wait-timeout')
 _shtab_ahriman_aur_search_option_strings=('-h' '--help' '-e' '--exit-code' '--info' '--no-info' '--sort-by')
@@ -13,6 +13,8 @@ _shtab_ahriman_version_option_strings=('-h' '--help')
 _shtab_ahriman_package_add_option_strings=('-h' '--help' '--dependencies' '--no-dependencies' '-e' '--exit-code' '--increment' '--no-increment' '-n' '--now' '-y' '--refresh' '-s' '--source' '-u' '--username' '-v' '--variable')
 _shtab_ahriman_add_option_strings=('-h' '--help' '--dependencies' '--no-dependencies' '-e' '--exit-code' '--increment' '--no-increment' '-n' '--now' '-y' '--refresh' '-s' '--source' '-u' '--username' '-v' '--variable')
 _shtab_ahriman_package_update_option_strings=('-h' '--help' '--dependencies' '--no-dependencies' '-e' '--exit-code' '--increment' '--no-increment' '-n' '--now' '-y' '--refresh' '-s' '--source' '-u' '--username' '-v' '--variable')
+_shtab_ahriman_package_changes_option_strings=('-h' '--help' '-e' '--exit-code')
+_shtab_ahriman_package_changes_remove_option_strings=('-h' '--help')
 _shtab_ahriman_package_remove_option_strings=('-h' '--help')
 _shtab_ahriman_remove_option_strings=('-h' '--help')
 _shtab_ahriman_package_status_option_strings=('-h' '--help' '--ahriman' '-e' '--exit-code' '--info' '--no-info' '-s' '--status')
@@ -25,12 +27,12 @@ _shtab_ahriman_patch_list_option_strings=('-h' '--help' '-e' '--exit-code' '-v'
 _shtab_ahriman_patch_remove_option_strings=('-h' '--help' '-v' '--variable')
 _shtab_ahriman_patch_set_add_option_strings=('-h' '--help' '-t' '--track')
 _shtab_ahriman_repo_backup_option_strings=('-h' '--help')
-_shtab_ahriman_repo_check_option_strings=('-h' '--help' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
-_shtab_ahriman_check_option_strings=('-h' '--help' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_repo_check_option_strings=('-h' '--help' '--changes' '--no-changes' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_check_option_strings=('-h' '--help' '--changes' '--no-changes' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
 _shtab_ahriman_repo_create_keyring_option_strings=('-h' '--help')
 _shtab_ahriman_repo_create_mirrorlist_option_strings=('-h' '--help')
-_shtab_ahriman_repo_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--dependencies' '--no-dependencies' '--local' '--no-local' '--manual' '--no-manual' '--vcs' '--no-vcs' '-y' '--refresh')
-_shtab_ahriman_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--dependencies' '--no-dependencies' '--local' '--no-local' '--manual' '--no-manual' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_repo_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '--partitions' '--no-partitions' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '--partitions' '--no-partitions' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
 _shtab_ahriman_repo_rebuild_option_strings=('-h' '--help' '--depends-on' '--dry-run' '--from-database' '--increment' '--no-increment' '-e' '--exit-code' '-s' '--status' '-u' '--username')
 _shtab_ahriman_rebuild_option_strings=('-h' '--help' '--depends-on' '--dry-run' '--from-database' '--increment' '--no-increment' '-e' '--exit-code' '-s' '--status' '-u' '--username')
 _shtab_ahriman_repo_remove_unknown_option_strings=('-h' '--help' '--dry-run')
@@ -45,8 +47,8 @@ _shtab_ahriman_repo_sync_option_strings=('-h' '--help')
 _shtab_ahriman_sync_option_strings=('-h' '--help')
 _shtab_ahriman_repo_tree_option_strings=('-h' '--help' '-p' '--partitions')
 _shtab_ahriman_repo_triggers_option_strings=('-h' '--help')
-_shtab_ahriman_repo_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
-_shtab_ahriman_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_repo_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
 _shtab_ahriman_service_clean_option_strings=('-h' '--help' '--cache' '--no-cache' '--chroot' '--no-chroot' '--manual' '--no-manual' '--packages' '--no-packages' '--pacman' '--no-pacman')
 _shtab_ahriman_clean_option_strings=('-h' '--help' '--cache' '--no-cache' '--chroot' '--no-chroot' '--manual' '--no-manual' '--packages' '--no-packages' '--pacman' '--no-pacman')
 _shtab_ahriman_repo_clean_option_strings=('-h' '--help' '--cache' '--no-cache' '--chroot' '--no-chroot' '--manual' '--no-manual' '--packages' '--no-packages' '--pacman' '--no-pacman')
@@ -76,7 +78,7 @@ _shtab_ahriman_web_option_strings=('-h' '--help')
 
 
 
