feat: add support of pam authentication

Add naive implementation of user password check by calling su command.
Also change some authentication method to require username to be string
instead of optional string

.github/workflows/setup.sh

@@ -10,9 +10,9 @@ echo -e '[arcanisrepo]\nServer = https://repo.arcanis.me/$arch\nSigLevel = Never
 # refresh the image
 pacman -Syu --noconfirm
 # main dependencies
-pacman -Sy --noconfirm devtools git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo python-systemd sudo
+pacman -Sy --noconfirm devtools git pyalpm python-cerberus python-inflection python-passlib python-pyelftools python-requests python-srcinfo python-systemd sudo
 # make dependencies
-pacman -Sy --noconfirm python-build python-flit python-installer python-tox python-wheel
+pacman -Sy --noconfirm --asdeps base-devel python-build python-flit python-installer python-tox python-wheel
 # optional dependencies
 if [[ -z $MINIMAL_INSTALL ]]; then
     # VCS support
@@ -32,10 +32,13 @@ mv dist/ahriman-*.tar.gz package/archlinux
 chmod +777 package/archlinux  # because fuck you that's why
 cd package/archlinux
 sudo -u nobody -- makepkg -cf --skipchecksums --noconfirm
-sudo -u nobody -- makepkg --packagelist | pacman -U --noconfirm -
+sudo -u nobody -- makepkg --packagelist | grep -v -- -debug- | pacman -U --noconfirm -
 # create machine-id which is required by build tools
 systemd-machine-id-setup
 
+# remove unused dependencies
+pacman -Qdtq | pacman -Rscn --noconfirm -
+
 # initial setup command as root
 [[ -z $MINIMAL_INSTALL ]] && WEB_ARGS=("--web-port" "8080")
 ahriman -a x86_64 -r "github" service-setup --packager "ahriman bot <ahriman@example.com>" "${WEB_ARGS[@]}"
@@ -50,7 +53,7 @@ if [[ -z $MINIMAL_INSTALL ]]; then
     WEB_PID=$!
 fi
 # add the first package
-sudo -u ahriman -- ahriman package-add --now ahriman
+sudo -u ahriman -- ahriman --log-handler console package-add --now ahriman
 # check if package was actually installed
 test -n "$(find "/var/lib/ahriman/repository/github/x86_64" -name "ahriman*pkg*")"
 # run package check

.readthedocs.yml

@@ -3,7 +3,7 @@ version: 2
 build:
   os: ubuntu-20.04
   tools:
-    python: "3.11"
+    python: "3.12"
 
 python:
   install:

Dockerfile

@@ -32,11 +32,11 @@ RUN useradd -m -d "/home/build" -s "/usr/bin/nologin" build && \
 COPY "docker/install-aur-package.sh" "/usr/local/bin/install-aur-package"
 ## install package dependencies
 ## darcs is not installed by reasons, because it requires a lot haskell packages which dramatically increase image size
-RUN pacman -Sy --noconfirm --asdeps devtools git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo && \
-    pacman -Sy --noconfirm --asdeps python-build python-flit python-installer python-wheel && \
-    pacman -Sy --noconfirm --asdeps breezy git mercurial python-aiohttp python-boto3 python-cryptography python-jinja python-requests-unixsocket python-systemd rsync subversion && \
-    runuser -u build -- install-aur-package python-aioauth-client python-aiohttp-apispec-git python-aiohttp-cors \
-                                            python-aiohttp-jinja2 python-aiohttp-session python-aiohttp-security
+RUN pacman -Sy --noconfirm --asdeps devtools git pyalpm python-cerberus python-inflection python-passlib python-pyelftools python-requests python-srcinfo && \
+    pacman -Sy --noconfirm --asdeps base-devel python-build python-flit python-installer python-wheel && \
+    pacman -Sy --noconfirm --asdeps breezy git mercurial python-aiohttp python-boto3 python-cryptography python-jinja python-systemd rsync subversion && \
+    runuser -u build -- install-aur-package python-aioauth-client python-webargs python-aiohttp-apispec-git python-aiohttp-cors \
+                                            python-aiohttp-jinja2 python-aiohttp-session python-aiohttp-security python-requests-unixsocket2
 
 ## FIXME since 1.0.4 devtools requires dbus to be run, which doesn't work now in container
 COPY "docker/systemd-nspawn.sh" "/usr/local/bin/systemd-nspawn"

docker/install-aur-package.sh

@@ -6,7 +6,7 @@ for PACKAGE in "$@"; do
     BUILD_DIR="$(mktemp -d)"
     git clone https://aur.archlinux.org/"$PACKAGE".git "$BUILD_DIR"
     cd "$BUILD_DIR"
-    makepkg --noconfirm --install --rmdeps --syncdeps
+    makepkg --nocheck --noconfirm --install --rmdeps --syncdeps
     cd /
     rm -r "$BUILD_DIR"
 done

docs/ahriman.core.alpm.rst

@@ -20,6 +20,14 @@ ahriman.core.alpm.pacman module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.alpm.pacman\_database module
+-----------------------------------------
+
+.. automodule:: ahriman.core.alpm.pacman_database
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.core.alpm.repo module
 -----------------------------
 

docs/ahriman.core.database.migrations.rst

@@ -108,6 +108,14 @@ ahriman.core.database.migrations.m012\_last\_commit\_sha module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.database.migrations.m013\_dependencies module
+----------------------------------------------------------
+
+.. automodule:: ahriman.core.database.migrations.m013_dependencies
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 Module contents
 ---------------
 

docs/ahriman.core.database.operations.rst

@@ -28,6 +28,14 @@ ahriman.core.database.operations.changes\_operations module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.database.operations.dependencies\_operations module
+----------------------------------------------------------------
+
+.. automodule:: ahriman.core.database.operations.dependencies_operations
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.core.database.operations.logs\_operations module
 --------------------------------------------------------
 

docs/ahriman.core.rst

@@ -52,10 +52,10 @@ ahriman.core.tree module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.core.util module
-------------------------
+ahriman.core.utils module
+-------------------------
 
-.. automodule:: ahriman.core.util
+.. automodule:: ahriman.core.utils
    :members:
    :no-undoc-members:
    :show-inheritance:

docs/ahriman.core.status.rst

@@ -12,6 +12,14 @@ ahriman.core.status.client module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.status.local\_client module
+----------------------------------------
+
+.. automodule:: ahriman.core.status.local_client
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.core.status.watcher module
 ----------------------------------
 

docs/ahriman.models.rst

@@ -60,6 +60,22 @@ ahriman.models.counters module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.models.dependencies module
+----------------------------------
+
+.. automodule:: ahriman.models.dependencies
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.models.filesystem\_package module
+-----------------------------------------
+
+.. automodule:: ahriman.models.filesystem_package
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.models.internal\_status module
 --------------------------------------
 
@@ -108,6 +124,14 @@ ahriman.models.package module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.models.package\_archive module
+--------------------------------------
+
+.. automodule:: ahriman.models.package_archive
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.models.package\_description module
 ------------------------------------------
 

docs/ahriman.web.schemas.rst

@@ -44,6 +44,14 @@ ahriman.web.schemas.counters\_schema module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.web.schemas.dependencies\_schema module
+-----------------------------------------------
+
+.. automodule:: ahriman.web.schemas.dependencies_schema
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.web.schemas.error\_schema module
 ----------------------------------------
 
@@ -156,6 +164,14 @@ ahriman.web.schemas.package\_status\_schema module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.web.schemas.package\_version\_schema module
+---------------------------------------------------
+
+.. automodule:: ahriman.web.schemas.package_version_schema
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.web.schemas.pagination\_schema module
 ---------------------------------------------
 

docs/ahriman.web.views.v1.packages.rst

@@ -0,0 +1,69 @@
+ahriman.web.views.v1.packages package
+=====================================
+
+Submodules
+----------
+
+ahriman.web.views.v1.packages.changes module
+--------------------------------------------
+
+.. automodule:: ahriman.web.views.v1.packages.changes
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.web.views.v1.packages.dependencies module
+-------------------------------------------------
+
+.. automodule:: ahriman.web.views.v1.packages.dependencies
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.web.views.v1.packages.logs module
+-----------------------------------------
+
+.. automodule:: ahriman.web.views.v1.packages.logs
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.web.views.v1.packages.package module
+--------------------------------------------
+
+.. automodule:: ahriman.web.views.v1.packages.package
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.web.views.v1.packages.packages module
+---------------------------------------------
+
+.. automodule:: ahriman.web.views.v1.packages.packages
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.web.views.v1.packages.patch module
+------------------------------------------
+
+.. automodule:: ahriman.web.views.v1.packages.patch
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.web.views.v1.packages.patches module
+--------------------------------------------
+
+.. automodule:: ahriman.web.views.v1.packages.patches
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: ahriman.web.views.v1.packages
+   :members:
+   :no-undoc-members:
+   :show-inheritance:

docs/ahriman.web.views.v1.rst

@@ -8,6 +8,7 @@ Subpackages
    :maxdepth: 4
 
    ahriman.web.views.v1.distributed
+   ahriman.web.views.v1.packages
    ahriman.web.views.v1.service
    ahriman.web.views.v1.status
    ahriman.web.views.v1.user

docs/ahriman.web.views.v1.status.rst

@@ -4,14 +4,6 @@ ahriman.web.views.v1.status package
 Submodules
 ----------
 
-ahriman.web.views.v1.status.changes module
-------------------------------------------
-
-.. automodule:: ahriman.web.views.v1.status.changes
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 ahriman.web.views.v1.status.info module
 ---------------------------------------
 
@@ -20,46 +12,6 @@ ahriman.web.views.v1.status.info module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.web.views.v1.status.logs module
----------------------------------------
-
-.. automodule:: ahriman.web.views.v1.status.logs
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
-ahriman.web.views.v1.status.package module
-------------------------------------------
-
-.. automodule:: ahriman.web.views.v1.status.package
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
-ahriman.web.views.v1.status.packages module
--------------------------------------------
-
-.. automodule:: ahriman.web.views.v1.status.packages
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
-ahriman.web.views.v1.status.patch module
-----------------------------------------
-
-.. automodule:: ahriman.web.views.v1.status.patch
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
-ahriman.web.views.v1.status.patches module
-------------------------------------------
-
-.. automodule:: ahriman.web.views.v1.status.patches
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 ahriman.web.views.v1.status.repositories module
 -----------------------------------------------
 

docs/ahriman.web.views.v2.packages.rst

@@ -0,0 +1,21 @@
+ahriman.web.views.v2.packages package
+=====================================
+
+Submodules
+----------
+
+ahriman.web.views.v2.packages.logs module
+-----------------------------------------
+
+.. automodule:: ahriman.web.views.v2.packages.logs
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+Module contents
+---------------
+
+.. automodule:: ahriman.web.views.v2.packages
+   :members:
+   :no-undoc-members:
+   :show-inheritance:

docs/ahriman.web.views.v2.rst

@@ -7,7 +7,7 @@ Subpackages
 .. toctree::
    :maxdepth: 4
 
-   ahriman.web.views.v2.status
+   ahriman.web.views.v2.packages
 
 Module contents
 ---------------

docs/ahriman.web.views.v2.status.rst

@@ -1,21 +0,0 @@
-ahriman.web.views.v2.status package
-===================================
-
-Submodules
-----------
-
-ahriman.web.views.v2.status.logs module
----------------------------------------
-
-.. automodule:: ahriman.web.views.v2.status.logs
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
-Module contents
----------------
-
-.. automodule:: ahriman.web.views.v2.status
-   :members:
-   :no-undoc-members:
-   :show-inheritance:

docs/architecture.rst

@@ -192,6 +192,7 @@ Idea is to add package to a build queue from which it will be handled automatica
 
 * If supplied argument is file, then application moves the file to the directory with built packages. Same rule applies for directory, but in this case it copies every package-like file from the specified directory.
 * If supplied argument is directory and there is ``PKGBUILD`` file there, it will be treated as local package. In this case it will queue this package to build and copy source files (``PKGBUILD`` and ``.SRCINFO``) to caches.
+* If supplied argument looks like URL (i.e. it has scheme - e.g. ``http://`` which is neither ``data`` nor ``file``), it tries to download the package from the specified remote source.
 * If supplied argument is not file then application tries to lookup for the specified name in AUR and clones it into the directory with manual updates. This scenario can also handle package dependencies which are missing in repositories.
 
 This logic can be overwritten by specifying the ``source`` parameter, which is partially useful if you would like to add package from AUR, but there is local directory cloned from AUR. Also official repositories calls are hidden behind explicit source definition.
@@ -206,10 +207,20 @@ Remove packages
 
 This flow removes package from filesystem, updates repository database and also runs synchronization and reporting methods.
 
+Check outdated packages
+^^^^^^^^^^^^^^^^^^^^^^^
+
+There are few ways for packages to be marked as out-of-date and hence requiring rebuild. Those are following:
+
+#. User requested update of the package. It can be caused by calling ``package-add`` subcommand (or ``package-update`` with arguments).
+#. The most common way for packages to be marked as out-of-dated is that the version in AUR (or the official repositories) is newer than in the repository.
+#. In addition to the above, if package is named as VCS (e.g. has suffix ``-git``) and the last update was more than specified threshold ago, the service will also try to fetch sources and check if the revision is newer than the built one.
+#. In addition, there is ability to check if the dependencies of the package have been updated (e.g. if linked library has been renamed or the modules directory - e.g. in case of python and ruby packages - has been changed). And if so, the package will be marked as out-of-dated as well.
+
 Update packages
 ^^^^^^^^^^^^^^^
 
-This feature is divided into to the following stages: check AUR for updates and run rebuild for required packages. Whereas check does not do anything except for check itself, update flow is the following:
+This feature is divided into to the following stages: check AUR for updates and run rebuild for required packages. The package update flow is the following:
 
 #. Process every built package first. Those packages are usually added manually.
 #. Run sync and report methods.
@@ -259,6 +270,24 @@ The application is able to automatically bump package release (``pkgrel``) durin
 #. If it has ``major.minor`` notation (e.g. ``1.1``), then increment last part by 1, e.g. ``1.1 -> 1.2``, ``1.0.1 -> 1.0.2``.
 #. If ``pkgrel`` is a number (e.g. ``1``), then append 1 to the end of the string, e.g. ``1 -> 1.1``.
 
+Implicit dependencies resolution
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In addition to the depends/optional/make/check depends lists the server also handles implicit dependencies. After success build, the application traverse through the build tree and finds
+
+* Libraries to which the binaries (ELF-files) are linked. To do so, the ``NEEDED`` section of the ELF-files are read.
+* Directories which contains files of the package, but do not belong to this package. This case covers, for example, python and ruby submodules.
+
+Having the initial dependencies tree, the application is looking for packages which contains those (both files and directories) paths and creates the initial packages list. After that, the packages list is reduced in the following way:
+
+* From any leaf exclude the package itself and possible debug packages.
+* If the entry (i.e. file or directory) belongs to the package which is in base group, it will be removed.
+* If there is a package which depends on the another package which provide the same entry, the package will be removed.
+* After that, if there is a package which *optionally* depends on the another package in the remaining list, the package will be removed.
+* And finally, if there is any path, which is the child of the entry, and it contains the same package, the package from the smaller entry will be removed.
+
+All those implicit dependencies are stored in the database and extracted on each check. In case if any of the repository packages doesn't contain any entry anymore (e.g. so version has been changed or modules directory has been changed), the dependent package will be marked as out-of-dated.
+
 Core functions reference
 ------------------------
 
@@ -366,7 +395,7 @@ Web application requires the following python packages to be installed:
 * Additional web features also require ``aiohttp-apispec`` (autogenerated documentation), ``aiohttp_cors`` (CORS support, required by documentation).
 * In addition, authorization feature requires ``aiohttp_security``, ``aiohttp_session`` and ``cryptography``.
 * In addition to base authorization dependencies, OAuth2 also requires ``aioauth-client`` library.
-* In addition if you would like to disable authorization for local access (recommended way in order to run the application itself with reporting support), the ``requests-unixsocket`` library is required.
+* In addition if you would like to disable authorization for local access (recommended way in order to run the application itself with reporting support), the ``requests-unixsocket2`` library is required.
 
 Middlewares
 ^^^^^^^^^^^

docs/configuration.rst

@@ -53,6 +53,7 @@ libalpm and AUR related configuration. Group name can refer to architecture, e.g
 * ``mirror`` - package database mirror used by pacman for synchronization, string, required. This option supports standard pacman substitutions with ``$arch`` and ``$repo``. Note that the mentioned mirror should contain all repositories which are set by ``alpm.repositories`` option.
 * ``repositories`` - list of pacman repositories, used for package search, space separated list of strings, required.
 * ``root`` - root for alpm library, string, required. In the most cases it must point to the system root.
+* ``sync_files_database`` - download files database from mirror, boolean, required.
 * ``use_ahriman_cache`` - use local pacman package cache instead of system one, boolean, required. With this option enabled you might want to refresh database periodically (available as additional flag for some subcommands). If set to ``no``, databases must be synchronized manually.
 
 ``auth`` group
@@ -60,15 +61,17 @@ libalpm and AUR related configuration. Group name can refer to architecture, e.g
 
 Base authorization settings. ``OAuth`` provider requires ``aioauth-client`` library to be installed.
 
-* ``target`` - specifies authorization provider, string, optional, default ``disabled``. Allowed values are ``disabled``, ``configuration``, ``oauth``.
+* ``target`` - specifies authorization provider, string, optional, default ``disabled``. Allowed values are ``disabled``, ``configuration``, ``oauth``, ``pam``.
 * ``allow_read_only`` - allow requesting status APIs without authorization, boolean, required.
 * ``client_id`` - OAuth2 application client ID, string, required in case if ``oauth`` is used.
 * ``client_secret`` - OAuth2 application client secret key, string, required in case if ``oauth`` is used.
 * ``cookie_secret_key`` - secret key which will be used for cookies encryption, string, optional. It must be 32 bytes URL-safe base64-encoded and can be generated as following ``base64.urlsafe_b64encode(os.urandom(32)).decode("utf8")``. If not set, it will be generated automatically; note, however, that in this case, all sessions will be automatically invalidated during the service restart.
+* ``full_access_group`` - name of the secondary group (e.g. ``wheel``) to be used as admin group in the service, string, required in case if ``pam`` is used.
 * ``max_age`` - parameter which controls both cookie expiration and token expiration inside the service in seconds, integer, optional, default is 7 days.
 * ``oauth_icon`` - OAuth2 login button icon, string, optional, default is ``google``. Must be valid `Bootstrap icon <https://icons.getbootstrap.com/>`__ name.
 * ``oauth_provider`` - OAuth2 provider class name as is in ``aioauth-client`` (e.g. ``GoogleClient``, ``GithubClient`` etc), string, required in case if ``oauth`` is used.
 * ``oauth_scopes`` - scopes list for OAuth2 provider, which will allow retrieving user email (which is used for checking user permissions), e.g. ``https://www.googleapis.com/auth/userinfo.email`` for ``GoogleClient`` or ``user:email`` for ``GithubClient``, space separated list of strings, required in case if ``oauth`` is used.
+* ``permit_root_login`` - allow login as root user, boolean, optional, default ``no``.
 * ``salt`` - additional password hash salt, string, optional.
 
 Authorized users are stored inside internal database, if any of external providers (e.g. ``oauth``) are used, the password field for non-service users must be empty.
@@ -81,6 +84,7 @@ Build related configuration. Group name can refer to architecture, e.g. ``build:
 * ``archbuild_flags`` - additional flags passed to ``archbuild`` command, space separated list of strings, optional.
 * ``build_command`` - default build command, string, required.
 * ``ignore_packages`` - list packages to ignore during a regular update (manual update will still work), space separated list of strings, optional.
+* ``include_debug_packages`` - distribute debug packages, boolean, optional, default ``yes``.
 * ``makepkg_flags`` - additional flags passed to ``makepkg`` command, space separated list of strings, optional.
 * ``makechrootpkg_flags`` - additional flags passed to ``makechrootpkg`` command, space separated list of strings, optional.
 * ``triggers`` - list of ``ahriman.core.triggers.Trigger`` class implementation (e.g. ``ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger``) which will be loaded and run at the end of processing, space separated list of strings, optional. You can also specify triggers by their paths, e.g. ``/usr/lib/python3.10/site-packages/ahriman/core/report/report.py.ReportTrigger``. Triggers are run in the order of definition.

docs/faq.rst

@@ -208,6 +208,18 @@ This command will prompt for new value of the PKGBUILD variable ``version``. You
 
    sudo -u ahriman ahriman patch-add ahriman version version.patch
 
+The command also supports arrays, but in this case you need to specify full array, e.g.
+
+.. code-block:: shell
+
+   sudo -u ahriman ahriman patch-add ahriman depends
+
+   Post new function or variable value below. Press Ctrl-D to finish:
+   (python python-aiohttp)
+   ^D
+
+will set depends PKGBUILD variable (exactly) to array ``["python", "python-aiohttp"]``.
+
 Alternatively you can create full-diff patches, which are calculated by using ``git diff`` from current PKGBUILD master branch:
 
 #.
@@ -463,7 +475,7 @@ The following environment variables are supported:
 * ``AHRIMAN_REPOSITORY`` - repository name, default is ``aur-clone``.
 * ``AHRIMAN_REPOSITORY_SERVER`` - optional override for the repository URL. Useful if you would like to download packages from remote instead of local filesystem.
 * ``AHRIMAN_REPOSITORY_ROOT`` - repository root. Because of filesystem rights it is required to override default repository root. By default, it uses ``ahriman`` directory inside ahriman's home, which can be passed as mount volume.
-* ``AHRIMAN_UNIX_SOCKET`` - full path to unix socket which is used by web server, default is empty. Note that more likely you would like to put it inside ``AHRIMAN_REPOSITORY_ROOT`` directory (e.g. ``/var/lib/ahriman/ahriman/ahriman-web.sock``) or to ``/tmp``.
+* ``AHRIMAN_UNIX_SOCKET`` - full path to unix socket which is used by web server, default is empty. Note that more likely you would like to put it inside ``AHRIMAN_REPOSITORY_ROOT`` directory (e.g. ``/var/lib/ahriman/ahriman/ahriman-web.sock``) or to ``/run/ahriman``.
 * ``AHRIMAN_USER`` - ahriman user, usually must not be overwritten, default is ``ahriman``.
 * ``AHRIMAN_VALIDATE_CONFIGURATION`` - if set (default) validate service configuration.
 
@@ -1301,12 +1313,12 @@ How to enable basic authorization
    The ``salt`` parameter is optional, but recommended, and can be set to any (random) string.
 
 #.
-   In order to provide access for reporting from application instances you can (the recommended way) use unix sockets by the following configuration (note, that it requires ``python-requests-unixsocket`` package to be installed):
+   In order to provide access for reporting from application instances you can (the recommended way) use unix sockets by the following configuration (note, that it requires ``python-requests-unixsocket2`` package to be installed):
 
    .. code-block:: ini
 
       [web]
-      unix_socket = /var/lib/ahriman/ahriman-web.sock
+      unix_socket = /run/ahriman/ahriman-web.sock
 
    This socket path must be available for web service instance and must be available for all application instances (e.g. in case if you are using docker container - see above - you need to make sure that the socket is passed to the root filesystem).
 

package/archlinux/PKGBUILD

@@ -1,13 +1,13 @@
 # Maintainer: Evgeniy Alekseev
 
 pkgname='ahriman'
-pkgver=2.13.0
+pkgver=2.13.8
 pkgrel=1
 pkgdesc="ArcH linux ReposItory MANager"
 arch=('any')
 url="https://github.com/arcan1s/ahriman"
 license=('GPL3')
-depends=('devtools>=1:1.0.0' 'git' 'pyalpm' 'python-cerberus' 'python-inflection' 'python-passlib' 'python-requests' 'python-srcinfo')
+depends=('devtools>=1:1.0.0' 'git' 'pyalpm' 'python-cerberus' 'python-inflection' 'python-passlib' 'python-pyelftools' 'python-requests' 'python-srcinfo')
 makedepends=('python-build' 'python-flit' 'python-installer' 'python-wheel')
 optdepends=('breezy: -bzr packages support'
             'darcs: -darcs packages support'
@@ -21,7 +21,7 @@ optdepends=('breezy: -bzr packages support'
             'python-aiohttp-session: web server with authorization'
             'python-boto3: sync to s3'
             'python-cryptography: web server with authorization'
-            'python-requests-unixsocket: client report to web server by unix socket'
+            'python-requests-unixsocket2: client report to web server by unix socket'
             'python-jinja: html report generation'
             'python-systemd: journal support'
             'rsync: sync by using rsync'

package/archlinux/ahriman.tmpfiles

@@ -1 +1,2 @@
-d /var/lib/ahriman 0755 ahriman ahriman
+d /var/lib/ahriman 0755 ahriman ahriman
+d /run/ahriman 0755 ahriman ahriman

package/share/ahriman/settings/ahriman.ini

@@ -17,6 +17,8 @@ mirror = https://geo.mirror.pkgbuild.com/$repo/os/$arch
 repositories = core extra multilib
 ; Pacman's root directory. In the most cases it must point to the system root.
 root = /
+; Sync files databases too, which is required by deep dependencies check
+sync_files_database = yes
 ; Use local packages cache. If this option is enabled, the service will be able to synchronize databases (available
 ; as additional option for some subcommands). If set to no, databases must be synchronized manually.
 use_ahriman_cache = yes
@@ -32,6 +34,8 @@ allow_read_only = yes
 ; Cookie secret key to be used for cookies encryption. Must be valid 32 bytes URL-safe base64-encoded string.
 ; If not set, it will be generated automatically.
 ;cookie_secret_key =
+; Name of the secondary group to be used as admin group in the service.
+;full_access_group = wheel
 ; Authentication cookie expiration in seconds.
 ;max_age = 604800
 ; OAuth2 provider icon for the web interface.
@@ -40,14 +44,20 @@ allow_read_only = yes
 ;oauth_provider = GoogleClient
 ; Scopes list for OAuth2 provider. Required if oauth is used.
 ;oauth_scopes = https://www.googleapis.com/auth/userinfo.email
+; Allow login as root user (only if PAM is used).
+;permit_root_login = no
 ; Optional password salt.
 ;salt =
 
 [build]
 ; List of additional flags passed to archbuild command.
 ;archbuild_flags =
+; Path to build command
+;build_command =
 ; List of packages to be ignored during automatic updates.
 ;ignore_packages =
+; Include debug packages
+;include_debug_packages = yes
 ; List of additional flags passed to makechrootpkg command.
 ;makechrootpkg_flags =
 ; List of additional flags passed to makepkg command.

package/share/ahriman/templates/api.jinja2

@@ -6,8 +6,8 @@
 
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <!-- Embed elements Elements via Web Component -->
-    <script src="https://cdn.jsdelivr.net/npm/@stoplight/elements@7.13.7/web-components.min.js" integrity="sha384-aKMPitODat9Dqj3Mva9Rs9jS5Z3KPSW0sFlAOazuULJMFYhAfmORI5SlH9aWIst8" crossorigin="anonymous" type="application/javascript"></script>
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@stoplight/elements@7.13.7/styles.min.css" integrity="sha384-wPzTs1aFAoGq9gqp9NAs2YVTkFXcU2d6Bx11aKRFhVw2B7o1bCwaV9pGHTlUfD2+" crossorigin="anonymous" type="text/css">
+    <script src="https://cdn.jsdelivr.net/npm/@stoplight/elements@7.13.7/web-components.min.js" crossorigin="anonymous" type="application/javascript"></script>
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@stoplight/elements@7.13.7/styles.min.css" crossorigin="anonymous" type="text/css">
 </head>
 <body>
 

package/share/ahriman/templates/build-status.jinja2

@@ -15,7 +15,7 @@
 
         <div class="container">
             <nav class="navbar navbar-expand-lg">
-                <div class="navbar-brand"><img src="/static/logo.svg" width="30" height="30" alt=""> ahriman</div>
+                <div class="navbar-brand"><img src="/static/logo.svg" width="30" height="30" alt=""></div>
                 <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#repositories-navbar-supported-content" aria-controls="repositories-navbar-supported-content" aria-expanded="false" aria-label="Toggle navigation">
                     <span class="navbar-toggler-icon"></span>
                 </button>

package/share/ahriman/templates/build-status/alerts.jinja2

@@ -21,7 +21,7 @@
 
         alertPlaceholder.append(wrapper);
         const toast = new bootstrap.Toast(wrapper);
-        wrapper.addEventListener("hidden.bs.toast", () => {
+        wrapper.addEventListener("hidden.bs.toast", _ => {
             wrapper.remove();  // bootstrap doesn't remove elements
             (action || reload)();
         });

package/share/ahriman/templates/build-status/key-import-modal.jinja2

@@ -38,10 +38,6 @@
 <script>
     const keyImportModal = $("#key-import-modal");
     const keyImportForm = $("#key-import-form");
-    keyImportModal.on("hidden.bs.modal", () => {
-        keyImportBodyInput.text("");
-        keyImportForm.trigger("reset");
-    });
 
     const keyImportBodyInput = $("#key-import-body-input");
     const keyImportCopyButton = $("#key-import-copy-button");
@@ -90,4 +86,11 @@
             });
         }
     }
+
+    $(_ => {
+        keyImportModal.on("hidden.bs.modal", _ => {
+            keyImportBodyInput.text("");
+            keyImportForm.trigger("reset");
+        });
+    });
 </script>

package/share/ahriman/templates/build-status/login-modal.jinja2

@@ -36,9 +36,6 @@
 <script>
     const loginModal = $("#login-modal");
     const loginForm = $("#login-form");
-    loginModal.on("hidden.bs.modal", () => {
-        loginForm.trigger("reset");
-    });
 
     const loginPasswordInput = $("#login-password");
     const loginUsernameInput = $("#login-username");
@@ -56,10 +53,13 @@
                 contentType: "application/json",
                 success: _ => {
                     loginModal.modal("hide");
-                    showSuccess("Logged in", `Successfully logged in as ${username}`, () => location.href = "/");
+                    showSuccess("Logged in", `Successfully logged in as ${username}`, _ => location.href = "/");
                 },
                 error: (jqXHR, _, errorThrown) => {
-                    const message = _ => `Could not login as ${username}`;
+                    const message = _ =>
+                        username === "admin" && password === "admin"
+                            ? "You've entered a password for user \"root\", did you make a typo in username?"
+                            : `Could not login as ${username}`;
                     showFailure("Login error", message, jqXHR, errorThrown);
                 },
             });
@@ -77,4 +77,10 @@
             showHidePasswordButton.addClass("bi-eye");
         }
     }
+
+    $(_ => {
+        loginModal.on("hidden.bs.modal", _ => {
+            loginForm.trigger("reset");
+        });
+    });
 </script>

package/share/ahriman/templates/build-status/package-add-modal.jinja2

@@ -43,41 +43,10 @@
 <script>
     const packageAddModal = $("#package-add-modal");
     const packageAddForm = $("#package-add-form");
-    packageAddModal.on("shown.bs.modal", () => {
-        $(`#package-add-repository-input option[value="${repository.architecture}-${repository.repository}"]`).prop("selected", true);
-    });
-    packageAddModal.on("hidden.bs.modal", () => {
-        packageAddVariablesDiv.empty();
-        packageAddForm.trigger("reset");
-    });
 
     const packageAddInput = $("#package-add-input");
     const packageAddRepositoryInput = $("#package-add-repository-input");
     const packageAddKnownPackagesList = $("#package-add-known-packages-dlist");
-    packageAddInput.keyup(() => {
-        clearTimeout(packageAddInput.data("timeout"));
-        packageAddInput.data("timeout", setTimeout($.proxy(() => {
-            const value = packageAddInput.val();
-
-            if (value.length >= 3) {
-                $.ajax({
-                    url: "/api/v1/service/search",
-                    data: {"for": value},
-                    type: "GET",
-                    dataType: "json",
-                    success: response => {
-                        const options = response.map(pkg => {
-                            const option = document.createElement("option");
-                            option.value = pkg.package;
-                            option.innerText = `${pkg.package} (${pkg.description})`;
-                            return option;
-                        });
-                        packageAddKnownPackagesList.empty().append(options);
-                    },
-                });
-            }
-        }, this), 500));
-    });
 
     const packageAddVariablesDiv = $("#package-add-variables-div");
 
@@ -156,4 +125,39 @@
             doPackageAction("/api/v1/service/request", [packages], repository, onSuccess, onFailure, patches);
         }
     }
+
+    $(_ => {
+        packageAddModal.on("shown.bs.modal", _ => {
+            $(`#package-add-repository-input option[value="${repository.architecture}-${repository.repository}"]`).prop("selected", true);
+        });
+        packageAddModal.on("hidden.bs.modal", _ => {
+            packageAddVariablesDiv.empty();
+            packageAddForm.trigger("reset");
+        });
+
+        packageAddInput.keyup(_ => {
+            clearTimeout(packageAddInput.data("timeout"));
+            packageAddInput.data("timeout", setTimeout($.proxy(_ => {
+                const value = packageAddInput.val();
+
+                if (value.length >= 3) {
+                    $.ajax({
+                        url: "/api/v1/service/search",
+                        data: {"for": value},
+                        type: "GET",
+                        dataType: "json",
+                        success: response => {
+                            const options = response.map(pkg => {
+                                const option = document.createElement("option");
+                                option.value = pkg.package;
+                                option.innerText = `${pkg.package} (${pkg.description})`;
+                                return option;
+                            });
+                            packageAddKnownPackagesList.empty().append(options);
+                        },
+                    });
+                }
+            }, this), 500));
+        });
+    });
 </script>

package/share/ahriman/templates/build-status/package-info-modal.jinja2

@@ -72,26 +72,6 @@
     const packageInfoModal = $("#package-info-modal");
     const packageInfoModalHeader = $("#package-info-modal-header");
     const packageInfo = $("#package-info");
-    packageInfoModal.on("hidden.bs.modal", () => {
-        packageInfoAurUrl.empty();
-        packageInfoDepends.empty();
-        packageInfoGroups.empty();
-        packageInfoLicenses.empty();
-        packageInfoPackager.empty();
-        packageInfoPackages.empty();
-        packageInfoUpstreamUrl.empty();
-        packageInfoVersion.empty();
-
-        packageInfoVariablesBlock.attr("hidden", true);
-        packageInfoVariablesDiv.empty();
-
-        packageInfoLogsInput.empty();
-        packageInfoChangesInput.empty();
-
-        packageInfoModal.trigger("reset");
-
-        hideInfoControls(true);
-    });
 
     const packageInfoLogsInput = $("#package-info-logs-input");
     const packageInfoLogsCopyButton = $("#package-info-logs-copy-button");
@@ -309,4 +289,27 @@
 
         if (isPackageBaseSet) packageInfoModal.modal("show");
     }
+
+    $(_ => {
+        packageInfoModal.on("hidden.bs.modal", _ => {
+            packageInfoAurUrl.empty();
+            packageInfoDepends.empty();
+            packageInfoGroups.empty();
+            packageInfoLicenses.empty();
+            packageInfoPackager.empty();
+            packageInfoPackages.empty();
+            packageInfoUpstreamUrl.empty();
+            packageInfoVersion.empty();
+
+            packageInfoVariablesBlock.attr("hidden", true);
+            packageInfoVariablesDiv.empty();
+
+            packageInfoLogsInput.empty();
+            packageInfoChangesInput.empty();
+
+            packageInfoModal.trigger("reset");
+
+            hideInfoControls(true);
+        });
+    });
 </script>

package/share/ahriman/templates/build-status/package-rebuild-modal.jinja2

@@ -35,11 +35,6 @@
 <script>
     const packageRebuildModal = $("#package-rebuild-modal");
     const packageRebuildForm = $("#package-rebuild-form");
-    packageRebuildModal.on("shown.bs.modal", () => {
-        $(`#package-rebuild-repository-input option[value="${repository.architecture}-${repository.repository}"]`).prop("selected", true);
-
-    });
-    packageRebuildModal.on("hidden.bs.modal", () => { packageRebuildForm.trigger("reset"); });
 
     const packageRebuildDependencyInput = $("#package-rebuild-dependency-input");
     const packageRebuildRepositoryInput = $("#package-rebuild-repository-input");
@@ -54,4 +49,12 @@
             doPackageAction("/api/v1/service/rebuild", [packages], repository, onSuccess, onFailure);
         }
     }
+
+    $(_ => {
+        packageRebuildModal.on("shown.bs.modal", _ => {
+            $(`#package-rebuild-repository-input option[value="${repository.architecture}-${repository.repository}"]`).prop("selected", true);
+
+        });
+        packageRebuildModal.on("hidden.bs.modal", _ => { packageRebuildForm.trigger("reset"); });
+    });
 </script>

package/share/ahriman/templates/build-status/table.jinja2

@@ -9,46 +9,8 @@
     const packageInfoUpdateButton = $("#package-info-update-button");
 
     let repository = null;
-    $("#repositories a").on("click", (event) => {
-        const element = event.target;
-        repository = {
-            architecture: element.dataset.architecture,
-            repository: element.dataset.repository,
-        };
-        packageUpdateButton.html(`<i class="bi bi-play"></i> update<span class="d-none d-sm-inline"> ${safe(repository.repository)} (${safe(repository.architecture)})</span>`);
-        $(`#${element.id}`).tab("show");
-        reload();
-    });
 
     const table = $("#packages");
-    table.on("check.bs.table uncheck.bs.table check-all.bs.table uncheck-all.bs.table", () => {
-        packageRemoveButton.prop("disabled", !table.bootstrapTable("getSelections").length);
-    });
-    table.on("click-row.bs.table", (self, data, row, cell) => {
-        if (0 === cell || "base" === cell) {
-            const method = data[0] === true ? "uncheckBy" : "checkBy"; // fck javascript
-            table.bootstrapTable(method, {field: "id", values: [data.id]});
-        } else showPackageInfo(data.id);
-    });
-    table.on("created-controls.bs.table", () => {
-        const pickerInput = $(".bootstrap-table-filter-control-timestamp");
-        pickerInput.daterangepicker({
-            autoUpdateInput: false,
-            locale: {
-                cancelLabel: "Clear",
-            },
-        });
-
-        pickerInput.on("apply.daterangepicker", (event, picker) => {
-            pickerInput.val(`${picker.startDate.format("YYYY-MM-DD")} - ${picker.endDate.format("YYYY-MM-DD")}`);
-            table.bootstrapTable("triggerSearch");
-        });
-
-        pickerInput.on("cancel.daterangepicker", () => {
-            pickerInput.val("");
-            table.bootstrapTable("triggerSearch");
-        });
-    });
 
     const statusBadge = $("#badge-status");
     const versionBadge = $("#badge-version");
@@ -220,9 +182,48 @@
         return {classes: cellClass(value)};
     }
 