-_shtab_ahriman_pos_0_choices=('aur-search' 'search' 'help-commands-unsafe' 'help' 'help-updates' 'help-version' 'version' 'package-add' 'add' 'package-update' 'package-remove' 'remove' 'package-status' 'status' 'package-status-remove' 'package-status-update' 'status-update' 'patch-add' 'patch-list' 'patch-remove' 'patch-set-add' 'repo-backup' 'repo-check' 'check' 'repo-create-keyring' 'repo-create-mirrorlist' 'repo-daemon' 'daemon' 'repo-rebuild' 'rebuild' 'repo-remove-unknown' 'remove-unknown' 'repo-report' 'report' 'repo-restore' 'repo-sign' 'sign' 'repo-status-update' 'repo-sync' 'sync' 'repo-tree' 'repo-triggers' 'repo-update' 'update' 'service-clean' 'clean' 'repo-clean' 'service-config' 'config' 'repo-config' 'service-config-validate' 'config-validate' 'repo-config-validate' 'service-key-import' 'key-import' 'service-repositories' 'service-run' 'run' 'service-setup' 'init' 'repo-init' 'repo-setup' 'setup' 'service-shell' 'shell' 'service-tree-migrate' 'user-add' 'user-list' 'user-remove' 'web')
+_shtab_ahriman_pos_0_choices=('aur-search' 'search' 'help-commands-unsafe' 'help' 'help-updates' 'help-version' 'version' 'package-add' 'add' 'package-update' 'package-changes' 'package-changes-remove' 'package-remove' 'remove' 'package-status' 'status' 'package-status-remove' 'package-status-update' 'status-update' 'patch-add' 'patch-list' 'patch-remove' 'patch-set-add' 'repo-backup' 'repo-check' 'check' 'repo-create-keyring' 'repo-create-mirrorlist' 'repo-daemon' 'daemon' 'repo-rebuild' 'rebuild' 'repo-remove-unknown' 'remove-unknown' 'repo-report' 'report' 'repo-restore' 'repo-sign' 'sign' 'repo-status-update' 'repo-sync' 'sync' 'repo-tree' 'repo-triggers' 'repo-update' 'update' 'service-clean' 'clean' 'repo-clean' 'service-config' 'config' 'repo-config' 'service-config-validate' 'config-validate' 'repo-config-validate' 'service-key-import' 'key-import' 'service-repositories' 'service-run' 'run' 'service-setup' 'init' 'repo-init' 'repo-setup' 'setup' 'service-shell' 'shell' 'service-tree-migrate' 'user-add' 'user-list' 'user-remove' 'web')
 _shtab_ahriman___log_handler_choices=('console' 'syslog' 'journald')
 _shtab_ahriman_aur_search___sort_by_choices=('description' 'first_submitted' 'id' 'last_modified' 'maintainer' 'name' 'num_votes' 'out_of_date' 'package_base' 'package_base_id' 'popularity' 'repository' 'submitter' 'url' 'url_path' 'version')
 _shtab_ahriman_search___sort_by_choices=('description' 'first_submitted' 'id' 'last_modified' 'maintainer' 'name' 'num_votes' 'out_of_date' 'package_base' 'package_base_id' 'popularity' 'repository' 'submitter' 'url' 'url_path' 'version')
@@ -187,6 +189,12 @@ _shtab_ahriman_package_update__n_nargs=0
 _shtab_ahriman_package_update___now_nargs=0
 _shtab_ahriman_package_update__y_nargs=0
 _shtab_ahriman_package_update___refresh_nargs=0
+_shtab_ahriman_package_changes__h_nargs=0
+_shtab_ahriman_package_changes___help_nargs=0
+_shtab_ahriman_package_changes__e_nargs=0
+_shtab_ahriman_package_changes___exit_code_nargs=0
+_shtab_ahriman_package_changes_remove__h_nargs=0
+_shtab_ahriman_package_changes_remove___help_nargs=0
 _shtab_ahriman_package_remove_pos_0_nargs=+
 _shtab_ahriman_package_remove__h_nargs=0
 _shtab_ahriman_package_remove___help_nargs=0
@@ -233,6 +241,8 @@ _shtab_ahriman_repo_backup___help_nargs=0
 _shtab_ahriman_repo_check_pos_0_nargs=*
 _shtab_ahriman_repo_check__h_nargs=0
 _shtab_ahriman_repo_check___help_nargs=0
+_shtab_ahriman_repo_check___changes_nargs=0
+_shtab_ahriman_repo_check___no_changes_nargs=0
 _shtab_ahriman_repo_check__e_nargs=0
 _shtab_ahriman_repo_check___exit_code_nargs=0
 _shtab_ahriman_repo_check___vcs_nargs=0
@@ -242,6 +252,8 @@ _shtab_ahriman_repo_check___refresh_nargs=0
 _shtab_ahriman_check_pos_0_nargs=*
 _shtab_ahriman_check__h_nargs=0
 _shtab_ahriman_check___help_nargs=0
+_shtab_ahriman_check___changes_nargs=0
+_shtab_ahriman_check___no_changes_nargs=0
 _shtab_ahriman_check__e_nargs=0
 _shtab_ahriman_check___exit_code_nargs=0
 _shtab_ahriman_check___vcs_nargs=0
@@ -256,12 +268,19 @@ _shtab_ahriman_repo_daemon__h_nargs=0
 _shtab_ahriman_repo_daemon___help_nargs=0
 _shtab_ahriman_repo_daemon___aur_nargs=0
 _shtab_ahriman_repo_daemon___no_aur_nargs=0
+_shtab_ahriman_repo_daemon___changes_nargs=0
+_shtab_ahriman_repo_daemon___no_changes_nargs=0
 _shtab_ahriman_repo_daemon___dependencies_nargs=0
 _shtab_ahriman_repo_daemon___no_dependencies_nargs=0
+_shtab_ahriman_repo_daemon___dry_run_nargs=0
+_shtab_ahriman_repo_daemon___increment_nargs=0
+_shtab_ahriman_repo_daemon___no_increment_nargs=0
 _shtab_ahriman_repo_daemon___local_nargs=0
 _shtab_ahriman_repo_daemon___no_local_nargs=0
 _shtab_ahriman_repo_daemon___manual_nargs=0
 _shtab_ahriman_repo_daemon___no_manual_nargs=0
+_shtab_ahriman_repo_daemon___partitions_nargs=0
+_shtab_ahriman_repo_daemon___no_partitions_nargs=0
 _shtab_ahriman_repo_daemon___vcs_nargs=0
 _shtab_ahriman_repo_daemon___no_vcs_nargs=0
 _shtab_ahriman_repo_daemon__y_nargs=0
@@ -270,12 +289,19 @@ _shtab_ahriman_daemon__h_nargs=0
 _shtab_ahriman_daemon___help_nargs=0
 _shtab_ahriman_daemon___aur_nargs=0
 _shtab_ahriman_daemon___no_aur_nargs=0
+_shtab_ahriman_daemon___changes_nargs=0
+_shtab_ahriman_daemon___no_changes_nargs=0
 _shtab_ahriman_daemon___dependencies_nargs=0
 _shtab_ahriman_daemon___no_dependencies_nargs=0
+_shtab_ahriman_daemon___dry_run_nargs=0
+_shtab_ahriman_daemon___increment_nargs=0
+_shtab_ahriman_daemon___no_increment_nargs=0
 _shtab_ahriman_daemon___local_nargs=0
 _shtab_ahriman_daemon___no_local_nargs=0
 _shtab_ahriman_daemon___manual_nargs=0
 _shtab_ahriman_daemon___no_manual_nargs=0
+_shtab_ahriman_daemon___partitions_nargs=0
+_shtab_ahriman_daemon___no_partitions_nargs=0
 _shtab_ahriman_daemon___vcs_nargs=0
 _shtab_ahriman_daemon___no_vcs_nargs=0
 _shtab_ahriman_daemon__y_nargs=0
@@ -330,6 +356,8 @@ _shtab_ahriman_repo_update__h_nargs=0
 _shtab_ahriman_repo_update___help_nargs=0
 _shtab_ahriman_repo_update___aur_nargs=0
 _shtab_ahriman_repo_update___no_aur_nargs=0
+_shtab_ahriman_repo_update___changes_nargs=0
+_shtab_ahriman_repo_update___no_changes_nargs=0
 _shtab_ahriman_repo_update___dependencies_nargs=0
 _shtab_ahriman_repo_update___no_dependencies_nargs=0
 _shtab_ahriman_repo_update___dry_run_nargs=0
@@ -350,6 +378,8 @@ _shtab_ahriman_update__h_nargs=0
 _shtab_ahriman_update___help_nargs=0
 _shtab_ahriman_update___aur_nargs=0
 _shtab_ahriman_update___no_aur_nargs=0
+_shtab_ahriman_update___changes_nargs=0
+_shtab_ahriman_update___no_changes_nargs=0
 _shtab_ahriman_update___dependencies_nargs=0
 _shtab_ahriman_update___no_dependencies_nargs=0
 _shtab_ahriman_update___dry_run_nargs=0
@@ -568,6 +598,15 @@ _set_new_action() {
 #     ${!x} -> ${hello} -> "world"
 _shtab_ahriman() {
   local completing_word="${COMP_WORDS[COMP_CWORD]}"
+  local completed_positional_actions
+  local current_action
+  local current_action_args_start_index
+  local current_action_choices
+  local current_action_compgen
+  local current_action_is_positional
+  local current_action_nargs
+  local current_option_strings
+  local sub_parsers
   COMPREPLY=()
 
   local prefix=_shtab_ahriman

package/share/man/man1/ahriman.1

@@ -1,9 +1,9 @@
-.TH AHRIMAN "1" "2023\-11\-13" "ahriman" "Generated Python Manual"
+.TH AHRIMAN "1" "2024\-01\-12" "ahriman" "Generated Python Manual"
 .SH NAME
 ahriman
 .SH SYNOPSIS
 .B ahriman
-[-h] [-a ARCHITECTURE] [-c CONFIGURATION] [--force] [-l LOCK] [--log-handler {console,syslog,journald}] [-q] [--report | --no-report] [-r REPOSITORY] [--unsafe] [-V] [--wait-timeout WAIT_TIMEOUT] {aur-search,search,help-commands-unsafe,help,help-updates,help-version,version,package-add,add,package-update,package-remove,remove,package-status,status,package-status-remove,package-status-update,status-update,patch-add,patch-list,patch-remove,patch-set-add,repo-backup,repo-check,check,repo-create-keyring,repo-create-mirrorlist,repo-daemon,daemon,repo-rebuild,rebuild,repo-remove-unknown,remove-unknown,repo-report,report,repo-restore,repo-sign,sign,repo-status-update,repo-sync,sync,repo-tree,repo-triggers,repo-update,update,service-clean,clean,repo-clean,service-config,config,repo-config,service-config-validate,config-validate,repo-config-validate,service-key-import,key-import,service-repositories,service-run,run,service-setup,init,repo-init,repo-setup,setup,service-shell,shell,service-tree-migrate,user-add,user-list,user-remove,web} ...
+[-h] [-a ARCHITECTURE] [-c CONFIGURATION] [--force] [-l LOCK] [--log-handler {console,syslog,journald}] [-q] [--report | --no-report] [-r REPOSITORY] [--unsafe] [-V] [--wait-timeout WAIT_TIMEOUT] {aur-search,search,help-commands-unsafe,help,help-updates,help-version,version,package-add,add,package-update,package-changes,package-changes-remove,package-remove,remove,package-status,status,package-status-remove,package-status-update,status-update,patch-add,patch-list,patch-remove,patch-set-add,repo-backup,repo-check,check,repo-create-keyring,repo-create-mirrorlist,repo-daemon,daemon,repo-rebuild,rebuild,repo-remove-unknown,remove-unknown,repo-report,report,repo-restore,repo-sign,sign,repo-status-update,repo-sync,sync,repo-tree,repo-triggers,repo-update,update,service-clean,clean,repo-clean,service-config,config,repo-config,service-config-validate,config-validate,repo-config-validate,service-key-import,key-import,service-repositories,service-run,run,service-setup,init,repo-init,repo-setup,setup,service-shell,shell,service-tree-migrate,user-add,user-list,user-remove,web} ...
 .SH DESCRIPTION
 ArcH linux ReposItory MANager
 
@@ -74,6 +74,12 @@ application version
 \fBahriman\fR \fI\,package\-add\/\fR
 add package
 .TP
+\fBahriman\fR \fI\,package\-changes\/\fR
+get package changes
+.TP
+\fBahriman\fR \fI\,package\-changes\-remove\/\fR
+remove package changes
+.TP
 \fBahriman\fR \fI\,package\-remove\/\fR
 remove package
 .TP
@@ -285,6 +291,29 @@ build as user
 \fB\-v\fR \fI\,VARIABLE\/\fR, \fB\-\-variable\fR \fI\,VARIABLE\/\fR
 apply specified makepkg variables to the next build
 
+.SH COMMAND \fI\,'ahriman package\-changes'\/\fR
+usage: ahriman package\-changes [\-h] [\-e] package
+
+retrieve package changes stored in database
+
+.TP
+\fBpackage\fR
+package base
+
+.SH OPTIONS \fI\,'ahriman package\-changes'\/\fR
+.TP
+\fB\-e\fR, \fB\-\-exit\-code\fR
+return non\-zero exit status if result is empty
+
+.SH COMMAND \fI\,'ahriman package\-changes\-remove'\/\fR
+usage: ahriman package\-changes\-remove [\-h] package
+
+remove the package changes stored remotely
+
+.TP
+\fBpackage\fR
+package base
+
 .SH COMMAND \fI\,'ahriman package\-remove'\/\fR
 usage: ahriman package\-remove [\-h] package [package ...]
 
@@ -418,7 +447,7 @@ backup repository settings and database
 path of the output archive
 
 .SH COMMAND \fI\,'ahriman repo\-check'\/\fR
-usage: ahriman repo\-check [\-h] [\-e] [\-\-vcs | \-\-no\-vcs] [\-y] [package ...]
+usage: ahriman repo\-check [\-h] [\-\-changes | \-\-no\-changes] [\-e] [\-\-vcs | \-\-no\-vcs] [\-y] [package ...]
 
 check for packages updates. Same as repo\-update \-\-dry\-run \-\-no\-manual
 
@@ -427,6 +456,10 @@ check for packages updates. Same as repo\-update \-\-dry\-run \-\-no\-manual
 filter check by package base
 
 .SH OPTIONS \fI\,'ahriman repo\-check'\/\fR
+.TP
+\fB\-\-changes\fR, \fB\-\-no\-changes\fR
+calculate changes from the latest known commit if available. Only applicable in dry run mode
+
 .TP
 \fB\-e\fR, \fB\-\-exit\-code\fR
 return non\-zero exit status if result is empty
@@ -450,8 +483,10 @@ usage: ahriman repo\-create\-mirrorlist [\-h]
 create package which contains list of available mirrors as set by configuration. Note, that this action will only create package, the package itself has to be built manually
 
 .SH COMMAND \fI\,'ahriman repo\-daemon'\/\fR
-usage: ahriman repo\-daemon [\-h] [\-i INTERVAL] [\-\-aur | \-\-no\-aur] [\-\-dependencies | \-\-no\-dependencies]
-                           [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual] [\-\-vcs | \-\-no\-vcs] [\-y]
+usage: ahriman repo\-daemon [\-h] [\-i INTERVAL] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes]
+                           [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run] [\-\-increment | \-\-no\-increment]
+                           [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual] [\-\-partitions | \-\-no\-partitions]
+                           [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
 
 start process which periodically will run update process
 
@@ -464,10 +499,22 @@ interval between runs in seconds
 \fB\-\-aur\fR, \fB\-\-no\-aur\fR
 enable or disable checking for AUR updates
 
+.TP
+\fB\-\-changes\fR, \fB\-\-no\-changes\fR
+calculate changes from the latest known commit if available. Only applicable in dry run mode
+
 .TP
 \fB\-\-dependencies\fR, \fB\-\-no\-dependencies\fR
 process missing package dependencies
 
+.TP
+\fB\-\-dry\-run\fR
+just perform check for updates, same as check command
+
+.TP
+\fB\-\-increment\fR, \fB\-\-no\-increment\fR
+increment package release (pkgrel) on duplicate
+
 .TP
 \fB\-\-local\fR, \fB\-\-no\-local\fR
 enable or disable checking of local packages for updates
@@ -476,6 +523,14 @@ enable or disable checking of local packages for updates
 \fB\-\-manual\fR, \fB\-\-no\-manual\fR
 include or exclude manual updates
 
+.TP
+\fB\-\-partitions\fR, \fB\-\-no\-partitions\fR
+instead of updating whole repository, split updates into chunks
+
+.TP
+\fB\-u\fR \fI\,USERNAME\/\fR, \fB\-\-username\fR \fI\,USERNAME\/\fR
+build as user
+
 .TP
 \fB\-\-vcs\fR, \fB\-\-no\-vcs\fR
 fetch actual version of VCS packages
@@ -594,9 +649,9 @@ run triggers on empty build result as configured by settings
 instead of running all triggers as set by configuration, just process specified ones in order of mention
 
 .SH COMMAND \fI\,'ahriman repo\-update'\/\fR
-usage: ahriman repo\-update [\-h] [\-\-aur | \-\-no\-aur] [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run] [\-e]
-                           [\-\-increment | \-\-no\-increment] [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual] [\-u USERNAME]
-                           [\-\-vcs | \-\-no\-vcs] [\-y]
+usage: ahriman repo\-update [\-h] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes] [\-\-dependencies | \-\-no\-dependencies]
+                           [\-\-dry\-run] [\-e] [\-\-increment | \-\-no\-increment] [\-\-local | \-\-no\-local]
+                           [\-\-manual | \-\-no\-manual] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
                            [package ...]
 