-    $(() => {
-        table.bootstrapTable({});
+    $(_ => {
+        $("#repositories a").on("click", event => {
+            const element = event.target;
+            repository = {
+                architecture: element.dataset.architecture,
+                repository: element.dataset.repository,
+            };
+            packageUpdateButton.html(`<i class="bi bi-play"></i> update<span class="d-none d-sm-inline"> ${safe(repository.repository)} (${safe(repository.architecture)})</span>`);
+            $(`#${element.id}`).tab("show");
+            reload();
+        });
+
+        table.on("check.bs.table uncheck.bs.table check-all.bs.table uncheck-all.bs.table", _ => {
+            packageRemoveButton.prop("disabled", !table.bootstrapTable("getSelections").length);
+        });
+        table.on("click-row.bs.table", (self, data, row, cell) => {
+            if (0 === cell || "base" === cell) {
+                const method = data[0] === true ? "uncheckBy" : "checkBy"; // fck javascript
+                table.bootstrapTable(method, {field: "id", values: [data.id]});
+            } else showPackageInfo(data.id);
+        });
+        table.on("created-controls.bs.table", _ => {
+            const pickerInput = $(".bootstrap-table-filter-control-timestamp");
+            pickerInput.daterangepicker({
+                autoUpdateInput: false,
+                locale: {
+                    cancelLabel: "Clear",
+                },
+            });
+
+            pickerInput.on("apply.daterangepicker", (event, picker) => {
+                pickerInput.val(`${picker.startDate.format("YYYY-MM-DD")} - ${picker.endDate.format("YYYY-MM-DD")}`);
+                table.bootstrapTable("triggerSearch");
+            });
+
+            pickerInput.on("cancel.daterangepicker", _ => {
+                pickerInput.val("");
+                table.bootstrapTable("triggerSearch");
+            });
+        });
+
         statusBadge.popover();
         selectRepository();
     });
-</script>
+</script>

package/share/ahriman/templates/repo-index.jinja2

@@ -102,25 +102,6 @@ SigLevel = Database{% if has_repo_signed %}Required{% else %}Never{% endif %} Pa
 
         <script>
             const table = $("#packages");
-            table.on("created-controls.bs.table", () => {
-                const pickerInput = $(".bootstrap-table-filter-control-timestamp");
-                pickerInput.daterangepicker({
-                    autoUpdateInput: false,
-                    locale: {
-                        cancelLabel: "Clear",
-                    },
-                });
-
-                pickerInput.on("apply.daterangepicker", (event, picker) => {
-                    pickerInput.val(`${picker.startDate.format("YYYY-MM-DD")} - ${picker.endDate.format("YYYY-MM-DD")}`);
-                    table.bootstrapTable("triggerSearch");
-                });
-
-                pickerInput.on("cancel.daterangepicker", () => {
-                    pickerInput.val("");
-                    table.bootstrapTable("triggerSearch");
-                });
-            });
 
             const pacmanConf = $("#pacman-conf");
             const pacmanConfCopyButton = $("#copy-btn");
@@ -141,6 +122,28 @@ SigLevel = Database{% if has_repo_signed %}Required{% else %}Never{% endif %} Pa
             function filterListLicenses() {
                 return extractDataList(table.bootstrapTable("getData"), "licenses");
             }
+
+            $(_ => {
+                table.on("created-controls.bs.table", _ => {
+                    const pickerInput = $(".bootstrap-table-filter-control-timestamp");
+                    pickerInput.daterangepicker({
+                        autoUpdateInput: false,
+                        locale: {
+                            cancelLabel: "Clear",
+                        },
+                    });
+
+                    pickerInput.on("apply.daterangepicker", (event, picker) => {
+                        pickerInput.val(`${picker.startDate.format("YYYY-MM-DD")} - ${picker.endDate.format("YYYY-MM-DD")}`);
+                        table.bootstrapTable("triggerSearch");
+                    });
+
+                    pickerInput.on("cancel.daterangepicker", _ => {
+                        pickerInput.val("");
+                        table.bootstrapTable("triggerSearch");
+                    });
+                });
+            });
         </script>
 
     </body>

package/share/ahriman/templates/utils/bootstrap-scripts.jinja2

@@ -1,21 +1,21 @@
-<script src="https://cdn.jsdelivr.net/npm/jquery@3.7.1/dist/jquery.min.js" integrity="sha384-1H217gwSVyLSIfaLxHbE7dRb3v4mYCKbpQvzx0cegeju1MVsGrX5xXxAvs/HgeFs" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/jquery@3.7.1/dist/jquery.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/npm/moment@2.29.4/moment.min.js" integrity="sha384-8hHkOkbWN1TLWwet/jpbJ0zbx3FJDeYJgQ8dX1mRrv/vfCfHCqFSFZYCgaMML3z9" crossorigin="anonymous" type="application/javascript"></script>
-<script src="https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.min.js" integrity="sha384-u4eJN1VWrTf/FnYYQJo2kqJyVxEQf5UmWY4iUcNAoLenOEtEuCkfwc5bKvZOWBi5" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/moment@2.29.4/moment.min.js" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/npm/tableexport.jquery.plugin@1.28.0/tableExport.min.js" integrity="sha384-1Rz4Kz/y1rSWw+ZsjTcxB684XgofbO8iizY+UFIzCwFeQ+QUyhBNWBMh/STOyomI" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/tableexport.jquery.plugin@1.28.0/tableExport.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/npm/jquery-resizable-columns@0.2.3/dist/jquery.resizableColumns.min.js" integrity="sha384-IazMVNyYoUNx6357fWJoqtHYUWWCNHIXxFVtbpVgvImQNWuRP2WbHPaIb3QF8j97" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/jquery-resizable-columns@0.2.3/dist/jquery.resizableColumns.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.8/dist/umd/popper.min.js" integrity="sha384-I7E8VVD/ismYTF4hNIPjVp/Zjvgyol6VFvRkX/vR+Vc4jQkC+hVqc2pM8ODewa9r" crossorigin="anonymous" type="application/javascript"></script>
-<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.min.js" integrity="sha384-BBtl+eGJRgqQAUMxJ7pMwbEyER4l1g+O15P+16Ep7Q9Q+zqX6gSbd85u4mG4QzX+" crossorigin="anonymous" type="application/javascript"></script>
-<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/bootstrap-table.min.js" integrity="sha384-GVLHfbEvuGA/RFiQ3MK2ClEJkWYJXABg55t9LpoDPZFGIsSq8xhFlQydm5poV2jW" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.8/dist/umd/popper.min.js" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.min.js" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/bootstrap-table.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/export/bootstrap-table-export.min.js" integrity="sha384-g9OAB1Moamcy8+l1Q/tajHlMf6NTkS79ehKLTYbA80aQRbRhFCjrSuezv+FE2Kwe" crossorigin="anonymous" type="application/javascript"></script>
-<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/resizable/bootstrap-table-resizable.js" integrity="sha384-wd8Vc6Febikdnsnk9vthRWRvMwffw246vhqiqNO3aSNe1maTEA07Vh3zAQiSyDji" crossorigin="anonymous" type="application/javascript"></script>
-<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/filter-control/bootstrap-table-filter-control.js" integrity="sha384-NIqcjpr/3eZI1iNzz7hgT5rgp70qFUzkZffeCgVva9gi80B5vqcm7gn+8QvlWxko" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/export/bootstrap-table-export.min.js" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/resizable/bootstrap-table-resizable.js" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/filter-control/bootstrap-table-filter-control.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/highlight.min.js" integrity="sha384-F/bZzf7p3Joyp5psL90p/p89AZJsndkSoGwRpXcZhleCWhd8SnRuoYo4d0yirjJp" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/highlight.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
 <script>
     async function copyToClipboard(text, button) {

package/share/ahriman/templates/utils/style.jinja2

@@ -1,17 +1,17 @@
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous" type="text/css">
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css" integrity="sha384-4LISF5TTJX/fLmGSxO53rV4miRxdg84mZsxmO8Rx5jGtp/LbrixFETvWa5a6sESd" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/bootstrap-table.min.css" integrity="sha384-sN3NwxbjH33ZidqZnPmX+nQ5IF+LoiI7HvZSoZj5wGacmu0/q4RJfsN0xqN+LIa5" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/bootstrap-table.min.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/jquery-resizable-columns@0.2.3/dist/jquery.resizableColumns.css" integrity="sha384-1sLxvR8mXzjhvFY9f8mzXl97DNLepeZ0PnRiMMdm/rQsKjsrPZPJxYle2wwT2PMg" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/jquery-resizable-columns@0.2.3/dist/jquery.resizableColumns.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/filter-control/bootstrap-table-filter-control.css" integrity="sha384-4Glx18jZ0Un+yDG6KUpYJ/af8hkssJ02jRASuFv23gfCl0mTXaVMPI9cB4cn3GvE" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/filter-control/bootstrap-table-filter-control.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootswatch@5.3.2/dist/cosmo/bootstrap.min.css" integrity="sha384-RfV5VNj9uqyOdZbN0hFNmoq56291KK2Y4iKhoRAbcfBfjYlpasjxK6TefPjxiAiN" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootswatch@5.3.2/dist/cosmo/bootstrap.min.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.css" integrity="sha384-zLkQsiLfAQqGeIJeKLC+rcCR1YoYaQFLCL7cLDUoKE1ajKJzySpjzWGfYS2vjSG+" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/styles/github.min.css" integrity="sha384-eFTL69TLRZTkNfYZOLM+G04821K1qZao/4QLJbet1pP4tcF+fdXq/9CdqAbWRl/L" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/styles/github.min.css" crossorigin="anonymous" type="text/css">
 
 <style>
     .pre-scrollable {

package/share/bash-completion/completions/_ahriman

@@ -27,12 +27,12 @@ _shtab_ahriman_patch_list_option_strings=('-h' '--help' '-e' '--exit-code' '-v'
 _shtab_ahriman_patch_remove_option_strings=('-h' '--help' '-v' '--variable')
 _shtab_ahriman_patch_set_add_option_strings=('-h' '--help' '-t' '--track')
 _shtab_ahriman_repo_backup_option_strings=('-h' '--help')
-_shtab_ahriman_repo_check_option_strings=('-h' '--help' '--changes' '--no-changes' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
-_shtab_ahriman_check_option_strings=('-h' '--help' '--changes' '--no-changes' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_repo_check_option_strings=('-h' '--help' '--changes' '--no-changes' '--check-files' '--no-check-files' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_check_option_strings=('-h' '--help' '--changes' '--no-changes' '--check-files' '--no-check-files' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
 _shtab_ahriman_repo_create_keyring_option_strings=('-h' '--help')
 _shtab_ahriman_repo_create_mirrorlist_option_strings=('-h' '--help')
-_shtab_ahriman_repo_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '--partitions' '--no-partitions' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
-_shtab_ahriman_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '--partitions' '--no-partitions' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_repo_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--changes' '--no-changes' '--check-files' '--no-check-files' '--dependencies' '--no-dependencies' '--dry-run' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '--partitions' '--no-partitions' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--changes' '--no-changes' '--check-files' '--no-check-files' '--dependencies' '--no-dependencies' '--dry-run' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '--partitions' '--no-partitions' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
 _shtab_ahriman_repo_rebuild_option_strings=('-h' '--help' '--depends-on' '--dry-run' '--from-database' '--increment' '--no-increment' '-e' '--exit-code' '-s' '--status' '-u' '--username')
 _shtab_ahriman_rebuild_option_strings=('-h' '--help' '--depends-on' '--dry-run' '--from-database' '--increment' '--no-increment' '-e' '--exit-code' '-s' '--status' '-u' '--username')
 _shtab_ahriman_repo_remove_unknown_option_strings=('-h' '--help' '--dry-run')
@@ -47,8 +47,8 @@ _shtab_ahriman_repo_sync_option_strings=('-h' '--help')
 _shtab_ahriman_sync_option_strings=('-h' '--help')
 _shtab_ahriman_repo_tree_option_strings=('-h' '--help' '-p' '--partitions')
 _shtab_ahriman_repo_triggers_option_strings=('-h' '--help')
-_shtab_ahriman_repo_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
-_shtab_ahriman_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_repo_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--changes' '--no-changes' '--check-files' '--no-check-files' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--changes' '--no-changes' '--check-files' '--no-check-files' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
 _shtab_ahriman_service_clean_option_strings=('-h' '--help' '--cache' '--no-cache' '--chroot' '--no-chroot' '--manual' '--no-manual' '--packages' '--no-packages' '--pacman' '--no-pacman')
 _shtab_ahriman_clean_option_strings=('-h' '--help' '--cache' '--no-cache' '--chroot' '--no-chroot' '--manual' '--no-manual' '--packages' '--no-packages' '--pacman' '--no-pacman')
 _shtab_ahriman_repo_clean_option_strings=('-h' '--help' '--cache' '--no-cache' '--chroot' '--no-chroot' '--manual' '--no-manual' '--packages' '--no-packages' '--pacman' '--no-pacman')
@@ -243,6 +243,8 @@ _shtab_ahriman_repo_check__h_nargs=0
 _shtab_ahriman_repo_check___help_nargs=0
 _shtab_ahriman_repo_check___changes_nargs=0
 _shtab_ahriman_repo_check___no_changes_nargs=0
+_shtab_ahriman_repo_check___check_files_nargs=0
+_shtab_ahriman_repo_check___no_check_files_nargs=0
 _shtab_ahriman_repo_check__e_nargs=0
 _shtab_ahriman_repo_check___exit_code_nargs=0
 _shtab_ahriman_repo_check___vcs_nargs=0
@@ -254,6 +256,8 @@ _shtab_ahriman_check__h_nargs=0
 _shtab_ahriman_check___help_nargs=0
 _shtab_ahriman_check___changes_nargs=0
 _shtab_ahriman_check___no_changes_nargs=0
+_shtab_ahriman_check___check_files_nargs=0
+_shtab_ahriman_check___no_check_files_nargs=0
 _shtab_ahriman_check__e_nargs=0
 _shtab_ahriman_check___exit_code_nargs=0
 _shtab_ahriman_check___vcs_nargs=0
@@ -270,6 +274,8 @@ _shtab_ahriman_repo_daemon___aur_nargs=0
 _shtab_ahriman_repo_daemon___no_aur_nargs=0
 _shtab_ahriman_repo_daemon___changes_nargs=0
 _shtab_ahriman_repo_daemon___no_changes_nargs=0
+_shtab_ahriman_repo_daemon___check_files_nargs=0
+_shtab_ahriman_repo_daemon___no_check_files_nargs=0
 _shtab_ahriman_repo_daemon___dependencies_nargs=0
 _shtab_ahriman_repo_daemon___no_dependencies_nargs=0
 _shtab_ahriman_repo_daemon___dry_run_nargs=0
@@ -291,6 +297,8 @@ _shtab_ahriman_daemon___aur_nargs=0
 _shtab_ahriman_daemon___no_aur_nargs=0
 _shtab_ahriman_daemon___changes_nargs=0
 _shtab_ahriman_daemon___no_changes_nargs=0
+_shtab_ahriman_daemon___check_files_nargs=0
+_shtab_ahriman_daemon___no_check_files_nargs=0
 _shtab_ahriman_daemon___dependencies_nargs=0
 _shtab_ahriman_daemon___no_dependencies_nargs=0
 _shtab_ahriman_daemon___dry_run_nargs=0
@@ -358,6 +366,8 @@ _shtab_ahriman_repo_update___aur_nargs=0
 _shtab_ahriman_repo_update___no_aur_nargs=0
 _shtab_ahriman_repo_update___changes_nargs=0
 _shtab_ahriman_repo_update___no_changes_nargs=0
+_shtab_ahriman_repo_update___check_files_nargs=0
+_shtab_ahriman_repo_update___no_check_files_nargs=0
 _shtab_ahriman_repo_update___dependencies_nargs=0
 _shtab_ahriman_repo_update___no_dependencies_nargs=0
 _shtab_ahriman_repo_update___dry_run_nargs=0
@@ -380,6 +390,8 @@ _shtab_ahriman_update___aur_nargs=0
 _shtab_ahriman_update___no_aur_nargs=0
 _shtab_ahriman_update___changes_nargs=0
 _shtab_ahriman_update___no_changes_nargs=0
+_shtab_ahriman_update___check_files_nargs=0
+_shtab_ahriman_update___no_check_files_nargs=0
 _shtab_ahriman_update___dependencies_nargs=0
 _shtab_ahriman_update___no_dependencies_nargs=0
 _shtab_ahriman_update___dry_run_nargs=0
@@ -584,7 +596,7 @@ _set_new_action() {
     current_action_nargs=1
   fi
 
-  current_action_args_start_index=$(( $word_index + 1 ))
+  current_action_args_start_index=$(( $word_index + 1 - $pos_only ))
 
   current_action_is_positional=$2
 }
@@ -611,6 +623,7 @@ _shtab_ahriman() {
 
   local prefix=_shtab_ahriman
   local word_index=0
+  local pos_only=0 # "--" delimeter not encountered yet
   _set_parser_defaults
   word_index=1
 
@@ -619,26 +632,30 @@ _shtab_ahriman() {
   while [ $word_index -ne $COMP_CWORD ]; do
     local this_word="${COMP_WORDS[$word_index]}"
 
-    if [[ -n $sub_parsers && " ${sub_parsers[@]} " == *" ${this_word} "* ]]; then
-      # valid subcommand: add it to the prefix & reset the current action
-      prefix="${prefix}_$(_shtab_replace_nonword $this_word)"
-      _set_parser_defaults
-    fi
+    if [[ $pos_only = 1 || " $this_word " != " -- " ]]; then
+      if [[ -n $sub_parsers && " ${sub_parsers[@]} " == *" ${this_word} "* ]]; then
+        # valid subcommand: add it to the prefix & reset the current action
+        prefix="${prefix}_$(_shtab_replace_nonword $this_word)"
+        _set_parser_defaults
+      fi
 
-    if [[ " ${current_option_strings[@]} " == *" ${this_word} "* ]]; then
-      # a new action should be acquired (due to recognised option string or
-      # no more input expected from current action);
-      # the next positional action can fill in here
-      _set_new_action $this_word false
-    fi
+      if [[ " ${current_option_strings[@]} " == *" ${this_word} "* ]]; then
+        # a new action should be acquired (due to recognised option string or
+        # no more input expected from current action);
+        # the next positional action can fill in here
+        _set_new_action $this_word false
+      fi
 