 check for packages updates and run build process if requested
@@ -610,6 +665,10 @@ filter check by package base
 \fB\-\-aur\fR, \fB\-\-no\-aur\fR
 enable or disable checking for AUR updates
 
+.TP
+\fB\-\-changes\fR, \fB\-\-no\-changes\fR
+calculate changes from the latest known commit if available. Only applicable in dry run mode
+
 .TP
 \fB\-\-dependencies\fR, \fB\-\-no\-dependencies\fR
 process missing package dependencies

package/share/zsh/site-functions/_ahriman

@@ -19,6 +19,8 @@ _shtab_ahriman_commands() {
     "init:create initial service configuration, requires root"
     "key-import:import PGP key from public sources to the repository user"
     "package-add:add existing or new package to the build queue"
+    "package-changes:retrieve package changes stored in database"
+    "package-changes-remove:remove the package changes stored remotely"
     "package-remove:remove package from the repository"
     "package-status:request status of the package"
     "package-status-remove:remove the package from the status page"
@@ -117,6 +119,7 @@ _shtab_ahriman_aur_search_options=(
 
 _shtab_ahriman_check_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
+  {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
   {--vcs,--no-vcs}"[fetch actual version of VCS packages (default\: True)]:vcs:"
   "*"{-y,--refresh}"[download fresh package databases from the mirror before actions, -yy to force refresh even if up to date (default\: False)]"
@@ -149,9 +152,14 @@ _shtab_ahriman_daemon_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-i,--interval}"[interval between runs in seconds (default\: 43200)]:interval:"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
+  {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
+  "--dry-run[just perform check for updates, same as check command (default\: False)]"
+  {--increment,--no-increment}"[increment package release (pkgrel) on duplicate (default\: True)]:increment:"
   {--local,--no-local}"[enable or disable checking of local packages for updates (default\: True)]:local:"
   {--manual,--no-manual}"[include or exclude manual updates (default\: True)]:manual:"
+  {--partitions,--no-partitions}"[instead of updating whole repository, split updates into chunks (default\: True)]:partitions:"
+  {-u,--username}"[build as user (default\: None)]:username:"
   {--vcs,--no-vcs}"[fetch actual version of VCS packages (default\: True)]:vcs:"
   "*"{-y,--refresh}"[download fresh package databases from the mirror before actions, -yy to force refresh even if up to date (default\: False)]"
 )
@@ -210,6 +218,17 @@ _shtab_ahriman_package_add_options=(
   "(*):package source (base name, path to local files, remote URL):"
 )
 
+_shtab_ahriman_package_changes_options=(
+  "(- : *)"{-h,--help}"[show this help message and exit]"
+  {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
+  ":package base:"
+)
+
+_shtab_ahriman_package_changes_remove_options=(
+  "(- : *)"{-h,--help}"[show this help message and exit]"
+  ":package base:"
+)
+
 _shtab_ahriman_package_remove_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "(*):package name or base:"
@@ -302,6 +321,7 @@ _shtab_ahriman_repo_backup_options=(
 
 _shtab_ahriman_repo_check_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
+  {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
   {--vcs,--no-vcs}"[fetch actual version of VCS packages (default\: True)]:vcs:"
   "*"{-y,--refresh}"[download fresh package databases from the mirror before actions, -yy to force refresh even if up to date (default\: False)]"
@@ -342,9 +362,14 @@ _shtab_ahriman_repo_daemon_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-i,--interval}"[interval between runs in seconds (default\: 43200)]:interval:"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
+  {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
+  "--dry-run[just perform check for updates, same as check command (default\: False)]"
+  {--increment,--no-increment}"[increment package release (pkgrel) on duplicate (default\: True)]:increment:"
   {--local,--no-local}"[enable or disable checking of local packages for updates (default\: True)]:local:"
   {--manual,--no-manual}"[include or exclude manual updates (default\: True)]:manual:"
+  {--partitions,--no-partitions}"[instead of updating whole repository, split updates into chunks (default\: True)]:partitions:"
+  {-u,--username}"[build as user (default\: None)]:username:"
   {--vcs,--no-vcs}"[fetch actual version of VCS packages (default\: True)]:vcs:"
   "*"{-y,--refresh}"[download fresh package databases from the mirror before actions, -yy to force refresh even if up to date (default\: False)]"
 )
@@ -434,6 +459,7 @@ _shtab_ahriman_repo_triggers_options=(
 _shtab_ahriman_repo_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
+  {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
   "--dry-run[just perform check for updates, same as check command (default\: False)]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -574,6 +600,7 @@ _shtab_ahriman_sync_options=(
 _shtab_ahriman_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
+  {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
   "--dry-run[just perform check for updates, same as check command (default\: False)]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -644,6 +671,8 @@ _shtab_ahriman() {
         init) _arguments -C -s $_shtab_ahriman_init_options ;;
         key-import) _arguments -C -s $_shtab_ahriman_key_import_options ;;
         package-add) _arguments -C -s $_shtab_ahriman_package_add_options ;;
+        package-changes) _arguments -C -s $_shtab_ahriman_package_changes_options ;;
+        package-changes-remove) _arguments -C -s $_shtab_ahriman_package_changes_remove_options ;;
         package-remove) _arguments -C -s $_shtab_ahriman_package_remove_options ;;
         package-status) _arguments -C -s $_shtab_ahriman_package_status_options ;;
         package-status-remove) _arguments -C -s $_shtab_ahriman_package_status_remove_options ;;

pylint_plugins/definition_order.py

@@ -25,19 +25,19 @@ from pylint.lint import PyLinter
 from typing import Any
 
 
-class MethodTypeOrder(StrEnum):
+class MethodType(StrEnum):
     """
     method type enumeration
 
     Attributes:
-        Class(MethodTypeOrder): (class attribute) class method
-        Delete(MethodTypeOrder): (class attribute) destructor-like methods
-        Init(MethodTypeOrder): (class attribute) initialization method
-        Magic(MethodTypeOrder): (class attribute) other magical methods
-        New(MethodTypeOrder): (class attribute) constructor method
-        Normal(MethodTypeOrder): (class attribute) usual method
-        Property(MethodTypeOrder): (class attribute) property method
-        Static(MethodTypeOrder): (class attribute) static method
+        Class(MethodType): (class attribute) class method
+        Delete(MethodType): (class attribute) destructor-like methods
+        Init(MethodType): (class attribute) initialization method
+        Magic(MethodType): (class attribute) other magical methods
+        New(MethodType): (class attribute) constructor method
+        Normal(MethodType): (class attribute) usual method
+        Property(MethodType): (class attribute) property method
+        Static(MethodType): (class attribute) static method
     """
 
     Class = "classmethod"
@@ -59,20 +59,20 @@ class DefinitionOrder(BaseRawFileChecker):
     """
 
     DECORATED_METHODS_ORDER = {
-        "cached_property": MethodTypeOrder.Property,
-        "classmethod": MethodTypeOrder.Class,
-        "property": MethodTypeOrder.Property,
-        "staticmethod": MethodTypeOrder.Static,
+        "cached_property": MethodType.Property,
+        "classmethod": MethodType.Class,
+        "property": MethodType.Property,
+        "staticmethod": MethodType.Static,
     }
 