-    if [[ "$current_action_nargs" != "*" ]] && \
-       [[ "$current_action_nargs" != "+" ]] && \
-       [[ "$current_action_nargs" != *"..." ]] && \
-       (( $word_index + 1 - $current_action_args_start_index >= \
-          $current_action_nargs )); then
-      $current_action_is_positional && let "completed_positional_actions += 1"
-      _set_new_action "pos_${completed_positional_actions}" true
+      if [[ "$current_action_nargs" != "*" ]] && \
+         [[ "$current_action_nargs" != "+" ]] && \
+         [[ "$current_action_nargs" != *"..." ]] && \
+         (( $word_index + 1 - $current_action_args_start_index - $pos_only >= \
+            $current_action_nargs )); then
+        $current_action_is_positional && let "completed_positional_actions += 1"
+        _set_new_action "pos_${completed_positional_actions}" true
+      fi
+    else
+      pos_only=1 # "--" delimeter encountered
     fi
 
     let "word_index+=1"
@@ -646,7 +663,7 @@ _shtab_ahriman() {
 
   # Generate the completions
 
-  if [[ "${completing_word}" == -* ]]; then
+  if [[ $pos_only = 0 && "${completing_word}" == -* ]]; then
     # optional argument started: use option strings
     COMPREPLY=( $(compgen -W "${current_option_strings[*]}" -- "${completing_word}") )
   else

package/share/man/man1/ahriman.1

@@ -1,4 +1,4 @@
-.TH AHRIMAN "1" "2024\-01\-05" "ahriman" "Generated Python Manual"
+.TH AHRIMAN "1" "2024\-05\-12" "ahriman" "Generated Python Manual"
 .SH NAME
 ahriman
 .SH SYNOPSIS
@@ -447,7 +447,9 @@ backup repository settings and database
 path of the output archive
 
 .SH COMMAND \fI\,'ahriman repo\-check'\/\fR
-usage: ahriman repo\-check [\-h] [\-\-changes | \-\-no\-changes] [\-e] [\-\-vcs | \-\-no\-vcs] [\-y] [package ...]
+usage: ahriman repo\-check [\-h] [\-\-changes | \-\-no\-changes] [\-\-check\-files | \-\-no\-check\-files] [\-e] [\-\-vcs | \-\-no\-vcs]
+                          [\-y]
+                          [package ...]
 
 check for packages updates. Same as repo\-update \-\-dry\-run \-\-no\-manual
 
@@ -460,6 +462,10 @@ filter check by package base
 \fB\-\-changes\fR, \fB\-\-no\-changes\fR
 calculate changes from the latest known commit if available. Only applicable in dry run mode
 
+.TP
+\fB\-\-check\-files\fR, \fB\-\-no\-check\-files\fR
+enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories)
+
 .TP
 \fB\-e\fR, \fB\-\-exit\-code\fR
 return non\-zero exit status if result is empty
@@ -484,9 +490,9 @@ create package which contains list of available mirrors as set by configuration.
 
 .SH COMMAND \fI\,'ahriman repo\-daemon'\/\fR
 usage: ahriman repo\-daemon [\-h] [\-i INTERVAL] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes]
-                           [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run] [\-\-increment | \-\-no\-increment]
-                           [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual] [\-\-partitions | \-\-no\-partitions]
-                           [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
+                           [\-\-check\-files | \-\-no\-check\-files] [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run]
+                           [\-\-increment | \-\-no\-increment] [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual]
+                           [\-\-partitions | \-\-no\-partitions] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
 
 start process which periodically will run update process
 
@@ -503,6 +509,10 @@ enable or disable checking for AUR updates
 \fB\-\-changes\fR, \fB\-\-no\-changes\fR
 calculate changes from the latest known commit if available. Only applicable in dry run mode
 
+.TP
+\fB\-\-check\-files\fR, \fB\-\-no\-check\-files\fR
+enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories)
+
 .TP
 \fB\-\-dependencies\fR, \fB\-\-no\-dependencies\fR
 process missing package dependencies
@@ -649,9 +659,9 @@ run triggers on empty build result as configured by settings
 instead of running all triggers as set by configuration, just process specified ones in order of mention
 
 .SH COMMAND \fI\,'ahriman repo\-update'\/\fR
-usage: ahriman repo\-update [\-h] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes] [\-\-dependencies | \-\-no\-dependencies]
-                           [\-\-dry\-run] [\-e] [\-\-increment | \-\-no\-increment] [\-\-local | \-\-no\-local]
-                           [\-\-manual | \-\-no\-manual] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
+usage: ahriman repo\-update [\-h] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes] [\-\-check\-files | \-\-no\-check\-files]
+                           [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run] [\-e] [\-\-increment | \-\-no\-increment]
+                           [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
                            [package ...]
 
 check for packages updates and run build process if requested
@@ -669,6 +679,10 @@ enable or disable checking for AUR updates
 \fB\-\-changes\fR, \fB\-\-no\-changes\fR
 calculate changes from the latest known commit if available. Only applicable in dry run mode
 
+.TP
+\fB\-\-check\-files\fR, \fB\-\-no\-check\-files\fR
+enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories)
+
 .TP
 \fB\-\-dependencies\fR, \fB\-\-no\-dependencies\fR
 process missing package dependencies

package/share/zsh/site-functions/_ahriman

@@ -120,6 +120,7 @@ _shtab_ahriman_aur_search_options=(
 _shtab_ahriman_check_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
   {--vcs,--no-vcs}"[fetch actual version of VCS packages (default\: True)]:vcs:"
   "*"{-y,--refresh}"[download fresh package databases from the mirror before actions, -yy to force refresh even if up to date (default\: False)]"
@@ -153,6 +154,7 @@ _shtab_ahriman_daemon_options=(
   {-i,--interval}"[interval between runs in seconds (default\: 43200)]:interval:"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
   "--dry-run[just perform check for updates, same as check command (default\: False)]"
   {--increment,--no-increment}"[increment package release (pkgrel) on duplicate (default\: True)]:increment:"
@@ -322,6 +324,7 @@ _shtab_ahriman_repo_backup_options=(
 _shtab_ahriman_repo_check_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
   {--vcs,--no-vcs}"[fetch actual version of VCS packages (default\: True)]:vcs:"
   "*"{-y,--refresh}"[download fresh package databases from the mirror before actions, -yy to force refresh even if up to date (default\: False)]"
@@ -363,6 +366,7 @@ _shtab_ahriman_repo_daemon_options=(
   {-i,--interval}"[interval between runs in seconds (default\: 43200)]:interval:"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
   "--dry-run[just perform check for updates, same as check command (default\: False)]"
   {--increment,--no-increment}"[increment package release (pkgrel) on duplicate (default\: True)]:increment:"
@@ -460,6 +464,7 @@ _shtab_ahriman_repo_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
   "--dry-run[just perform check for updates, same as check command (default\: False)]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -601,6 +606,7 @@ _shtab_ahriman_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
   "--dry-run[just perform check for updates, same as check command (default\: False)]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -736,4 +742,12 @@ _shtab_ahriman() {
 
 
 typeset -A opt_args
-_shtab_ahriman "$@"
+
+if [[ $zsh_eval_context[-1] == eval ]]; then
+  # eval/source/. command, register function for later
+  compdef _shtab_ahriman -N ahriman
+else
+  # autoload from fpath, call function directly
+  _shtab_ahriman "$@"
+fi
+

pyproject.toml

@@ -20,6 +20,7 @@ dependencies = [
     "cerberus",
     "inflection",
     "passlib",
+    "pyelftools",
     "requests",
     "srcinfo",
 ]
@@ -80,7 +81,8 @@ web = [
     "aiohttp_session",
     "aiohttp_security",
     "cryptography",
-    "requests-unixsocket",  # required by unix socket support
+    "requests-unixsocket2",  # required by unix socket support
+    "setuptools",  # required by aiohttp-apispec
 ]
 
 [tool.flit.sdist]

recipes/README.md

@@ -12,6 +12,7 @@ Collection of the examples of docker compose configuration files, which covers s
 * [Index](index): repository with index page generator enabled.
 * [Multi repo](multirepo): run web service with two separated repositories.
 * [OAuth](oauth): web service with OAuth (GitHub provider) authentication enabled.
+* [PAM](pam): web service with PAM authentication enabled.
 * [Pull](pull): normal service, but in addition with pulling packages from another source (e.g. GitHub repository).
 * [Sign](sign): create repository with database signing.
 * [Web](web): simple web service with authentication enabled.

recipes/pam/README.md

@@ -0,0 +1,6 @@
+# PAM
+
+1. Create system user `demo` with password from `AHRIMAN_PASSWORD` environment variable and group `wheel`.
+2. Setup repository named `ahriman-demo` with architecture `x86_64`.
+3. Start web server at port `8080`.
+4. Repository is available at `http://localhost:8080/repo`.

recipes/pam/compose.yml

@@ -0,0 +1,63 @@
+services:
+  backend:
+    image: ahriman
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
+      AHRIMAN_PORT: 8080
+      AHRIMAN_PRESETUP_COMMAND: useradd -d / -G wheel -M demo; (cat /run/secrets/password; echo; cat /run/secrets/password) | passwd demo
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+    secrets:
+      - password
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    healthcheck:
+      test: curl --fail --silent --output /dev/null http://backend:8080/api/v1/info
+      interval: 10s
+      start_period: 30s
+
+    command: web
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+
+secrets:
+  password:
+    environment: AHRIMAN_PASSWORD
+
+volumes:
+  repository:

recipes/pam/nginx.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarder-Proto $scheme;
+
+        proxy_pass http://backend:8080;
+    }
+}

recipes/pam/service.ini

@@ -0,0 +1,3 @@
+[auth]
+target = pam
+full_access_group = wheel

src/ahriman/__init__.py

@@ -17,4 +17,4 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
-__version__ = "2.13.0"
+__version__ = "2.13.8"

src/ahriman/application/ahriman.py

@@ -19,14 +19,13 @@
 #
 # pylint: disable=too-many-lines
 import argparse
-import tempfile
 
 from pathlib import Path
 from typing import TypeVar
 
 from ahriman import __version__
 from ahriman.application import handlers
-from ahriman.core.util import enum_values, extract_user
+from ahriman.core.utils import enum_values, extract_user
 from ahriman.models.action import Action
 from ahriman.models.build_status import BuildStatusEnum
 from ahriman.models.log_handler import LogHandler
@@ -73,8 +72,7 @@ def _parser() -> argparse.ArgumentParser:
     parser.add_argument("-c", "--configuration", help="configuration path", type=Path,
                         default=Path("/") / "etc" / "ahriman.ini")
     parser.add_argument("--force", help="force run, remove file lock", action="store_true")
-    parser.add_argument("-l", "--lock", help="lock file", type=Path,
-                        default=Path(tempfile.gettempdir()) / "ahriman.lock")
+    parser.add_argument("-l", "--lock", help="lock file", type=Path, default=Path("ahriman.pid"))
     parser.add_argument("--log-handler", help="explicit log handler specification. If none set, the handler will be "
                                               "guessed from environment",
                         type=LogHandler, choices=enum_values(LogHandler))
@@ -446,7 +444,7 @@ def _set_patch_list_parser(root: SubParserAction) -> argparse.ArgumentParser:
     """
     parser = root.add_parser("patch-list", help="list patch sets",
                              description="list available patches for the package", formatter_class=_formatter)
-    parser.add_argument("package", help="package base", nargs="?")
+    parser.add_argument("package", help="package base")
     parser.add_argument("-e", "--exit-code", help="return non-zero exit status if result is empty", action="store_true")
     parser.add_argument("-v", "--variable", help="if set, show only patches for specified PKGBUILD variables",
                         action="append")
@@ -537,6 +535,9 @@ def _set_repo_check_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("--changes", help="calculate changes from the latest known commit if available. "
                                           "Only applicable in dry run mode",
                         action=argparse.BooleanOptionalAction, default=True)
+    parser.add_argument("--check-files", help="enable or disable checking of broken dependencies "
+                                              "(e.g. dynamically linked libraries or modules directories)",
+                        action=argparse.BooleanOptionalAction, default=True)
     parser.add_argument("-e", "--exit-code", help="return non-zero exit status if result is empty", action="store_true")
     parser.add_argument("--vcs", help="fetch actual version of VCS packages",
                         action=argparse.BooleanOptionalAction, default=True)
@@ -605,6 +606,9 @@ def _set_repo_daemon_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("--changes", help="calculate changes from the latest known commit if available. "
                                           "Only applicable in dry run mode",
                         action=argparse.BooleanOptionalAction, default=True)
+    parser.add_argument("--check-files", help="enable or disable checking of broken dependencies "
+                                              "(e.g. dynamically linked libraries or modules directories)",
+                        action=argparse.BooleanOptionalAction, default=True)
     parser.add_argument("--dependencies", help="process missing package dependencies",
                         action=argparse.BooleanOptionalAction, default=True)
     parser.add_argument("--dry-run", help="just perform check for updates, same as check command", action="store_true")
@@ -622,8 +626,7 @@ def _set_repo_daemon_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("-y", "--refresh", help="download fresh package databases from the mirror before actions, "
                                                 "-yy to force refresh even if up to date",
                         action="count", default=False)
-    parser.set_defaults(handler=handlers.Daemon, exit_code=False,
-                        lock=Path(tempfile.gettempdir()) / "ahriman-daemon.lock", package=[])
+    parser.set_defaults(handler=handlers.Daemon, exit_code=False, lock=Path("ahriman-daemon.pid"), package=[])
     return parser
 
 
@@ -826,6 +829,9 @@ def _set_repo_update_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("--changes", help="calculate changes from the latest known commit if available. "
                                           "Only applicable in dry run mode",
                         action=argparse.BooleanOptionalAction, default=True)
+    parser.add_argument("--check-files", help="enable or disable checking of broken dependencies "
+                                              "(e.g. dynamically linked libraries or modules directories)",
+                        action=argparse.BooleanOptionalAction, default=True)
     parser.add_argument("--dependencies", help="process missing package dependencies",
                         action=argparse.BooleanOptionalAction, default=True)
     parser.add_argument("--dry-run", help="just perform check for updates, same as check command", action="store_true")
@@ -871,7 +877,7 @@ def _set_service_clean_parser(root: SubParserAction) -> argparse.ArgumentParser:
                         action=argparse.BooleanOptionalAction, default=False)
     parser.add_argument("--pacman", help="clear directory with pacman local database cache",
                         action=argparse.BooleanOptionalAction, default=False)
-    parser.set_defaults(handler=handlers.Clean, quiet=True, unsafe=True)
+    parser.set_defaults(handler=handlers.Clean, lock=None, quiet=True, unsafe=True)
     return parser
 
 
@@ -1130,8 +1136,8 @@ def _set_web_parser(root: SubParserAction) -> argparse.ArgumentParser:
         argparse.ArgumentParser: created argument parser
     """
     parser = root.add_parser("web", help="web server", description="start web server", formatter_class=_formatter)
-    parser.set_defaults(handler=handlers.Web, architecture="", lock=Path(tempfile.gettempdir()) / "ahriman-web.lock",
-                        report=False, repository="", parser=_parser)
+    parser.set_defaults(handler=handlers.Web, architecture="", lock=Path("ahriman-web.pid"), report=False,
+                        repository="", parser=_parser)
     return parser
 
 

src/ahriman/application/application/application.py

@@ -62,10 +62,13 @@ class Application(ApplicationPackages, ApplicationRepository):
         """
         known_packages: set[str] = set()
         # local set
+        # this action is not really needed in case if ``alpm.use_ahriman_cache`` set to yes, because pacman
+        # will eventually contain all the local packages
         for base in self.repository.packages():
             for package, properties in base.packages.items():
                 known_packages.add(package)
                 known_packages.update(properties.provides)
+        # known pacman databases
         known_packages.update(self.repository.pacman.packages())
         return known_packages
 
@@ -158,8 +161,7 @@ class Application(ApplicationPackages, ApplicationRepository):
                     package = Package.from_aur(package_name, username)
                 with_dependencies[package.base] = package
 
-                # register package in local database
-                self.database.package_base_update(package)
+                # register package in the database
                 self.repository.reporter.set_unknown(package)
 
         return list(with_dependencies.values())

src/ahriman/application/application/application_packages.py

@@ -27,7 +27,7 @@ from typing import Any
 from ahriman.application.application.application_properties import ApplicationProperties
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.exceptions import UnknownPackageError
-from ahriman.core.util import package_like
+from ahriman.core.utils import package_like
 from ahriman.models.package import Package
 from ahriman.models.package_source import PackageSource
 from ahriman.models.result import Result
@@ -65,7 +65,7 @@ class ApplicationPackages(ApplicationProperties):
         """
         package = Package.from_aur(source, username)
         self.database.build_queue_insert(package)
-        self.database.package_base_update(package)
+        self.reporter.set_unknown(package)
 
     def _add_directory(self, source: str, *_: Any) -> None:
         """
@@ -139,7 +139,7 @@ class ApplicationPackages(ApplicationProperties):
         """
         package = Package.from_official(source, self.repository.pacman, username)
         self.database.build_queue_insert(package)
-        self.database.package_base_update(package)
+        self.reporter.set_unknown(package)
 
     def add(self, names: Iterable[str], source: PackageSource, username: str | None = None) -> None:
         """

src/ahriman/application/application/application_properties.py

@@ -21,6 +21,7 @@ from ahriman.core.configuration import Configuration
 from ahriman.core.database import SQLite
 from ahriman.core.log import LazyLogging
 from ahriman.core.repository import Repository
+from ahriman.core.status import Client
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 from ahriman.models.repository_id import RepositoryId
 
@@ -63,3 +64,13 @@ class ApplicationProperties(LazyLogging):
             str: repository architecture
         """
         return self.repository_id.architecture
+
+    @property
+    def reporter(self) -> Client:
+        """
+        instance of the web/database client
+
+        Returns:
+            Client: repository reposter
+        """
+        return self.repository.reporter

src/ahriman/application/application/application_repository.py

@@ -39,15 +39,13 @@ class ApplicationRepository(ApplicationProperties):
         Args:
             packages(Iterable[Package]): list of packages to retrieve changes
         """
-        last_commit_hashes = self.database.hashes_get()
-
         for package in packages:
-            last_commit_sha = last_commit_hashes.get(package.base)
+            last_commit_sha = self.reporter.package_changes_get(package.base).last_commit_sha
             if last_commit_sha is None:
                 continue  # skip check in case if we can't calculate diff
 
             changes = self.repository.package_changes(package, last_commit_sha)
-            self.repository.reporter.package_changes_set(package.base, changes)
+            self.repository.reporter.package_changes_update(package.base, changes)
 
     def clean(self, *, cache: bool, chroot: bool, manual: bool, packages: bool, pacman: bool) -> None:
         """
@@ -91,10 +89,7 @@ class ApplicationRepository(ApplicationProperties):
             packages(Iterable[str]): only sign specified packages
         """
         # copy to prebuilt directory
-        for package in self.repository.packages():
-            # no one requested this package
-            if packages and package.base not in packages:
-                continue
+        for package in self.repository.packages(packages):
             for archive in package.packages.values():
                 if archive.filepath is None:
                     self.logger.warning("filepath is empty for %s", package.base)
@@ -163,8 +158,8 @@ class ApplicationRepository(ApplicationProperties):
         built_packages = self.repository.packages_built()
         if built_packages:  # speedup a bit
             build_result = self.repository.process_update(built_packages, packagers)
+            self.on_result(build_result)
             result.merge(build_result)
-            self.on_result(result.merge(build_result))
 
         builder = Updater.load(self.repository_id, self.configuration, self.repository)
 