-    name = "method-ordering"
     msgs = {
         "W6001": (
             "Invalid method order %s, expected %s",
             "methods-out-of-order",
             "Methods are defined out of recommended order.",
-        )
+        ),
     }
+    name = "method-ordering"
     options = (
         (
             "method-type-order",
@@ -114,7 +114,7 @@ class DefinitionOrder(BaseRawFileChecker):
         return list(filter(is_defined_function, source))
 
     @staticmethod
-    def resolve_type(function: nodes.FunctionDef) -> MethodTypeOrder:
+    def resolve_type(function: nodes.FunctionDef) -> MethodType:
         """
         resolve type of the function
 
@@ -122,15 +122,15 @@ class DefinitionOrder(BaseRawFileChecker):
             function(nodes.FunctionDef): function definition
 
         Returns:
-            MethodTypeOrder: resolved function type
+            MethodType: resolved function type
         """
         # init methods
         if function.name in ("__init__", "__post_init__"):
-            return MethodTypeOrder.Init
+            return MethodType.Init
         if function.name in ("__new__",):
-            return MethodTypeOrder.New
+            return MethodType.New
         if function.name in ("__del__",):
-            return MethodTypeOrder.Delete
+            return MethodType.Delete
 
         # decorated methods
         decorators = []
@@ -142,10 +142,10 @@ class DefinitionOrder(BaseRawFileChecker):
 
         # magic methods
         if function.name.startswith("__") and function.name.endswith("__"):
-            return MethodTypeOrder.Magic
+            return MethodType.Magic
 
         # normal method
-        return MethodTypeOrder.Normal
+        return MethodType.Normal
 
     def check_class(self, clazz: nodes.ClassDef) -> None:
         """
@@ -184,7 +184,7 @@ class DefinitionOrder(BaseRawFileChecker):
         try:
             function_type_index = self.linter.config.method_type_order.index(function_type)
         except ValueError:
-            function_type_index = 10  # not in the list
+            function_type_index = len(self.linter.config.method_type_order)  # not in the list
 
         return function_type_index, function.name
 

pylint_plugins/import_order.py

@@ -0,0 +1,196 @@
+#
+# Copyright (c) 2021-2023 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+from astroid import nodes
+from collections.abc import Iterable
+from enum import StrEnum
+from pylint.checkers import BaseRawFileChecker
+from pylint.lint import PyLinter
+from typing import Any
+
+
+class ImportType(StrEnum):
+    """
+    import type enumeration
+
+    Attributes:
+        Package(MethodTypeOrder): (class attribute) package import
+        PackageFrom(MethodTypeOrder): (class attribute) package import, from clause
+        System(ImportType): (class attribute) system installed packages
+        SystemFrom(MethodTypeOrder): (class attribute) system installed packages, from clause
+    """
+
+    Package = "package"
+    PackageFrom = "package-from"
+    System = "system"
+    SystemFrom = "system-from"
+
+
+class ImportOrder(BaseRawFileChecker):
+    """
+    check if imports are defined in recommended order
+    """
+
+    msgs = {
+        "W6002": (
+            "Invalid import order %s, expected before %s",
+            "imports-out-of-order",
+            "Imports are defined out of recommended order.",
+        ),
+        "W6003": (
+            "Import contains more than one package: %s",
+            "multiple-package-imports",
+            "Multiple package imports are not allowed.",
+        ),
+        "W6004": (
+            "Invalid from import order %s, expected %s",
+            "from-imports-out-of-order",
+            "From imports are defined out of recommended order.",
+        ),
+    }
+    name = "import-ordering"
+    options = (
+        (
+            "import-type-order",
+            {
+                "default": [
+                    "system",
+                    "system-from",
+                    "package",
+                    "package-from",
+                ],
+                "type": "csv",
+                "metavar": "<comma-separated types>",
+                "help": "Import types order to check.",
+            },
+        ),
+        (
+            "root-module",
+            {
+                "default": "ahriman",
+                "type": "string",
+                "help": "Root module name",
+            }
+        )
+    )
+
+    @staticmethod
+    def imports(source: Iterable[Any], start_lineno: int = 0) -> list[nodes.Import | nodes.ImportFrom]:
+        """
+        extract import nodes from list of raw nodes
+
+        Args:
+            source(Iterable[Any]): all available nodes
+            start_lineno(int, optional): minimal allowed line number (Default value = 0)
+
+        Returns:
+            list[nodes.Import | nodes.ImportFrom]: list of import nodes
+        """
+
+        def is_defined_import(imports: Any) -> bool:
+            return isinstance(imports, (nodes.Import, nodes.ImportFrom)) \
+                and imports.lineno is not None \
+                and imports.lineno >= start_lineno
+
+        return list(filter(is_defined_import, source))
+
+    def check_from_imports(self, imports: nodes.ImportFrom) -> None:
+        """
+        check import from statement
+
+        Args:
+            imports(nodes.ImportFrom): import from node
+        """
+        imported = [names for names, _ in imports.names]
+        for real, expected in zip(imported, sorted(imported)):
+            if real == expected:
+                continue
+            self.add_message("from-imports-out-of-order", line=imports.lineno, args=(real, expected))
+            break
+
+    def check_imports(self, imports: list[nodes.Import | nodes.ImportFrom], root_package: str) -> None:
+        """
+        check imports
+
+        Args:
+            imports(list[nodes.Import | nodes.ImportFrom]): list of imports in their defined order
+            root_package(str): root package name
+        """
+        last_statement: tuple[int, str] | None = None
+
+        for statement in imports:
+            # define types and perform specific checks
+            if isinstance(statement, nodes.ImportFrom):
+                import_name = statement.modname
+                root, *_ = import_name.split(".", maxsplit=1)
+                import_type = ImportType.PackageFrom if root_package == root else ImportType.SystemFrom
+                # check from import itself
+                self.check_from_imports(statement)
+            else:
+                import_name = next(name for name, _ in statement.names)
+                root, *_ = import_name.split(".", maxsplit=1)[0]
+                import_type = ImportType.Package if root_package == root else ImportType.System
+                # check import itself
+                self.check_package_imports(statement)
+
+            # extract index
+            try:
+                import_type_index = self.linter.config.import_type_order.index(import_type)
+            except ValueError:
+                import_type_index = len(self.linter.config.import_type_order)
+
+            # check ordering if possible
+            if last_statement is not None:
+                _, last_statement_name = last_statement
+                if last_statement > (import_type_index, import_name):
+                    self.add_message("imports-out-of-order", line=statement.lineno,
+                                     args=(import_name, last_statement_name))
+
+            # update the last value
+            last_statement = import_type_index, import_name
+
+    def check_package_imports(self, imports: nodes.Import) -> None:
+        """
+        check package import
+
+        Args:
+            imports(nodes.Import): package import node
+        """
+        if len(imports.names) != 1:
+            self.add_message("multiple-package-imports", line=imports.lineno, args=(imports.names,))
+
+    def process_module(self, node: nodes.Module) -> None:
+        """
+        process module
+
+        Args:
+            node(nodes.Module): module node to check
+        """
+        root_module, *_ = node.qname().split(".")
+        self.check_imports(self.imports(node.values()), root_module)
+
+
+def register(linter: PyLinter) -> None:
+    """
+    register custom checker
+
+    Args:
+        linter(PyLinter): linter in which checker should be registered
+    """
+    linter.register_checker(ImportOrder(linter))

pyproject.toml

@@ -8,7 +8,8 @@ name = "ahriman"
 description = "ArcH linux ReposItory MANager"
 readme = "README.md"
 