@@ -173,12 +168,13 @@ class ApplicationRepository(ApplicationProperties):
         for num, partition in enumerate(partitions):
             self.logger.info("processing chunk #%i %s", num, [package.base for package in partition])
             build_result = builder.update(partition, packagers, bump_pkgrel=bump_pkgrel)
-            self.on_result(result.merge(build_result))
+            self.on_result(build_result)
+            result.merge(build_result)
 
         return result
 
     def updates(self, filter_packages: Iterable[str], *,
-                aur: bool, local: bool, manual: bool, vcs: bool) -> list[Package]:
+                aur: bool, local: bool, manual: bool, vcs: bool, check_files: bool) -> list[Package]:
         """
         get list of packages to run update process
 
@@ -188,6 +184,7 @@ class ApplicationRepository(ApplicationProperties):
             local(bool): enable or disable checking of local packages for updates
             manual(bool): include or exclude manual updates
             vcs(bool): enable or disable checking of VCS packages
+            check_files(bool): check for broken dependencies
 
         Returns:
             list[Package]: list of out-of-dated packages
@@ -200,5 +197,7 @@ class ApplicationRepository(ApplicationProperties):
             updates.update({package.base: package for package in self.repository.updates_local(vcs=vcs)})
         if manual:
             updates.update({package.base: package for package in self.repository.updates_manual()})
+        if check_files:
+            updates.update({package.base: package for package in self.repository.updates_dependencies(filter_packages)})
 
         return [package for _, package in sorted(updates.items())]

src/ahriman/application/handlers/add.py

@@ -50,12 +50,13 @@ class Add(Handler):
         application.add(args.package, args.source, args.username)
         patches = [PkgbuildPatch.from_env(patch) for patch in args.variable] if args.variable is not None else []
         for package in args.package:  # for each requested package insert patch
-            application.database.patches_insert(package, patches)
+            for patch in patches:
+                application.reporter.package_patches_update(package, patch)
 
         if not args.now:
             return
 
-        packages = application.updates(args.package, aur=False, local=False, manual=True, vcs=False)
+        packages = application.updates(args.package, aur=False, local=False, manual=True, vcs=False, check_files=False)
         packages = application.with_dependencies(packages, process_dependencies=args.dependencies)
         packagers = Packagers(args.username, {package.base: package.packager for package in packages})
 

src/ahriman/application/handlers/backup.py

@@ -18,10 +18,10 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import argparse
-import pwd
+import tarfile
 
 from pathlib import Path
-from tarfile import TarFile
+from pwd import getpwuid
 
 from ahriman.application.handlers.handler import Handler
 from ahriman.core.configuration import Configuration
@@ -49,7 +49,7 @@ class Backup(Handler):
             report(bool): force enable or disable reporting
         """
         backup_paths = Backup.get_paths(configuration)
-        with TarFile(args.path, mode="w") as archive:  # well we don't actually use compression
+        with tarfile.open(args.path, mode="w") as archive:  # well we don't actually use compression
             for backup_path in backup_paths:
                 archive.add(backup_path)
 
@@ -77,7 +77,7 @@ class Backup(Handler):
 
         # gnupg home with imported keys
         uid, _ = repository_paths.root_owner
-        system_user = pwd.getpwuid(uid)
+        system_user = getpwuid(uid)
         gnupg_home = Path(system_user.pw_dir) / ".gnupg"
         if gnupg_home.is_dir():
             paths.add(gnupg_home)

src/ahriman/application/handlers/change.py

@@ -56,4 +56,4 @@ class Change(Handler):
                 ChangesPrinter(changes)(verbose=True, separator="")
                 Change.check_if_empty(args.exit_code, changes.is_empty)
             case Action.Remove:
-                client.package_changes_set(args.package, Changes())
+                client.package_changes_update(args.package, Changes())

src/ahriman/application/handlers/patch.py

@@ -102,8 +102,9 @@ class Patch(Handler):
             patch = "".join(list(sys.stdin))
         else:
             patch = patch_path.read_text(encoding="utf8")
-        patch = patch.strip()  # remove spaces around the patch
-        return PkgbuildPatch(variable, patch)
+        # remove spaces around the patch and parse to correct type
+        parsed = PkgbuildPatch.parse(patch.strip())
+        return PkgbuildPatch(variable, parsed)
 
     @staticmethod
     def patch_set_create(application: Application, package_base: str, patch: PkgbuildPatch) -> None:
@@ -115,25 +116,28 @@ class Patch(Handler):
             package_base(str): package base
             patch(PkgbuildPatch): patch descriptor
         """
-        application.database.patches_insert(package_base, [patch])
+        application.reporter.package_patches_update(package_base, patch)
 
     @staticmethod
-    def patch_set_list(application: Application, package_base: str | None, variables: list[str] | None,
+    def patch_set_list(application: Application, package_base: str, variables: list[str] | None,
                        exit_code: bool) -> None:
         """
         list patches available for the package base
 
         Args:
             application(Application): application instance
-            package_base(str | None): package base
+            package_base(str): package base
             variables(list[str] | None): extract patches only for specified PKGBUILD variables
             exit_code(bool): exit with error on empty search result
         """
-        patches = application.database.patches_list(package_base, variables)
+        patches = [
+            patch
+            for patch in application.reporter.package_patches_get(package_base, None)
+            if variables is None or patch.key in variables
+        ]
         Patch.check_if_empty(exit_code, not patches)
 
-        for base, patch in patches.items():
-            PatchPrinter(base, patch)(verbose=True, separator=" = ")
+        PatchPrinter(package_base, patches)(verbose=True, separator=" = ")
 
     @staticmethod
     def patch_set_remove(application: Application, package_base: str, variables: list[str] | None) -> None:
@@ -145,4 +149,8 @@ class Patch(Handler):
             package_base(str): package base
             variables(list[str] | None): remove patches only for specified PKGBUILD variables
         """
-        application.database.patches_remove(package_base, variables)
+        if variables is not None:
+            for variable in variables:  # iterate over single variable
+                application.reporter.package_patches_remove(package_base, variable)
+        else:
+            application.reporter.package_patches_remove(package_base, None)  # just pass as is

src/ahriman/application/handlers/rebuild.py

@@ -76,7 +76,7 @@ class Rebuild(Handler):
         if from_database:
             return [
                 package
-                for (package, last_status) in application.database.packages_get()
+                for (package, last_status) in application.reporter.package_get(None)
                 if status is None or last_status.status == status
             ]
 

src/ahriman/application/handlers/restore.py

@@ -18,8 +18,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import argparse
-
-from tarfile import TarFile
+import tarfile
 
 from ahriman.application.handlers.handler import Handler
 from ahriman.core.configuration import Configuration
@@ -45,5 +44,5 @@ class Restore(Handler):
             configuration(Configuration): configuration instance
             report(bool): force enable or disable reporting
         """
-        with TarFile(args.path) as archive:
-            archive.extractall(path=args.output)
+        with tarfile.open(args.path) as archive:
+            archive.extractall(path=args.output)  # nosec

src/ahriman/application/handlers/search.py

@@ -43,7 +43,7 @@ class Search(Handler):
     SORT_FIELDS = {
         field.name
         for field in fields(AURPackage)
-        if field.default_factory is not list  # type: ignore[comparison-overlap]
+        if field.default_factory is not list
     }
 
     @classmethod

src/ahriman/application/handlers/status_update.py

@@ -51,12 +51,8 @@ class StatusUpdate(Handler):
         match args.action:
             case Action.Update if args.package:
                 # update packages statuses
-                packages = application.repository.packages()
-                for base in args.package:
-                    if (local := next((package for package in packages if package.base == base), None)) is not None:
-                        client.package_add(local, args.status)
-                    else:
-                        client.package_update(base, args.status)
+                for package in args.package:
+                    client.package_update(package, args.status)
             case Action.Update:
                 # update service status
                 client.status_update(args.status)

src/ahriman/application/handlers/update.py

@@ -48,7 +48,8 @@ class Update(Handler):
         application = Application(repository_id, configuration, report=report, refresh_pacman_database=args.refresh)
         application.on_start()
 
-        packages = application.updates(args.package, aur=args.aur, local=args.local, manual=args.manual, vcs=args.vcs)
+        packages = application.updates(args.package, aur=args.aur, local=args.local, manual=args.manual, vcs=args.vcs,
+                                       check_files=args.check_files)
         if args.dry_run:  # some check specific actions
             if args.changes:  # generate changes if requested
                 application.changes(packages)

src/ahriman/application/lock.py

@@ -18,7 +18,10 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import argparse
+import fcntl
+import os
 
+from io import TextIOWrapper
 from pathlib import Path
 from types import TracebackType
 from typing import Literal, Self
@@ -27,8 +30,8 @@ from ahriman import __version__
 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import DuplicateRunError
 from ahriman.core.log import LazyLogging
-from ahriman.core.status.client import Client
-from ahriman.core.util import check_user
+from ahriman.core.status import Client
+from ahriman.core.utils import check_user
 from ahriman.models.build_status import BuildStatusEnum
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.waiter import Waiter
@@ -36,7 +39,7 @@ from ahriman.models.waiter import Waiter
 
 class Lock(LazyLogging):
     """
-    wrapper for application lock file
+    wrapper for application lock file. Credits for idea to https://github.com/bmhatfield/python-pidfile.git
 
     Attributes:
         force(bool): remove lock file on start if any
@@ -70,8 +73,13 @@ class Lock(LazyLogging):
             repository_id(RepositoryId): repository unique identifier
             configuration(Configuration): configuration instance
         """
-        self.path: Path | None = \
-            args.lock.with_stem(f"{args.lock.stem}_{repository_id.id}") if args.lock is not None else None
+        self.path: Path | None = None
+        if args.lock is not None:
+            self.path = args.lock.with_stem(f"{args.lock.stem}_{repository_id.id}")
+            if not self.path.is_absolute():
+                # prepend full path to the lock file
+                self.path = Path("/") / "run" / "ahriman" / self.path
+        self._pid_file: TextIOWrapper | None = None
 
         self.force: bool = args.force
         self.unsafe: bool = args.unsafe
@@ -80,6 +88,72 @@ class Lock(LazyLogging):
         self.paths = configuration.repository_paths
         self.reporter = Client.load(repository_id, configuration, report=args.report)
 
+    @staticmethod
+    def perform_lock(fd: int) -> bool:
+        """
+        perform file lock
+
+        Args:
+            fd(int): file descriptor:
+
+        Returns:
+            bool: True in case if file is locked and False otherwise
+        """
+        try:
+            fcntl.flock(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
+        except OSError:
+            return False
+
+        return True
+
+    def _open(self) -> None:
+        """
+        create lock file
+        """
+        if self.path is None:
+            return
+        self._pid_file = self.path.open("a+")
+
+    def _watch(self) -> bool:
+        """
+        watch until lock disappear
+
+        Returns:
+            bool: True in case if file is locked and False otherwise
+        """
+        # there are reasons why we are not using inotify here. First of all, if we would use it, it would bring to
+        # race conditions because multiple processes will be notified at the same time. Secondly, it is good library,
+        # but platform-specific, and we only need to check if file exists
+        if self._pid_file is None:
+            return False
+
+        waiter = Waiter(self.wait_timeout)
+        return bool(waiter.wait(lambda fd: not self.perform_lock(fd), self._pid_file.fileno()))
+
+    def _write(self, *, is_locked: bool = False) -> None:
+        """
+        write pid to the lock file
+
+        Args:
+            is_locked(bool, optional): indicates if file was already locked or not (Default value = False)
+
+        Raises:
+            DuplicateRunError: if it cannot lock PID file
+        """
+        if self._pid_file is None:
+            return
+        if not is_locked:
+            if not self.perform_lock(self._pid_file.fileno()):
+                raise DuplicateRunError
+
+        self._pid_file.seek(0)  # reset position and remove file content if any
+        self._pid_file.truncate()
+
+        self._pid_file.write(str(os.getpid()))  # write current pid
+        self._pid_file.flush()  # flush data to disk
+
+        self._pid_file.seek(0)  # reset position again
+
     def check_user(self) -> None:
         """
         check if current user is actually owner of ahriman root
@@ -100,46 +174,33 @@ class Lock(LazyLogging):
         """
         remove lock file
         """
-        if self.path is None:
-            return
-        self.path.unlink(missing_ok=True)
+        if self._pid_file is not None:  # close file descriptor
+            try:
+                self._pid_file.close()
+            except IOError:
+                pass  # suppress any IO errors occur
+        if self.path is not None:  # remove lock file
+            self.path.unlink(missing_ok=True)
 
-    def create(self) -> None:
+    def lock(self) -> None:
         """
-        create lock file
-
-        Raises:
-            DuplicateRunError: if lock exists and no force flag supplied
+        create pid file
         """
-        if self.path is None:
-            return
-        try:
-            self.path.touch(exist_ok=self.force)
-        except FileExistsError:
-            raise DuplicateRunError from None
-
-    def watch(self) -> None:
-        """
-        watch until lock disappear
-        """
-        # there are reasons why we are not using inotify here. First of all, if we would use it, it would bring to
-        # race conditions because multiple processes will be notified in the same time. Secondly, it is good library,
-        # but platform-specific, and we only need to check if file exists
-        if self.path is None:
-            return
-
-        waiter = Waiter(self.wait_timeout)
-        waiter.wait(self.path.is_file)
+        if self.force:  # remove lock if force flag is set
+            self.clear()
+        self._open()
+        is_locked = self._watch()
+        self._write(is_locked=is_locked)
 
     def __enter__(self) -> Self:
         """
         default workflow is the following:
 
             #. Check user UID
-            #. Check if there is lock file
             #. Check web status watcher status
+            #. Open lock file
             #. Wait for lock file to be free
-            #. Create lock file and directory tree
+            #. Write current PID to the lock file
             #. Report to status page if enabled
 
         Returns:
@@ -147,8 +208,7 @@ class Lock(LazyLogging):
         """
         self.check_user()
         self.check_version()
-        self.watch()
-        self.create()
+        self.lock()
         self.reporter.status_update(BuildStatusEnum.Building)
         return self
 

src/ahriman/core/__init__.py

@@ -38,12 +38,12 @@ class _Context:
         """
         self._content: dict[str, Any] = {}
 
-    def get(self, key: ContextKey[T]) -> T:
+    def get(self, key: ContextKey[T] | type[T]) -> T:
         """
         get value for the specified key
 
         Args:
-            key(ContextKey[T]): context key name
+            key(ContextKey[T] | type[T]): context key name
 
         Returns:
             T: value associated with the key
@@ -52,29 +52,37 @@ class _Context:
             KeyError: in case if the specified context variable was not found
             ValueError: in case if type of value is not an instance of specified return type
         """
+        if not isinstance(key, ContextKey):
+            key = ContextKey.from_type(key)
+
         if key.key not in self._content:
             raise KeyError(key.key)
         value = self._content[key.key]
         if not isinstance(value, key.return_type):
             raise ValueError(f"Value {value} is not an instance of {key.return_type}")
+
         return value
 
-    def set(self, key: ContextKey[T], value: T) -> None:
+    def set(self, key: ContextKey[T] | type[T], value: T) -> None:
         """
         set value for the specified key
 
         Args:
-            key(ContextKey[T]): context key name
+            key(ContextKey[T] | type[T]): context key name
             value(T): context value associated with the specified key
 
         Raises:
             KeyError: in case if the specified context variable already exists
             ValueError: in case if type of value is not an instance of specified return type
         """
+        if not isinstance(key, ContextKey):
+            key = ContextKey.from_type(key)
+
         if key.key in self._content:
             raise KeyError(key.key)
         if not isinstance(value, key.return_type):
             raise ValueError(f"Value {value} is not an instance of {key.return_type}")
+
         self._content[key.key] = value
 
     def __iter__(self) -> Iterator[str]:

src/ahriman/core/alpm/pacman.py

@@ -17,25 +17,33 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
+import itertools
 import shutil
+import tarfile
 
-from collections.abc import Callable, Generator
+from collections.abc import Generator, Iterable
 from functools import cached_property
 from pathlib import Path
-from pyalpm import DB, Handle, Package, SIG_PACKAGE, error as PyalpmError  # type: ignore[import-not-found]
+from pyalpm import DB, Handle, Package, SIG_DATABASE_OPTIONAL, SIG_PACKAGE_OPTIONAL  # type: ignore[import-not-found]
 from string import Template
 
+from ahriman.core.alpm.pacman_database import PacmanDatabase
 from ahriman.core.configuration import Configuration
 from ahriman.core.log import LazyLogging
-from ahriman.core.util import trim_package
+from ahriman.core.utils import trim_package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 from ahriman.models.repository_id import RepositoryId
-from ahriman.models.repository_paths import RepositoryPaths
 
 
 class Pacman(LazyLogging):
     """
     alpm wrapper
+
+    Attributes:
+        configuration(Configuration): configuration instance
+        refresh_database(PacmanSynchronization): synchronize local cache to remote
+        repository_id(RepositoryId): repository unique identifier
+        repository_path(RepositoryPaths): repository paths instance
     """
 
     def __init__(self, repository_id: RepositoryId, configuration: Configuration, *,
@@ -48,8 +56,11 @@ class Pacman(LazyLogging):
             configuration(Configuration): configuration instance
             refresh_database(PacmanSynchronization): synchronize local cache to remote
         """
-        self.__create_handle_fn: Callable[[], Handle] = lambda: self.__create_handle(
-            repository_id, configuration, refresh_database=refresh_database)
+        self.configuration = configuration
+        self.repository_id = repository_id
+        self.repository_paths = configuration.repository_paths
+
+        self.refresh_database = refresh_database
 
     @cached_property
     def handle(self) -> Handle:
@@ -59,40 +70,39 @@ class Pacman(LazyLogging):
         Returns:
             Handle: generated pyalpm handle instance
         """
-        return self.__create_handle_fn()
+        return self.__create_handle(refresh_database=self.refresh_database)
 
-    def __create_handle(self, repository_id: RepositoryId, configuration: Configuration, *,
-                        refresh_database: PacmanSynchronization) -> Handle:
+    def __create_handle(self, *, refresh_database: PacmanSynchronization) -> Handle:
         """
         create lazy handle function
 
         Args:
-            repository_id(RepositoryId): repository unique identifier
-            configuration(Configuration): configuration instance
             refresh_database(PacmanSynchronization): synchronize local cache to remote
 
         Returns:
             Handle: fully initialized pacman handle
         """
-        root = configuration.getpath("alpm", "root")
-        pacman_root = configuration.getpath("alpm", "database")
-        use_ahriman_cache = configuration.getboolean("alpm", "use_ahriman_cache")
-        mirror = configuration.get("alpm", "mirror")
-        paths = configuration.repository_paths
-        database_path = paths.pacman if use_ahriman_cache else pacman_root
+        pacman_root = self.configuration.getpath("alpm", "database")
+        use_ahriman_cache = self.configuration.getboolean("alpm", "use_ahriman_cache")
 
+        database_path = self.repository_paths.pacman if use_ahriman_cache else pacman_root
+        root = self.configuration.getpath("alpm", "root")
         handle = Handle(str(root), str(database_path))
-        for repository in configuration.getlist("alpm", "repositories"):
-            database = self.database_init(handle, repository, mirror, repository_id.architecture)
-            self.database_copy(handle, database, pacman_root, paths, use_ahriman_cache=use_ahriman_cache)
+
+        for repository in self.configuration.getlist("alpm", "repositories"):
+            database = self.database_init(handle, repository, self.repository_id.architecture)
+            self.database_copy(handle, database, pacman_root, use_ahriman_cache=use_ahriman_cache)
+
+        # install repository database too
+        local_database = self.database_init(handle, self.repository_id.name, self.repository_id.architecture)
+        self.database_copy(handle, local_database, pacman_root, use_ahriman_cache=use_ahriman_cache)
 
         if use_ahriman_cache and refresh_database:
             self.database_sync(handle, force=refresh_database == PacmanSynchronization.Force)
 
         return handle
 
-    def database_copy(self, handle: Handle, database: DB, pacman_root: Path, paths: RepositoryPaths, *,
-                      use_ahriman_cache: bool) -> None:
+    def database_copy(self, handle: Handle, database: DB, pacman_root: Path, *, use_ahriman_cache: bool) -> None:
         """
         copy database from the operating system root to the ahriman local home
 
@@ -100,7 +110,6 @@ class Pacman(LazyLogging):
             handle(Handle): pacman handle which will be used for database copying
             database(DB): pacman database instance to be copied
             pacman_root(Path): operating system pacman root
-            paths(RepositoryPaths): repository paths instance
             use_ahriman_cache(bool): use local ahriman cache instead of system one
         """
         def repository_database(root: Path) -> Path:
@@ -122,30 +131,36 @@ class Pacman(LazyLogging):
             return  # database for some reason deos not exist
         self.logger.info("copy pacman database from operating system root to ahriman's home")
         shutil.copy(src, dst)
-        paths.chown(dst)
+        self.repository_paths.chown(dst)
 
-    def database_init(self, handle: Handle, repository: str, mirror: str, architecture: str) -> DB:
+    def database_init(self, handle: Handle, repository: str, architecture: str) -> DB:
         """
         create database instance from pacman handler and set its properties
 
         Args:
             handle(Handle): pacman handle which will be used for database initializing
             repository(str): pacman repository name (e.g. core)
-            mirror(str): arch linux mirror url
             architecture(str): repository architecture
 
         Returns:
             DB: loaded pacman database instance
         """
         self.logger.info("loading pacman database %s", repository)
-        database: DB = handle.register_syncdb(repository, SIG_PACKAGE)
+        database: DB = handle.register_syncdb(repository, SIG_DATABASE_OPTIONAL | SIG_PACKAGE_OPTIONAL)
 
-        # replace variables in mirror address
-        variables = {
-            "arch": architecture,
-            "repo": repository,
-        }
-        database.servers = [Template(mirror).safe_substitute(variables)]
+        if repository != self.repository_id.name:
+            mirror = self.configuration.get("alpm", "mirror")
+            # replace variables in mirror address
+            variables = {
+                "arch": architecture,
+                "repo": repository,
+            }
+            server = Template(mirror).safe_substitute(variables)
+        else:
+            # special case, same database, use local storage instead
+            server = f"file://{self.repository_paths.repository}"
+
+        database.servers = [server]
 
         return database
 
@@ -160,13 +175,55 @@ class Pacman(LazyLogging):
         self.logger.info("refresh ahriman's home pacman database (force refresh %s)", force)
         transaction = handle.init_transaction()
         for database in handle.get_syncdbs():
-            try:
-                database.update(force)
-            except PyalpmError:
-                self.logger.exception("exception during update %s", database.name)
+            PacmanDatabase(database, self.configuration).sync(force=force)
         transaction.release()
 
-    def package_get(self, package_name: str) -> Generator[Package, None, None]:
+    def files(self, packages: Iterable[str]) -> dict[str, set[str]]:
+        """
+        extract list of known packages from the databases
+
+        Args:
+            packages(Iterable[str]): filter by package names
+
+        Returns:
+            dict[str, set[str]]: map of package name to its list of files
+        """
+        def extract(tar: tarfile.TarFile, package_names: dict[str, str]) -> Generator[tuple[str, set[str]], None, None]:
+            for package_name, version in package_names.items():
+                path = Path(f"{package_name}-{version}") / "files"
+                try:
+                    content = tar.extractfile(str(path))
+                except KeyError:
+                    # in case if database and its files has been desync somehow, the extractfile will raise
+                    # KeyError because the entry doesn't exist
+                    content = None
+                if content is None:
+                    continue
+
+                # this is just array of files, however, the directories are with trailing slash,
+                # which previously has been removed by the conversion to ``pathlib.Path``
+                files = {filename.decode("utf8").rstrip().removesuffix("/") for filename in content.readlines()}
+                yield package_name, files
+
+        # sort is required for the following group by operation
+        descriptors = sorted(
+            (package for package_name in packages for package in self.package(package_name)),
+            key=lambda package: package.db.name
+        )
+
+        result: dict[str, set[str]] = {}
+        for database_name, pacman_packages in itertools.groupby(descriptors, lambda package: package.db.name):
+            database_file = self.repository_paths.pacman / "sync" / f"{database_name}.files.tar.gz"
+            if not database_file.is_file():
+                continue  # no database file found
+
+            package_names = {package.name: package.version for package in pacman_packages}
+            with tarfile.open(database_file, "r:gz") as archive:
+                result.update(extract(archive, package_names))
+
+        return result
+
+    def package(self, package_name: str) -> Generator[Package, None, None]:
         """
         retrieve list of the packages from the repository by name
 

src/ahriman/core/alpm/pacman_database.py

@@ -0,0 +1,170 @@
+#
+# Copyright (c) 2021-2024 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+import os
+import shutil
+
+from email.utils import parsedate_to_datetime
+from pathlib import Path
+from pyalpm import DB  # type: ignore[import-not-found]
+from urllib.parse import urlparse
+
+from ahriman.core.configuration import Configuration
+from ahriman.core.exceptions import PacmanError
+from ahriman.core.http import SyncHttpClient
+
+
+class PacmanDatabase(SyncHttpClient):
+    """
+    implementation for database sync, because pyalpm is not always enough
+
+    Attributes:
+        LAST_MODIFIED_HEADER(str): last modified header name
+        database(DB): pyalpm database object
+        repository_paths(RepositoryPaths): repository paths instance
+        sync_files_database(bool): sync files database
+    """
+
+    LAST_MODIFIED_HEADER = "Last-Modified"
+
+    def __init__(self, database: DB, configuration: Configuration) -> None:
+        """
+        default constructor
+
+        Args:
+            database(DB): pyalpm database object
+            configuration(Configuration): configuration instance
+        """
+        SyncHttpClient.__init__(self)
+        self.timeout = None  # reset timeout
+
+        self.database = database
+        self.repository_paths = configuration.repository_paths
+
+        self.sync_files_database = configuration.getboolean("alpm", "sync_files_database")
+
+    def copy(self, remote_path: Path, local_path: Path) -> None:
+        """
+        copy local database file
+
+        Args:
+            remote_path(Path): path to source (remote) file
+            local_path(Path): path to locally stored file
+        """
+        shutil.copy(remote_path, local_path)
+
+    def download(self, url: str, local_path: Path) -> None:
+        """
+        download remote file and store it to local path with the correct last modified headers
+
+        Args:
+            url(str): remote url to request file
+            local_path(Path): path to locally stored file
+
+        Raises:
+            PacmanError: in case if no last-modified header was found
+        """
+        response = self.make_request("GET", url, stream=True)
+        if self.LAST_MODIFIED_HEADER not in response.headers:
+            raise PacmanError("No last-modified header found")
+
+        with local_path.open("wb") as local_file:
+            for chunk in response.iter_content(chunk_size=1024):
+                local_file.write(chunk)
+
+        # set correct (a,m)time for the file
+        remote_changed = parsedate_to_datetime(response.headers[self.LAST_MODIFIED_HEADER]).timestamp()
+        os.utime(local_path, (remote_changed, remote_changed))
+
+    def is_outdated(self, url: str, local_path: Path) -> bool:
+        """
+        check if local file is outdated
+
+        Args:
+            url(str): remote url to request last modified header
+            local_path(Path): path to locally stored file
+
+        Returns:
+            bool: True in case if remote file is newer than local file
+
+        Raises:
+            PacmanError: in case if no last-modified header was found
+        """
+        if not local_path.is_file():
+            return True  # no local file found, requires to update
+
+        response = self.make_request("HEAD", url)
+        if self.LAST_MODIFIED_HEADER not in response.headers:
+            raise PacmanError("No last-modified header found")
+
+        remote_changed = parsedate_to_datetime(response.headers["Last-Modified"]).timestamp()
+        local_changed = local_path.stat().st_mtime
+
+        return remote_changed > local_changed
+
+    def sync(self, *, force: bool) -> None:
+        """
+        sync packages and files databases
+
+        Args:
+            force(bool): force database synchronization (same as ``pacman -Syy``)
+        """
+        try:
+            self.sync_packages(force=force)
+            if self.sync_files_database:
+                self.sync_files(force=force)
+        except Exception:
+            self.logger.exception("exception during update %s", self.database.name)
+
+    def sync_files(self, *, force: bool) -> None:
+        """
+        sync files by using http request
+
+        Args:
+            force(bool): force database synchronization (same as ``pacman -Syy``)
+        """
+        server = next(iter(self.database.servers))
+        filename = f"{self.database.name}.files.tar.gz"
+        url = f"{server}/{filename}"
+
+        remote_uri = urlparse(url)
+        local_path = Path(self.repository_paths.pacman / "sync" / filename)
+
+        match remote_uri.scheme:
+            case "http" | "https":
+                if not force and not self.is_outdated(url, local_path):
+                    return
+
+                self.download(url, local_path)
+
+            case "file":
+                # just copy file as it is relatively cheap operation, no need to check timestamps
+                self.copy(Path(remote_uri.path), local_path)
+
+            case other:
+                raise PacmanError(f"Unknown or unsupported URL scheme {other}")
+
+    def sync_packages(self, *, force: bool) -> None:
+        """
+        sync packages by using built-in pyalpm methods
+
+        Args:
+            force(bool): force database synchronization (same as ``pacman -Syy``)
+        """
+        self.database.update(force)

src/ahriman/core/alpm/remote/official_syncdb.py

@@ -56,6 +56,6 @@ class OfficialSyncdb(Official):
             raise UnknownPackageError(package_name)
 
         try:
-            return next(AURPackage.from_pacman(package) for package in pacman.package_get(package_name))
+            return next(AURPackage.from_pacman(package) for package in pacman.package(package_name))
         except StopIteration:
             raise UnknownPackageError(package_name) from None

src/ahriman/core/alpm/repo.py

@@ -21,7 +21,7 @@ from pathlib import Path
 
 from ahriman.core.exceptions import BuildError
 from ahriman.core.log import LazyLogging
-from ahriman.core.util import check_output
+from ahriman.core.utils import check_output
 from ahriman.models.repository_paths import RepositoryPaths
 
 
@@ -68,7 +68,7 @@ class Repo(LazyLogging):
             path(Path): path to archive to add
         """
         check_output(
-            "repo-add", *self.sign_args, "-R", str(self.repo_path), str(path),
+            "repo-add", *self.sign_args, "--remove", str(self.repo_path), str(path),
             exception=BuildError.from_process(path.name),
             cwd=self.paths.repository,
             logger=self.logger,
@@ -78,8 +78,13 @@ class Repo(LazyLogging):
         """
         create empty repository database. It just calls add with empty arguments
         """
-        check_output("repo-add", *self.sign_args, str(self.repo_path),
-                     cwd=self.paths.repository, logger=self.logger, user=self.uid)
+        # since pacman-6.1.0 repo-add doesn't create empty database in case if no packages supplied
+        # this code creates empty files instead
+        if self.repo_path.exists():
+            return  # database is already created, skip this part
+
+        self.repo_path.touch(exist_ok=True)
+        (self.paths.repository / f"{self.name}.db").symlink_to(self.repo_path)
 
     def remove(self, package: str, filename: Path) -> None:
         """

src/ahriman/core/auth/auth.py

@@ -81,15 +81,18 @@ class Auth(LazyLogging):
             case AuthSettings.OAuth:
                 from ahriman.core.auth.oauth import OAuth
                 return OAuth(configuration, database)
+            case AuthSettings.PAM:
+                from ahriman.core.auth.pam import PAM
+                return PAM(configuration, database)
             case _:
                 return Auth(configuration)
 
-    async def check_credentials(self, username: str | None, password: str | None) -> bool:
+    async def check_credentials(self, username: str, password: str | None) -> bool:
         """
         validate user password
 
         Args:
-            username(str | None): username
+            username(str): username
             password(str | None): entered password
 
         Returns:
@@ -98,12 +101,12 @@ class Auth(LazyLogging):
         del username, password
         return True
 
-    async def known_username(self, username: str | None) -> bool:
+    async def known_username(self, username: str) -> bool:
         """
         check if user is known
 
         Args:
-            username(str | None): username
+            username(str): username
 
         Returns:
             bool: True in case if user is known and can be authorized and False otherwise

src/ahriman/core/auth/mapping.py

@@ -48,18 +48,18 @@ class Mapping(Auth):
         self.database = database
         self.salt = configuration.get("auth", "salt", fallback="")
 
-    async def check_credentials(self, username: str | None, password: str | None) -> bool:
+    async def check_credentials(self, username: str, password: str | None) -> bool:
         """
         validate user password
 
         Args:
-            username(str | None): username
+            username(str): username
             password(str | None): entered password
 
         Returns:
             bool: True in case if password matches, False otherwise
         """
-        if username is None or password is None:
+        if password is None:
             return False  # invalid data supplied
         user = self.get_user(username)
         return user is not None and user.check_credentials(password, self.salt)
@@ -76,12 +76,12 @@ class Mapping(Auth):
         """
         return self.database.user_get(username)
 
-    async def known_username(self, username: str | None) -> bool:
+    async def known_username(self, username: str) -> bool:
         """
         check if user is known
 
         Args:
-            username(str | None): username
+            username(str): username
 
         Returns:
             bool: True in case if user is known and can be authorized and False otherwise

src/ahriman/core/auth/oauth.py

@@ -69,7 +69,8 @@ class OAuth(Mapping):
         Returns:
             str: login control as html code to insert
         """
-        return f"""<a class="nav-link" href="/api/v1/login" title="login via OAuth2"><i class="bi bi-{self.icon}"></i> login</a>"""
+        return f"""<a class="nav-link" href="/api/v1/login" title="login via OAuth2"><i class="bi bi-{
+            self.icon}"></i> login</a>"""
 
     @staticmethod
     def get_provider(name: str) -> type[aioauth_client.OAuth2Client]:

src/ahriman/core/auth/pam.py

@@ -0,0 +1,131 @@
+#
+# Copyright (c) 2021-2024 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+from grp import getgrnam
+from pwd import getpwnam
+
+from ahriman.core.auth.mapping import Mapping
+from ahriman.core.configuration import Configuration
+from ahriman.core.database import SQLite
+from ahriman.core.exceptions import CalledProcessError
+from ahriman.core.utils import check_output
+from ahriman.models.auth_settings import AuthSettings
+from ahriman.models.user_access import UserAccess
+
+
+class PAM(Mapping):
+    """
+    User authorization implementation by using default PAM
+
+    Attributes:
+        full_access_group(str): group name users of which have full access
+        permit_root_login(bool): permit login as root
+    """
+
+    def __init__(self, configuration: Configuration, database: SQLite,
+                 provider: AuthSettings = AuthSettings.PAM) -> None:
+        """
+        default constructor
+
+        Args:
+            configuration(Configuration): configuration instance
+            database(SQLite): database instance
+            provider(AuthSettings, optional): authorization type definition (Default value = AuthSettings.PAM)
+        """
+        Mapping.__init__(self, configuration, database, provider)
+        self.full_access_group = configuration.get("auth", "full_access_group")
+        self.permit_root_login = configuration.getboolean("auth", "permit_root_login", fallback=False)
+
+    @staticmethod
+    def group_members(group_name: str) -> list[str]:
+        """
+        extract current group members
+
+        Args:
+            group_name(str): group name
+
+        Returns:
+            list[str]: list of users which belong to the specified group. In case if group wasn't found, the empty list
+            will be returned
+        """
+        try:
+            group = getgrnam(group_name)
+        except KeyError:
+            return []
+        return group.gr_mem
+
+    async def check_credentials(self, username: str, password: str | None) -> bool:
+        """
+        validate user password
+
+        Args:
+            username(str): username
+            password(str | None): entered password
+
+        Returns:
+            bool: True in case if password matches, False otherwise
+        """
+        if password is None:
+            return False  # invalid data supplied
+        if not self.permit_root_login and username == "root":
+            return False  # login as root is not allowed
+        # the reason why do we call su here is that python-pam actually read shadow file
+        # and hence requires root privileges
+        try:
+            check_output("su", "--command", "true", "-", username, input_data=password)
+            return True
+        except CalledProcessError:
+            return await Mapping.check_credentials(self, username, password)
+
+    async def known_username(self, username: str) -> bool:
+        """
+        check if user is known
+
+        Args:
+            username(str): username
+
+        Returns:
+            bool: True in case if user is known and can be authorized and False otherwise
+        """
+        try:
+            _ = getpwnam(username)
+            return True
+        except KeyError:
+            return await Mapping.known_username(self, username)
+
+    async def verify_access(self, username: str, required: UserAccess, context: str | None) -> bool:
+        """
+        validate if user has access to requested resource
+
+        Args:
+            username(str): username
+            required(UserAccess): required access level
+            context(str | None): URI request path
+
+        Returns:
+            bool: True in case if user is allowed to do this request and False otherwise
+        """
+        # this method is basically inverted, first we check overrides in database and then fallback to the PAM logic
+        if (user := self.get_user(username)) is not None:
+            return user.verify_access(required)
+        # if username is in admin group, then we treat it as full access
+        if username in self.group_members(self.full_access_group):
+            return UserAccess.Full.permits(required)
+        # fallback to read-only accounts
+        return UserAccess.Read.permits(required)

src/ahriman/core/build_tools/sources.py

@@ -23,7 +23,7 @@ from pathlib import Path
 
 from ahriman.core.exceptions import CalledProcessError
 from ahriman.core.log import LazyLogging
-from ahriman.core.util import check_output, utcnow, walk
+from ahriman.core.utils import check_output, utcnow, walk
 from ahriman.models.package import Package
 from ahriman.models.pkgbuild_patch import PkgbuildPatch
 from ahriman.models.remote_source import RemoteSource

src/ahriman/core/build_tools/task.py

@@ -21,10 +21,9 @@ from pathlib import Path
 
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.configuration import Configuration
-from ahriman.core.database import SQLite
 from ahriman.core.exceptions import BuildError
 from ahriman.core.log import LazyLogging
-from ahriman.core.util import check_output
+from ahriman.core.utils import check_output
 from ahriman.models.package import Package
 from ahriman.models.pkgbuild_patch import PkgbuildPatch
 from ahriman.models.repository_paths import RepositoryPaths
@@ -38,6 +37,7 @@ class Task(LazyLogging):
         archbuild_flags(list[str]): command flags for archbuild command
         architecture(str): repository architecture
         build_command(str): build command
+        include_debug_packages(bool): whether to include debug packages or not
         makechrootpkg_flags(list[str]): command flags for makechrootpkg command
         makepkg_flags(list[str]): command flags for makepkg command
         package(Package): package definitions
@@ -63,6 +63,7 @@ class Task(LazyLogging):
 
         self.archbuild_flags = configuration.getlist("build", "archbuild_flags", fallback=[])
         self.build_command = configuration.get("build", "build_command")
+        self.include_debug_packages = configuration.getboolean("build", "include_debug_packages", fallback=True)
         self.makepkg_flags = configuration.getlist("build", "makepkg_flags", fallback=[])
         self.makechrootpkg_flags = configuration.getlist("build", "makechrootpkg_flags", fallback=[])
 
@@ -99,30 +100,35 @@ class Task(LazyLogging):
             environment=environment,
         )
 
-        # well it is not actually correct, but we can deal with it
+        package_list_command = ["makepkg", "--packagelist"]
+        if not self.include_debug_packages:
+            package_list_command.append("OPTIONS=(!debug)")  # disable debug flag manually
         packages = check_output(
-            "makepkg", "--packagelist",
+            *package_list_command,
             exception=BuildError.from_process(self.package.base),
             cwd=sources_dir,
             logger=self.logger,
             environment=environment,
         ).splitlines()
-        return [Path(package) for package in packages]
+        # some dirty magic here
+        # the filter is applied in order to make sure that result will only contain packages which were actually built
+        # e.g. in some cases packagelist command produces debug packages which were not actually built
+        return list(filter(lambda path: path.is_file(), map(Path, packages)))
 
-    def init(self, sources_dir: Path, database: SQLite, local_version: str | None) -> str | None:
+    def init(self, sources_dir: Path, patches: list[PkgbuildPatch], local_version: str | None) -> str | None:
         """
         fetch package from git
 
         Args:
             sources_dir(Path): local path to fetch
-            database(SQLite): database instance
+            patches(list[PkgbuildPatch]): list of patches for the package
             local_version(str | None): local version of the package. If set and equal to current version, it will
                 automatically bump pkgrel
 
         Returns:
             str | None: current commit sha if available
         """
-        last_commit_sha = Sources.load(sources_dir, self.package, database.patches_get(self.package.base), self.paths)
+        last_commit_sha = Sources.load(sources_dir, self.package, patches, self.paths)
         if local_version is None:
             return last_commit_sha  # there is no local package or pkgrel increment is disabled
 

src/ahriman/core/configuration/schema.py

@@ -89,6 +89,11 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                 "path_exists": True,
                 "path_type": "dir",
             },
+            "sync_files_database": {
+                "type": "boolean",
+                "coerce": "boolean",
+                "required": True,
+            },
             "use_ahriman_cache": {
                 "type": "boolean",
                 "coerce": "boolean",
@@ -110,6 +115,7 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                         "oauth_provider",
                         "oauth_scopes",
                     ]},
+                    {"allowed": ["pam"], "dependencies": ["full_access_group"]},
                 ],
             },
             "allow_read_only": {
@@ -130,6 +136,10 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                 "minlength": 32,
                 "maxlength": 64,  # we cannot verify maxlength, because base64 representation might be longer than bytes
             },
+            "full_access_group": {
+                "type": "string",
+                "empty": False,
+            },
             "max_age": {
                 "type": "integer",
                 "coerce": "integer",
@@ -147,6 +157,10 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                 "type": "string",
                 "empty": False,
             },
+            "permit_root_login": {
+                "type": "boolean",
+                "coerce": "boolean",
+            },
             "salt": {
                 "type": "string",
             },
@@ -176,6 +190,10 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                     "empty": False,
                 },
             },
+            "include_debug_packages": {
+                "type": "boolean",
+                "coerce": "boolean",
+            },
             "makepkg_flags": {
                 "type": "list",
                 "coerce": "list",

src/ahriman/core/database/migrations/m005_make_opt_depends.py

@@ -21,7 +21,7 @@ from sqlite3 import Connection
 
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.configuration import Configuration
-from ahriman.core.util import package_like
+from ahriman.core.utils import package_like
 from ahriman.models.package import Package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 

src/ahriman/core/database/migrations/m007_check_depends.py

@@ -21,7 +21,7 @@ from sqlite3 import Connection
 
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.configuration import Configuration
-from ahriman.core.util import package_like
+from ahriman.core.utils import package_like
 from ahriman.models.package import Package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 

src/ahriman/core/database/migrations/m008_packagers.py

@@ -21,7 +21,7 @@ from sqlite3 import Connection
 
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.configuration import Configuration
-from ahriman.core.util import package_like
+from ahriman.core.utils import package_like
 from ahriman.models.package import Package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 

src/ahriman/core/database/migrations/m013_dependencies.py

@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2021-2024 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+__all__ = ["steps"]
+
+
+steps = [
+    """
+    create table package_dependencies (
+        package_base text not null,
+        repository text not null,
+        dependencies json not null,
+        unique (package_base, repository)
+    )
+    """,
+]

src/ahriman/core/database/operations/__init__.py

@@ -20,6 +20,7 @@
 from ahriman.core.database.operations.auth_operations import AuthOperations
 from ahriman.core.database.operations.build_operations import BuildOperations
 from ahriman.core.database.operations.changes_operations import ChangesOperations
+from ahriman.core.database.operations.dependencies_operations import DependenciesOperations
 from ahriman.core.database.operations.logs_operations import LogsOperations
 from ahriman.core.database.operations.package_operations import PackageOperations
 from ahriman.core.database.operations.patch_operations import PatchOperations

src/ahriman/core/database/operations/changes_operations.py

@@ -64,7 +64,7 @@ class ChangesOperations(Operations):
 
     def changes_insert(self, package_base: str, changes: Changes, repository_id: RepositoryId | None = None) -> None:
         """
-        insert packages to build queue
+        insert package changes
 
         Args:
             package_base(str): package base to insert
@@ -117,27 +117,3 @@ class ChangesOperations(Operations):
                 })
 
         return self.with_connection(run, commit=True)
-
-    def hashes_get(self, repository_id: RepositoryId | None = None) -> dict[str, str]:
-        """
-        extract last commit hashes if available
-
-        Args:
-            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
-
-        Returns:
-            dict[str, str]: map of package base to its last commit hash
-        """
-
-        repository_id = repository_id or self._repository_id
-
-        def run(connection: Connection) -> dict[str, str]:
-            return {
-                row["package_base"]: row["last_commit_sha"]
-                for row in connection.execute(
-                    """select package_base, last_commit_sha from package_changes where repository = :repository""",
-                    {"repository": repository_id.id}
-                )
-            }
-
-        return self.with_connection(run)

src/ahriman/core/database/operations/dependencies_operations.py

@@ -0,0 +1,116 @@
+#
+# Copyright (c) 2021-2024 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+from sqlite3 import Connection
+
+from ahriman.core.database.operations.operations import Operations
+from ahriman.models.dependencies import Dependencies
+from ahriman.models.repository_id import RepositoryId
+
+
+class DependenciesOperations(Operations):
+    """
+    operations for dependencies table
+    """
+
+    def dependencies_get(self, package_base: str | None = None,
+                         repository_id: RepositoryId | None = None) -> dict[str, Dependencies]:
+        """
+        get dependencies for the specific package base if available
+
+        Args:
+            package_base(str | None): package base to search
+            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
+
+        Returns:
+            Dependencies: changes for the package base if available
+        """
+        repository_id = repository_id or self._repository_id
+
+        def run(connection: Connection) -> dict[str, Dependencies]:
+            return {
+                row["package_base"]: Dependencies(row["dependencies"])
+                for row in connection.execute(
+                    """
+                        select package_base, dependencies from package_dependencies
+                        where (:package_base is null or package_base = :package_base)
+                          and repository = :repository
+                        """,
+                    {
+                        "package_base": package_base,
+                        "repository": repository_id.id,
+                    }
+                )
+            }
+
+        return self.with_connection(run)
+
+    def dependencies_insert(self, package_base: str, dependencies: Dependencies,
+                            repository_id: RepositoryId | None = None) -> None:
+        """
+        insert package dependencies
+
+        Args:
+            package_base(str): package base
+            dependencies(Dependencies): package dependencies
+            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
+        """
+        repository_id = repository_id or self._repository_id
+
+        def run(connection: Connection) -> None:
+            connection.execute(
+                """
+                insert into package_dependencies
+                (package_base, repository, dependencies)
+                values
+                (:package_base, :repository, :dependencies)
+                on conflict (package_base, repository) do update set
+                dependencies = :dependencies
+                """,
+                {
+                    "package_base": package_base,
+                    "repository": repository_id.id,
+                    "dependencies": dependencies.paths,
+                })
+
+        return self.with_connection(run, commit=True)
+
+    def dependencies_remove(self, package_base: str | None, repository_id: RepositoryId | None = None) -> None:
+        """
+        remove packages dependencies
+
+        Args:
+            package_base(str | None): optional filter by package base
+            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
+        """
+        repository_id = repository_id or self._repository_id
+
+        def run(connection: Connection) -> None:
+            connection.execute(
+                """
+                delete from package_dependencies
+                where (:package_base is null or package_base = :package_base)
+                  and repository = :repository
+                """,
+                {
+                    "package_base": package_base,
+                    "repository": repository_id.id,
+                })
+
+        return self.with_connection(run, commit=True)

src/ahriman/core/database/operations/operations.py

@@ -25,6 +25,7 @@ from typing import Any, TypeVar
 
 from ahriman.core.log import LazyLogging
 from ahriman.models.repository_id import RepositoryId
+from ahriman.models.repository_paths import RepositoryPaths
 
 
 T = TypeVar("T")
@@ -38,7 +39,7 @@ class Operations(LazyLogging):
         path(Path): path to the database file
     """
 
-    def __init__(self, path: Path, repository_id: RepositoryId) -> None:
+    def __init__(self, path: Path, repository_id: RepositoryId, repository_paths: RepositoryPaths) -> None:
         """
         default constructor
 
@@ -48,6 +49,7 @@ class Operations(LazyLogging):
         """
         self.path = path
         self._repository_id = repository_id
+        self._repository_paths = repository_paths
 
     @staticmethod
     def factory(cursor: sqlite3.Cursor, row: tuple[Any, ...]) -> dict[str, Any]:

src/ahriman/core/database/operations/package_operations.py

@@ -150,34 +150,6 @@ class PackageOperations(Operations):
             """,
             package_list)
 
-    @staticmethod
-    def _package_update_insert_status(connection: Connection, package_base: str, status: BuildStatus,
-                                      repository_id: RepositoryId) -> None:
-        """
-        insert base package status into table
-
-        Args:
-            connection(Connection): database connection
-            package_base(str): package base name
-            status(BuildStatus): new build status
-            repository_id(RepositoryId): repository unique identifier
-        """
-        connection.execute(
-            """
-            insert into package_statuses
-            (package_base, status, last_updated, repository)
-            values
-            (:package_base, :status, :last_updated, :repository)
-            on conflict (package_base, repository) do update set
-            status = :status, last_updated = :last_updated
-            """,
-            {
-                "package_base": package_base,
-                "status": status.status.value,
-                "last_updated": status.timestamp,
-                "repository": repository_id.id,
-            })
-
     @staticmethod
     def _packages_get_select_package_bases(connection: Connection, repository_id: RepositoryId) -> dict[str, Package]:
         """
@@ -246,21 +218,6 @@ class PackageOperations(Operations):
             )
         }
 
-    def package_base_update(self, package: Package, repository_id: RepositoryId | None = None) -> None:
-        """
-        update package base only
-
-        Args:
-            package(Package): package properties
-            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
-        """
-        repository_id = repository_id or self._repository_id
-
-        def run(connection: Connection) -> None:
-            self._package_update_insert_base(connection, package, repository_id)
-
-        return self.with_connection(run, commit=True)
-
     def package_remove(self, package_base: str, repository_id: RepositoryId | None = None) -> None:
         """
         remove package from database
@@ -277,20 +234,18 @@ class PackageOperations(Operations):
 
         return self.with_connection(run, commit=True)
 
-    def package_update(self, package: Package, status: BuildStatus, repository_id: RepositoryId | None = None) -> None:
+    def package_update(self, package: Package, repository_id: RepositoryId | None = None) -> None:
         """
         update package status
 
         Args:
             package(Package): package properties
-            status(BuildStatus): new build status
             repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
         """
         repository_id = repository_id or self._repository_id
 
         def run(connection: Connection) -> None:
             self._package_update_insert_base(connection, package, repository_id)
-            self._package_update_insert_status(connection, package.base, status, repository_id)
             self._package_update_insert_packages(connection, package, repository_id)
             self._package_remove_packages(connection, package.base, package.packages.keys(), repository_id)
 
@@ -317,22 +272,32 @@ class PackageOperations(Operations):
 
         return self.with_connection(lambda connection: list(run(connection)))
 
-    def remotes_get(self, repository_id: RepositoryId | None = None) -> dict[str, RemoteSource]:
+    def status_update(self, package_base: str, status: BuildStatus, repository_id: RepositoryId | None = None) -> None:
         """
-        get packages remotes based on current settings
+        insert base package status into table
 
         Args:
+            package_base(str): package base name
+            status(BuildStatus): new build status
             repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
-
-        Returns:
-            dict[str, RemoteSource]: map of package base to its remote sources
         """
         repository_id = repository_id or self._repository_id
 
-        def run(connection: Connection) -> dict[str, Package]:
-            return self._packages_get_select_package_bases(connection, repository_id)
+        def run(connection: Connection) -> None:
+            connection.execute(
+                """
+                insert into package_statuses
+                (package_base, status, last_updated, repository)
+                values
+                (:package_base, :status, :last_updated, :repository)
+                on conflict (package_base, repository) do update set
+                status = :status, last_updated = :last_updated
+                """,
+                {
+                    "package_base": package_base,
+                    "status": status.status.value,
+                    "last_updated": status.timestamp,
+                    "repository": repository_id.id,
+                })
 
-        return {
-            package_base: package.remote
-            for package_base, package in self.with_connection(run).items()
-        }
+        return self.with_connection(run, commit=True)

src/ahriman/core/database/sqlite.py

@@ -25,12 +25,19 @@ from typing import Self
 
 from ahriman.core.configuration import Configuration
 from ahriman.core.database.migrations import Migrations
-from ahriman.core.database.operations import AuthOperations, BuildOperations, ChangesOperations, LogsOperations, \
-    PackageOperations, PatchOperations
+from ahriman.core.database.operations import AuthOperations, BuildOperations, ChangesOperations, \
+    DependenciesOperations, LogsOperations, PackageOperations, PatchOperations
 
 
 # pylint: disable=too-many-ancestors
-class SQLite(AuthOperations, BuildOperations, ChangesOperations, LogsOperations, PackageOperations, PatchOperations):
+class SQLite(
+        AuthOperations,
+        BuildOperations,
+        ChangesOperations,
+        DependenciesOperations,
+        LogsOperations,
+        PackageOperations,
+        PatchOperations):
     """
     wrapper for sqlite3 database
 
@@ -59,7 +66,7 @@ class SQLite(AuthOperations, BuildOperations, ChangesOperations, LogsOperations,
         path = cls.database_path(configuration)
         _, repository_id = configuration.check_loaded()
 
-        database = cls(path, repository_id)
+        database = cls(path, repository_id, configuration.repository_paths)
         database.init(configuration)
 
         return database
@@ -94,3 +101,24 @@ class SQLite(AuthOperations, BuildOperations, ChangesOperations, LogsOperations,
         if configuration.getboolean("settings", "apply_migrations", fallback=True):
             self.with_connection(lambda connection: Migrations.migrate(connection, configuration))
         paths.chown(self.path)
+
+    def package_clear(self, package_base: str) -> None:
+        """
+        completely remove package from all tables
+
+        Args:
+            package_base(str): package base to remove
+
+        Examples:
+            This method completely removes the package from all tables and must be used, e.g. on package removal::
+
+            >>> database.package_clear("ahriman")
+        """
+        self.build_queue_clear(package_base)
+        self.patches_remove(package_base, [])
+        self.logs_remove(package_base, None)
+        self.changes_remove(package_base)
+        self.dependencies_remove(package_base)
+
+        # remove local cache too
+        self._repository_paths.tree_clear(package_base)

src/ahriman/core/exceptions.py

@@ -219,6 +219,21 @@ class PackageInfoError(RuntimeError):
         RuntimeError.__init__(self, f"There are errors during reading package information: `{details}`")
 
 
+class PacmanError(RuntimeError):
+    """
+    exception in case of pacman operation errors
+    """
+
+    def __init__(self, details: Any) -> None:
+        """
+        default constructor
+
+        Args:
+            details(Any): error details
+        """
+        RuntimeError.__init__(self, f"Could not perform operation with pacman: `{details}`")
+
+
 class PathError(ValueError):
     """
     exception which will be raised on path which is not belong to root directory
@@ -330,5 +345,5 @@ class UnsafeRunError(RuntimeError):
             root_uid(int): ID of the owner of root directory
         """
         RuntimeError.__init__(self, f"Current UID {current_uid} differs from root owner {root_uid}. "
-                                    f"Note that for the most actions it is unsafe to run application as different user."
-                                    f" If you are 100% sure that it must be there try --unsafe option")
+                              f"Note that for the most actions it is unsafe to run application as different user."
+                              f" If you are 100% sure that it must be there try --unsafe option")

src/ahriman/core/formatters/aur_printer.py

@@ -18,7 +18,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 from ahriman.core.formatters.string_printer import StringPrinter
-from ahriman.core.util import pretty_datetime
+from ahriman.core.utils import pretty_datetime
 from ahriman.models.aur_package import AURPackage
 from ahriman.models.property import Property
 

src/ahriman/core/formatters/update_printer.py

@@ -18,6 +18,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 from ahriman.core.formatters.string_printer import StringPrinter
+from ahriman.core.utils import full_version, parse_version
 from ahriman.models.package import Package
 from ahriman.models.property import Property
 
@@ -41,7 +42,7 @@ class UpdatePrinter(StringPrinter):
         """
         StringPrinter.__init__(self, remote.base)
         self.package = remote
-        self.local_version = local_version or "N/A"
+        self.local_version = local_version
 
     def properties(self) -> list[Property]:
         """
@@ -50,4 +51,9 @@ class UpdatePrinter(StringPrinter):
         Returns:
             list[Property]: list of content properties
         """
-        return [Property(self.local_version, self.package.version, is_required=True)]
+        if (pkgrel := self.package.next_pkgrel(self.local_version)) is not None:
+            epoch, pkgver, _ = parse_version(self.package.version)
+            effective_new_version = full_version(epoch, pkgver, pkgrel)
+        else:
+            effective_new_version = self.package.version
+        return [Property(self.local_version or "N/A", effective_new_version, is_required=True)]

src/ahriman/core/gitremote/remote_pull.py

@@ -26,7 +26,7 @@ from ahriman.core.build_tools.sources import Sources
 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import GitRemoteError
 from ahriman.core.log import LazyLogging
-from ahriman.core.util import walk
+from ahriman.core.utils import walk
 from ahriman.models.package import Package
 from ahriman.models.package_source import PackageSource
 from ahriman.models.remote_source import RemoteSource

src/ahriman/core/gitremote/remote_push.py

@@ -25,9 +25,9 @@ from tempfile import TemporaryDirectory
 
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.configuration import Configuration
-from ahriman.core.database import SQLite
 from ahriman.core.exceptions import GitRemoteError
 from ahriman.core.log import LazyLogging
+from ahriman.core.status import Client
 from ahriman.models.package import Package
 from ahriman.models.package_source import PackageSource
 from ahriman.models.remote_source import RemoteSource
@@ -40,20 +40,20 @@ class RemotePush(LazyLogging):
 
     Attributes:
         commit_author(tuple[str, str] | None): optional commit author in form of git config
-        database(SQLite): database instance
         remote_source(RemoteSource): repository remote source (remote pull url and branch)
+        reporter(Client): reporter client used for additional information retrieval
     """
 
-    def __init__(self, database: SQLite, configuration: Configuration, section: str) -> None:
+    def __init__(self, reporter: Client, configuration: Configuration, section: str) -> None:
         """
         default constructor
 
         Args:
-            database(SQLite): database instance
+            reporter(Client): reporter client
             configuration(Configuration): configuration instance
             section(str): settings section name
         """
-        self.database = database
+        self.reporter = reporter
 
         commit_email = configuration.get(section, "commit_email", fallback="ahriman@localhost")
         commit_user = configuration.get(section, "commit_user", fallback="ahriman")
@@ -92,7 +92,7 @@ class RemotePush(LazyLogging):
             else:
                 shutil.rmtree(git_file)
         # ...copy all patches...
-        for patch in self.database.patches_get(package.base):
+        for patch in self.reporter.package_patches_get(package.base, None):
             filename = f"ahriman-{package.base}.patch" if patch.key is None else f"ahriman-{patch.key}.patch"
             patch.write(package_target_dir / filename)
         # ...and finally return path to the copied directory

src/ahriman/core/gitremote/remote_push_trigger.py

@@ -19,10 +19,9 @@
 #
 from ahriman.core import context
 from ahriman.core.configuration import Configuration
-from ahriman.core.database import SQLite
 from ahriman.core.gitremote.remote_push import RemotePush
+from ahriman.core.status import Client
 from ahriman.core.triggers import Trigger
-from ahriman.models.context_key import ContextKey
 from ahriman.models.package import Package
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.result import Result
@@ -111,10 +110,10 @@ class RemotePushTrigger(Trigger):
             GitRemoteError: if database is not set in context
         """
         ctx = context.get()
-        database = ctx.get(ContextKey("database", SQLite))
+        reporter = ctx.get(Client)
 
         for target in self.targets:
             section, _ = self.configuration.gettype(
                 target, self.repository_id, fallback=self.CONFIGURATION_SCHEMA_FALLBACK)
-            runner = RemotePush(database, self.configuration, section)
+            runner = RemotePush(reporter, self.configuration, section)
             runner.run(result)

src/ahriman/core/http/sync_ahriman_client.py

@@ -46,8 +46,8 @@ class SyncAhrimanClient(SyncHttpClient):
             request.Session: created session object
         """
         if urlparse(self.address).scheme == "http+unix":
-            import requests_unixsocket  # type: ignore[import-untyped]
-            session: requests.Session = requests_unixsocket.Session()
+            import requests_unixsocket
+            session: requests.Session = requests_unixsocket.Session()  # type: ignore[no-untyped-call]
             session.headers["User-Agent"] = f"ahriman/{__version__}"
             return session
 

src/ahriman/core/http/sync_http_client.py

@@ -38,7 +38,7 @@ class SyncHttpClient(LazyLogging):
     Attributes:
         auth(tuple[str, str] | None): HTTP basic auth object if set
         suppress_errors(bool): suppress logging of request errors
-        timeout(int): HTTP request timeout in seconds
+        timeout(int | None): HTTP request timeout in seconds
     """
 
     def __init__(self, configuration: Configuration | None = None, section: str | None = None, *,
@@ -60,7 +60,7 @@ class SyncHttpClient(LazyLogging):
         password = configuration.get(section, "password", fallback=None)
         self.auth = (username, password) if username and password else None
 
-        self.timeout = configuration.getint(section, "timeout", fallback=30)
+        self.timeout: int | None = configuration.getint(section, "timeout", fallback=30)
         self.suppress_errors = suppress_errors
 
     @cached_property
@@ -90,25 +90,27 @@ class SyncHttpClient(LazyLogging):
         result: str = exception.response.text if exception.response is not None else ""
         return result
 
-    def make_request(self, method: Literal["DELETE", "GET", "POST", "PUT"], url: str, *,
+    def make_request(self, method: Literal["DELETE", "GET", "HEAD", "POST", "PUT"], url: str, *,
                      headers: dict[str, str] | None = None,
                      params: list[tuple[str, str]] | None = None,
                      data: Any | None = None,
                      json: dict[str, Any] | None = None,
                      files: dict[str, MultipartType] | None = None,
+                     stream: bool | None = None,
                      session: requests.Session | None = None,
                      suppress_errors: bool | None = None) -> requests.Response:
         """
         perform request with specified parameters
 
         Args:
-            method(Literal["DELETE", "GET", "POST", "PUT"]): HTTP method to call
+            method(Literal["DELETE", "GET", "HEAD", "POST", "PUT"]): HTTP method to call
             url(str): remote url to call
             headers(dict[str, str] | None, optional): request headers (Default value = None)
             params(list[tuple[str, str]] | None, optional): request query parameters (Default value = None)
             data(Any | None, optional): request raw data parameters (Default value = None)
             json(dict[str, Any] | None, optional): request json parameters (Default value = None)
             files(dict[str, MultipartType] | None, optional): multipart upload (Default value = None)
+            stream(bool | None, optional): handle response as stream (Default value = None)
             session(requests.Session | None, optional): session object if any (Default value = None)
             suppress_errors(bool | None, optional): suppress logging errors (e.g. if no web server available). If none
                 set, the instance-wide value will be used (Default value = None)
@@ -124,7 +126,7 @@ class SyncHttpClient(LazyLogging):
 
         try:
             response = session.request(method, url, params=params, data=data, headers=headers, files=files, json=json,
-                                       auth=self.auth, timeout=self.timeout)
+                                       stream=stream, auth=self.auth, timeout=self.timeout)
             response.raise_for_status()
             return response
         except requests.HTTPError as ex:

src/ahriman/core/log/http_log_handler.py

@@ -22,6 +22,7 @@ import logging
 from typing import Self
 
 from ahriman.core.configuration import Configuration
+from ahriman.core.status import Client
 from ahriman.models.repository_id import RepositoryId
 
 
@@ -49,8 +50,6 @@ class HttpLogHandler(logging.Handler):
         # we don't really care about those parameters because they will be handled by the reporter
         logging.Handler.__init__(self)
 
-        # client has to be imported here because of circular imports
-        from ahriman.core.status.client import Client
         self.reporter = Client.load(repository_id, configuration, report=report)
         self.suppress_errors = suppress_errors
 
@@ -92,7 +91,7 @@ class HttpLogHandler(logging.Handler):
             return  # in case if no package base supplied we need just skip log message
 
         try:
-            self.reporter.package_logs(log_record_id, record)
+            self.reporter.package_logs_add(log_record_id, record.created, record.getMessage())
         except Exception:
             if self.suppress_errors:
                 return

src/ahriman/core/report/email.py

@@ -25,7 +25,7 @@ from email.mime.text import MIMEText
 from ahriman.core.configuration import Configuration
 from ahriman.core.report.jinja_template import JinjaTemplate
 from ahriman.core.report.report import Report
-from ahriman.core.util import pretty_datetime, utcnow
+from ahriman.core.utils import pretty_datetime, utcnow
 from ahriman.models.package import Package
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.result import Result

src/ahriman/core/report/jinja_template.py

@@ -24,7 +24,7 @@ from pathlib import Path
 
 from ahriman.core.configuration import Configuration
 from ahriman.core.sign.gpg import GPG
-from ahriman.core.util import pretty_datetime, pretty_size
+from ahriman.core.utils import pretty_datetime, pretty_size
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.result import Result
 from ahriman.models.sign_settings import SignSettings

src/ahriman/core/report/remote_call.py

@@ -106,7 +106,7 @@ class RemoteCall(Report):
                                                 "aur": self.update_aur,
                                                 "local": self.update_local,
                                                 "manual": self.update_manual,
-                                            })
+        })
         response_json = response.json()
 
         process_id: str = response_json["process_id"]

src/ahriman/core/repository/executor.py

@@ -26,9 +26,10 @@ from tempfile import TemporaryDirectory
 from ahriman.core.build_tools.task import Task
 from ahriman.core.repository.cleaner import Cleaner
 from ahriman.core.repository.package_info import PackageInfo
-from ahriman.core.util import safe_filename
+from ahriman.core.utils import safe_filename
 from ahriman.models.changes import Changes
 from ahriman.models.package import Package
+from ahriman.models.package_archive import PackageArchive
 from ahriman.models.package_description import PackageDescription
 from ahriman.models.packagers import Packagers
 from ahriman.models.result import Result
@@ -57,7 +58,8 @@ class Executor(PackageInfo, Cleaner):
             self.reporter.set_building(package.base)
             task = Task(package, self.configuration, self.architecture, self.paths)
             local_version = local_versions.get(package.base) if bump_pkgrel else None
-            commit_sha = task.init(local_path, self.database, local_version)
+            patches = self.reporter.package_patches_get(package.base, None)
+            commit_sha = task.init(local_path, patches, local_version)
             built = task.build(local_path, PACKAGER=packager_id)
             for src in built:
                 dst = self.paths.packages / src.name
@@ -76,7 +78,11 @@ class Executor(PackageInfo, Cleaner):
                     packager = self.packager(packagers, single.base)
                     last_commit_sha = build_single(single, Path(dir_name), packager.packager_id)
                     # clear changes and update commit hash
-                    self.reporter.package_changes_set(single.base, Changes(last_commit_sha))
+                    self.reporter.package_changes_update(single.base, Changes(last_commit_sha))
+                    # update dependencies list
+                    dependencies = PackageArchive(self.paths.build_directory, single, self.pacman).depends_on()
+                    self.reporter.package_dependencies_update(single.base, dependencies)
+                    # update result set
                     result.add_updated(single)
                 except Exception:
                     self.reporter.set_failed(single.base)
@@ -97,12 +103,7 @@ class Executor(PackageInfo, Cleaner):
         """
         def remove_base(package_base: str) -> None:
             try:
-                self.paths.tree_clear(package_base)  # remove all internal files
-                self.database.build_queue_clear(package_base)
-                self.database.patches_remove(package_base, [])
-                self.database.logs_remove(package_base, None)
-                self.database.changes_remove(package_base)
-                self.reporter.package_remove(package_base)  # we only update status page in case of base removal
+                self.reporter.package_remove(package_base)
             except Exception:
                 self.logger.exception("could not remove base %s", package_base)
 
@@ -117,7 +118,8 @@ class Executor(PackageInfo, Cleaner):
 
         # build package list based on user input
         result = Result()
-        requested = set(packages)
+        packages = set(packages)  # remove duplicates
+        requested = packages | {f"{package}-debug" for package in packages}  # append debug packages
         for local in self.packages():
             if local.base in packages or all(package in requested for package in local.packages):
                 packages_to_remove.update({
@@ -136,7 +138,7 @@ class Executor(PackageInfo, Cleaner):
 
         # check for packages which were requested to remove, but weren't found locally
         # it might happen for example, if there were no success build before
-        for unknown in requested:
+        for unknown in packages:
             if unknown in packages_to_remove or unknown in bases_to_remove:
                 continue
             bases_to_remove.append(unknown)

src/ahriman/core/repository/package_info.py

@@ -23,7 +23,7 @@ from tempfile import TemporaryDirectory
 
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.repository.repository_properties import RepositoryProperties
-from ahriman.core.util import package_like
+from ahriman.core.utils import package_like
 from ahriman.models.changes import Changes
 from ahriman.models.package import Package
 
@@ -43,14 +43,14 @@ class PackageInfo(RepositoryProperties):
         Returns:
             list[Package]: list of read packages
         """
-        sources = self.database.remotes_get()
+        sources = {package.base: package.remote for package, _, in self.reporter.package_get(None)}
 
         result: dict[str, Package] = {}
         # we are iterating over bases, not single packages
         for full_path in packages:
             try:
                 local = Package.from_archive(full_path, self.pacman)
-                if (source := sources.get(local.base)) is not None:
+                if (source := sources.get(local.base)) is not None:  # update source with remote
                     local.remote = source
 
                 current = result.setdefault(local.base, local)
@@ -78,7 +78,8 @@ class PackageInfo(RepositoryProperties):
         """
         with TemporaryDirectory(ignore_cleanup_errors=True) as dir_name:
             dir_path = Path(dir_name)
-            current_commit_sha = Sources.load(dir_path, package, self.database.patches_get(package.base), self.paths)
+            patches = self.reporter.package_patches_get(package.base, None)
+            current_commit_sha = Sources.load(dir_path, package, patches, self.paths)
 
             changes: str | None = None
             if current_commit_sha != last_commit_sha:
@@ -86,14 +87,21 @@ class PackageInfo(RepositoryProperties):
 
             return Changes(last_commit_sha, changes)
 
-    def packages(self) -> list[Package]:
+    def packages(self, filter_packages: Iterable[str] | None = None) -> list[Package]:
         """
         generate list of repository packages
 
+        Args:
+            filter_packages(Iterable[str] | None, optional): filter packages list by specified only
+
         Returns:
             list[Package]: list of packages properties
         """
-        return self.load_archives(filter(package_like, self.paths.repository.iterdir()))
+        packages = self.load_archives(filter(package_like, self.paths.repository.iterdir()))
+        if filter_packages:
+            packages = [package for package in packages if package.base in filter_packages]
+
+        return packages
 
     def packages_built(self) -> list[Path]:
         """

src/ahriman/core/repository/repository.py

@@ -26,7 +26,7 @@ from ahriman.core.database import SQLite
 from ahriman.core.repository.executor import Executor
 from ahriman.core.repository.update_handler import UpdateHandler
 from ahriman.core.sign.gpg import GPG
-from ahriman.models.context_key import ContextKey
+from ahriman.core.status import Client
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 from ahriman.models.repository_id import RepositoryId
 
@@ -89,11 +89,12 @@ class Repository(Executor, UpdateHandler):
         # directly without loader
         ctx = _Context()
 
-        ctx.set(ContextKey("database", SQLite), self.database)
-        ctx.set(ContextKey("configuration", Configuration), self.configuration)
-        ctx.set(ContextKey("pacman", Pacman), self.pacman)
-        ctx.set(ContextKey("sign", GPG), self.sign)
+        ctx.set(SQLite, self.database)
+        ctx.set(Configuration, self.configuration)
+        ctx.set(Pacman, self.pacman)
+        ctx.set(GPG, self.sign)
+        ctx.set(Client, self.reporter)
 
-        ctx.set(ContextKey("repository", type(self)), self)
+        ctx.set(type(self), self)
 
         context.set(ctx)

src/ahriman/core/repository/repository_properties.py

@@ -23,7 +23,7 @@ from ahriman.core.configuration import Configuration
 from ahriman.core.database import SQLite
 from ahriman.core.log import LazyLogging
 from ahriman.core.sign.gpg import GPG
-from ahriman.core.status.client import Client
+from ahriman.core.status import Client
 from ahriman.core.triggers import TriggerLoader
 from ahriman.models.packagers import Packagers
 from ahriman.models.pacman_synchronization import PacmanSynchronization
@@ -75,7 +75,7 @@ class RepositoryProperties(LazyLogging):
         self.pacman = Pacman(repository_id, configuration, refresh_database=refresh_pacman_database)
         self.sign = GPG(configuration)
         self.repo = Repo(self.name, self.paths, self.sign.repository_sign_args)
-        self.reporter = Client.load(repository_id, configuration, report=report)
+        self.reporter = Client.load(repository_id, configuration, database, report=report)
         self.triggers = TriggerLoader.load(repository_id, configuration)
 
     @property

src/ahriman/core/repository/update_handler.py

@@ -55,17 +55,13 @@ class UpdateHandler(PackageInfo, Cleaner):
                     continue
             raise UnknownPackageError(package.base)
 
-        local_versions = {package.base: package.version for package in self.packages()}
-
         result: list[Package] = []
-        for local in self.packages():
-            with self.in_package_context(local.base, local_versions.get(local.base)):
+        for local in self.packages(filter_packages):
+            with self.in_package_context(local.base, local.version):
                 if not local.remote.is_remote:
                     continue  # avoid checking local packages
                 if local.base in self.ignore_list:
                     continue
-                if filter_packages and local.base not in filter_packages:
-                    continue
 
                 try:
                     remote = load_remote(local)
@@ -82,6 +78,45 @@ class UpdateHandler(PackageInfo, Cleaner):
 
         return result
 
+    def updates_dependencies(self, filter_packages: Iterable[str]) -> list[Package]:
+        """
+        check packages which ae required to be rebuilt based on dynamic dependencies (e.g. linking, modules paths, etc.)
+
+        Args:
+            filter_packages(Iterable[str]): do not check every package just specified in the list
+
+        Returns:
+            list[Package]: list of packages for which there is breaking linking
+        """
+        def extract_files(lookup_packages: Iterable[str]) -> dict[str, set[str]]:
+            database_files = self.pacman.files(lookup_packages)
+            files: dict[str, set[str]] = {}
+            for package_name, package_files in database_files.items():  # invert map
+                for package_file in package_files:
+                    files.setdefault(package_file, set()).add(package_name)
+
+            return files
+
+        result: list[Package] = []
+        for package in self.packages(filter_packages):
+            dependencies = self.reporter.package_dependencies_get(package.base)
+            if not dependencies.paths:
+                continue  # skip check if no package dependencies found
+
+            required_packages = {dep for dep_packages in dependencies.paths.values() for dep in dep_packages}
+            filesystem = extract_files(required_packages)
+
+            for path, packages in dependencies.paths.items():
+                found = filesystem.get(path, set())
+                if found.intersection(packages):
+                    continue
+
+                # there are no packages found in filesystem with the same paths
+                result.append(package)
+                break
+
+        return result
+
     def updates_local(self, *, vcs: bool) -> list[Package]:
         """
         check local packages for updates