-requires-python = ">=3.11"
+# Actually we are using features from the latest python, however, ubuntu, which is used for CI doesn't have it
+requires-python = ">=3"
 
 license = {file = "COPYING"}
 authors = [
@@ -76,9 +77,20 @@ web = [
     "aiohttp-apispec",
     "aiohttp_cors",
     "aiohttp_jinja2",
-    "aiohttp_debugtoolbar",
     "aiohttp_session",
     "aiohttp_security",
     "cryptography",
     "requests-unixsocket",  # required by unix socket support
 ]
+
+[tool.flit.sdist]
+include = [
+    "AUTHORS",
+    "CONTRIBUTING.md",
+    "SECURITY.md",
+    "package",
+    "web.png",
+]
+exclude = [
+    "package/archlinux",
+]

recipes/README.md

@@ -0,0 +1,17 @@
+# Recipes
+
+Collection of the examples of docker compose configuration files, which covers some specific cases. Not for production use.
+
+## Configurations
+
+* [Check](check): double process service; one with periodic checks (automatic build disabled) and other one is with the web service.
+* [Daemon](daemon): service with periodic repository checks.
+* [Distributed](distributed): cluster of three nodes, one with web interface and two workers which are responsible for build process.
+* [Distributed manual](distributed-manual): same as [distributed](distributed), but two nodes and update process must be run on worker node manually.
+* [i686](i686): non-x86_64 architecture setup.
+* [Index](index): repository with index page generator enabled.
+* [Multi repo](multirepo): run web service with two separated repositories.
+* [OAuth](oauth): web service with OAuth (GitHub provider) authentication enabled.
+* [Pull](pull): normal service, but in addition with pulling packages from another source (e.g. GitHub repository).
+* [Sign](sign): create repository with database signing.
+* [Web](web): simple web service with authentication enabled.

recipes/check/README.md

@@ -0,0 +1,7 @@
+# Check
+
+1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
+2. Setup repository named `ahriman-demo` with architecture `x86_64`.
+3. Start web server at port `8080`.
+4. Start periodic updates check as separated container without building.
+5. Repository is available at `http://localhost:8080/repo`.

recipes/check/compose.yml

@@ -0,0 +1,86 @@
+services:
+  backend:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
+      AHRIMAN_PORT: 8080
+      AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+    secrets:
+      - password
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    healthcheck:
+      test: curl --fail --silent --output /dev/null http://backend:8080/api/v1/info
+      interval: 10s
+      start_period: 30s
+
+    command: web
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+  worker:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    depends_on:
+      backend:
+        condition: service_healthy
+
+    command: repo-daemon --dry-run
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+
+secrets:
+  password:
+    environment: AHRIMAN_PASSWORD
+
+volumes:
+  repository:

recipes/check/nginx.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarder-Proto $scheme;
+
+        proxy_pass http://backend:8080;
+    }
+}

recipes/check/service.ini

@@ -0,0 +1,2 @@
+[auth]
+target = configuration

recipes/daemon/README.md

@@ -0,0 +1,5 @@
+# Daemon
+
+1. Setup repository named `ahriman-demo` with architecture `x86_64`.
+2. Start service in daemon mode with periodic (once per day) repository update.
+3. Repository is available at `http://localhost:8080/repo`.

recipes/daemon/compose.yml

@@ -0,0 +1,42 @@
+services:
+  backend:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_REPOSITORY: ahriman-demo
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    command: repo-daemon
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+configs:
+  nginx:
+    file: nginx.conf
+
+volumes:
+  repository:

recipes/daemon/nginx.conf

@@ -0,0 +1,9 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+}

recipes/distributed-manual/README.md

@@ -0,0 +1,8 @@
+# Distributed manual
+
+1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
+2. Setup repository named `ahriman-demo` with architecture `x86_64`.
+3. Start web server at port `8080`.
+4. Start service in daemon mode with periodic (once per day) repository update.
+5. All updates from worker daemon instance are uploaded to the web service.
+6. Repository is available at `http://localhost:8080/repo`.

recipes/distributed-manual/compose.yml

@@ -0,0 +1,82 @@
+services:
+  backend:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
+      AHRIMAN_PORT: 8080
+      AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+    secrets:
+      - password
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    healthcheck:
+      test: curl --fail --silent --output /dev/null http://backend:8080/api/v1/info
+      interval: 10s
+      start_period: 30s
+
+    command: web
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+  worker:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_REPOSITORY_SERVER: http://frontend/repo/$$repo/$$arch
+
+    configs:
+      - source: worker
+        target: /etc/ahriman.ini.d/99-settings.ini
+
+    command: daemon
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+  worker:
+    file: worker.ini
+
+secrets:
+  password:
+    environment: AHRIMAN_PASSWORD
+
+volumes:
+  repository:

recipes/distributed-manual/nginx.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarder-Proto $scheme;
+
+        proxy_pass http://backend:8080;
+    }
+}

recipes/distributed-manual/service.ini

@@ -0,0 +1,6 @@
+[auth]
+target = configuration
+
+[web]
+enable_archive_upload = yes
+wait_timeout = 0

recipes/distributed-manual/worker.ini

@@ -0,0 +1,19 @@
+[build]
+triggers = ahriman.core.gitremote.RemotePullTrigger ahriman.core.upload.UploadTrigger ahriman.core.report.ReportTrigger ahriman.core.gitremote.RemotePushTrigger
+
+[status]
+address = http://backend:8080
+username = demo
+password = $AHRIMAN_PASSWORD
+
+[report]
+target = remote-call
+
+[remote-call]
+manual = yes
+wait_timeout = 0
+
+[upload]
+target = remote-service
+
+[remote-service]

recipes/distributed/README.md

@@ -0,0 +1,11 @@
+# Distributed
+
+1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
+2. Setup repository named `ahriman-demo` with architecture `x86_64`.
+3. Start web server at port `8080`.
+4. Start two workers.
+5. All updates triggered by the web server will be passed to workers.
+6. All updates from worker instances are uploaded to the web service.
+7. Repository is available at `http://localhost:8080/repo`.
+
+In this example, worker list is automatically defined based on the addresses they reported. 

recipes/distributed/compose.yml

@@ -0,0 +1,99 @@
+services:
+  backend:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
+      AHRIMAN_PORT: 8080
+      AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+    secrets:
+      - password
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    healthcheck:
+      test: curl --fail --silent --output /dev/null http://backend:8080/api/v1/info
+      interval: 10s
+      start_period: 30s
+
+    command: web
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+  worker:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    deploy:
+      mode: replicated
+      replicas: 2
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
+      AHRIMAN_PORT: 8080
+      AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_REPOSITORY_SERVER: http://frontend/repo/$$repo/$$arch
+
+    configs:
+      - source: worker
+        target: /etc/ahriman.ini.d/99-settings.ini
+    secrets:
+      - password
+
+    healthcheck:
+      test: curl --fail --silent --output /dev/null http://worker:8080/api/v1/info
+      interval: 10s
+      start_period: 30s
+
+    depends_on:
+      backend:
+        condition: service_healthy
+
+    command: web
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+  worker:
+    file: worker.ini
+
+secrets:
+  password:
+    environment: AHRIMAN_PASSWORD
+
+volumes:
+  repository:

recipes/distributed/nginx.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarder-Proto $scheme;
+
+        proxy_pass http://backend:8080;
+    }
+}

recipes/distributed/service.ini

@@ -0,0 +1,13 @@
+[auth]
+target = configuration
+
+[build]
+triggers = ahriman.core.distributed.WorkerLoaderTrigger ahriman.core.gitremote.RemotePullTrigger ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger ahriman.core.gitremote.RemotePushTrigger
+
+[status]
+username = demo
+password = $AHRIMAN_PASSWORD
+
+[web]
+enable_archive_upload = yes
+wait_timeout = 0

recipes/distributed/worker.ini

@@ -0,0 +1,25 @@
+[auth]
+target = configuration
+
+[build]
+triggers = ahriman.core.distributed.WorkerTrigger ahriman.core.upload.UploadTrigger ahriman.core.report.ReportTrigger
+
+[status]
+address = http://backend:8080
+username = demo
+password = $AHRIMAN_PASSWORD
+
+[report]
+target = remote-call
+
+[remote-call]
+manual = yes
+wait_timeout = 0
+
+[upload]
+target = remote-service
+
+[remote-service]
+
+[worker]
+address = http://$HOSTNAME:8080

recipes/i686/Dockerfile

@@ -0,0 +1,9 @@
+FROM arcan1s/ahriman:edge
+
+ENV ARCH32_KEYRING_VERSION="20231126-1.0"
+
+RUN pacman-key --init
+
+RUN pacman -Sy --noconfirm wget && \
+    wget -nv https://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-${ARCH32_KEYRING_VERSION}-any.pkg.tar.zst && \
+    pacman -U --noconfirm archlinux32-keyring-${ARCH32_KEYRING_VERSION}-any.pkg.tar.zst

recipes/i686/README.md

@@ -0,0 +1,9 @@
+# i686
+
+This example uses hybrid setup from FAQ, because archlinux32 has outdated devtools package. So it distributes custom `makepkg.conf` and `pacman.conf` (which are copied from archlinux32 package) and builds custom image with archlinux32 keyring.
+
+1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
+2. Build image from distributed `Dockerfile`.
+3. Setup repository named `ahriman-demo` with architecture `i686`.
+4. Start web server at port `8080`.
+5. Repository is available at `http://localhost:8080/repo`.

recipes/i686/compose.yml

@@ -0,0 +1,75 @@
+services:
+  backend:
+    image: ahriman-i686
+    build: .
+    privileged: true
+
+    environment:
+      AHRIMAN_ARCHITECTURE: i686
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_MULTILIB:
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PACMAN_MIRROR: https://de.mirror.archlinux32.org/$$arch/$$repo
+      AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
+      AHRIMAN_PORT: 8080
+      AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
+
+    configs:
+      - source: makepkg
+        target: /usr/share/devtools/makepkg.conf.d/i686.conf
+      - source: pacman
+        target: /usr/share/devtools/pacman.conf.d/extra-i686.conf
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+    secrets:
+      - password
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    healthcheck:
+      test: curl --fail --silent --output /dev/null http://backend:8080/api/v1/info
+      interval: 10s
+      start_period: 30s
+
+    command: web
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+configs:
+  makepkg:
+    file: makepkg.conf
+  nginx:
+    file: nginx.conf
+  pacman:
+    file: pacman.conf
+  service:
+    file: service.ini
+
+secrets:
+  password:
+    environment: AHRIMAN_PASSWORD
+
+volumes:
+  repository:

recipes/i686/makepkg.conf

@@ -0,0 +1,162 @@
+#!/hint/bash
+# shellcheck disable=2034
+
+#
+# /etc/makepkg.conf
+#
+
+#########################################################################
+# SOURCE ACQUISITION
+#########################################################################
+#
+#-- The download utilities that makepkg should use to acquire sources
+#  Format: 'protocol::agent'
+DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
+          'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
+          'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
+          'rsync::/usr/bin/rsync --no-motd -z %u %o'
+          'scp::/usr/bin/scp -C %u %o')
+
+# Other common tools:
+# /usr/bin/snarf
+# /usr/bin/lftpget -c
+# /usr/bin/wget
+
+#-- The package required by makepkg to download VCS sources
+#  Format: 'protocol::package'
+VCSCLIENTS=('bzr::bzr'
+            'fossil::fossil'
+            'git::git'
+            'hg::mercurial'
+            'svn::subversion')
+
+#########################################################################
+# ARCHITECTURE, COMPILE FLAGS
+#########################################################################
+#
+CARCH="i686"
+CHOST="i686-pc-linux-gnu"
+
+#-- Compiler and Linker Flags
+#CPPFLAGS=""
+CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
+        -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
+        -fstack-clash-protection "
+CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
+LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+LTOFLAGS="-flto=auto"
+#RUSTFLAGS="-C opt-level=2"
+#-- Make Flags: change this for DistCC/SMP systems
+#MAKEFLAGS="-j2"
+#-- Debugging flags
+DEBUG_CFLAGS="-g"
+DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
+#DEBUG_RUSTFLAGS="-C debuginfo=2"
+
+#########################################################################
+# BUILD ENVIRONMENT
+#########################################################################
+#
+# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
+#  A negated environment option will do the opposite of the comments below.
+#
+#-- distcc:   Use the Distributed C/C++/ObjC compiler
+#-- color:    Colorize output messages
+#-- ccache:   Use ccache to cache compilation
+#-- check:    Run the check() function if present in the PKGBUILD
+#-- sign:     Generate PGP signature file
+#
+BUILDENV=(!distcc color !ccache check !sign)
+#
+#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
+#-- specify a space-delimited list of hosts running in the DistCC cluster.
+#DISTCC_HOSTS=""
+#
+#-- Specify a directory for package building.
+#BUILDDIR=/tmp/makepkg
+
+#########################################################################
+# GLOBAL PACKAGE OPTIONS
+#   These are default values for the options=() settings
+#########################################################################
+#
+# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto)
+#  A negated option will do the opposite of the comments below.
+#
+#-- strip:      Strip symbols from binaries/libraries
+#-- docs:       Save doc directories specified by DOC_DIRS
+#-- libtool:    Leave libtool (.la) files in packages
+#-- staticlibs: Leave static library (.a) files in packages
+#-- emptydirs:  Leave empty directories in packages
+#-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
+#-- purge:      Remove files specified by PURGE_TARGETS
+#-- debug:      Add debugging flags as specified in DEBUG_* variables
+#-- lto:        Add compile flags for building with link time optimization
+#
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge debug lto)
+
+#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
+INTEGRITY_CHECK=(sha256)
+#-- Options to be used when stripping binaries. See `man strip' for details.
+STRIP_BINARIES="--strip-all"
+#-- Options to be used when stripping shared libraries. See `man strip' for details.
+STRIP_SHARED="--strip-unneeded"
+#-- Options to be used when stripping static libraries. See `man strip' for details.
+STRIP_STATIC="--strip-debug"
+#-- Manual (man and info) directories to compress (if zipman is specified)
+MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
+#-- Doc directories to remove (if !docs is specified)
+DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
+#-- Files to be removed from all packages (if purge is specified)
+PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
+#-- Directory to store source code in for debug packages
+DBGSRCDIR="/usr/src/debug"
+
+#########################################################################
+# PACKAGE OUTPUT
+#########################################################################
+#
+# Default: put built package and cached source in build directory
+#
+#-- Destination: specify a fixed directory where all packages will be placed
+#PKGDEST=/home/packages
+#-- Source cache: specify a fixed directory where source files will be cached
+#SRCDEST=/home/sources
+#-- Source packages: specify a fixed directory where all src packages will be placed
+#SRCPKGDEST=/home/srcpackages
+#-- Log files: specify a fixed directory where all log files will be placed
+#LOGDEST=/home/makepkglogs
+#-- Packager: name/email of the person or organization building packages
+#PACKAGER="John Doe <john@doe.com>"
+#-- Specify a key to use for package signing
+#GPGKEY=""
+
+#########################################################################
+# COMPRESSION DEFAULTS
+#########################################################################
+#
+COMPRESSGZ=(gzip -c -f -n)
+COMPRESSBZ2=(bzip2 -c -f)
+COMPRESSXZ=(xz -c -z -)
+COMPRESSZST=(zstd -c -T0 --ultra -20 -)
+COMPRESSLRZ=(lrzip -q)
+COMPRESSLZO=(lzop -q)
+COMPRESSZ=(compress -c -f)
+COMPRESSLZ4=(lz4 -q)
+COMPRESSLZ=(lzip -c -f)
+
+#########################################################################
+# EXTENSION DEFAULTS
+#########################################################################
+#
+PKGEXT='.pkg.tar.zst'
+SRCEXT='.src.tar.gz'
+
+#########################################################################
+# OTHER
+#########################################################################
+#
+#-- Command used to run pacman as root, instead of trying sudo and su
+#PACMAN_AUTH=()
+# vim: set ft=sh ts=2 sw=2 et:

recipes/i686/nginx.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarder-Proto $scheme;
+
+        proxy_pass http://backend:8080;
+    }
+}

recipes/i686/pacman.conf

@@ -0,0 +1,92 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+Architecture = i686
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+NoProgressBar
+# We cannot check disk space from within a chroot environment
+#CheckSpace
+VerbosePkgLists
+ParallelDownloads = 5
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[testing]
+#Include = /etc/pacman.d/mirrorlist
+
+#[community-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs

recipes/i686/service.ini

@@ -0,0 +1,2 @@
+[auth]
+target = configuration

recipes/index/README.md

@@ -0,0 +1,6 @@
+# Index
+
+1. Setup repository named `ahriman-demo` with architecture `x86_64`.
+2. Generate index page. 
+3. Repository is available at `http://localhost:8080/repo`.
+4. Index page is available at `http://localhost:8080/repo/ahriman-demo/x86_64/index.html`

recipes/index/compose.yml

@@ -0,0 +1,48 @@
+services:
+  backend:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_REPOSITORY: ahriman-demo
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    command: repo-report
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+
+volumes:
+  repository:

recipes/index/nginx.conf

@@ -0,0 +1,9 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+}

recipes/index/service.ini

@@ -0,0 +1,6 @@
+[report]
+target = html
+
+[html]
+path = /var/lib/ahriman/ahriman/repository/ahriman-demo/x86_64/index.html
+link_path = http://localhost:8080/repo/ahriman-demo/x86_64

recipes/multirepo/README.md

@@ -0,0 +1,7 @@
+# Multirepo
+
+1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
+2. Setup repository named `ahriman-demo` with architecture `x86_64`.
+3. Setup additional repository named `another-demo` with architecture `x86_64`.
+4. Start web server at port `8080`.
+5. Repository is available at `http://localhost:8080/repo`.

recipes/multirepo/compose.yml

@@ -0,0 +1,64 @@
+services:
+  backend:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
+      AHRIMAN_PORT: 8080
+      AHRIMAN_POSTSETUP_COMMAND: ahriman --architecture x86_64 --repository another-demo service-setup --build-as-user ahriman --packager 'ahriman bot <ahriman@example.com>'
+      AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+    secrets:
+      - password
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    healthcheck:
+      test: curl --fail --silent --output /dev/null http://backend:8080/api/v1/info
+      interval: 10s
+      start_period: 30s
+
+    command: web
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+
+secrets:
+  password:
+    environment: AHRIMAN_PASSWORD
+
+volumes:
+  repository:

recipes/multirepo/nginx.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarder-Proto $scheme;
+
+        proxy_pass http://backend:8080;
+    }
+}

recipes/multirepo/service.ini

@@ -0,0 +1,2 @@
+[auth]
+target = configuration

recipes/oauth/README.md

@@ -0,0 +1,15 @@
+# OAuth
+
+1. Create user from `AHRIMAN_OAUTH_USER` environment variable (same as GitHub user).
+2. Configure OAuth to use GitHub provider with client ID and secret specified in variables `AHRIMAN_OAUTH_CLIENT_ID` and `AHRIMAN_OAUTH_CLIENT_SECRET` variables respectively.   
+3. Setup repository named `ahriman-demo` with architecture `x86_64`.
+4. Start web server at port `8080`.
+5. Repository is available at `http://localhost:8080/repo`.
+
+Before you start, you need to create an application. It can be done by:
+
+1. Go to `https://github.com/settings/applications/new`
+2. Set application name and its homepage.
+3. Set callback url to `http://localhost:8080/api/v1/login`
+4. Copy Client ID.
+5. Generate new client secret and copy it.

recipes/oauth/compose.yml

@@ -0,0 +1,58 @@
+services:
+  backend:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OAUTH_CLIENT_ID: ${AHRIMAN_OAUTH_CLIENT_ID}
+      AHRIMAN_OAUTH_CLIENT_SECRET: ${AHRIMAN_OAUTH_CLIENT_SECRET}
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PORT: 8080
+      AHRIMAN_PRESETUP_COMMAND: sudo -u ahriman ahriman user-add ${AHRIMAN_OAUTH_USER} -R full -p ""
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    healthcheck:
+      test: curl --fail --silent --output /dev/null http://backend:8080/api/v1/info
+      interval: 10s
+      start_period: 30s
+
+    command: web
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+
+volumes:
+  repository:

recipes/oauth/nginx.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarder-Proto $scheme;
+
+        proxy_pass http://backend:8080;
+    }
+}

recipes/oauth/service.ini

@@ -0,0 +1,11 @@
+[auth]
+target = oauth
+client_id = $AHRIMAN_OAUTH_CLIENT_ID
+client_secret = $AHRIMAN_OAUTH_CLIENT_SECRET
+
+oauth_icon = github
+oauth_provider = GithubClient
+oauth_scopes = read:user
+
+[web]
+address = http://localhost:8080

recipes/pull/README.md

@@ -0,0 +1,6 @@
+# Pull
+
+1. Setup repository named `ahriman-demo` with architecture `x86_64`.
+2. Pull repository with custom packages.
+3. Run update process.
+4. Repository is available at `http://localhost:8080/repo`.

recipes/pull/compose.yml

@@ -0,0 +1,46 @@
+services:
+  backend:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_REPOSITORY: ahriman-demo
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+
+volumes:
+  repository:

recipes/pull/nginx.conf

@@ -0,0 +1,9 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+}

recipes/pull/service.ini

@@ -0,0 +1,5 @@
+[remote-pull]
+target = gitremote
+
+[gitremote]
+pull_url = https://git.arcanis.me/arcanis/ahriman-local-packages.git

recipes/sign/README.md

@@ -0,0 +1,13 @@
+# Sign
+
+This example uses generated key. It can be generated as:
+
+```shell
+gpg --full-generate-key
+gpg --export-secret-keys -a <...> > repository-sign.gpg
+```
+
+1. Setup repository named `ahriman-demo` with architecture `x86_64`.
+2. Sing repository database with the distributed key.
+3. Start service in daemon mode with periodic (once per day) repository update.
+4. Repository is available at `http://localhost:8080/repo`.

recipes/sign/compose.yml

@@ -0,0 +1,55 @@
+services:
+  backend:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PRESETUP_COMMAND: sudo -u ahriman gpg --import /run/secrets/key
+      AHRIMAN_REPOSITORY: ahriman-demo
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+    secrets:
+      - key
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    command: repo-daemon
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+
+secrets:
+  key:
+    file: repository-sign.gpg
+
+volumes:
+  repository: