feat: add support of pam authentication

Add naive implementation of user password check by calling su command.
Also change some authentication method to require username to be string
instead of optional string

.github/workflows/setup.sh

@@ -10,7 +10,7 @@ echo -e '[arcanisrepo]\nServer = https://repo.arcanis.me/$arch\nSigLevel = Never
 # refresh the image
 pacman -Syu --noconfirm
 # main dependencies
-pacman -Sy --noconfirm devtools git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo python-systemd sudo
+pacman -Sy --noconfirm devtools git pyalpm python-cerberus python-inflection python-passlib python-pyelftools python-requests python-srcinfo python-systemd sudo
 # make dependencies
 pacman -Sy --noconfirm --asdeps base-devel python-build python-flit python-installer python-tox python-wheel
 # optional dependencies

Dockerfile

@@ -32,11 +32,11 @@ RUN useradd -m -d "/home/build" -s "/usr/bin/nologin" build && \
 COPY "docker/install-aur-package.sh" "/usr/local/bin/install-aur-package"
 ## install package dependencies
 ## darcs is not installed by reasons, because it requires a lot haskell packages which dramatically increase image size
-RUN pacman -Sy --noconfirm --asdeps devtools git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo && \
+RUN pacman -Sy --noconfirm --asdeps devtools git pyalpm python-cerberus python-inflection python-passlib python-pyelftools python-requests python-srcinfo && \
     pacman -Sy --noconfirm --asdeps base-devel python-build python-flit python-installer python-wheel && \
-    pacman -Sy --noconfirm --asdeps breezy git mercurial python-aiohttp python-boto3 python-cryptography python-jinja python-requests-unixsocket python-systemd rsync subversion && \
+    pacman -Sy --noconfirm --asdeps breezy git mercurial python-aiohttp python-boto3 python-cryptography python-jinja python-systemd rsync subversion && \
     runuser -u build -- install-aur-package python-aioauth-client python-webargs python-aiohttp-apispec-git python-aiohttp-cors \
-                                            python-aiohttp-jinja2 python-aiohttp-session python-aiohttp-security
+                                            python-aiohttp-jinja2 python-aiohttp-session python-aiohttp-security python-requests-unixsocket2
 
 ## FIXME since 1.0.4 devtools requires dbus to be run, which doesn't work now in container
 COPY "docker/systemd-nspawn.sh" "/usr/local/bin/systemd-nspawn"

docs/ahriman.core.alpm.rst

@@ -20,6 +20,14 @@ ahriman.core.alpm.pacman module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.alpm.pacman\_database module
+-----------------------------------------
+
+.. automodule:: ahriman.core.alpm.pacman_database
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.core.alpm.repo module
 -----------------------------
 

docs/ahriman.core.database.migrations.rst

@@ -108,6 +108,14 @@ ahriman.core.database.migrations.m012\_last\_commit\_sha module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.database.migrations.m013\_dependencies module
+----------------------------------------------------------
+
+.. automodule:: ahriman.core.database.migrations.m013_dependencies
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 Module contents
 ---------------
 

docs/ahriman.core.database.operations.rst

@@ -28,6 +28,14 @@ ahriman.core.database.operations.changes\_operations module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.database.operations.dependencies\_operations module
+----------------------------------------------------------------
+
+.. automodule:: ahriman.core.database.operations.dependencies_operations
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.core.database.operations.logs\_operations module
 --------------------------------------------------------
 

docs/ahriman.core.rst

@@ -52,10 +52,10 @@ ahriman.core.tree module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.core.util module
-------------------------
+ahriman.core.utils module
+-------------------------
 
-.. automodule:: ahriman.core.util
+.. automodule:: ahriman.core.utils
    :members:
    :no-undoc-members:
    :show-inheritance:

docs/ahriman.core.status.rst

@@ -12,6 +12,14 @@ ahriman.core.status.client module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.core.status.local\_client module
+----------------------------------------
+
+.. automodule:: ahriman.core.status.local_client
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.core.status.watcher module
 ----------------------------------
 

docs/ahriman.models.rst

@@ -60,6 +60,22 @@ ahriman.models.counters module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.models.dependencies module
+----------------------------------
+
+.. automodule:: ahriman.models.dependencies
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
+ahriman.models.filesystem\_package module
+-----------------------------------------
+
+.. automodule:: ahriman.models.filesystem_package
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.models.internal\_status module
 --------------------------------------
 
@@ -108,6 +124,14 @@ ahriman.models.package module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.models.package\_archive module
+--------------------------------------
+
+.. automodule:: ahriman.models.package_archive
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.models.package\_description module
 ------------------------------------------
 

docs/ahriman.web.schemas.rst

@@ -44,6 +44,14 @@ ahriman.web.schemas.counters\_schema module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.web.schemas.dependencies\_schema module
+-----------------------------------------------
+
+.. automodule:: ahriman.web.schemas.dependencies_schema
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.web.schemas.error\_schema module
 ----------------------------------------
 
@@ -156,6 +164,14 @@ ahriman.web.schemas.package\_status\_schema module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.web.schemas.package\_version\_schema module
+---------------------------------------------------
+
+.. automodule:: ahriman.web.schemas.package_version_schema
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.web.schemas.pagination\_schema module
 ---------------------------------------------
 

docs/ahriman.web.views.v1.packages.rst

@@ -12,6 +12,14 @@ ahriman.web.views.v1.packages.changes module
    :no-undoc-members:
    :show-inheritance:
 
+ahriman.web.views.v1.packages.dependencies module
+-------------------------------------------------
+
+.. automodule:: ahriman.web.views.v1.packages.dependencies
+   :members:
+   :no-undoc-members:
+   :show-inheritance:
+
 ahriman.web.views.v1.packages.logs module
 -----------------------------------------
 

docs/architecture.rst

@@ -192,6 +192,7 @@ Idea is to add package to a build queue from which it will be handled automatica
 
 * If supplied argument is file, then application moves the file to the directory with built packages. Same rule applies for directory, but in this case it copies every package-like file from the specified directory.
 * If supplied argument is directory and there is ``PKGBUILD`` file there, it will be treated as local package. In this case it will queue this package to build and copy source files (``PKGBUILD`` and ``.SRCINFO``) to caches.
+* If supplied argument looks like URL (i.e. it has scheme - e.g. ``http://`` which is neither ``data`` nor ``file``), it tries to download the package from the specified remote source.
 * If supplied argument is not file then application tries to lookup for the specified name in AUR and clones it into the directory with manual updates. This scenario can also handle package dependencies which are missing in repositories.
 
 This logic can be overwritten by specifying the ``source`` parameter, which is partially useful if you would like to add package from AUR, but there is local directory cloned from AUR. Also official repositories calls are hidden behind explicit source definition.
@@ -206,10 +207,20 @@ Remove packages
 
 This flow removes package from filesystem, updates repository database and also runs synchronization and reporting methods.
 
+Check outdated packages
+^^^^^^^^^^^^^^^^^^^^^^^
+
+There are few ways for packages to be marked as out-of-date and hence requiring rebuild. Those are following:
+
+#. User requested update of the package. It can be caused by calling ``package-add`` subcommand (or ``package-update`` with arguments).
+#. The most common way for packages to be marked as out-of-dated is that the version in AUR (or the official repositories) is newer than in the repository.
+#. In addition to the above, if package is named as VCS (e.g. has suffix ``-git``) and the last update was more than specified threshold ago, the service will also try to fetch sources and check if the revision is newer than the built one.
+#. In addition, there is ability to check if the dependencies of the package have been updated (e.g. if linked library has been renamed or the modules directory - e.g. in case of python and ruby packages - has been changed). And if so, the package will be marked as out-of-dated as well.
+
 Update packages
 ^^^^^^^^^^^^^^^
 
-This feature is divided into to the following stages: check AUR for updates and run rebuild for required packages. Whereas check does not do anything except for check itself, update flow is the following:
+This feature is divided into to the following stages: check AUR for updates and run rebuild for required packages. The package update flow is the following:
 
 #. Process every built package first. Those packages are usually added manually.
 #. Run sync and report methods.
@@ -259,6 +270,24 @@ The application is able to automatically bump package release (``pkgrel``) durin
 #. If it has ``major.minor`` notation (e.g. ``1.1``), then increment last part by 1, e.g. ``1.1 -> 1.2``, ``1.0.1 -> 1.0.2``.
 #. If ``pkgrel`` is a number (e.g. ``1``), then append 1 to the end of the string, e.g. ``1 -> 1.1``.
 
+Implicit dependencies resolution
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In addition to the depends/optional/make/check depends lists the server also handles implicit dependencies. After success build, the application traverse through the build tree and finds
+
+* Libraries to which the binaries (ELF-files) are linked. To do so, the ``NEEDED`` section of the ELF-files are read.
+* Directories which contains files of the package, but do not belong to this package. This case covers, for example, python and ruby submodules.
+
+Having the initial dependencies tree, the application is looking for packages which contains those (both files and directories) paths and creates the initial packages list. After that, the packages list is reduced in the following way:
+
+* From any leaf exclude the package itself and possible debug packages.
+* If the entry (i.e. file or directory) belongs to the package which is in base group, it will be removed.
+* If there is a package which depends on the another package which provide the same entry, the package will be removed.
+* After that, if there is a package which *optionally* depends on the another package in the remaining list, the package will be removed.
+* And finally, if there is any path, which is the child of the entry, and it contains the same package, the package from the smaller entry will be removed.
+
+All those implicit dependencies are stored in the database and extracted on each check. In case if any of the repository packages doesn't contain any entry anymore (e.g. so version has been changed or modules directory has been changed), the dependent package will be marked as out-of-dated.
+
 Core functions reference
 ------------------------
 
@@ -366,7 +395,7 @@ Web application requires the following python packages to be installed:
 * Additional web features also require ``aiohttp-apispec`` (autogenerated documentation), ``aiohttp_cors`` (CORS support, required by documentation).
 * In addition, authorization feature requires ``aiohttp_security``, ``aiohttp_session`` and ``cryptography``.
 * In addition to base authorization dependencies, OAuth2 also requires ``aioauth-client`` library.
-* In addition if you would like to disable authorization for local access (recommended way in order to run the application itself with reporting support), the ``requests-unixsocket`` library is required.
+* In addition if you would like to disable authorization for local access (recommended way in order to run the application itself with reporting support), the ``requests-unixsocket2`` library is required.
 
 Middlewares
 ^^^^^^^^^^^

docs/configuration.rst

@@ -53,6 +53,7 @@ libalpm and AUR related configuration. Group name can refer to architecture, e.g
 * ``mirror`` - package database mirror used by pacman for synchronization, string, required. This option supports standard pacman substitutions with ``$arch`` and ``$repo``. Note that the mentioned mirror should contain all repositories which are set by ``alpm.repositories`` option.
 * ``repositories`` - list of pacman repositories, used for package search, space separated list of strings, required.
 * ``root`` - root for alpm library, string, required. In the most cases it must point to the system root.
+* ``sync_files_database`` - download files database from mirror, boolean, required.
 * ``use_ahriman_cache`` - use local pacman package cache instead of system one, boolean, required. With this option enabled you might want to refresh database periodically (available as additional flag for some subcommands). If set to ``no``, databases must be synchronized manually.
 
 ``auth`` group
@@ -60,15 +61,17 @@ libalpm and AUR related configuration. Group name can refer to architecture, e.g
 
 Base authorization settings. ``OAuth`` provider requires ``aioauth-client`` library to be installed.
 
-* ``target`` - specifies authorization provider, string, optional, default ``disabled``. Allowed values are ``disabled``, ``configuration``, ``oauth``.
+* ``target`` - specifies authorization provider, string, optional, default ``disabled``. Allowed values are ``disabled``, ``configuration``, ``oauth``, ``pam``.
 * ``allow_read_only`` - allow requesting status APIs without authorization, boolean, required.
 * ``client_id`` - OAuth2 application client ID, string, required in case if ``oauth`` is used.
 * ``client_secret`` - OAuth2 application client secret key, string, required in case if ``oauth`` is used.
 * ``cookie_secret_key`` - secret key which will be used for cookies encryption, string, optional. It must be 32 bytes URL-safe base64-encoded and can be generated as following ``base64.urlsafe_b64encode(os.urandom(32)).decode("utf8")``. If not set, it will be generated automatically; note, however, that in this case, all sessions will be automatically invalidated during the service restart.
+* ``full_access_group`` - name of the secondary group (e.g. ``wheel``) to be used as admin group in the service, string, required in case if ``pam`` is used.
 * ``max_age`` - parameter which controls both cookie expiration and token expiration inside the service in seconds, integer, optional, default is 7 days.
 * ``oauth_icon`` - OAuth2 login button icon, string, optional, default is ``google``. Must be valid `Bootstrap icon <https://icons.getbootstrap.com/>`__ name.
 * ``oauth_provider`` - OAuth2 provider class name as is in ``aioauth-client`` (e.g. ``GoogleClient``, ``GithubClient`` etc), string, required in case if ``oauth`` is used.
 * ``oauth_scopes`` - scopes list for OAuth2 provider, which will allow retrieving user email (which is used for checking user permissions), e.g. ``https://www.googleapis.com/auth/userinfo.email`` for ``GoogleClient`` or ``user:email`` for ``GithubClient``, space separated list of strings, required in case if ``oauth`` is used.
+* ``permit_root_login`` - allow login as root user, boolean, optional, default ``no``.
 * ``salt`` - additional password hash salt, string, optional.
 
 Authorized users are stored inside internal database, if any of external providers (e.g. ``oauth``) are used, the password field for non-service users must be empty.

docs/faq.rst

@@ -208,6 +208,18 @@ This command will prompt for new value of the PKGBUILD variable ``version``. You
 
    sudo -u ahriman ahriman patch-add ahriman version version.patch
 
+The command also supports arrays, but in this case you need to specify full array, e.g.
+
+.. code-block:: shell
+
+   sudo -u ahriman ahriman patch-add ahriman depends
+
+   Post new function or variable value below. Press Ctrl-D to finish:
+   (python python-aiohttp)
+   ^D
+
+will set depends PKGBUILD variable (exactly) to array ``["python", "python-aiohttp"]``.
+
 Alternatively you can create full-diff patches, which are calculated by using ``git diff`` from current PKGBUILD master branch:
 
 #.
@@ -463,7 +475,7 @@ The following environment variables are supported:
 * ``AHRIMAN_REPOSITORY`` - repository name, default is ``aur-clone``.
 * ``AHRIMAN_REPOSITORY_SERVER`` - optional override for the repository URL. Useful if you would like to download packages from remote instead of local filesystem.
 * ``AHRIMAN_REPOSITORY_ROOT`` - repository root. Because of filesystem rights it is required to override default repository root. By default, it uses ``ahriman`` directory inside ahriman's home, which can be passed as mount volume.
-* ``AHRIMAN_UNIX_SOCKET`` - full path to unix socket which is used by web server, default is empty. Note that more likely you would like to put it inside ``AHRIMAN_REPOSITORY_ROOT`` directory (e.g. ``/var/lib/ahriman/ahriman/ahriman-web.sock``) or to ``/tmp``.
+* ``AHRIMAN_UNIX_SOCKET`` - full path to unix socket which is used by web server, default is empty. Note that more likely you would like to put it inside ``AHRIMAN_REPOSITORY_ROOT`` directory (e.g. ``/var/lib/ahriman/ahriman/ahriman-web.sock``) or to ``/run/ahriman``.
 * ``AHRIMAN_USER`` - ahriman user, usually must not be overwritten, default is ``ahriman``.
 * ``AHRIMAN_VALIDATE_CONFIGURATION`` - if set (default) validate service configuration.
 
@@ -1301,12 +1313,12 @@ How to enable basic authorization
    The ``salt`` parameter is optional, but recommended, and can be set to any (random) string.
 
 #.
-   In order to provide access for reporting from application instances you can (the recommended way) use unix sockets by the following configuration (note, that it requires ``python-requests-unixsocket`` package to be installed):
+   In order to provide access for reporting from application instances you can (the recommended way) use unix sockets by the following configuration (note, that it requires ``python-requests-unixsocket2`` package to be installed):
 
    .. code-block:: ini
 
       [web]
-      unix_socket = /var/lib/ahriman/ahriman-web.sock
+      unix_socket = /run/ahriman/ahriman-web.sock
 
    This socket path must be available for web service instance and must be available for all application instances (e.g. in case if you are using docker container - see above - you need to make sure that the socket is passed to the root filesystem).
 

package/archlinux/PKGBUILD

@@ -1,13 +1,13 @@
 # Maintainer: Evgeniy Alekseev
 
 pkgname='ahriman'
-pkgver=2.13.6
+pkgver=2.13.8
 pkgrel=1
 pkgdesc="ArcH linux ReposItory MANager"
 arch=('any')
 url="https://github.com/arcan1s/ahriman"
 license=('GPL3')
-depends=('devtools>=1:1.0.0' 'git' 'pyalpm' 'python-cerberus' 'python-inflection' 'python-passlib' 'python-requests' 'python-srcinfo')
+depends=('devtools>=1:1.0.0' 'git' 'pyalpm' 'python-cerberus' 'python-inflection' 'python-passlib' 'python-pyelftools' 'python-requests' 'python-srcinfo')
 makedepends=('python-build' 'python-flit' 'python-installer' 'python-wheel')
 optdepends=('breezy: -bzr packages support'
             'darcs: -darcs packages support'
@@ -21,7 +21,7 @@ optdepends=('breezy: -bzr packages support'
             'python-aiohttp-session: web server with authorization'
             'python-boto3: sync to s3'
             'python-cryptography: web server with authorization'
-            'python-requests-unixsocket: client report to web server by unix socket'
+            'python-requests-unixsocket2: client report to web server by unix socket'
             'python-jinja: html report generation'
             'python-systemd: journal support'
             'rsync: sync by using rsync'

package/archlinux/ahriman.tmpfiles

@@ -1 +1,2 @@
-d /var/lib/ahriman 0755 ahriman ahriman
+d /var/lib/ahriman 0755 ahriman ahriman
+d /run/ahriman 0755 ahriman ahriman

package/share/ahriman/settings/ahriman.ini

@@ -17,6 +17,8 @@ mirror = https://geo.mirror.pkgbuild.com/$repo/os/$arch
 repositories = core extra multilib
 ; Pacman's root directory. In the most cases it must point to the system root.
 root = /
+; Sync files databases too, which is required by deep dependencies check
+sync_files_database = yes
 ; Use local packages cache. If this option is enabled, the service will be able to synchronize databases (available
 ; as additional option for some subcommands). If set to no, databases must be synchronized manually.
 use_ahriman_cache = yes
@@ -32,6 +34,8 @@ allow_read_only = yes
 ; Cookie secret key to be used for cookies encryption. Must be valid 32 bytes URL-safe base64-encoded string.
 ; If not set, it will be generated automatically.
 ;cookie_secret_key =
+; Name of the secondary group to be used as admin group in the service.
+;full_access_group = wheel
 ; Authentication cookie expiration in seconds.
 ;max_age = 604800
 ; OAuth2 provider icon for the web interface.
@@ -40,6 +44,8 @@ allow_read_only = yes
 ;oauth_provider = GoogleClient
 ; Scopes list for OAuth2 provider. Required if oauth is used.
 ;oauth_scopes = https://www.googleapis.com/auth/userinfo.email
+; Allow login as root user (only if PAM is used).
+;permit_root_login = no
 ; Optional password salt.
 ;salt =
 

package/share/ahriman/templates/api.jinja2

@@ -6,8 +6,8 @@
 
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <!-- Embed elements Elements via Web Component -->
-    <script src="https://cdn.jsdelivr.net/npm/@stoplight/elements@7.13.7/web-components.min.js" integrity="sha384-aKMPitODat9Dqj3Mva9Rs9jS5Z3KPSW0sFlAOazuULJMFYhAfmORI5SlH9aWIst8" crossorigin="anonymous" type="application/javascript"></script>
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@stoplight/elements@7.13.7/styles.min.css" integrity="sha384-wPzTs1aFAoGq9gqp9NAs2YVTkFXcU2d6Bx11aKRFhVw2B7o1bCwaV9pGHTlUfD2+" crossorigin="anonymous" type="text/css">
+    <script src="https://cdn.jsdelivr.net/npm/@stoplight/elements@7.13.7/web-components.min.js" crossorigin="anonymous" type="application/javascript"></script>
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@stoplight/elements@7.13.7/styles.min.css" crossorigin="anonymous" type="text/css">
 </head>
 <body>
 

package/share/ahriman/templates/build-status/alerts.jinja2

@@ -21,7 +21,7 @@
 
         alertPlaceholder.append(wrapper);
         const toast = new bootstrap.Toast(wrapper);
-        wrapper.addEventListener("hidden.bs.toast", () => {
+        wrapper.addEventListener("hidden.bs.toast", _ => {
             wrapper.remove();  // bootstrap doesn't remove elements
             (action || reload)();
         });

package/share/ahriman/templates/build-status/key-import-modal.jinja2

@@ -87,8 +87,8 @@
         }
     }
 
-    $(() => {
-        keyImportModal.on("hidden.bs.modal", () => {
+    $(_ => {
+        keyImportModal.on("hidden.bs.modal", _ => {
             keyImportBodyInput.text("");
             keyImportForm.trigger("reset");
         });

package/share/ahriman/templates/build-status/login-modal.jinja2

@@ -53,10 +53,13 @@
                 contentType: "application/json",
                 success: _ => {
                     loginModal.modal("hide");
-                    showSuccess("Logged in", `Successfully logged in as ${username}`, () => location.href = "/");
+                    showSuccess("Logged in", `Successfully logged in as ${username}`, _ => location.href = "/");
                 },
                 error: (jqXHR, _, errorThrown) => {
-                    const message = _ => `Could not login as ${username}`;
+                    const message = _ =>
+                        username === "admin" && password === "admin"
+                            ? "You've entered a password for user \"root\", did you make a typo in username?"
+                            : `Could not login as ${username}`;
                     showFailure("Login error", message, jqXHR, errorThrown);
                 },
             });
@@ -75,8 +78,8 @@
         }
     }
 
-    $(() => {
-        loginModal.on("hidden.bs.modal", () => {
+    $(_ => {
+        loginModal.on("hidden.bs.modal", _ => {
             loginForm.trigger("reset");
         });
     });

package/share/ahriman/templates/build-status/package-add-modal.jinja2

@@ -126,18 +126,18 @@
         }
     }
 
-    $(() => {
-        packageAddModal.on("shown.bs.modal", () => {
+    $(_ => {
+        packageAddModal.on("shown.bs.modal", _ => {
             $(`#package-add-repository-input option[value="${repository.architecture}-${repository.repository}"]`).prop("selected", true);
         });
-        packageAddModal.on("hidden.bs.modal", () => {
+        packageAddModal.on("hidden.bs.modal", _ => {
             packageAddVariablesDiv.empty();
             packageAddForm.trigger("reset");
         });
 
-        packageAddInput.keyup(() => {
+        packageAddInput.keyup(_ => {
             clearTimeout(packageAddInput.data("timeout"));
-            packageAddInput.data("timeout", setTimeout($.proxy(() => {
+            packageAddInput.data("timeout", setTimeout($.proxy(_ => {
                 const value = packageAddInput.val();
 
                 if (value.length >= 3) {

package/share/ahriman/templates/build-status/package-info-modal.jinja2

@@ -290,8 +290,8 @@
         if (isPackageBaseSet) packageInfoModal.modal("show");
     }
 
-    $(() => {
-        packageInfoModal.on("hidden.bs.modal", () => {
+    $(_ => {
+        packageInfoModal.on("hidden.bs.modal", _ => {
             packageInfoAurUrl.empty();
             packageInfoDepends.empty();
             packageInfoGroups.empty();

package/share/ahriman/templates/build-status/package-rebuild-modal.jinja2

@@ -50,11 +50,11 @@
         }
     }
 
-    $(() => {
-        packageRebuildModal.on("shown.bs.modal", () => {
+    $(_ => {
+        packageRebuildModal.on("shown.bs.modal", _ => {
             $(`#package-rebuild-repository-input option[value="${repository.architecture}-${repository.repository}"]`).prop("selected", true);
 
         });
-        packageRebuildModal.on("hidden.bs.modal", () => { packageRebuildForm.trigger("reset"); });
+        packageRebuildModal.on("hidden.bs.modal", _ => { packageRebuildForm.trigger("reset"); });
     });
 </script>

package/share/ahriman/templates/build-status/table.jinja2

@@ -182,7 +182,7 @@
         return {classes: cellClass(value)};
     }
 
-    $(() => {
+    $(_ => {
         $("#repositories a").on("click", event => {
             const element = event.target;
             repository = {
@@ -194,7 +194,7 @@
             reload();
         });
 
-        table.on("check.bs.table uncheck.bs.table check-all.bs.table uncheck-all.bs.table", () => {
+        table.on("check.bs.table uncheck.bs.table check-all.bs.table uncheck-all.bs.table", _ => {
             packageRemoveButton.prop("disabled", !table.bootstrapTable("getSelections").length);
         });
         table.on("click-row.bs.table", (self, data, row, cell) => {
@@ -203,7 +203,7 @@
                 table.bootstrapTable(method, {field: "id", values: [data.id]});
             } else showPackageInfo(data.id);
         });
-        table.on("created-controls.bs.table", () => {
+        table.on("created-controls.bs.table", _ => {
             const pickerInput = $(".bootstrap-table-filter-control-timestamp");
             pickerInput.daterangepicker({
                 autoUpdateInput: false,
@@ -217,7 +217,7 @@
                 table.bootstrapTable("triggerSearch");
             });
 
-            pickerInput.on("cancel.daterangepicker", () => {
+            pickerInput.on("cancel.daterangepicker", _ => {
                 pickerInput.val("");
                 table.bootstrapTable("triggerSearch");
             });

package/share/ahriman/templates/repo-index.jinja2

@@ -123,8 +123,8 @@ SigLevel = Database{% if has_repo_signed %}Required{% else %}Never{% endif %} Pa
                 return extractDataList(table.bootstrapTable("getData"), "licenses");
             }
 
-            $(() => {
-                table.on("created-controls.bs.table", () => {
+            $(_ => {
+                table.on("created-controls.bs.table", _ => {
                     const pickerInput = $(".bootstrap-table-filter-control-timestamp");
                     pickerInput.daterangepicker({
                         autoUpdateInput: false,
@@ -138,7 +138,7 @@ SigLevel = Database{% if has_repo_signed %}Required{% else %}Never{% endif %} Pa
                         table.bootstrapTable("triggerSearch");
                     });
 
-                    pickerInput.on("cancel.daterangepicker", () => {
+                    pickerInput.on("cancel.daterangepicker", _ => {
                         pickerInput.val("");
                         table.bootstrapTable("triggerSearch");
                     });

package/share/ahriman/templates/utils/bootstrap-scripts.jinja2

@@ -1,21 +1,21 @@
-<script src="https://cdn.jsdelivr.net/npm/jquery@3.7.1/dist/jquery.min.js" integrity="sha384-1H217gwSVyLSIfaLxHbE7dRb3v4mYCKbpQvzx0cegeju1MVsGrX5xXxAvs/HgeFs" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/jquery@3.7.1/dist/jquery.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/npm/moment@2.29.4/moment.min.js" integrity="sha384-4ZTAzTbfB8H7hkWtXbyNDzDvxirmBT7EmURIvfOJ3Foympc+OD9p+bZNNENaJXgW" crossorigin="anonymous" type="application/javascript"></script>
-<script src="https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.min.js" integrity="sha384-Gn1XZMJEKL3ycoWq97jYAl+FP3vXQYE2ObBgzgcPMKOZdUZdF6ZuyUxbGC2bAnUT" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/moment@2.29.4/moment.min.js" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/npm/tableexport.jquery.plugin@1.28.0/tableExport.min.js" integrity="sha384-1Rz4Kz/y1rSWw+ZsjTcxB684XgofbO8iizY+UFIzCwFeQ+QUyhBNWBMh/STOyomI" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/tableexport.jquery.plugin@1.28.0/tableExport.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/npm/jquery-resizable-columns@0.2.3/dist/jquery.resizableColumns.min.js" integrity="sha384-IazMVNyYoUNx6357fWJoqtHYUWWCNHIXxFVtbpVgvImQNWuRP2WbHPaIb3QF8j97" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/jquery-resizable-columns@0.2.3/dist/jquery.resizableColumns.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.8/dist/umd/popper.min.js" integrity="sha384-I7E8VVD/ismYTF4hNIPjVp/Zjvgyol6VFvRkX/vR+Vc4jQkC+hVqc2pM8ODewa9r" crossorigin="anonymous" type="application/javascript"></script>
-<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.min.js" integrity="sha384-BBtl+eGJRgqQAUMxJ7pMwbEyER4l1g+O15P+16Ep7Q9Q+zqX6gSbd85u4mG4QzX+" crossorigin="anonymous" type="application/javascript"></script>
-<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/bootstrap-table.min.js" integrity="sha384-GVLHfbEvuGA/RFiQ3MK2ClEJkWYJXABg55t9LpoDPZFGIsSq8xhFlQydm5poV2jW" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.8/dist/umd/popper.min.js" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.min.js" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/bootstrap-table.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/export/bootstrap-table-export.min.js" integrity="sha384-g9OAB1Moamcy8+l1Q/tajHlMf6NTkS79ehKLTYbA80aQRbRhFCjrSuezv+FE2Kwe" crossorigin="anonymous" type="application/javascript"></script>
-<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/resizable/bootstrap-table-resizable.js" integrity="sha384-wd8Vc6Febikdnsnk9vthRWRvMwffw246vhqiqNO3aSNe1maTEA07Vh3zAQiSyDji" crossorigin="anonymous" type="application/javascript"></script>
-<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/filter-control/bootstrap-table-filter-control.js" integrity="sha384-NIqcjpr/3eZI1iNzz7hgT5rgp70qFUzkZffeCgVva9gi80B5vqcm7gn+8QvlWxko" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/export/bootstrap-table-export.min.js" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/resizable/bootstrap-table-resizable.js" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/filter-control/bootstrap-table-filter-control.js" crossorigin="anonymous" type="application/javascript"></script>
 
-<script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/highlight.min.js" integrity="sha384-F/bZzf7p3Joyp5psL90p/p89AZJsndkSoGwRpXcZhleCWhd8SnRuoYo4d0yirjJp" crossorigin="anonymous" type="application/javascript"></script>
+<script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/highlight.min.js" crossorigin="anonymous" type="application/javascript"></script>
 
 <script>
     async function copyToClipboard(text, button) {

package/share/ahriman/templates/utils/style.jinja2

@@ -1,17 +1,17 @@
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous" type="text/css">
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css" integrity="sha384-4LISF5TTJX/fLmGSxO53rV4miRxdg84mZsxmO8Rx5jGtp/LbrixFETvWa5a6sESd" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.1/font/bootstrap-icons.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/bootstrap-table.min.css" integrity="sha384-sN3NwxbjH33ZidqZnPmX+nQ5IF+LoiI7HvZSoZj5wGacmu0/q4RJfsN0xqN+LIa5" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/bootstrap-table.min.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/jquery-resizable-columns@0.2.3/dist/jquery.resizableColumns.css" integrity="sha384-1sLxvR8mXzjhvFY9f8mzXl97DNLepeZ0PnRiMMdm/rQsKjsrPZPJxYle2wwT2PMg" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/jquery-resizable-columns@0.2.3/dist/jquery.resizableColumns.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/filter-control/bootstrap-table-filter-control.css" integrity="sha384-4Glx18jZ0Un+yDG6KUpYJ/af8hkssJ02jRASuFv23gfCl0mTXaVMPI9cB4cn3GvE" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-table@1.22.1/dist/extensions/filter-control/bootstrap-table-filter-control.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootswatch@5.3.2/dist/cosmo/bootstrap.min.css" integrity="sha384-RfV5VNj9uqyOdZbN0hFNmoq56291KK2Y4iKhoRAbcfBfjYlpasjxK6TefPjxiAiN" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootswatch@5.3.2/dist/cosmo/bootstrap.min.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.css" integrity="sha384-zLkQsiLfAQqGeIJeKLC+rcCR1YoYaQFLCL7cLDUoKE1ajKJzySpjzWGfYS2vjSG+" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/daterangepicker@3.1.0/daterangepicker.css" crossorigin="anonymous" type="text/css">
 
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/styles/github.min.css" integrity="sha384-eFTL69TLRZTkNfYZOLM+G04821K1qZao/4QLJbet1pP4tcF+fdXq/9CdqAbWRl/L" crossorigin="anonymous" type="text/css">
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.9.0/build/styles/github.min.css" crossorigin="anonymous" type="text/css">
 
 <style>
     .pre-scrollable {

package/share/bash-completion/completions/_ahriman

@@ -27,12 +27,12 @@ _shtab_ahriman_patch_list_option_strings=('-h' '--help' '-e' '--exit-code' '-v'
 _shtab_ahriman_patch_remove_option_strings=('-h' '--help' '-v' '--variable')
 _shtab_ahriman_patch_set_add_option_strings=('-h' '--help' '-t' '--track')
 _shtab_ahriman_repo_backup_option_strings=('-h' '--help')
-_shtab_ahriman_repo_check_option_strings=('-h' '--help' '--changes' '--no-changes' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
-_shtab_ahriman_check_option_strings=('-h' '--help' '--changes' '--no-changes' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_repo_check_option_strings=('-h' '--help' '--changes' '--no-changes' '--check-files' '--no-check-files' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_check_option_strings=('-h' '--help' '--changes' '--no-changes' '--check-files' '--no-check-files' '-e' '--exit-code' '--vcs' '--no-vcs' '-y' '--refresh')
 _shtab_ahriman_repo_create_keyring_option_strings=('-h' '--help')
 _shtab_ahriman_repo_create_mirrorlist_option_strings=('-h' '--help')
-_shtab_ahriman_repo_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '--partitions' '--no-partitions' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
-_shtab_ahriman_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '--partitions' '--no-partitions' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_repo_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--changes' '--no-changes' '--check-files' '--no-check-files' '--dependencies' '--no-dependencies' '--dry-run' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '--partitions' '--no-partitions' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_daemon_option_strings=('-h' '--help' '-i' '--interval' '--aur' '--no-aur' '--changes' '--no-changes' '--check-files' '--no-check-files' '--dependencies' '--no-dependencies' '--dry-run' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '--partitions' '--no-partitions' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
 _shtab_ahriman_repo_rebuild_option_strings=('-h' '--help' '--depends-on' '--dry-run' '--from-database' '--increment' '--no-increment' '-e' '--exit-code' '-s' '--status' '-u' '--username')
 _shtab_ahriman_rebuild_option_strings=('-h' '--help' '--depends-on' '--dry-run' '--from-database' '--increment' '--no-increment' '-e' '--exit-code' '-s' '--status' '-u' '--username')
 _shtab_ahriman_repo_remove_unknown_option_strings=('-h' '--help' '--dry-run')
@@ -47,8 +47,8 @@ _shtab_ahriman_repo_sync_option_strings=('-h' '--help')
 _shtab_ahriman_sync_option_strings=('-h' '--help')
 _shtab_ahriman_repo_tree_option_strings=('-h' '--help' '-p' '--partitions')
 _shtab_ahriman_repo_triggers_option_strings=('-h' '--help')
-_shtab_ahriman_repo_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
-_shtab_ahriman_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_repo_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--changes' '--no-changes' '--check-files' '--no-check-files' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
+_shtab_ahriman_update_option_strings=('-h' '--help' '--aur' '--no-aur' '--changes' '--no-changes' '--check-files' '--no-check-files' '--dependencies' '--no-dependencies' '--dry-run' '-e' '--exit-code' '--increment' '--no-increment' '--local' '--no-local' '--manual' '--no-manual' '-u' '--username' '--vcs' '--no-vcs' '-y' '--refresh')
 _shtab_ahriman_service_clean_option_strings=('-h' '--help' '--cache' '--no-cache' '--chroot' '--no-chroot' '--manual' '--no-manual' '--packages' '--no-packages' '--pacman' '--no-pacman')
 _shtab_ahriman_clean_option_strings=('-h' '--help' '--cache' '--no-cache' '--chroot' '--no-chroot' '--manual' '--no-manual' '--packages' '--no-packages' '--pacman' '--no-pacman')
 _shtab_ahriman_repo_clean_option_strings=('-h' '--help' '--cache' '--no-cache' '--chroot' '--no-chroot' '--manual' '--no-manual' '--packages' '--no-packages' '--pacman' '--no-pacman')
@@ -243,6 +243,8 @@ _shtab_ahriman_repo_check__h_nargs=0
 _shtab_ahriman_repo_check___help_nargs=0
 _shtab_ahriman_repo_check___changes_nargs=0
 _shtab_ahriman_repo_check___no_changes_nargs=0
+_shtab_ahriman_repo_check___check_files_nargs=0
+_shtab_ahriman_repo_check___no_check_files_nargs=0
 _shtab_ahriman_repo_check__e_nargs=0
 _shtab_ahriman_repo_check___exit_code_nargs=0
 _shtab_ahriman_repo_check___vcs_nargs=0
@@ -254,6 +256,8 @@ _shtab_ahriman_check__h_nargs=0
 _shtab_ahriman_check___help_nargs=0
 _shtab_ahriman_check___changes_nargs=0
 _shtab_ahriman_check___no_changes_nargs=0
+_shtab_ahriman_check___check_files_nargs=0
+_shtab_ahriman_check___no_check_files_nargs=0
 _shtab_ahriman_check__e_nargs=0
 _shtab_ahriman_check___exit_code_nargs=0
 _shtab_ahriman_check___vcs_nargs=0
@@ -270,6 +274,8 @@ _shtab_ahriman_repo_daemon___aur_nargs=0
 _shtab_ahriman_repo_daemon___no_aur_nargs=0
 _shtab_ahriman_repo_daemon___changes_nargs=0
 _shtab_ahriman_repo_daemon___no_changes_nargs=0
+_shtab_ahriman_repo_daemon___check_files_nargs=0
+_shtab_ahriman_repo_daemon___no_check_files_nargs=0
 _shtab_ahriman_repo_daemon___dependencies_nargs=0
 _shtab_ahriman_repo_daemon___no_dependencies_nargs=0
 _shtab_ahriman_repo_daemon___dry_run_nargs=0
@@ -291,6 +297,8 @@ _shtab_ahriman_daemon___aur_nargs=0
 _shtab_ahriman_daemon___no_aur_nargs=0
 _shtab_ahriman_daemon___changes_nargs=0
 _shtab_ahriman_daemon___no_changes_nargs=0
+_shtab_ahriman_daemon___check_files_nargs=0
+_shtab_ahriman_daemon___no_check_files_nargs=0
 _shtab_ahriman_daemon___dependencies_nargs=0
 _shtab_ahriman_daemon___no_dependencies_nargs=0
 _shtab_ahriman_daemon___dry_run_nargs=0
@@ -358,6 +366,8 @@ _shtab_ahriman_repo_update___aur_nargs=0
 _shtab_ahriman_repo_update___no_aur_nargs=0
 _shtab_ahriman_repo_update___changes_nargs=0
 _shtab_ahriman_repo_update___no_changes_nargs=0
+_shtab_ahriman_repo_update___check_files_nargs=0
+_shtab_ahriman_repo_update___no_check_files_nargs=0
 _shtab_ahriman_repo_update___dependencies_nargs=0
 _shtab_ahriman_repo_update___no_dependencies_nargs=0
 _shtab_ahriman_repo_update___dry_run_nargs=0
@@ -380,6 +390,8 @@ _shtab_ahriman_update___aur_nargs=0
 _shtab_ahriman_update___no_aur_nargs=0
 _shtab_ahriman_update___changes_nargs=0
 _shtab_ahriman_update___no_changes_nargs=0
+_shtab_ahriman_update___check_files_nargs=0
+_shtab_ahriman_update___no_check_files_nargs=0
 _shtab_ahriman_update___dependencies_nargs=0
 _shtab_ahriman_update___no_dependencies_nargs=0
 _shtab_ahriman_update___dry_run_nargs=0

package/share/man/man1/ahriman.1

@@ -1,4 +1,4 @@
-.TH AHRIMAN "1" "2024\-05\-05" "ahriman" "Generated Python Manual"
+.TH AHRIMAN "1" "2024\-05\-12" "ahriman" "Generated Python Manual"
 .SH NAME
 ahriman
 .SH SYNOPSIS
@@ -447,7 +447,9 @@ backup repository settings and database
 path of the output archive
 
 .SH COMMAND \fI\,'ahriman repo\-check'\/\fR
-usage: ahriman repo\-check [\-h] [\-\-changes | \-\-no\-changes] [\-e] [\-\-vcs | \-\-no\-vcs] [\-y] [package ...]
+usage: ahriman repo\-check [\-h] [\-\-changes | \-\-no\-changes] [\-\-check\-files | \-\-no\-check\-files] [\-e] [\-\-vcs | \-\-no\-vcs]
+                          [\-y]
+                          [package ...]
 
 check for packages updates. Same as repo\-update \-\-dry\-run \-\-no\-manual
 
@@ -460,6 +462,10 @@ filter check by package base
 \fB\-\-changes\fR, \fB\-\-no\-changes\fR
 calculate changes from the latest known commit if available. Only applicable in dry run mode
 
+.TP
+\fB\-\-check\-files\fR, \fB\-\-no\-check\-files\fR
+enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories)
+
 .TP
 \fB\-e\fR, \fB\-\-exit\-code\fR
 return non\-zero exit status if result is empty
@@ -484,9 +490,9 @@ create package which contains list of available mirrors as set by configuration.
 
 .SH COMMAND \fI\,'ahriman repo\-daemon'\/\fR
 usage: ahriman repo\-daemon [\-h] [\-i INTERVAL] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes]
-                           [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run] [\-\-increment | \-\-no\-increment]
-                           [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual] [\-\-partitions | \-\-no\-partitions]
-                           [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
+                           [\-\-check\-files | \-\-no\-check\-files] [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run]
+                           [\-\-increment | \-\-no\-increment] [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual]
+                           [\-\-partitions | \-\-no\-partitions] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
 
 start process which periodically will run update process
 
@@ -503,6 +509,10 @@ enable or disable checking for AUR updates
 \fB\-\-changes\fR, \fB\-\-no\-changes\fR
 calculate changes from the latest known commit if available. Only applicable in dry run mode
 
+.TP
+\fB\-\-check\-files\fR, \fB\-\-no\-check\-files\fR
+enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories)
+
 .TP
 \fB\-\-dependencies\fR, \fB\-\-no\-dependencies\fR
 process missing package dependencies
@@ -649,9 +659,9 @@ run triggers on empty build result as configured by settings
 instead of running all triggers as set by configuration, just process specified ones in order of mention
 
 .SH COMMAND \fI\,'ahriman repo\-update'\/\fR
-usage: ahriman repo\-update [\-h] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes] [\-\-dependencies | \-\-no\-dependencies]
-                           [\-\-dry\-run] [\-e] [\-\-increment | \-\-no\-increment] [\-\-local | \-\-no\-local]
-                           [\-\-manual | \-\-no\-manual] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
+usage: ahriman repo\-update [\-h] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes] [\-\-check\-files | \-\-no\-check\-files]
+                           [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run] [\-e] [\-\-increment | \-\-no\-increment]
+                           [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
                            [package ...]
 
 check for packages updates and run build process if requested
@@ -669,6 +679,10 @@ enable or disable checking for AUR updates
 \fB\-\-changes\fR, \fB\-\-no\-changes\fR
 calculate changes from the latest known commit if available. Only applicable in dry run mode
 
+.TP
+\fB\-\-check\-files\fR, \fB\-\-no\-check\-files\fR
+enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories)
+
 .TP
 \fB\-\-dependencies\fR, \fB\-\-no\-dependencies\fR
 process missing package dependencies

package/share/zsh/site-functions/_ahriman

@@ -120,6 +120,7 @@ _shtab_ahriman_aur_search_options=(
 _shtab_ahriman_check_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
   {--vcs,--no-vcs}"[fetch actual version of VCS packages (default\: True)]:vcs:"
   "*"{-y,--refresh}"[download fresh package databases from the mirror before actions, -yy to force refresh even if up to date (default\: False)]"
@@ -153,6 +154,7 @@ _shtab_ahriman_daemon_options=(
   {-i,--interval}"[interval between runs in seconds (default\: 43200)]:interval:"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
   "--dry-run[just perform check for updates, same as check command (default\: False)]"
   {--increment,--no-increment}"[increment package release (pkgrel) on duplicate (default\: True)]:increment:"
@@ -322,6 +324,7 @@ _shtab_ahriman_repo_backup_options=(
 _shtab_ahriman_repo_check_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
   {--vcs,--no-vcs}"[fetch actual version of VCS packages (default\: True)]:vcs:"
   "*"{-y,--refresh}"[download fresh package databases from the mirror before actions, -yy to force refresh even if up to date (default\: False)]"
@@ -363,6 +366,7 @@ _shtab_ahriman_repo_daemon_options=(
   {-i,--interval}"[interval between runs in seconds (default\: 43200)]:interval:"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
   "--dry-run[just perform check for updates, same as check command (default\: False)]"
   {--increment,--no-increment}"[increment package release (pkgrel) on duplicate (default\: True)]:increment:"
@@ -460,6 +464,7 @@ _shtab_ahriman_repo_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
   "--dry-run[just perform check for updates, same as check command (default\: False)]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -601,6 +606,7 @@ _shtab_ahriman_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available. Only applicable in dry run mode (default\: True)]:changes:"
+  {--check-files,--no-check-files}"[enable or disable checking of broken dependencies (e.g. dynamically linked libraries or modules directories) (default\: True)]:check_files:"
   {--dependencies,--no-dependencies}"[process missing package dependencies (default\: True)]:dependencies:"
   "--dry-run[just perform check for updates, same as check command (default\: False)]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"

pyproject.toml

@@ -20,6 +20,7 @@ dependencies = [
     "cerberus",
     "inflection",
     "passlib",
+    "pyelftools",
     "requests",
     "srcinfo",
 ]
@@ -80,7 +81,7 @@ web = [
     "aiohttp_session",
     "aiohttp_security",
     "cryptography",
-    "requests-unixsocket",  # required by unix socket support
+    "requests-unixsocket2",  # required by unix socket support
     "setuptools",  # required by aiohttp-apispec
 ]
 

recipes/README.md

@@ -12,6 +12,7 @@ Collection of the examples of docker compose configuration files, which covers s
 * [Index](index): repository with index page generator enabled.
 * [Multi repo](multirepo): run web service with two separated repositories.
 * [OAuth](oauth): web service with OAuth (GitHub provider) authentication enabled.
+* [PAM](pam): web service with PAM authentication enabled.
 * [Pull](pull): normal service, but in addition with pulling packages from another source (e.g. GitHub repository).
 * [Sign](sign): create repository with database signing.
 * [Web](web): simple web service with authentication enabled.

recipes/pam/README.md

@@ -0,0 +1,6 @@
+# PAM
+
+1. Create system user `demo` with password from `AHRIMAN_PASSWORD` environment variable and group `wheel`.
+2. Setup repository named `ahriman-demo` with architecture `x86_64`.
+3. Start web server at port `8080`.
+4. Repository is available at `http://localhost:8080/repo`.

recipes/pam/compose.yml

@@ -0,0 +1,63 @@
+services:
+  backend:
+    image: ahriman
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
+      AHRIMAN_PORT: 8080
+      AHRIMAN_PRESETUP_COMMAND: useradd -d / -G wheel -M demo; (cat /run/secrets/password; echo; cat /run/secrets/password) | passwd demo
+      AHRIMAN_REPOSITORY: ahriman-demo
+      AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+    secrets:
+      - password
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    healthcheck:
+      test: curl --fail --silent --output /dev/null http://backend:8080/api/v1/info
+      interval: 10s
+      start_period: 30s
+
+    command: web
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+
+secrets:
+  password:
+    environment: AHRIMAN_PASSWORD
+
+volumes:
+  repository:

recipes/pam/nginx.conf

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+
+    location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarder-Proto $scheme;
+
+        proxy_pass http://backend:8080;
+    }
+}

recipes/pam/service.ini

@@ -0,0 +1,3 @@
+[auth]
+target = pam
+full_access_group = wheel

src/ahriman/__init__.py

@@ -17,4 +17,4 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
-__version__ = "2.13.6"
+__version__ = "2.13.8"

src/ahriman/application/ahriman.py

@@ -19,14 +19,13 @@
 #
 # pylint: disable=too-many-lines
 import argparse
-import tempfile
 
 from pathlib import Path
 from typing import TypeVar
 
 from ahriman import __version__
 from ahriman.application import handlers
-from ahriman.core.util import enum_values, extract_user
+from ahriman.core.utils import enum_values, extract_user
 from ahriman.models.action import Action
 from ahriman.models.build_status import BuildStatusEnum
 from ahriman.models.log_handler import LogHandler
@@ -73,8 +72,7 @@ def _parser() -> argparse.ArgumentParser:
     parser.add_argument("-c", "--configuration", help="configuration path", type=Path,
                         default=Path("/") / "etc" / "ahriman.ini")
     parser.add_argument("--force", help="force run, remove file lock", action="store_true")
-    parser.add_argument("-l", "--lock", help="lock file", type=Path,
-                        default=Path(tempfile.gettempdir()) / "ahriman.lock")
+    parser.add_argument("-l", "--lock", help="lock file", type=Path, default=Path("ahriman.pid"))
     parser.add_argument("--log-handler", help="explicit log handler specification. If none set, the handler will be "
                                               "guessed from environment",
                         type=LogHandler, choices=enum_values(LogHandler))
@@ -446,7 +444,7 @@ def _set_patch_list_parser(root: SubParserAction) -> argparse.ArgumentParser:
     """
     parser = root.add_parser("patch-list", help="list patch sets",
                              description="list available patches for the package", formatter_class=_formatter)
-    parser.add_argument("package", help="package base", nargs="?")
+    parser.add_argument("package", help="package base")
     parser.add_argument("-e", "--exit-code", help="return non-zero exit status if result is empty", action="store_true")
     parser.add_argument("-v", "--variable", help="if set, show only patches for specified PKGBUILD variables",
                         action="append")
@@ -537,6 +535,9 @@ def _set_repo_check_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("--changes", help="calculate changes from the latest known commit if available. "
                                           "Only applicable in dry run mode",
                         action=argparse.BooleanOptionalAction, default=True)
+    parser.add_argument("--check-files", help="enable or disable checking of broken dependencies "
+                                              "(e.g. dynamically linked libraries or modules directories)",
+                        action=argparse.BooleanOptionalAction, default=True)
     parser.add_argument("-e", "--exit-code", help="return non-zero exit status if result is empty", action="store_true")
     parser.add_argument("--vcs", help="fetch actual version of VCS packages",
                         action=argparse.BooleanOptionalAction, default=True)
@@ -605,6 +606,9 @@ def _set_repo_daemon_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("--changes", help="calculate changes from the latest known commit if available. "
                                           "Only applicable in dry run mode",
                         action=argparse.BooleanOptionalAction, default=True)
+    parser.add_argument("--check-files", help="enable or disable checking of broken dependencies "
+                                              "(e.g. dynamically linked libraries or modules directories)",
+                        action=argparse.BooleanOptionalAction, default=True)
     parser.add_argument("--dependencies", help="process missing package dependencies",
                         action=argparse.BooleanOptionalAction, default=True)
     parser.add_argument("--dry-run", help="just perform check for updates, same as check command", action="store_true")
@@ -622,8 +626,7 @@ def _set_repo_daemon_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("-y", "--refresh", help="download fresh package databases from the mirror before actions, "
                                                 "-yy to force refresh even if up to date",
                         action="count", default=False)
-    parser.set_defaults(handler=handlers.Daemon, exit_code=False,
-                        lock=Path(tempfile.gettempdir()) / "ahriman-daemon.lock", package=[])
+    parser.set_defaults(handler=handlers.Daemon, exit_code=False, lock=Path("ahriman-daemon.pid"), package=[])
     return parser
 
 
@@ -826,6 +829,9 @@ def _set_repo_update_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("--changes", help="calculate changes from the latest known commit if available. "
                                           "Only applicable in dry run mode",
                         action=argparse.BooleanOptionalAction, default=True)
+    parser.add_argument("--check-files", help="enable or disable checking of broken dependencies "
+                                              "(e.g. dynamically linked libraries or modules directories)",
+                        action=argparse.BooleanOptionalAction, default=True)
     parser.add_argument("--dependencies", help="process missing package dependencies",
                         action=argparse.BooleanOptionalAction, default=True)
     parser.add_argument("--dry-run", help="just perform check for updates, same as check command", action="store_true")
@@ -871,7 +877,7 @@ def _set_service_clean_parser(root: SubParserAction) -> argparse.ArgumentParser:
                         action=argparse.BooleanOptionalAction, default=False)
     parser.add_argument("--pacman", help="clear directory with pacman local database cache",
                         action=argparse.BooleanOptionalAction, default=False)
-    parser.set_defaults(handler=handlers.Clean, quiet=True, unsafe=True)
+    parser.set_defaults(handler=handlers.Clean, lock=None, quiet=True, unsafe=True)
     return parser
 
 
@@ -1130,8 +1136,8 @@ def _set_web_parser(root: SubParserAction) -> argparse.ArgumentParser:
         argparse.ArgumentParser: created argument parser
     """
     parser = root.add_parser("web", help="web server", description="start web server", formatter_class=_formatter)
-    parser.set_defaults(handler=handlers.Web, architecture="", lock=Path(tempfile.gettempdir()) / "ahriman-web.lock",
-                        report=False, repository="", parser=_parser)
+    parser.set_defaults(handler=handlers.Web, architecture="", lock=Path("ahriman-web.pid"), report=False,
+                        repository="", parser=_parser)
     return parser
 
 

src/ahriman/application/application/application.py

@@ -62,10 +62,13 @@ class Application(ApplicationPackages, ApplicationRepository):
         """
         known_packages: set[str] = set()
         # local set
+        # this action is not really needed in case if ``alpm.use_ahriman_cache`` set to yes, because pacman
+        # will eventually contain all the local packages
         for base in self.repository.packages():
             for package, properties in base.packages.items():
                 known_packages.add(package)
                 known_packages.update(properties.provides)
+        # known pacman databases
         known_packages.update(self.repository.pacman.packages())
         return known_packages
 
@@ -158,8 +161,7 @@ class Application(ApplicationPackages, ApplicationRepository):
                     package = Package.from_aur(package_name, username)
                 with_dependencies[package.base] = package
 
-                # register package in local database
-                self.database.package_base_update(package)
+                # register package in the database
                 self.repository.reporter.set_unknown(package)
 
         return list(with_dependencies.values())

src/ahriman/application/application/application_packages.py

@@ -27,7 +27,7 @@ from typing import Any
 from ahriman.application.application.application_properties import ApplicationProperties
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.exceptions import UnknownPackageError
-from ahriman.core.util import package_like
+from ahriman.core.utils import package_like
 from ahriman.models.package import Package
 from ahriman.models.package_source import PackageSource
 from ahriman.models.result import Result
@@ -65,7 +65,7 @@ class ApplicationPackages(ApplicationProperties):
         """
         package = Package.from_aur(source, username)
         self.database.build_queue_insert(package)
-        self.database.package_base_update(package)
+        self.reporter.set_unknown(package)
 
     def _add_directory(self, source: str, *_: Any) -> None:
         """
@@ -139,7 +139,7 @@ class ApplicationPackages(ApplicationProperties):
         """
         package = Package.from_official(source, self.repository.pacman, username)
         self.database.build_queue_insert(package)
-        self.database.package_base_update(package)
+        self.reporter.set_unknown(package)
 
     def add(self, names: Iterable[str], source: PackageSource, username: str | None = None) -> None:
         """

src/ahriman/application/application/application_properties.py

@@ -21,6 +21,7 @@ from ahriman.core.configuration import Configuration
 from ahriman.core.database import SQLite
 from ahriman.core.log import LazyLogging
 from ahriman.core.repository import Repository
+from ahriman.core.status import Client
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 from ahriman.models.repository_id import RepositoryId
 
@@ -63,3 +64,13 @@ class ApplicationProperties(LazyLogging):
             str: repository architecture
         """
         return self.repository_id.architecture
+
+    @property
+    def reporter(self) -> Client:
+        """
+        instance of the web/database client
+
+        Returns:
+            Client: repository reposter
+        """
+        return self.repository.reporter

src/ahriman/application/application/application_repository.py

@@ -39,15 +39,13 @@ class ApplicationRepository(ApplicationProperties):
         Args:
             packages(Iterable[Package]): list of packages to retrieve changes
         """
-        last_commit_hashes = self.database.hashes_get()
-
         for package in packages:
-            last_commit_sha = last_commit_hashes.get(package.base)
+            last_commit_sha = self.reporter.package_changes_get(package.base).last_commit_sha
             if last_commit_sha is None:
                 continue  # skip check in case if we can't calculate diff
 
             changes = self.repository.package_changes(package, last_commit_sha)
-            self.repository.reporter.package_changes_set(package.base, changes)
+            self.repository.reporter.package_changes_update(package.base, changes)
 
     def clean(self, *, cache: bool, chroot: bool, manual: bool, packages: bool, pacman: bool) -> None:
         """
@@ -91,10 +89,7 @@ class ApplicationRepository(ApplicationProperties):
             packages(Iterable[str]): only sign specified packages
         """
         # copy to prebuilt directory
-        for package in self.repository.packages():
-            # no one requested this package
-            if packages and package.base not in packages:
-                continue
+        for package in self.repository.packages(packages):
             for archive in package.packages.values():
                 if archive.filepath is None:
                     self.logger.warning("filepath is empty for %s", package.base)
@@ -179,7 +174,7 @@ class ApplicationRepository(ApplicationProperties):
         return result
 
     def updates(self, filter_packages: Iterable[str], *,
-                aur: bool, local: bool, manual: bool, vcs: bool) -> list[Package]:
+                aur: bool, local: bool, manual: bool, vcs: bool, check_files: bool) -> list[Package]:
         """
         get list of packages to run update process
 
@@ -189,6 +184,7 @@ class ApplicationRepository(ApplicationProperties):
             local(bool): enable or disable checking of local packages for updates
             manual(bool): include or exclude manual updates
             vcs(bool): enable or disable checking of VCS packages
+            check_files(bool): check for broken dependencies
 
         Returns:
             list[Package]: list of out-of-dated packages
@@ -201,5 +197,7 @@ class ApplicationRepository(ApplicationProperties):
             updates.update({package.base: package for package in self.repository.updates_local(vcs=vcs)})
         if manual:
             updates.update({package.base: package for package in self.repository.updates_manual()})
+        if check_files:
+            updates.update({package.base: package for package in self.repository.updates_dependencies(filter_packages)})
 
         return [package for _, package in sorted(updates.items())]

src/ahriman/application/handlers/add.py

@@ -50,12 +50,13 @@ class Add(Handler):
         application.add(args.package, args.source, args.username)
         patches = [PkgbuildPatch.from_env(patch) for patch in args.variable] if args.variable is not None else []
         for package in args.package:  # for each requested package insert patch
-            application.database.patches_insert(package, patches)
+            for patch in patches:
+                application.reporter.package_patches_update(package, patch)
 
         if not args.now:
             return
 
-        packages = application.updates(args.package, aur=False, local=False, manual=True, vcs=False)
+        packages = application.updates(args.package, aur=False, local=False, manual=True, vcs=False, check_files=False)
         packages = application.with_dependencies(packages, process_dependencies=args.dependencies)
         packagers = Packagers(args.username, {package.base: package.packager for package in packages})
 

src/ahriman/application/handlers/backup.py

@@ -18,10 +18,10 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import argparse
-import pwd
+import tarfile
 
 from pathlib import Path
-from tarfile import TarFile
+from pwd import getpwuid
 
 from ahriman.application.handlers.handler import Handler
 from ahriman.core.configuration import Configuration
@@ -49,7 +49,7 @@ class Backup(Handler):
             report(bool): force enable or disable reporting
         """
         backup_paths = Backup.get_paths(configuration)
-        with TarFile(args.path, mode="w") as archive:  # well we don't actually use compression
+        with tarfile.open(args.path, mode="w") as archive:  # well we don't actually use compression
             for backup_path in backup_paths:
                 archive.add(backup_path)
 
@@ -77,7 +77,7 @@ class Backup(Handler):
 
         # gnupg home with imported keys
         uid, _ = repository_paths.root_owner
-        system_user = pwd.getpwuid(uid)
+        system_user = getpwuid(uid)
         gnupg_home = Path(system_user.pw_dir) / ".gnupg"
         if gnupg_home.is_dir():
             paths.add(gnupg_home)

src/ahriman/application/handlers/change.py

@@ -56,4 +56,4 @@ class Change(Handler):
                 ChangesPrinter(changes)(verbose=True, separator="")
                 Change.check_if_empty(args.exit_code, changes.is_empty)
             case Action.Remove:
-                client.package_changes_set(args.package, Changes())
+                client.package_changes_update(args.package, Changes())

src/ahriman/application/handlers/patch.py

@@ -102,8 +102,9 @@ class Patch(Handler):
             patch = "".join(list(sys.stdin))
         else:
             patch = patch_path.read_text(encoding="utf8")
-        patch = patch.strip()  # remove spaces around the patch
-        return PkgbuildPatch(variable, patch)
+        # remove spaces around the patch and parse to correct type
+        parsed = PkgbuildPatch.parse(patch.strip())
+        return PkgbuildPatch(variable, parsed)
 
     @staticmethod
     def patch_set_create(application: Application, package_base: str, patch: PkgbuildPatch) -> None:
@@ -115,25 +116,28 @@ class Patch(Handler):
             package_base(str): package base
             patch(PkgbuildPatch): patch descriptor
         """
-        application.database.patches_insert(package_base, [patch])
+        application.reporter.package_patches_update(package_base, patch)
 
     @staticmethod
-    def patch_set_list(application: Application, package_base: str | None, variables: list[str] | None,
+    def patch_set_list(application: Application, package_base: str, variables: list[str] | None,
                        exit_code: bool) -> None:
         """
         list patches available for the package base
 
         Args:
             application(Application): application instance
-            package_base(str | None): package base
+            package_base(str): package base
             variables(list[str] | None): extract patches only for specified PKGBUILD variables
             exit_code(bool): exit with error on empty search result
         """
-        patches = application.database.patches_list(package_base, variables)
+        patches = [
+            patch
+            for patch in application.reporter.package_patches_get(package_base, None)
+            if variables is None or patch.key in variables
+        ]
         Patch.check_if_empty(exit_code, not patches)
 
-        for base, patch in patches.items():
-            PatchPrinter(base, patch)(verbose=True, separator=" = ")
+        PatchPrinter(package_base, patches)(verbose=True, separator=" = ")
 
     @staticmethod
     def patch_set_remove(application: Application, package_base: str, variables: list[str] | None) -> None:
@@ -145,4 +149,8 @@ class Patch(Handler):
             package_base(str): package base
             variables(list[str] | None): remove patches only for specified PKGBUILD variables
         """
-        application.database.patches_remove(package_base, variables)
+        if variables is not None:
+            for variable in variables:  # iterate over single variable
+                application.reporter.package_patches_remove(package_base, variable)
+        else:
+            application.reporter.package_patches_remove(package_base, None)  # just pass as is

src/ahriman/application/handlers/rebuild.py

@@ -76,7 +76,7 @@ class Rebuild(Handler):
         if from_database:
             return [
                 package
-                for (package, last_status) in application.database.packages_get()
+                for (package, last_status) in application.reporter.package_get(None)
                 if status is None or last_status.status == status
             ]
 

src/ahriman/application/handlers/restore.py

@@ -18,8 +18,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import argparse
-
-from tarfile import TarFile
+import tarfile
 
 from ahriman.application.handlers.handler import Handler
 from ahriman.core.configuration import Configuration
@@ -45,5 +44,5 @@ class Restore(Handler):
             configuration(Configuration): configuration instance
             report(bool): force enable or disable reporting
         """
-        with TarFile(args.path) as archive:
-            archive.extractall(path=args.output)
+        with tarfile.open(args.path) as archive:
+            archive.extractall(path=args.output)  # nosec

src/ahriman/application/handlers/search.py

@@ -43,7 +43,7 @@ class Search(Handler):
     SORT_FIELDS = {
         field.name
         for field in fields(AURPackage)
-        if field.default_factory is not list  # type: ignore[comparison-overlap]
+        if field.default_factory is not list
     }
 
     @classmethod

src/ahriman/application/handlers/status_update.py

@@ -51,12 +51,8 @@ class StatusUpdate(Handler):
         match args.action:
             case Action.Update if args.package:
                 # update packages statuses
-                packages = application.repository.packages()
-                for base in args.package:
-                    if (local := next((package for package in packages if package.base == base), None)) is not None:
-                        client.package_add(local, args.status)
-                    else:
-                        client.package_update(base, args.status)
+                for package in args.package:
+                    client.package_update(package, args.status)
             case Action.Update:
                 # update service status
                 client.status_update(args.status)

src/ahriman/application/handlers/update.py

@@ -48,7 +48,8 @@ class Update(Handler):
         application = Application(repository_id, configuration, report=report, refresh_pacman_database=args.refresh)
         application.on_start()
 
-        packages = application.updates(args.package, aur=args.aur, local=args.local, manual=args.manual, vcs=args.vcs)
+        packages = application.updates(args.package, aur=args.aur, local=args.local, manual=args.manual, vcs=args.vcs,
+                                       check_files=args.check_files)
         if args.dry_run:  # some check specific actions
             if args.changes:  # generate changes if requested
                 application.changes(packages)

src/ahriman/application/lock.py

@@ -18,7 +18,10 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import argparse
+import fcntl
+import os
 
+from io import TextIOWrapper
 from pathlib import Path
 from types import TracebackType
 from typing import Literal, Self
@@ -27,8 +30,8 @@ from ahriman import __version__
 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import DuplicateRunError
 from ahriman.core.log import LazyLogging
-from ahriman.core.status.client import Client
-from ahriman.core.util import check_user
+from ahriman.core.status import Client
+from ahriman.core.utils import check_user
 from ahriman.models.build_status import BuildStatusEnum
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.waiter import Waiter
@@ -36,7 +39,7 @@ from ahriman.models.waiter import Waiter
 
 class Lock(LazyLogging):
     """
-    wrapper for application lock file
+    wrapper for application lock file. Credits for idea to https://github.com/bmhatfield/python-pidfile.git
 
     Attributes:
         force(bool): remove lock file on start if any
@@ -70,8 +73,13 @@ class Lock(LazyLogging):
             repository_id(RepositoryId): repository unique identifier
             configuration(Configuration): configuration instance
         """
-        self.path: Path | None = \
-            args.lock.with_stem(f"{args.lock.stem}_{repository_id.id}") if args.lock is not None else None
+        self.path: Path | None = None
+        if args.lock is not None:
+            self.path = args.lock.with_stem(f"{args.lock.stem}_{repository_id.id}")
+            if not self.path.is_absolute():
+                # prepend full path to the lock file
+                self.path = Path("/") / "run" / "ahriman" / self.path
+        self._pid_file: TextIOWrapper | None = None
 
         self.force: bool = args.force
         self.unsafe: bool = args.unsafe
@@ -80,6 +88,72 @@ class Lock(LazyLogging):
         self.paths = configuration.repository_paths
         self.reporter = Client.load(repository_id, configuration, report=args.report)
 
+    @staticmethod
+    def perform_lock(fd: int) -> bool:
+        """
+        perform file lock
+
+        Args:
+            fd(int): file descriptor:
+
+        Returns:
+            bool: True in case if file is locked and False otherwise
+        """
+        try:
+            fcntl.flock(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
+        except OSError:
+            return False
+
+        return True
+
+    def _open(self) -> None:
+        """
+        create lock file
+        """
+        if self.path is None:
+            return
+        self._pid_file = self.path.open("a+")
+
+    def _watch(self) -> bool:
+        """
+        watch until lock disappear
+
+        Returns:
+            bool: True in case if file is locked and False otherwise
+        """
+        # there are reasons why we are not using inotify here. First of all, if we would use it, it would bring to
+        # race conditions because multiple processes will be notified at the same time. Secondly, it is good library,
+        # but platform-specific, and we only need to check if file exists
+        if self._pid_file is None:
+            return False
+
+        waiter = Waiter(self.wait_timeout)
+        return bool(waiter.wait(lambda fd: not self.perform_lock(fd), self._pid_file.fileno()))
+
+    def _write(self, *, is_locked: bool = False) -> None:
+        """
+        write pid to the lock file
+
+        Args:
+            is_locked(bool, optional): indicates if file was already locked or not (Default value = False)
+
+        Raises:
+            DuplicateRunError: if it cannot lock PID file
+        """
+        if self._pid_file is None:
+            return
+        if not is_locked:
+            if not self.perform_lock(self._pid_file.fileno()):
+                raise DuplicateRunError
+
+        self._pid_file.seek(0)  # reset position and remove file content if any
+        self._pid_file.truncate()
+
+        self._pid_file.write(str(os.getpid()))  # write current pid
+        self._pid_file.flush()  # flush data to disk
+
+        self._pid_file.seek(0)  # reset position again
+
     def check_user(self) -> None:
         """
         check if current user is actually owner of ahriman root
@@ -100,46 +174,33 @@ class Lock(LazyLogging):
         """
         remove lock file
         """
-        if self.path is None:
-            return
-        self.path.unlink(missing_ok=True)
+        if self._pid_file is not None:  # close file descriptor
+            try:
+                self._pid_file.close()
+            except IOError:
+                pass  # suppress any IO errors occur
+        if self.path is not None:  # remove lock file
+            self.path.unlink(missing_ok=True)
 
-    def create(self) -> None:
+    def lock(self) -> None:
         """
-        create lock file
-
-        Raises:
-            DuplicateRunError: if lock exists and no force flag supplied
+        create pid file
         """
-        if self.path is None:
-            return
-        try:
-            self.path.touch(exist_ok=self.force)
-        except FileExistsError:
-            raise DuplicateRunError from None
-
-    def watch(self) -> None:
-        """
-        watch until lock disappear
-        """
-        # there are reasons why we are not using inotify here. First of all, if we would use it, it would bring to
-        # race conditions because multiple processes will be notified in the same time. Secondly, it is good library,
-        # but platform-specific, and we only need to check if file exists
-        if self.path is None:
-            return
-
-        waiter = Waiter(self.wait_timeout)
-        waiter.wait(self.path.is_file)
+        if self.force:  # remove lock if force flag is set
+            self.clear()
+        self._open()
+        is_locked = self._watch()
+        self._write(is_locked=is_locked)
 
     def __enter__(self) -> Self:
         """
         default workflow is the following:
 
             #. Check user UID
-            #. Check if there is lock file
             #. Check web status watcher status
+            #. Open lock file
             #. Wait for lock file to be free
-            #. Create lock file and directory tree
+            #. Write current PID to the lock file
             #. Report to status page if enabled
 
         Returns:
@@ -147,8 +208,7 @@ class Lock(LazyLogging):
         """
         self.check_user()
         self.check_version()
-        self.watch()
-        self.create()
+        self.lock()
         self.reporter.status_update(BuildStatusEnum.Building)
         return self
 

src/ahriman/core/__init__.py

@@ -38,12 +38,12 @@ class _Context:
         """
         self._content: dict[str, Any] = {}
 
-    def get(self, key: ContextKey[T]) -> T:
+    def get(self, key: ContextKey[T] | type[T]) -> T:
         """
         get value for the specified key
 
         Args:
-            key(ContextKey[T]): context key name
+            key(ContextKey[T] | type[T]): context key name
 
         Returns:
             T: value associated with the key
@@ -52,29 +52,37 @@ class _Context:
             KeyError: in case if the specified context variable was not found
             ValueError: in case if type of value is not an instance of specified return type
         """
+        if not isinstance(key, ContextKey):
+            key = ContextKey.from_type(key)
+
         if key.key not in self._content:
             raise KeyError(key.key)
         value = self._content[key.key]
         if not isinstance(value, key.return_type):
             raise ValueError(f"Value {value} is not an instance of {key.return_type}")
+
         return value
 
-    def set(self, key: ContextKey[T], value: T) -> None:
+    def set(self, key: ContextKey[T] | type[T], value: T) -> None:
         """
         set value for the specified key
 
         Args:
-            key(ContextKey[T]): context key name
+            key(ContextKey[T] | type[T]): context key name
             value(T): context value associated with the specified key
 
         Raises:
             KeyError: in case if the specified context variable already exists
             ValueError: in case if type of value is not an instance of specified return type
         """
+        if not isinstance(key, ContextKey):
+            key = ContextKey.from_type(key)
+
         if key.key in self._content:
             raise KeyError(key.key)
         if not isinstance(value, key.return_type):
             raise ValueError(f"Value {value} is not an instance of {key.return_type}")
+
         self._content[key.key] = value
 
     def __iter__(self) -> Iterator[str]:

src/ahriman/core/alpm/pacman.py

@@ -17,25 +17,33 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
+import itertools
 import shutil
+import tarfile
 
-from collections.abc import Callable, Generator
+from collections.abc import Generator, Iterable
 from functools import cached_property
 from pathlib import Path
-from pyalpm import DB, Handle, Package, SIG_PACKAGE, error as PyalpmError  # type: ignore[import-not-found]
+from pyalpm import DB, Handle, Package, SIG_DATABASE_OPTIONAL, SIG_PACKAGE_OPTIONAL  # type: ignore[import-not-found]
 from string import Template
 
+from ahriman.core.alpm.pacman_database import PacmanDatabase
 from ahriman.core.configuration import Configuration
 from ahriman.core.log import LazyLogging
-from ahriman.core.util import trim_package
+from ahriman.core.utils import trim_package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 from ahriman.models.repository_id import RepositoryId
-from ahriman.models.repository_paths import RepositoryPaths
 
 
 class Pacman(LazyLogging):
     """
     alpm wrapper
+
+    Attributes:
+        configuration(Configuration): configuration instance
+        refresh_database(PacmanSynchronization): synchronize local cache to remote
+        repository_id(RepositoryId): repository unique identifier
+        repository_path(RepositoryPaths): repository paths instance
     """
 
     def __init__(self, repository_id: RepositoryId, configuration: Configuration, *,
@@ -48,8 +56,11 @@ class Pacman(LazyLogging):
             configuration(Configuration): configuration instance
             refresh_database(PacmanSynchronization): synchronize local cache to remote
         """
-        self.__create_handle_fn: Callable[[], Handle] = lambda: self.__create_handle(
-            repository_id, configuration, refresh_database=refresh_database)
+        self.configuration = configuration
+        self.repository_id = repository_id
+        self.repository_paths = configuration.repository_paths
+
+        self.refresh_database = refresh_database
 
     @cached_property
     def handle(self) -> Handle:
@@ -59,40 +70,39 @@ class Pacman(LazyLogging):
         Returns:
             Handle: generated pyalpm handle instance
         """
-        return self.__create_handle_fn()
+        return self.__create_handle(refresh_database=self.refresh_database)
 
-    def __create_handle(self, repository_id: RepositoryId, configuration: Configuration, *,
-                        refresh_database: PacmanSynchronization) -> Handle:
+    def __create_handle(self, *, refresh_database: PacmanSynchronization) -> Handle:
         """
         create lazy handle function
 
         Args:
-            repository_id(RepositoryId): repository unique identifier
-            configuration(Configuration): configuration instance
             refresh_database(PacmanSynchronization): synchronize local cache to remote
 
         Returns:
             Handle: fully initialized pacman handle
         """
-        root = configuration.getpath("alpm", "root")
-        pacman_root = configuration.getpath("alpm", "database")
-        use_ahriman_cache = configuration.getboolean("alpm", "use_ahriman_cache")
-        mirror = configuration.get("alpm", "mirror")
-        paths = configuration.repository_paths
-        database_path = paths.pacman if use_ahriman_cache else pacman_root
+        pacman_root = self.configuration.getpath("alpm", "database")
+        use_ahriman_cache = self.configuration.getboolean("alpm", "use_ahriman_cache")
 
+        database_path = self.repository_paths.pacman if use_ahriman_cache else pacman_root
+        root = self.configuration.getpath("alpm", "root")
         handle = Handle(str(root), str(database_path))
-        for repository in configuration.getlist("alpm", "repositories"):
-            database = self.database_init(handle, repository, mirror, repository_id.architecture)
-            self.database_copy(handle, database, pacman_root, paths, use_ahriman_cache=use_ahriman_cache)
+
+        for repository in self.configuration.getlist("alpm", "repositories"):
+            database = self.database_init(handle, repository, self.repository_id.architecture)
+            self.database_copy(handle, database, pacman_root, use_ahriman_cache=use_ahriman_cache)
+
+        # install repository database too
+        local_database = self.database_init(handle, self.repository_id.name, self.repository_id.architecture)
+        self.database_copy(handle, local_database, pacman_root, use_ahriman_cache=use_ahriman_cache)
 
         if use_ahriman_cache and refresh_database:
             self.database_sync(handle, force=refresh_database == PacmanSynchronization.Force)
 
         return handle
 
-    def database_copy(self, handle: Handle, database: DB, pacman_root: Path, paths: RepositoryPaths, *,
-                      use_ahriman_cache: bool) -> None:
+    def database_copy(self, handle: Handle, database: DB, pacman_root: Path, *, use_ahriman_cache: bool) -> None:
         """
         copy database from the operating system root to the ahriman local home
 
@@ -100,7 +110,6 @@ class Pacman(LazyLogging):
             handle(Handle): pacman handle which will be used for database copying
             database(DB): pacman database instance to be copied
             pacman_root(Path): operating system pacman root
-            paths(RepositoryPaths): repository paths instance
             use_ahriman_cache(bool): use local ahriman cache instead of system one
         """
         def repository_database(root: Path) -> Path:
@@ -122,30 +131,36 @@ class Pacman(LazyLogging):
             return  # database for some reason deos not exist
         self.logger.info("copy pacman database from operating system root to ahriman's home")
         shutil.copy(src, dst)
-        paths.chown(dst)
+        self.repository_paths.chown(dst)
 
-    def database_init(self, handle: Handle, repository: str, mirror: str, architecture: str) -> DB:
+    def database_init(self, handle: Handle, repository: str, architecture: str) -> DB:
         """
         create database instance from pacman handler and set its properties
 
         Args:
             handle(Handle): pacman handle which will be used for database initializing
             repository(str): pacman repository name (e.g. core)
-            mirror(str): arch linux mirror url
             architecture(str): repository architecture
 
         Returns:
             DB: loaded pacman database instance
         """
         self.logger.info("loading pacman database %s", repository)
-        database: DB = handle.register_syncdb(repository, SIG_PACKAGE)
+        database: DB = handle.register_syncdb(repository, SIG_DATABASE_OPTIONAL | SIG_PACKAGE_OPTIONAL)
 
-        # replace variables in mirror address
-        variables = {
-            "arch": architecture,
-            "repo": repository,
-        }
-        database.servers = [Template(mirror).safe_substitute(variables)]
+        if repository != self.repository_id.name:
+            mirror = self.configuration.get("alpm", "mirror")
+            # replace variables in mirror address
+            variables = {
+                "arch": architecture,
+                "repo": repository,
+            }
+            server = Template(mirror).safe_substitute(variables)
+        else:
+            # special case, same database, use local storage instead
+            server = f"file://{self.repository_paths.repository}"
+
+        database.servers = [server]
 
         return database
 
@@ -160,13 +175,55 @@ class Pacman(LazyLogging):
         self.logger.info("refresh ahriman's home pacman database (force refresh %s)", force)
         transaction = handle.init_transaction()
         for database in handle.get_syncdbs():
-            try:
-                database.update(force)
-            except PyalpmError:
-                self.logger.exception("exception during update %s", database.name)
+            PacmanDatabase(database, self.configuration).sync(force=force)
         transaction.release()
 
-    def package_get(self, package_name: str) -> Generator[Package, None, None]:
+    def files(self, packages: Iterable[str]) -> dict[str, set[str]]:
+        """
+        extract list of known packages from the databases
+
+        Args:
+            packages(Iterable[str]): filter by package names
+
+        Returns:
+            dict[str, set[str]]: map of package name to its list of files
+        """
+        def extract(tar: tarfile.TarFile, package_names: dict[str, str]) -> Generator[tuple[str, set[str]], None, None]:
+            for package_name, version in package_names.items():
+                path = Path(f"{package_name}-{version}") / "files"
+                try:
+                    content = tar.extractfile(str(path))
+                except KeyError:
+                    # in case if database and its files has been desync somehow, the extractfile will raise
+                    # KeyError because the entry doesn't exist
+                    content = None
+                if content is None:
+                    continue
+
+                # this is just array of files, however, the directories are with trailing slash,
+                # which previously has been removed by the conversion to ``pathlib.Path``
+                files = {filename.decode("utf8").rstrip().removesuffix("/") for filename in content.readlines()}
+                yield package_name, files
+
+        # sort is required for the following group by operation
+        descriptors = sorted(
+            (package for package_name in packages for package in self.package(package_name)),
+            key=lambda package: package.db.name
+        )
+
+        result: dict[str, set[str]] = {}
+        for database_name, pacman_packages in itertools.groupby(descriptors, lambda package: package.db.name):
+            database_file = self.repository_paths.pacman / "sync" / f"{database_name}.files.tar.gz"
+            if not database_file.is_file():
+                continue  # no database file found
+
+            package_names = {package.name: package.version for package in pacman_packages}
+            with tarfile.open(database_file, "r:gz") as archive:
+                result.update(extract(archive, package_names))
+
+        return result
+
+    def package(self, package_name: str) -> Generator[Package, None, None]:
         """
         retrieve list of the packages from the repository by name
 

src/ahriman/core/alpm/pacman_database.py

@@ -0,0 +1,170 @@
+#
+# Copyright (c) 2021-2024 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+import os
+import shutil
+
+from email.utils import parsedate_to_datetime
+from pathlib import Path
+from pyalpm import DB  # type: ignore[import-not-found]
+from urllib.parse import urlparse
+
+from ahriman.core.configuration import Configuration
+from ahriman.core.exceptions import PacmanError
+from ahriman.core.http import SyncHttpClient
+
+
+class PacmanDatabase(SyncHttpClient):
+    """
+    implementation for database sync, because pyalpm is not always enough
+
+    Attributes:
+        LAST_MODIFIED_HEADER(str): last modified header name
+        database(DB): pyalpm database object
+        repository_paths(RepositoryPaths): repository paths instance
+        sync_files_database(bool): sync files database
+    """
+
+    LAST_MODIFIED_HEADER = "Last-Modified"
+
+    def __init__(self, database: DB, configuration: Configuration) -> None:
+        """
+        default constructor
+
+        Args:
+            database(DB): pyalpm database object
+            configuration(Configuration): configuration instance
+        """
+        SyncHttpClient.__init__(self)
+        self.timeout = None  # reset timeout
+
+        self.database = database
+        self.repository_paths = configuration.repository_paths
+
+        self.sync_files_database = configuration.getboolean("alpm", "sync_files_database")
+
+    def copy(self, remote_path: Path, local_path: Path) -> None:
+        """
+        copy local database file
+
+        Args:
+            remote_path(Path): path to source (remote) file
+            local_path(Path): path to locally stored file
+        """
+        shutil.copy(remote_path, local_path)
+
+    def download(self, url: str, local_path: Path) -> None:
+        """
+        download remote file and store it to local path with the correct last modified headers
+
+        Args:
+            url(str): remote url to request file
+            local_path(Path): path to locally stored file
+
+        Raises:
+            PacmanError: in case if no last-modified header was found
+        """
+        response = self.make_request("GET", url, stream=True)
+        if self.LAST_MODIFIED_HEADER not in response.headers:
+            raise PacmanError("No last-modified header found")
+
+        with local_path.open("wb") as local_file:
+            for chunk in response.iter_content(chunk_size=1024):
+                local_file.write(chunk)
+
+        # set correct (a,m)time for the file
+        remote_changed = parsedate_to_datetime(response.headers[self.LAST_MODIFIED_HEADER]).timestamp()
+        os.utime(local_path, (remote_changed, remote_changed))
+
+    def is_outdated(self, url: str, local_path: Path) -> bool:
+        """
+        check if local file is outdated
+
+        Args:
+            url(str): remote url to request last modified header
+            local_path(Path): path to locally stored file
+
+        Returns:
+            bool: True in case if remote file is newer than local file
+
+        Raises:
+            PacmanError: in case if no last-modified header was found
+        """
+        if not local_path.is_file():
+            return True  # no local file found, requires to update
+
+        response = self.make_request("HEAD", url)
+        if self.LAST_MODIFIED_HEADER not in response.headers:
+            raise PacmanError("No last-modified header found")
+
+        remote_changed = parsedate_to_datetime(response.headers["Last-Modified"]).timestamp()
+        local_changed = local_path.stat().st_mtime
+
+        return remote_changed > local_changed
+
+    def sync(self, *, force: bool) -> None:
+        """
+        sync packages and files databases
+
+        Args:
+            force(bool): force database synchronization (same as ``pacman -Syy``)
+        """
+        try:
+            self.sync_packages(force=force)
+            if self.sync_files_database:
+                self.sync_files(force=force)
+        except Exception:
+            self.logger.exception("exception during update %s", self.database.name)
+
+    def sync_files(self, *, force: bool) -> None:
+        """
+        sync files by using http request
+
+        Args:
+            force(bool): force database synchronization (same as ``pacman -Syy``)
+        """
+        server = next(iter(self.database.servers))
+        filename = f"{self.database.name}.files.tar.gz"
+        url = f"{server}/{filename}"
+
+        remote_uri = urlparse(url)
+        local_path = Path(self.repository_paths.pacman / "sync" / filename)
+
+        match remote_uri.scheme:
+            case "http" | "https":
+                if not force and not self.is_outdated(url, local_path):
+                    return
+
+                self.download(url, local_path)
+
+            case "file":
+                # just copy file as it is relatively cheap operation, no need to check timestamps
+                self.copy(Path(remote_uri.path), local_path)
+
+            case other:
+                raise PacmanError(f"Unknown or unsupported URL scheme {other}")
+
+    def sync_packages(self, *, force: bool) -> None:
+        """
+        sync packages by using built-in pyalpm methods
+
+        Args:
+            force(bool): force database synchronization (same as ``pacman -Syy``)
+        """
+        self.database.update(force)

src/ahriman/core/alpm/remote/official_syncdb.py

@@ -56,6 +56,6 @@ class OfficialSyncdb(Official):
             raise UnknownPackageError(package_name)
 
         try:
-            return next(AURPackage.from_pacman(package) for package in pacman.package_get(package_name))
+            return next(AURPackage.from_pacman(package) for package in pacman.package(package_name))
         except StopIteration:
             raise UnknownPackageError(package_name) from None

src/ahriman/core/alpm/repo.py

@@ -21,7 +21,7 @@ from pathlib import Path
 
 from ahriman.core.exceptions import BuildError
 from ahriman.core.log import LazyLogging
-from ahriman.core.util import check_output
+from ahriman.core.utils import check_output
 from ahriman.models.repository_paths import RepositoryPaths
 
 

src/ahriman/core/auth/auth.py

@@ -81,15 +81,18 @@ class Auth(LazyLogging):
             case AuthSettings.OAuth:
                 from ahriman.core.auth.oauth import OAuth
                 return OAuth(configuration, database)
+            case AuthSettings.PAM:
+                from ahriman.core.auth.pam import PAM
+                return PAM(configuration, database)
             case _:
                 return Auth(configuration)
 
-    async def check_credentials(self, username: str | None, password: str | None) -> bool:
+    async def check_credentials(self, username: str, password: str | None) -> bool:
         """
         validate user password
 
         Args:
-            username(str | None): username
+            username(str): username
             password(str | None): entered password
 
         Returns:
@@ -98,12 +101,12 @@ class Auth(LazyLogging):
         del username, password
         return True
 
-    async def known_username(self, username: str | None) -> bool:
+    async def known_username(self, username: str) -> bool:
         """
         check if user is known
 
         Args:
-            username(str | None): username
+            username(str): username
 
         Returns:
             bool: True in case if user is known and can be authorized and False otherwise

src/ahriman/core/auth/mapping.py

@@ -48,18 +48,18 @@ class Mapping(Auth):
         self.database = database
         self.salt = configuration.get("auth", "salt", fallback="")
 
-    async def check_credentials(self, username: str | None, password: str | None) -> bool:
+    async def check_credentials(self, username: str, password: str | None) -> bool:
         """
         validate user password
 
         Args:
-            username(str | None): username
+            username(str): username
             password(str | None): entered password
 
         Returns:
             bool: True in case if password matches, False otherwise
         """
-        if username is None or password is None:
+        if password is None:
             return False  # invalid data supplied
         user = self.get_user(username)
         return user is not None and user.check_credentials(password, self.salt)
@@ -76,12 +76,12 @@ class Mapping(Auth):
         """
         return self.database.user_get(username)
 
-    async def known_username(self, username: str | None) -> bool:
+    async def known_username(self, username: str) -> bool:
         """
         check if user is known
 
         Args:
-            username(str | None): username
+            username(str): username
 
         Returns:
             bool: True in case if user is known and can be authorized and False otherwise

src/ahriman/core/auth/pam.py

@@ -0,0 +1,131 @@
+#
+# Copyright (c) 2021-2024 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+from grp import getgrnam
+from pwd import getpwnam
+
+from ahriman.core.auth.mapping import Mapping
+from ahriman.core.configuration import Configuration
+from ahriman.core.database import SQLite
+from ahriman.core.exceptions import CalledProcessError
+from ahriman.core.utils import check_output
+from ahriman.models.auth_settings import AuthSettings
+from ahriman.models.user_access import UserAccess
+
+
+class PAM(Mapping):
+    """
+    User authorization implementation by using default PAM
+
+    Attributes:
+        full_access_group(str): group name users of which have full access
+        permit_root_login(bool): permit login as root
+    """
+
+    def __init__(self, configuration: Configuration, database: SQLite,
+                 provider: AuthSettings = AuthSettings.PAM) -> None:
+        """
+        default constructor
+
+        Args:
+            configuration(Configuration): configuration instance
+            database(SQLite): database instance
+            provider(AuthSettings, optional): authorization type definition (Default value = AuthSettings.PAM)
+        """
+        Mapping.__init__(self, configuration, database, provider)
+        self.full_access_group = configuration.get("auth", "full_access_group")
+        self.permit_root_login = configuration.getboolean("auth", "permit_root_login", fallback=False)
+
+    @staticmethod
+    def group_members(group_name: str) -> list[str]:
+        """
+        extract current group members
+
+        Args:
+            group_name(str): group name
+
+        Returns:
+            list[str]: list of users which belong to the specified group. In case if group wasn't found, the empty list
+            will be returned
+        """
+        try:
+            group = getgrnam(group_name)
+        except KeyError:
+            return []
+        return group.gr_mem
+
+    async def check_credentials(self, username: str, password: str | None) -> bool:
+        """
+        validate user password
+
+        Args:
+            username(str): username
+            password(str | None): entered password
+
+        Returns:
+            bool: True in case if password matches, False otherwise
+        """
+        if password is None:
+            return False  # invalid data supplied
+        if not self.permit_root_login and username == "root":
+            return False  # login as root is not allowed
+        # the reason why do we call su here is that python-pam actually read shadow file
+        # and hence requires root privileges
+        try:
+            check_output("su", "--command", "true", "-", username, input_data=password)
+            return True
+        except CalledProcessError:
+            return await Mapping.check_credentials(self, username, password)
+
+    async def known_username(self, username: str) -> bool:
+        """
+        check if user is known
+
+        Args:
+            username(str): username
+
+        Returns:
+            bool: True in case if user is known and can be authorized and False otherwise
+        """
+        try:
+            _ = getpwnam(username)
+            return True
+        except KeyError:
+            return await Mapping.known_username(self, username)
+
+    async def verify_access(self, username: str, required: UserAccess, context: str | None) -> bool:
+        """
+        validate if user has access to requested resource
+
+        Args:
+            username(str): username
+            required(UserAccess): required access level
+            context(str | None): URI request path
+
+        Returns:
+            bool: True in case if user is allowed to do this request and False otherwise
+        """
+        # this method is basically inverted, first we check overrides in database and then fallback to the PAM logic
+        if (user := self.get_user(username)) is not None:
+            return user.verify_access(required)
+        # if username is in admin group, then we treat it as full access
+        if username in self.group_members(self.full_access_group):
+            return UserAccess.Full.permits(required)
+        # fallback to read-only accounts
+        return UserAccess.Read.permits(required)

src/ahriman/core/build_tools/sources.py

@@ -23,7 +23,7 @@ from pathlib import Path
 
 from ahriman.core.exceptions import CalledProcessError
 from ahriman.core.log import LazyLogging
-from ahriman.core.util import check_output, utcnow, walk
+from ahriman.core.utils import check_output, utcnow, walk
 from ahriman.models.package import Package
 from ahriman.models.pkgbuild_patch import PkgbuildPatch
 from ahriman.models.remote_source import RemoteSource

src/ahriman/core/build_tools/task.py

@@ -21,10 +21,9 @@ from pathlib import Path
 
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.configuration import Configuration
-from ahriman.core.database import SQLite
 from ahriman.core.exceptions import BuildError
 from ahriman.core.log import LazyLogging
-from ahriman.core.util import check_output
+from ahriman.core.utils import check_output
 from ahriman.models.package import Package
 from ahriman.models.pkgbuild_patch import PkgbuildPatch
 from ahriman.models.repository_paths import RepositoryPaths
@@ -116,20 +115,20 @@ class Task(LazyLogging):
         # e.g. in some cases packagelist command produces debug packages which were not actually built
         return list(filter(lambda path: path.is_file(), map(Path, packages)))
 
-    def init(self, sources_dir: Path, database: SQLite, local_version: str | None) -> str | None:
+    def init(self, sources_dir: Path, patches: list[PkgbuildPatch], local_version: str | None) -> str | None:
         """
         fetch package from git
 
         Args:
             sources_dir(Path): local path to fetch
-            database(SQLite): database instance
+            patches(list[PkgbuildPatch]): list of patches for the package
             local_version(str | None): local version of the package. If set and equal to current version, it will
                 automatically bump pkgrel
 
         Returns:
             str | None: current commit sha if available
         """
-        last_commit_sha = Sources.load(sources_dir, self.package, database.patches_get(self.package.base), self.paths)
+        last_commit_sha = Sources.load(sources_dir, self.package, patches, self.paths)
         if local_version is None:
             return last_commit_sha  # there is no local package or pkgrel increment is disabled
 

src/ahriman/core/configuration/schema.py

@@ -89,6 +89,11 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                 "path_exists": True,
                 "path_type": "dir",
             },
+            "sync_files_database": {
+                "type": "boolean",
+                "coerce": "boolean",
+                "required": True,
+            },
             "use_ahriman_cache": {
                 "type": "boolean",
                 "coerce": "boolean",
@@ -110,6 +115,7 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                         "oauth_provider",
                         "oauth_scopes",
                     ]},
+                    {"allowed": ["pam"], "dependencies": ["full_access_group"]},
                 ],
             },
             "allow_read_only": {
@@ -130,6 +136,10 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                 "minlength": 32,
                 "maxlength": 64,  # we cannot verify maxlength, because base64 representation might be longer than bytes
             },
+            "full_access_group": {
+                "type": "string",
+                "empty": False,
+            },
             "max_age": {
                 "type": "integer",
                 "coerce": "integer",
@@ -147,6 +157,10 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                 "type": "string",
                 "empty": False,
             },
+            "permit_root_login": {
+                "type": "boolean",
+                "coerce": "boolean",
+            },
             "salt": {
                 "type": "string",
             },

src/ahriman/core/database/migrations/m005_make_opt_depends.py

@@ -21,7 +21,7 @@ from sqlite3 import Connection
 
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.configuration import Configuration
-from ahriman.core.util import package_like
+from ahriman.core.utils import package_like
 from ahriman.models.package import Package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 

src/ahriman/core/database/migrations/m007_check_depends.py

@@ -21,7 +21,7 @@ from sqlite3 import Connection
 
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.configuration import Configuration
-from ahriman.core.util import package_like
+from ahriman.core.utils import package_like
 from ahriman.models.package import Package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 

src/ahriman/core/database/migrations/m008_packagers.py

@@ -21,7 +21,7 @@ from sqlite3 import Connection
 
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.configuration import Configuration
-from ahriman.core.util import package_like
+from ahriman.core.utils import package_like
 from ahriman.models.package import Package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 

src/ahriman/core/database/migrations/m013_dependencies.py

@@ -0,0 +1,32 @@
+#
+# Copyright (c) 2021-2024 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+__all__ = ["steps"]
+
+
+steps = [
+    """
+    create table package_dependencies (
+        package_base text not null,
+        repository text not null,
+        dependencies json not null,
+        unique (package_base, repository)
+    )
+    """,
+]

src/ahriman/core/database/operations/__init__.py

@@ -20,6 +20,7 @@
 from ahriman.core.database.operations.auth_operations import AuthOperations
 from ahriman.core.database.operations.build_operations import BuildOperations
 from ahriman.core.database.operations.changes_operations import ChangesOperations
+from ahriman.core.database.operations.dependencies_operations import DependenciesOperations
 from ahriman.core.database.operations.logs_operations import LogsOperations
 from ahriman.core.database.operations.package_operations import PackageOperations
 from ahriman.core.database.operations.patch_operations import PatchOperations

src/ahriman/core/database/operations/changes_operations.py

@@ -64,7 +64,7 @@ class ChangesOperations(Operations):
 
     def changes_insert(self, package_base: str, changes: Changes, repository_id: RepositoryId | None = None) -> None:
         """
-        insert packages to build queue
+        insert package changes
 
         Args:
             package_base(str): package base to insert
@@ -117,27 +117,3 @@ class ChangesOperations(Operations):
                 })
 
         return self.with_connection(run, commit=True)
-
-    def hashes_get(self, repository_id: RepositoryId | None = None) -> dict[str, str]:
-        """
-        extract last commit hashes if available
-
-        Args:
-            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
-
-        Returns:
-            dict[str, str]: map of package base to its last commit hash
-        """
-
-        repository_id = repository_id or self._repository_id
-
-        def run(connection: Connection) -> dict[str, str]:
-            return {
-                row["package_base"]: row["last_commit_sha"]
-                for row in connection.execute(
-                    """select package_base, last_commit_sha from package_changes where repository = :repository""",
-                    {"repository": repository_id.id}
-                )
-            }
-
-        return self.with_connection(run)

src/ahriman/core/database/operations/dependencies_operations.py

@@ -0,0 +1,116 @@
+#
+# Copyright (c) 2021-2024 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+from sqlite3 import Connection
+
+from ahriman.core.database.operations.operations import Operations
+from ahriman.models.dependencies import Dependencies
+from ahriman.models.repository_id import RepositoryId
+
+
+class DependenciesOperations(Operations):
+    """
+    operations for dependencies table
+    """
+
+    def dependencies_get(self, package_base: str | None = None,
+                         repository_id: RepositoryId | None = None) -> dict[str, Dependencies]:
+        """
+        get dependencies for the specific package base if available
+
+        Args:
+            package_base(str | None): package base to search
+            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
+
+        Returns:
+            Dependencies: changes for the package base if available
+        """
+        repository_id = repository_id or self._repository_id
+
+        def run(connection: Connection) -> dict[str, Dependencies]:
+            return {
+                row["package_base"]: Dependencies(row["dependencies"])
+                for row in connection.execute(
+                    """
+                        select package_base, dependencies from package_dependencies
+                        where (:package_base is null or package_base = :package_base)
+                          and repository = :repository
+                        """,
+                    {
+                        "package_base": package_base,
+                        "repository": repository_id.id,
+                    }
+                )
+            }
+
+        return self.with_connection(run)
+
+    def dependencies_insert(self, package_base: str, dependencies: Dependencies,
+                            repository_id: RepositoryId | None = None) -> None:
+        """
+        insert package dependencies
+
+        Args:
+            package_base(str): package base
+            dependencies(Dependencies): package dependencies
+            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
+        """
+        repository_id = repository_id or self._repository_id
+
+        def run(connection: Connection) -> None:
+            connection.execute(
+                """
+                insert into package_dependencies
+                (package_base, repository, dependencies)
+                values
+                (:package_base, :repository, :dependencies)
+                on conflict (package_base, repository) do update set
+                dependencies = :dependencies
+                """,
+                {
+                    "package_base": package_base,
+                    "repository": repository_id.id,
+                    "dependencies": dependencies.paths,
+                })
+
+        return self.with_connection(run, commit=True)
+
+    def dependencies_remove(self, package_base: str | None, repository_id: RepositoryId | None = None) -> None:
+        """
+        remove packages dependencies
+
+        Args:
+            package_base(str | None): optional filter by package base
+            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
+        """
+        repository_id = repository_id or self._repository_id
+
+        def run(connection: Connection) -> None:
+            connection.execute(
+                """
+                delete from package_dependencies
+                where (:package_base is null or package_base = :package_base)
+                  and repository = :repository
+                """,
+                {
+                    "package_base": package_base,
+                    "repository": repository_id.id,
+                })
+
+        return self.with_connection(run, commit=True)

src/ahriman/core/database/operations/operations.py

@@ -25,6 +25,7 @@ from typing import Any, TypeVar
 
 from ahriman.core.log import LazyLogging
 from ahriman.models.repository_id import RepositoryId
+from ahriman.models.repository_paths import RepositoryPaths
 
 
 T = TypeVar("T")
@@ -38,7 +39,7 @@ class Operations(LazyLogging):
         path(Path): path to the database file
     """
 
-    def __init__(self, path: Path, repository_id: RepositoryId) -> None:
+    def __init__(self, path: Path, repository_id: RepositoryId, repository_paths: RepositoryPaths) -> None:
         """
         default constructor
 
@@ -48,6 +49,7 @@ class Operations(LazyLogging):
         """
         self.path = path
         self._repository_id = repository_id
+        self._repository_paths = repository_paths
 
     @staticmethod
     def factory(cursor: sqlite3.Cursor, row: tuple[Any, ...]) -> dict[str, Any]:

src/ahriman/core/database/operations/package_operations.py

@@ -150,34 +150,6 @@ class PackageOperations(Operations):
             """,
             package_list)
 
-    @staticmethod
-    def _package_update_insert_status(connection: Connection, package_base: str, status: BuildStatus,
-                                      repository_id: RepositoryId) -> None:
-        """
-        insert base package status into table
-
-        Args:
-            connection(Connection): database connection
-            package_base(str): package base name
-            status(BuildStatus): new build status
-            repository_id(RepositoryId): repository unique identifier
-        """
-        connection.execute(
-            """
-            insert into package_statuses
-            (package_base, status, last_updated, repository)
-            values
-            (:package_base, :status, :last_updated, :repository)
-            on conflict (package_base, repository) do update set
-            status = :status, last_updated = :last_updated
-            """,
-            {
-                "package_base": package_base,
-                "status": status.status.value,
-                "last_updated": status.timestamp,
-                "repository": repository_id.id,
-            })
-
     @staticmethod
     def _packages_get_select_package_bases(connection: Connection, repository_id: RepositoryId) -> dict[str, Package]:
         """
@@ -246,21 +218,6 @@ class PackageOperations(Operations):
             )
         }
 
-    def package_base_update(self, package: Package, repository_id: RepositoryId | None = None) -> None:
-        """
-        update package base only
-
-        Args:
-            package(Package): package properties
-            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
-        """
-        repository_id = repository_id or self._repository_id
-
-        def run(connection: Connection) -> None:
-            self._package_update_insert_base(connection, package, repository_id)
-
-        return self.with_connection(run, commit=True)
-
     def package_remove(self, package_base: str, repository_id: RepositoryId | None = None) -> None:
         """
         remove package from database
@@ -277,20 +234,18 @@ class PackageOperations(Operations):
 
         return self.with_connection(run, commit=True)
 
-    def package_update(self, package: Package, status: BuildStatus, repository_id: RepositoryId | None = None) -> None:
+    def package_update(self, package: Package, repository_id: RepositoryId | None = None) -> None:
         """
         update package status
 
         Args:
             package(Package): package properties
-            status(BuildStatus): new build status
             repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
         """
         repository_id = repository_id or self._repository_id
 
         def run(connection: Connection) -> None:
             self._package_update_insert_base(connection, package, repository_id)
-            self._package_update_insert_status(connection, package.base, status, repository_id)
             self._package_update_insert_packages(connection, package, repository_id)
             self._package_remove_packages(connection, package.base, package.packages.keys(), repository_id)
 
@@ -317,22 +272,32 @@ class PackageOperations(Operations):
 
         return self.with_connection(lambda connection: list(run(connection)))
 
-    def remotes_get(self, repository_id: RepositoryId | None = None) -> dict[str, RemoteSource]:
+    def status_update(self, package_base: str, status: BuildStatus, repository_id: RepositoryId | None = None) -> None:
         """
-        get packages remotes based on current settings
+        insert base package status into table
 
         Args:
+            package_base(str): package base name
+            status(BuildStatus): new build status
             repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
-
-        Returns:
-            dict[str, RemoteSource]: map of package base to its remote sources
         """
         repository_id = repository_id or self._repository_id
 
-        def run(connection: Connection) -> dict[str, Package]:
-            return self._packages_get_select_package_bases(connection, repository_id)
+        def run(connection: Connection) -> None:
+            connection.execute(
+                """
+                insert into package_statuses
+                (package_base, status, last_updated, repository)
+                values
+                (:package_base, :status, :last_updated, :repository)
+                on conflict (package_base, repository) do update set
+                status = :status, last_updated = :last_updated
+                """,
+                {
+                    "package_base": package_base,
+                    "status": status.status.value,
+                    "last_updated": status.timestamp,
+                    "repository": repository_id.id,
+                })
 
-        return {
-            package_base: package.remote
-            for package_base, package in self.with_connection(run).items()
-        }
+        return self.with_connection(run, commit=True)

src/ahriman/core/database/sqlite.py

@@ -25,12 +25,19 @@ from typing import Self
 
 from ahriman.core.configuration import Configuration
 from ahriman.core.database.migrations import Migrations
-from ahriman.core.database.operations import AuthOperations, BuildOperations, ChangesOperations, LogsOperations, \
-    PackageOperations, PatchOperations
+from ahriman.core.database.operations import AuthOperations, BuildOperations, ChangesOperations, \
+    DependenciesOperations, LogsOperations, PackageOperations, PatchOperations
 
 
 # pylint: disable=too-many-ancestors
-class SQLite(AuthOperations, BuildOperations, ChangesOperations, LogsOperations, PackageOperations, PatchOperations):
+class SQLite(
+        AuthOperations,
+        BuildOperations,
+        ChangesOperations,
+        DependenciesOperations,
+        LogsOperations,
+        PackageOperations,
+        PatchOperations):
     """
     wrapper for sqlite3 database
 
@@ -59,7 +66,7 @@ class SQLite(AuthOperations, BuildOperations, ChangesOperations, LogsOperations,
         path = cls.database_path(configuration)
         _, repository_id = configuration.check_loaded()
 
-        database = cls(path, repository_id)
+        database = cls(path, repository_id, configuration.repository_paths)
         database.init(configuration)
 
         return database
@@ -94,3 +101,24 @@ class SQLite(AuthOperations, BuildOperations, ChangesOperations, LogsOperations,
         if configuration.getboolean("settings", "apply_migrations", fallback=True):
             self.with_connection(lambda connection: Migrations.migrate(connection, configuration))
         paths.chown(self.path)
+
+    def package_clear(self, package_base: str) -> None:
+        """
+        completely remove package from all tables
+
+        Args:
+            package_base(str): package base to remove
+
+        Examples:
+            This method completely removes the package from all tables and must be used, e.g. on package removal::
+
+            >>> database.package_clear("ahriman")
+        """
+        self.build_queue_clear(package_base)
+        self.patches_remove(package_base, [])
+        self.logs_remove(package_base, None)
+        self.changes_remove(package_base)
+        self.dependencies_remove(package_base)
+
+        # remove local cache too
+        self._repository_paths.tree_clear(package_base)

src/ahriman/core/exceptions.py

@@ -219,6 +219,21 @@ class PackageInfoError(RuntimeError):
         RuntimeError.__init__(self, f"There are errors during reading package information: `{details}`")
 
 
+class PacmanError(RuntimeError):
+    """
+    exception in case of pacman operation errors
+    """
+
+    def __init__(self, details: Any) -> None:
+        """
+        default constructor
+
+        Args:
+            details(Any): error details
+        """
+        RuntimeError.__init__(self, f"Could not perform operation with pacman: `{details}`")
+
+
 class PathError(ValueError):
     """
     exception which will be raised on path which is not belong to root directory

src/ahriman/core/formatters/aur_printer.py

@@ -18,7 +18,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 from ahriman.core.formatters.string_printer import StringPrinter
-from ahriman.core.util import pretty_datetime
+from ahriman.core.utils import pretty_datetime
 from ahriman.models.aur_package import AURPackage
 from ahriman.models.property import Property
 

src/ahriman/core/formatters/update_printer.py

@@ -18,6 +18,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 from ahriman.core.formatters.string_printer import StringPrinter
+from ahriman.core.utils import full_version, parse_version
 from ahriman.models.package import Package
 from ahriman.models.property import Property
 
@@ -41,7 +42,7 @@ class UpdatePrinter(StringPrinter):
         """
         StringPrinter.__init__(self, remote.base)
         self.package = remote
-        self.local_version = local_version or "N/A"
+        self.local_version = local_version
 
     def properties(self) -> list[Property]:
         """
@@ -50,4 +51,9 @@ class UpdatePrinter(StringPrinter):
         Returns:
             list[Property]: list of content properties
         """
-        return [Property(self.local_version, self.package.version, is_required=True)]
+        if (pkgrel := self.package.next_pkgrel(self.local_version)) is not None:
+            epoch, pkgver, _ = parse_version(self.package.version)
+            effective_new_version = full_version(epoch, pkgver, pkgrel)
+        else:
+            effective_new_version = self.package.version
+        return [Property(self.local_version or "N/A", effective_new_version, is_required=True)]

src/ahriman/core/gitremote/remote_pull.py

@@ -26,7 +26,7 @@ from ahriman.core.build_tools.sources import Sources
 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import GitRemoteError
 from ahriman.core.log import LazyLogging
-from ahriman.core.util import walk
+from ahriman.core.utils import walk
 from ahriman.models.package import Package
 from ahriman.models.package_source import PackageSource
 from ahriman.models.remote_source import RemoteSource

src/ahriman/core/gitremote/remote_push.py

@@ -25,9 +25,9 @@ from tempfile import TemporaryDirectory
 
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.configuration import Configuration
-from ahriman.core.database import SQLite
 from ahriman.core.exceptions import GitRemoteError
 from ahriman.core.log import LazyLogging
+from ahriman.core.status import Client
 from ahriman.models.package import Package
 from ahriman.models.package_source import PackageSource
 from ahriman.models.remote_source import RemoteSource
@@ -40,20 +40,20 @@ class RemotePush(LazyLogging):
 
     Attributes:
         commit_author(tuple[str, str] | None): optional commit author in form of git config
-        database(SQLite): database instance
         remote_source(RemoteSource): repository remote source (remote pull url and branch)
+        reporter(Client): reporter client used for additional information retrieval
     """
 
-    def __init__(self, database: SQLite, configuration: Configuration, section: str) -> None:
+    def __init__(self, reporter: Client, configuration: Configuration, section: str) -> None:
         """
         default constructor
 
         Args:
-            database(SQLite): database instance
+            reporter(Client): reporter client
             configuration(Configuration): configuration instance
             section(str): settings section name
         """
-        self.database = database
+        self.reporter = reporter
 
         commit_email = configuration.get(section, "commit_email", fallback="ahriman@localhost")
         commit_user = configuration.get(section, "commit_user", fallback="ahriman")
@@ -92,7 +92,7 @@ class RemotePush(LazyLogging):
             else:
                 shutil.rmtree(git_file)
         # ...copy all patches...
-        for patch in self.database.patches_get(package.base):
+        for patch in self.reporter.package_patches_get(package.base, None):
             filename = f"ahriman-{package.base}.patch" if patch.key is None else f"ahriman-{patch.key}.patch"
             patch.write(package_target_dir / filename)
         # ...and finally return path to the copied directory

src/ahriman/core/gitremote/remote_push_trigger.py

@@ -19,10 +19,9 @@
 #
 from ahriman.core import context
 from ahriman.core.configuration import Configuration
-from ahriman.core.database import SQLite
 from ahriman.core.gitremote.remote_push import RemotePush
+from ahriman.core.status import Client
 from ahriman.core.triggers import Trigger
-from ahriman.models.context_key import ContextKey
 from ahriman.models.package import Package
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.result import Result
@@ -111,10 +110,10 @@ class RemotePushTrigger(Trigger):
             GitRemoteError: if database is not set in context
         """
         ctx = context.get()
-        database = ctx.get(ContextKey("database", SQLite))
+        reporter = ctx.get(Client)
 
         for target in self.targets:
             section, _ = self.configuration.gettype(
                 target, self.repository_id, fallback=self.CONFIGURATION_SCHEMA_FALLBACK)
-            runner = RemotePush(database, self.configuration, section)
+            runner = RemotePush(reporter, self.configuration, section)
             runner.run(result)

src/ahriman/core/http/sync_ahriman_client.py

@@ -46,8 +46,8 @@ class SyncAhrimanClient(SyncHttpClient):
             request.Session: created session object
         """
         if urlparse(self.address).scheme == "http+unix":
-            import requests_unixsocket  # type: ignore[import-untyped]
-            session: requests.Session = requests_unixsocket.Session()
+            import requests_unixsocket
+            session: requests.Session = requests_unixsocket.Session()  # type: ignore[no-untyped-call]
             session.headers["User-Agent"] = f"ahriman/{__version__}"
             return session
 

src/ahriman/core/http/sync_http_client.py

@@ -38,7 +38,7 @@ class SyncHttpClient(LazyLogging):
     Attributes:
         auth(tuple[str, str] | None): HTTP basic auth object if set
         suppress_errors(bool): suppress logging of request errors
-        timeout(int): HTTP request timeout in seconds
+        timeout(int | None): HTTP request timeout in seconds
     """
 
     def __init__(self, configuration: Configuration | None = None, section: str | None = None, *,
@@ -60,7 +60,7 @@ class SyncHttpClient(LazyLogging):
         password = configuration.get(section, "password", fallback=None)
         self.auth = (username, password) if username and password else None
 
-        self.timeout = configuration.getint(section, "timeout", fallback=30)
+        self.timeout: int | None = configuration.getint(section, "timeout", fallback=30)
         self.suppress_errors = suppress_errors
 
     @cached_property
@@ -90,25 +90,27 @@ class SyncHttpClient(LazyLogging):
         result: str = exception.response.text if exception.response is not None else ""
         return result
 
-    def make_request(self, method: Literal["DELETE", "GET", "POST", "PUT"], url: str, *,
+    def make_request(self, method: Literal["DELETE", "GET", "HEAD", "POST", "PUT"], url: str, *,
                      headers: dict[str, str] | None = None,
                      params: list[tuple[str, str]] | None = None,
                      data: Any | None = None,
                      json: dict[str, Any] | None = None,
                      files: dict[str, MultipartType] | None = None,
+                     stream: bool | None = None,
                      session: requests.Session | None = None,
                      suppress_errors: bool | None = None) -> requests.Response:
         """
         perform request with specified parameters
 
         Args:
-            method(Literal["DELETE", "GET", "POST", "PUT"]): HTTP method to call
+            method(Literal["DELETE", "GET", "HEAD", "POST", "PUT"]): HTTP method to call
             url(str): remote url to call
             headers(dict[str, str] | None, optional): request headers (Default value = None)
             params(list[tuple[str, str]] | None, optional): request query parameters (Default value = None)
             data(Any | None, optional): request raw data parameters (Default value = None)
             json(dict[str, Any] | None, optional): request json parameters (Default value = None)
             files(dict[str, MultipartType] | None, optional): multipart upload (Default value = None)
+            stream(bool | None, optional): handle response as stream (Default value = None)
             session(requests.Session | None, optional): session object if any (Default value = None)
             suppress_errors(bool | None, optional): suppress logging errors (e.g. if no web server available). If none
                 set, the instance-wide value will be used (Default value = None)
@@ -124,7 +126,7 @@ class SyncHttpClient(LazyLogging):
 
         try:
             response = session.request(method, url, params=params, data=data, headers=headers, files=files, json=json,
-                                       auth=self.auth, timeout=self.timeout)
+                                       stream=stream, auth=self.auth, timeout=self.timeout)
             response.raise_for_status()
             return response
         except requests.HTTPError as ex:

src/ahriman/core/log/http_log_handler.py

@@ -22,6 +22,7 @@ import logging
 from typing import Self
 
 from ahriman.core.configuration import Configuration
+from ahriman.core.status import Client
 from ahriman.models.repository_id import RepositoryId
 
 
@@ -49,8 +50,6 @@ class HttpLogHandler(logging.Handler):
         # we don't really care about those parameters because they will be handled by the reporter
         logging.Handler.__init__(self)
 
-        # client has to be imported here because of circular imports
-        from ahriman.core.status.client import Client
         self.reporter = Client.load(repository_id, configuration, report=report)
         self.suppress_errors = suppress_errors
 
@@ -92,7 +91,7 @@ class HttpLogHandler(logging.Handler):
             return  # in case if no package base supplied we need just skip log message
 
         try:
-            self.reporter.package_logs(log_record_id, record)
+            self.reporter.package_logs_add(log_record_id, record.created, record.getMessage())
         except Exception:
             if self.suppress_errors:
                 return

src/ahriman/core/report/email.py

@@ -25,7 +25,7 @@ from email.mime.text import MIMEText
 from ahriman.core.configuration import Configuration
 from ahriman.core.report.jinja_template import JinjaTemplate
 from ahriman.core.report.report import Report
-from ahriman.core.util import pretty_datetime, utcnow
+from ahriman.core.utils import pretty_datetime, utcnow
 from ahriman.models.package import Package
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.result import Result

src/ahriman/core/report/jinja_template.py

@@ -24,7 +24,7 @@ from pathlib import Path
 
 from ahriman.core.configuration import Configuration
 from ahriman.core.sign.gpg import GPG
-from ahriman.core.util import pretty_datetime, pretty_size
+from ahriman.core.utils import pretty_datetime, pretty_size
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.result import Result
 from ahriman.models.sign_settings import SignSettings

src/ahriman/core/repository/executor.py

@@ -26,9 +26,10 @@ from tempfile import TemporaryDirectory
 from ahriman.core.build_tools.task import Task
 from ahriman.core.repository.cleaner import Cleaner
 from ahriman.core.repository.package_info import PackageInfo
-from ahriman.core.util import safe_filename
+from ahriman.core.utils import safe_filename
 from ahriman.models.changes import Changes
 from ahriman.models.package import Package
+from ahriman.models.package_archive import PackageArchive
 from ahriman.models.package_description import PackageDescription
 from ahriman.models.packagers import Packagers
 from ahriman.models.result import Result
@@ -57,7 +58,8 @@ class Executor(PackageInfo, Cleaner):
             self.reporter.set_building(package.base)
             task = Task(package, self.configuration, self.architecture, self.paths)
             local_version = local_versions.get(package.base) if bump_pkgrel else None
-            commit_sha = task.init(local_path, self.database, local_version)
+            patches = self.reporter.package_patches_get(package.base, None)
+            commit_sha = task.init(local_path, patches, local_version)
             built = task.build(local_path, PACKAGER=packager_id)
             for src in built:
                 dst = self.paths.packages / src.name
@@ -76,7 +78,11 @@ class Executor(PackageInfo, Cleaner):
                     packager = self.packager(packagers, single.base)
                     last_commit_sha = build_single(single, Path(dir_name), packager.packager_id)
                     # clear changes and update commit hash
-                    self.reporter.package_changes_set(single.base, Changes(last_commit_sha))
+                    self.reporter.package_changes_update(single.base, Changes(last_commit_sha))
+                    # update dependencies list
+                    dependencies = PackageArchive(self.paths.build_directory, single, self.pacman).depends_on()
+                    self.reporter.package_dependencies_update(single.base, dependencies)
+                    # update result set
                     result.add_updated(single)
                 except Exception:
                     self.reporter.set_failed(single.base)
@@ -97,12 +103,7 @@ class Executor(PackageInfo, Cleaner):
         """
         def remove_base(package_base: str) -> None:
             try:
-                self.paths.tree_clear(package_base)  # remove all internal files
-                self.database.build_queue_clear(package_base)
-                self.database.patches_remove(package_base, [])
-                self.database.logs_remove(package_base, None)
-                self.database.changes_remove(package_base)
-                self.reporter.package_remove(package_base)  # we only update status page in case of base removal
+                self.reporter.package_remove(package_base)
             except Exception:
                 self.logger.exception("could not remove base %s", package_base)
 

src/ahriman/core/repository/package_info.py

@@ -23,7 +23,7 @@ from tempfile import TemporaryDirectory
 
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.repository.repository_properties import RepositoryProperties
-from ahriman.core.util import package_like
+from ahriman.core.utils import package_like
 from ahriman.models.changes import Changes
 from ahriman.models.package import Package
 
@@ -43,14 +43,14 @@ class PackageInfo(RepositoryProperties):
         Returns:
             list[Package]: list of read packages
         """
-        sources = self.database.remotes_get()
+        sources = {package.base: package.remote for package, _, in self.reporter.package_get(None)}
 
         result: dict[str, Package] = {}
         # we are iterating over bases, not single packages
         for full_path in packages:
             try:
                 local = Package.from_archive(full_path, self.pacman)
-                if (source := sources.get(local.base)) is not None:
+                if (source := sources.get(local.base)) is not None:  # update source with remote
                     local.remote = source
 
                 current = result.setdefault(local.base, local)
@@ -78,7 +78,8 @@ class PackageInfo(RepositoryProperties):
         """
         with TemporaryDirectory(ignore_cleanup_errors=True) as dir_name:
             dir_path = Path(dir_name)
-            current_commit_sha = Sources.load(dir_path, package, self.database.patches_get(package.base), self.paths)
+            patches = self.reporter.package_patches_get(package.base, None)
+            current_commit_sha = Sources.load(dir_path, package, patches, self.paths)
 
             changes: str | None = None
             if current_commit_sha != last_commit_sha:
@@ -86,14 +87,21 @@ class PackageInfo(RepositoryProperties):
 
             return Changes(last_commit_sha, changes)
 
-    def packages(self) -> list[Package]:
+    def packages(self, filter_packages: Iterable[str] | None = None) -> list[Package]:
         """
         generate list of repository packages
 
+        Args:
+            filter_packages(Iterable[str] | None, optional): filter packages list by specified only
+
         Returns:
             list[Package]: list of packages properties
         """
-        return self.load_archives(filter(package_like, self.paths.repository.iterdir()))
+        packages = self.load_archives(filter(package_like, self.paths.repository.iterdir()))
+        if filter_packages:
+            packages = [package for package in packages if package.base in filter_packages]
+
+        return packages
 
     def packages_built(self) -> list[Path]:
         """

src/ahriman/core/repository/repository.py

@@ -26,7 +26,7 @@ from ahriman.core.database import SQLite
 from ahriman.core.repository.executor import Executor
 from ahriman.core.repository.update_handler import UpdateHandler
 from ahriman.core.sign.gpg import GPG
-from ahriman.models.context_key import ContextKey
+from ahriman.core.status import Client
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 from ahriman.models.repository_id import RepositoryId
 
@@ -89,11 +89,12 @@ class Repository(Executor, UpdateHandler):
         # directly without loader
         ctx = _Context()
 
-        ctx.set(ContextKey("database", SQLite), self.database)
-        ctx.set(ContextKey("configuration", Configuration), self.configuration)
-        ctx.set(ContextKey("pacman", Pacman), self.pacman)
-        ctx.set(ContextKey("sign", GPG), self.sign)
+        ctx.set(SQLite, self.database)
+        ctx.set(Configuration, self.configuration)
+        ctx.set(Pacman, self.pacman)
+        ctx.set(GPG, self.sign)
+        ctx.set(Client, self.reporter)
 
-        ctx.set(ContextKey("repository", type(self)), self)
+        ctx.set(type(self), self)
 
         context.set(ctx)

src/ahriman/core/repository/repository_properties.py

@@ -23,7 +23,7 @@ from ahriman.core.configuration import Configuration
 from ahriman.core.database import SQLite
 from ahriman.core.log import LazyLogging
 from ahriman.core.sign.gpg import GPG
-from ahriman.core.status.client import Client
+from ahriman.core.status import Client
 from ahriman.core.triggers import TriggerLoader
 from ahriman.models.packagers import Packagers
 from ahriman.models.pacman_synchronization import PacmanSynchronization
@@ -75,7 +75,7 @@ class RepositoryProperties(LazyLogging):
         self.pacman = Pacman(repository_id, configuration, refresh_database=refresh_pacman_database)
         self.sign = GPG(configuration)
         self.repo = Repo(self.name, self.paths, self.sign.repository_sign_args)
-        self.reporter = Client.load(repository_id, configuration, report=report)
+        self.reporter = Client.load(repository_id, configuration, database, report=report)
         self.triggers = TriggerLoader.load(repository_id, configuration)
 
     @property

src/ahriman/core/repository/update_handler.py

@@ -55,17 +55,13 @@ class UpdateHandler(PackageInfo, Cleaner):
                     continue
             raise UnknownPackageError(package.base)
 
-        local_versions = {package.base: package.version for package in self.packages()}
-
         result: list[Package] = []
-        for local in self.packages():
-            with self.in_package_context(local.base, local_versions.get(local.base)):
+        for local in self.packages(filter_packages):
+            with self.in_package_context(local.base, local.version):
                 if not local.remote.is_remote:
                     continue  # avoid checking local packages
                 if local.base in self.ignore_list:
                     continue
-                if filter_packages and local.base not in filter_packages:
-                    continue
 
                 try:
                     remote = load_remote(local)
@@ -82,6 +78,45 @@ class UpdateHandler(PackageInfo, Cleaner):
 
         return result
 
+    def updates_dependencies(self, filter_packages: Iterable[str]) -> list[Package]:
+        """
+        check packages which ae required to be rebuilt based on dynamic dependencies (e.g. linking, modules paths, etc.)
+
+        Args:
+            filter_packages(Iterable[str]): do not check every package just specified in the list
+
+        Returns:
+            list[Package]: list of packages for which there is breaking linking
+        """
+        def extract_files(lookup_packages: Iterable[str]) -> dict[str, set[str]]:
+            database_files = self.pacman.files(lookup_packages)
+            files: dict[str, set[str]] = {}
+            for package_name, package_files in database_files.items():  # invert map
+                for package_file in package_files:
+                    files.setdefault(package_file, set()).add(package_name)
+
+            return files
+
+        result: list[Package] = []
+        for package in self.packages(filter_packages):
+            dependencies = self.reporter.package_dependencies_get(package.base)
+            if not dependencies.paths:
+                continue  # skip check if no package dependencies found
+
+            required_packages = {dep for dep_packages in dependencies.paths.values() for dep in dep_packages}
+            filesystem = extract_files(required_packages)
+
+            for path, packages in dependencies.paths.items():
+                found = filesystem.get(path, set())
+                if found.intersection(packages):
+                    continue
+
+                # there are no packages found in filesystem with the same paths
+                result.append(package)
+                break
+
+        return result
+
     def updates_local(self, *, vcs: bool) -> list[Package]:
         """
         check local packages for updates

src/ahriman/core/sign/gpg.py

@@ -22,7 +22,7 @@ from pathlib import Path
 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import BuildError
 from ahriman.core.http import SyncHttpClient
-from ahriman.core.util import check_output
+from ahriman.core.utils import check_output
 from ahriman.models.sign_settings import SignSettings
 
 

src/ahriman/core/status/__init__.py

@@ -17,3 +17,4 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
+from ahriman.core.status.client import Client

src/ahriman/core/status/client.py

@@ -17,16 +17,18 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
+# pylint: disable=too-many-public-methods
 from __future__ import annotations
 
-import logging
-
 from ahriman.core.configuration import Configuration
+from ahriman.core.database import SQLite
 from ahriman.models.build_status import BuildStatus, BuildStatusEnum
 from ahriman.models.changes import Changes
+from ahriman.models.dependencies import Dependencies
 from ahriman.models.internal_status import InternalStatus
 from ahriman.models.log_record_id import LogRecordId
 from ahriman.models.package import Package
+from ahriman.models.pkgbuild_patch import PkgbuildPatch
 from ahriman.models.repository_id import RepositoryId
 
 
@@ -36,22 +38,31 @@ class Client:
     """
 
     @staticmethod
-    def load(repository_id: RepositoryId, configuration: Configuration, *, report: bool) -> Client:
+    def load(repository_id: RepositoryId, configuration: Configuration, database: SQLite | None = None, *,
+             report: bool = True) -> Client:
         """
         load client from settings
 
         Args:
             repository_id(RepositoryId): repository unique identifier
             configuration(Configuration): configuration instance
-            report(bool): force enable or disable reporting
+            database(SQLite | None, optional): database instance (Default value = None)
+            report(bool, optional): force enable or disable reporting (Default value = True)
 
         Returns:
             Client: client according to current settings
         """
+        def make_local_client() -> Client:
+            if database is None:
+                return Client()
+
+            from ahriman.core.status.local_client import LocalClient
+            return LocalClient(repository_id, database)
+
         if not report:
-            return Client()
+            return make_local_client()
         if not configuration.getboolean("status", "enabled", fallback=True):  # global switch
-            return Client()
+            return make_local_client()
 
         # new-style section
         address = configuration.get("status", "address", fallback=None)
@@ -65,16 +76,8 @@ class Client:
         if address or legacy_address or (host and port) or socket:
             from ahriman.core.status.web_client import WebClient
             return WebClient(repository_id, configuration)
-        return Client()
 
-    def package_add(self, package: Package, status: BuildStatusEnum) -> None:
-        """
-        add new package with status
-
-        Args:
-            package(Package): package properties
-            status(BuildStatusEnum): current package build status
-        """
+        return make_local_client()
 
     def package_changes_get(self, package_base: str) -> Changes:
         """
@@ -85,18 +88,52 @@ class Client:
 
         Returns:
             Changes: package changes if available and empty object otherwise
-        """
-        del package_base
-        return Changes()
 
-    def package_changes_set(self, package_base: str, changes: Changes) -> None:
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        raise NotImplementedError
+
+    def package_changes_update(self, package_base: str, changes: Changes) -> None:
         """
         update package changes
 
         Args:
             package_base(str): package base to update
             changes(Changes): changes descriptor
+
+        Raises:
+            NotImplementedError: not implemented method
         """
+        raise NotImplementedError
+
+    def package_dependencies_get(self, package_base: str) -> Dependencies:
+        """
+        get package dependencies
+
+        Args:
+            package_base(str): package base to retrieve
+
+        Returns:
+            list[Dependencies]: package implicit dependencies if available
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        raise NotImplementedError
+
+    def package_dependencies_update(self, package_base: str, dependencies: Dependencies) -> None:
+        """
+        update package dependencies
+
+        Args:
+            package_base(str): package base to update
+            dependencies(Dependencies): dependencies descriptor
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        raise NotImplementedError
 
     def package_get(self, package_base: str | None) -> list[tuple[Package, BuildStatus]]:
         """
@@ -107,18 +144,94 @@ class Client:
 
         Returns:
             list[tuple[Package, BuildStatus]]: list of current package description and status if it has been found
-        """
-        del package_base
-        return []
 
-    def package_logs(self, log_record_id: LogRecordId, record: logging.LogRecord) -> None:
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        raise NotImplementedError
+
+    def package_logs_add(self, log_record_id: LogRecordId, created: float, message: str) -> None:
         """
         post log record
 
         Args:
             log_record_id(LogRecordId): log record id
-            record(logging.LogRecord): log record to post to api
+            created(float): log created timestamp
+            message(str): log message
         """
+        # this method does not raise NotImplementedError because it is actively used as dummy client for http log
+
+    def package_logs_get(self, package_base: str, limit: int = -1, offset: int = 0) -> list[tuple[float, str]]:
+        """
+        get package logs
+
+        Args:
+            package_base(str): package base
+            limit(int, optional): limit records to the specified count, -1 means unlimited (Default value = -1)
+            offset(int, optional): records offset (Default value = 0)
+
+        Returns:
+            list[tuple[float, str]]: package logs
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        raise NotImplementedError
+
+    def package_logs_remove(self, package_base: str, version: str | None) -> None:
+        """
+        remove package logs
+
+        Args:
+            package_base(str): package base
+            version(str | None): package version to remove logs. If None set, all logs will be removed
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        raise NotImplementedError
+
+    def package_patches_get(self, package_base: str, variable: str | None) -> list[PkgbuildPatch]:
+        """
+        get package patches
+
+        Args:
+            package_base(str): package base to retrieve
+            variable(str | None): optional filter by patch variable
+
+        Returns:
+            list[PkgbuildPatch]: list of patches for the specified package
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        raise NotImplementedError
+
+    def package_patches_remove(self, package_base: str, variable: str | None) -> None:
+        """
+        remove package patch
+
+        Args:
+            package_base(str): package base to update
+            variable(str | None): patch name. If None set, all patches will be removed
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        raise NotImplementedError
+
+    def package_patches_update(self, package_base: str, patch: PkgbuildPatch) -> None:
+        """
+        create or update package patch
+
+        Args:
+            package_base(str): package base to update
+            patch(PkgbuildPatch): package patch
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        raise NotImplementedError
 
     def package_remove(self, package_base: str) -> None:
         """
@@ -126,16 +239,37 @@ class Client:
 
         Args:
             package_base(str): package base to remove
-        """
 
-    def package_update(self, package_base: str, status: BuildStatusEnum) -> None:
+        Raises:
+            NotImplementedError: not implemented method
         """
-        update package build status. Unlike :func:`package_add()` it does not update package properties
+        raise NotImplementedError
+
+    def package_status_update(self, package_base: str, status: BuildStatusEnum) -> None:
+        """
+        update package build status. Unlike :func:`package_update()` it does not update package properties
 
         Args:
             package_base(str): package base to update
             status(BuildStatusEnum): current package build status
+
+        Raises:
+            NotImplementedError: not implemented method
         """
+        raise NotImplementedError
+
+    def package_update(self, package: Package, status: BuildStatusEnum) -> None:
+        """
+        add new package or update existing one with status
+
+        Args:
+            package(Package): package properties
+            status(BuildStatusEnum): current package build status
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        raise NotImplementedError
 
     def set_building(self, package_base: str) -> None:
         """
@@ -144,7 +278,7 @@ class Client:
         Args:
             package_base(str): package base to update
         """
-        return self.package_update(package_base, BuildStatusEnum.Building)
+        self.package_status_update(package_base, BuildStatusEnum.Building)
 
     def set_failed(self, package_base: str) -> None:
         """
@@ -153,7 +287,7 @@ class Client:
         Args:
             package_base(str): package base to update
         """
-        return self.package_update(package_base, BuildStatusEnum.Failed)
+        self.package_status_update(package_base, BuildStatusEnum.Failed)
 
     def set_pending(self, package_base: str) -> None:
         """
@@ -162,7 +296,7 @@ class Client:
         Args:
             package_base(str): package base to update
         """
-        return self.package_update(package_base, BuildStatusEnum.Pending)
+        self.package_status_update(package_base, BuildStatusEnum.Pending)
 
     def set_success(self, package: Package) -> None:
         """
@@ -171,16 +305,19 @@ class Client:
         Args:
             package(Package): current package properties
         """
-        return self.package_add(package, BuildStatusEnum.Success)
+        self.package_update(package, BuildStatusEnum.Success)
 
     def set_unknown(self, package: Package) -> None:
         """
-        set package status to unknown
+        set package status to unknown. Unlike other methods, this method also checks if package is known,
+        and - in case if it is - it silently skips updatd
 
         Args:
             package(Package): current package properties
         """
-        return self.package_add(package, BuildStatusEnum.Unknown)
+        if self.package_get(package.base):
+            return  # skip update in case if package is already known
+        self.package_update(package, BuildStatusEnum.Unknown)
 
     def status_get(self) -> InternalStatus:
         """

src/ahriman/core/status/local_client.py

@@ -0,0 +1,214 @@
+#
+# Copyright (c) 2021-2024 ahriman team.
+#
+# This file is part of ahriman
+# (see https://github.com/arcan1s/ahriman).
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+from ahriman.core.database import SQLite
+from ahriman.core.status import Client
+from ahriman.models.build_status import BuildStatus, BuildStatusEnum
+from ahriman.models.changes import Changes
+from ahriman.models.dependencies import Dependencies
+from ahriman.models.log_record_id import LogRecordId
+from ahriman.models.package import Package
+from ahriman.models.pkgbuild_patch import PkgbuildPatch
+from ahriman.models.repository_id import RepositoryId
+
+
+class LocalClient(Client):
+    """
+    local database handler
+
+    Attributes:
+        database(SQLite): database instance
+        repository_id(RepositoryId): repository unique identifier
+    """
+
+    def __init__(self, repository_id: RepositoryId, database: SQLite) -> None:
+        """
+        default constructor
+
+        Args:
+            repository_id(RepositoryId): repository unique identifier
+            database(SQLite): database instance:
+        """
+        self.database = database
+        self.repository_id = repository_id
+
+    def package_changes_get(self, package_base: str) -> Changes:
+        """
+        get package changes
+
+        Args:
+            package_base(str): package base to retrieve
+
+        Returns:
+            Changes: package changes if available and empty object otherwise
+        """
+        return self.database.changes_get(package_base, self.repository_id)
+
+    def package_changes_update(self, package_base: str, changes: Changes) -> None:
+        """
+        update package changes
+
+        Args:
+            package_base(str): package base to update
+            changes(Changes): changes descriptor
+        """
+        self.database.changes_insert(package_base, changes, self.repository_id)
+
+    def package_dependencies_get(self, package_base: str) -> Dependencies:
+        """
+        get package dependencies
+
+        Args:
+            package_base(str): package base to retrieve
+
+        Returns:
+            list[Dependencies]: package implicit dependencies if available
+        """
+        return self.database.dependencies_get(package_base, self.repository_id).get(package_base, Dependencies())
+
+    def package_dependencies_update(self, package_base: str, dependencies: Dependencies) -> None:
+        """
+        update package dependencies
+
+        Args:
+            package_base(str): package base to update
+            dependencies(Dependencies): dependencies descriptor
+        """
+        self.database.dependencies_insert(package_base, dependencies, self.repository_id)
+
+    def package_get(self, package_base: str | None) -> list[tuple[Package, BuildStatus]]:
+        """
+        get package status
+
+        Args:
+            package_base(str | None): package base to get
+
+        Returns:
+            list[tuple[Package, BuildStatus]]: list of current package description and status if it has been found
+        """
+        packages = self.database.packages_get(self.repository_id)
+        if package_base is None:
+            return packages
+        return [(package, status) for package, status in packages if package.base == package_base]
+
+    def package_logs_add(self, log_record_id: LogRecordId, created: float, message: str) -> None:
+        """
+        post log record
+
+        Args:
+            log_record_id(LogRecordId): log record id
+            created(float): log created timestamp
+            message(str): log message
+        """
+        self.database.logs_insert(log_record_id, created, message, self.repository_id)
+
+    def package_logs_get(self, package_base: str, limit: int = -1, offset: int = 0) -> list[tuple[float, str]]:
+        """
+        get package logs
+
+        Args:
+            package_base(str): package base
+            limit(int, optional): limit records to the specified count, -1 means unlimited (Default value = -1)
+            offset(int, optional): records offset (Default value = 0)
+
+        Returns:
+            list[tuple[float, str]]: package logs
+        """
+        return self.database.logs_get(package_base, limit, offset, self.repository_id)
+
+    def package_logs_remove(self, package_base: str, version: str | None) -> None:
+        """
+        remove package logs
+
+        Args:
+            package_base(str): package base
+            version(str | None): package version to remove logs. If None set, all logs will be removed
+        """
+        self.database.logs_remove(package_base, version, self.repository_id)
+
+    def package_patches_get(self, package_base: str, variable: str | None) -> list[PkgbuildPatch]:
+        """
+        get package patches
+
+        Args:
+            package_base(str): package base to retrieve
+            variable(str | None): optional filter by patch variable
+
+        Returns:
+            list[PkgbuildPatch]: list of patches for the specified package
+        """
+        variables = [variable] if variable is not None else None
+        return self.database.patches_list(package_base, variables).get(package_base, [])
+
+    def package_patches_remove(self, package_base: str, variable: str | None) -> None:
+        """
+        remove package patch
+
+        Args:
+            package_base(str): package base to update
+            variable(str | None): patch name. If None set, all patches will be removed
+        """
+        variables = [variable] if variable is not None else None
+        self.database.patches_remove(package_base, variables)
+
+    def package_patches_update(self, package_base: str, patch: PkgbuildPatch) -> None:
+        """
+        create or update package patch
+
+        Args:
+            package_base(str): package base to update
+            patch(PkgbuildPatch): package patch
+        """
+        self.database.patches_insert(package_base, [patch])
+
+    def package_remove(self, package_base: str) -> None:
+        """
+        remove packages from watcher
+
+        Args:
+            package_base(str): package base to remove
+        """
+        self.database.package_clear(package_base)
+
+    def package_status_update(self, package_base: str, status: BuildStatusEnum) -> None:
+        """
+        update package build status. Unlike :func:`package_update()` it does not update package properties
+
+        Args:
+            package_base(str): package base to update
+            status(BuildStatusEnum): current package build status
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        self.database.status_update(package_base, BuildStatus(status), self.repository_id)
+
+    def package_update(self, package: Package, status: BuildStatusEnum) -> None:
+        """
+        add new package or update existing one with status
+
+        Args:
+            package(Package): package properties
+            status(BuildStatusEnum): current package build status
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        self.database.package_update(package, self.repository_id)
+        self.database.status_update(package.base, BuildStatus(status), self.repository_id)

src/ahriman/core/status/watcher.py

@@ -17,17 +17,19 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
+from collections.abc import Callable
 from threading import Lock
+from typing import Any, Self
 
-from ahriman.core.database import SQLite
 from ahriman.core.exceptions import UnknownPackageError
 from ahriman.core.log import LazyLogging
+from ahriman.core.status import Client
 from ahriman.models.build_status import BuildStatus, BuildStatusEnum
 from ahriman.models.changes import Changes
+from ahriman.models.dependencies import Dependencies
 from ahriman.models.log_record_id import LogRecordId
 from ahriman.models.package import Package
 from ahriman.models.pkgbuild_patch import PkgbuildPatch
-from ahriman.models.repository_id import RepositoryId
 
 
 class Watcher(LazyLogging):
@@ -35,21 +37,18 @@ class Watcher(LazyLogging):
     package status watcher
 
     Attributes:
-        database(SQLite): database instance
-        repository_id(RepositoryId): repository unique identifier
+        client(Client): reporter instance
         status(BuildStatus): daemon status
     """
 
-    def __init__(self, repository_id: RepositoryId, database: SQLite) -> None:
+    def __init__(self, client: Client) -> None:
         """
         default constructor
 
         Args:
-            repository_id(RepositoryId): repository unique identifier
-            database(SQLite): database instance
+            client(Client): reporter instance
         """
-        self.repository_id = repository_id
-        self.database = database
+        self.client = client
 
         self._lock = Lock()
         self._known: dict[str, tuple[Package, BuildStatus]] = {}
@@ -76,61 +75,16 @@ class Watcher(LazyLogging):
         with self._lock:
             self._known = {
                 package.base: (package, status)
-                for package, status in self.database.packages_get(self.repository_id)
+                for package, status in self.client.package_get(None)
             }
 
-    def logs_get(self, package_base: str, limit: int = -1, offset: int = 0) -> list[tuple[float, str]]:
-        """
-        extract logs for the package base
+    package_changes_get: Callable[[str], Changes]
 
-        Args:
-            package_base(str): package base
-            limit(int, optional): limit records to the specified count, -1 means unlimited (Default value = -1)
-            offset(int, optional): records offset (Default value = 0)
+    package_changes_update: Callable[[str, Changes], None]
 
-        Returns:
-            list[tuple[float, str]]: package logs
-        """
-        self.package_get(package_base)
-        return self.database.logs_get(package_base, limit, offset, self.repository_id)
+    package_dependencies_get: Callable[[str], Dependencies]
 
-    def logs_remove(self, package_base: str, version: str | None) -> None:
-        """
-        remove package related logs
-
-        Args:
-            package_base(str): package base
-            version(str): package versio
-        """
-        self.database.logs_remove(package_base, version, self.repository_id)
-
-    def logs_update(self, log_record_id: LogRecordId, created: float, record: str) -> None:
-        """
-        make new log record into database
-
-        Args:
-            log_record_id(LogRecordId): log record id
-            created(float): log created timestamp
-            record(str): log record
-        """
-        if self._last_log_record_id != log_record_id:
-            # there is new log record, so we remove old ones
-            self.logs_remove(log_record_id.package_base, log_record_id.version)
-        self._last_log_record_id = log_record_id
-        self.database.logs_insert(log_record_id, created, record, self.repository_id)
-
-    def package_changes_get(self, package_base: str) -> Changes:
-        """
-        retrieve package changes
-
-        Args:
-            package_base(str): package base
-
-        Returns:
-            Changes: package changes if available
-        """
-        self.package_get(package_base)
-        return self.database.changes_get(package_base, self.repository_id)
+    package_dependencies_update: Callable[[str, Dependencies], None]
 
     def package_get(self, package_base: str) -> tuple[Package, BuildStatus]:
         """
@@ -151,6 +105,31 @@ class Watcher(LazyLogging):
         except KeyError:
             raise UnknownPackageError(package_base) from None
 
+    def package_logs_add(self, log_record_id: LogRecordId, created: float, message: str) -> None:
+        """
+        make new log record into database
+
+        Args:
+            log_record_id(LogRecordId): log record id
+            created(float): log created timestamp
+            message(str): log message
+        """
+        if self._last_log_record_id != log_record_id:
+            # there is new log record, so we remove old ones
+            self.package_logs_remove(log_record_id.package_base, log_record_id.version)
+        self._last_log_record_id = log_record_id
+        self.client.package_logs_add(log_record_id, created, message)
+
+    package_logs_get: Callable[[str, int, int], list[tuple[float, str]]]
+
+    package_logs_remove: Callable[[str, str | None], None]
+
+    package_patches_get: Callable[[str, str | None], list[PkgbuildPatch]]
+
+    package_patches_remove: Callable[[str, str], None]
+
+    package_patches_update: Callable[[str, PkgbuildPatch], None]
+
     def package_remove(self, package_base: str) -> None:
         """
         remove package base from known list if any
@@ -160,60 +139,33 @@ class Watcher(LazyLogging):
         """
         with self._lock:
             self._known.pop(package_base, None)
-        self.database.package_remove(package_base, self.repository_id)
-        self.logs_remove(package_base, None)
+        self.client.package_remove(package_base)
+        self.package_logs_remove(package_base, None)
 
-    def package_update(self, package_base: str, status: BuildStatusEnum, package: Package | None) -> None:
+    def package_status_update(self, package_base: str, status: BuildStatusEnum) -> None:
         """
-        update package status and description
+        update package status
 
         Args:
             package_base(str): package base to update
             status(BuildStatusEnum): new build status
-            package(Package | None): optional package description. In case if not set current properties will be used
         """
-        if package is None:
-            package, _ = self.package_get(package_base)
-        full_status = BuildStatus(status)
+        package, _ = self.package_get(package_base)
         with self._lock:
-            self._known[package_base] = (package, full_status)
-        self.database.package_update(package, full_status, self.repository_id)
+            self._known[package_base] = (package, BuildStatus(status))
+        self.client.package_status_update(package_base, status)
 
-    def patches_get(self, package_base: str, variable: str | None) -> list[PkgbuildPatch]:
+    def package_update(self, package: Package, status: BuildStatusEnum) -> None:
         """
-        get patches for the package
+        update package
 
         Args:
-            package_base(str): package base
-            variable(str | None): patch variable name if any
-
-        Returns:
-            list[PkgbuildPatch]: list of patches which are stored for the package
+            package(Package): package description
+            status(BuildStatusEnum): new build status
         """
-        # patches are package base based, we don't know (and don't differentiate) to which package does them belong
-        # so here we skip checking if package exists or not
-        variables = [variable] if variable is not None else None
-        return self.database.patches_list(package_base, variables).get(package_base, [])
-
-    def patches_remove(self, package_base: str, variable: str) -> None:
-        """
-        remove package patch
-
-        Args:
-            package_base(str): package base
-            variable(str): patch variable name
-        """
-        self.database.patches_remove(package_base, [variable])
-
-    def patches_update(self, package_base: str, patch: PkgbuildPatch) -> None:
-        """
-        update package patch
-
-        Args:
-            package_base(str): package base
-            patch(PkgbuildPatch): package patch
-        """
-        self.database.patches_insert(package_base, [patch])
+        with self._lock:
+            self._known[package.base] = (package, BuildStatus(status))
+        self.client.package_update(package, status)
 
     def status_update(self, status: BuildStatusEnum) -> None:
         """
@@ -223,3 +175,34 @@ class Watcher(LazyLogging):
             status(BuildStatusEnum): new service status
         """
         self.status = BuildStatus(status)
+
+    def __call__(self, package_base: str | None) -> Self:
+        """
+        extract client for future calls
+
+        Args:
+            package_base(str | None): package base to validate that package exists if applicable
+
+        Returns:
+            Self: instance of self to pass calls to the client
+        """
+        if package_base is not None:
+            _ = self.package_get(package_base)
+        return self
+
+    def __getattr__(self, item: str) -> Any:
+        """
+        proxy methods for reporter client
+
+        Args:
+            item(str): property name:
+
+        Returns:
+            Any: attribute by its name
+
+        Raises:
+            AttributeError: in case if no such attribute found
+        """
+        if (method := getattr(self.client, item, None)) is not None:
+            return method
+        raise AttributeError(f"'{self.__class__.__qualname__}' object has no attribute '{item}'")

src/ahriman/core/status/web_client.py

@@ -18,18 +18,19 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import contextlib
-import logging
 
 from urllib.parse import quote_plus as urlencode
 
 from ahriman.core.configuration import Configuration
 from ahriman.core.http import SyncAhrimanClient
-from ahriman.core.status.client import Client
+from ahriman.core.status import Client
 from ahriman.models.build_status import BuildStatus, BuildStatusEnum
 from ahriman.models.changes import Changes
+from ahriman.models.dependencies import Dependencies
 from ahriman.models.internal_status import InternalStatus
 from ahriman.models.log_record_id import LogRecordId
 from ahriman.models.package import Package
+from ahriman.models.pkgbuild_patch import PkgbuildPatch
 from ahriman.models.repository_id import RepositoryId
 
 
@@ -92,10 +93,22 @@ class WebClient(Client, SyncAhrimanClient):
             package_base(str): package base
 
         Returns:
-            str: full url for web service for logs
+            str: full url for web service for changes
         """
         return f"{self.address}/api/v1/packages/{urlencode(package_base)}/changes"
 
+    def _dependencies_url(self, package_base: str) -> str:
+        """
+        get url for the dependencies api
+
+        Args:
+            package_base(str): package base
+
+        Returns:
+            str: full url for web service for dependencies
+        """
+        return f"{self.address}/api/v1/packages/{urlencode(package_base)}/dependencies"
+
     def _logs_url(self, package_base: str) -> str:
         """
         get url for the logs api
@@ -110,7 +123,7 @@ class WebClient(Client, SyncAhrimanClient):
 
     def _package_url(self, package_base: str = "") -> str:
         """
-        url generator
+        package url generator
 
         Args:
             package_base(str, optional): package base to generate url (Default value = "")
@@ -121,6 +134,20 @@ class WebClient(Client, SyncAhrimanClient):
         suffix = f"/{urlencode(package_base)}" if package_base else ""
         return f"{self.address}/api/v1/packages{suffix}"
 
+    def _patches_url(self, package_base: str, variable: str = "") -> str:
+        """
+        patches url generator
+
+        Args:
+            package_base(str): package base
+            variable(str, optional): patch variable name to generate url (Default value = "")
+
+        Returns:
+            str: full url of web service for the package patch
+        """
+        suffix = f"/{urlencode(variable)}" if variable else ""
+        return f"{self.address}/api/v1/packages/{urlencode(package_base)}/patches{suffix}"
+
     def _status_url(self) -> str:
         """
         get url for the status api
@@ -130,22 +157,6 @@ class WebClient(Client, SyncAhrimanClient):
         """
         return f"{self.address}/api/v1/status"
 
-    def package_add(self, package: Package, status: BuildStatusEnum) -> None:
-        """
-        add new package with status
-
-        Args:
-            package(Package): package properties
-            status(BuildStatusEnum): current package build status
-        """
-        payload = {
-            "status": status.value,
-            "package": package.view()
-        }
-        with contextlib.suppress(Exception):
-            self.make_request("POST", self._package_url(package.base),
-                              params=self.repository_id.query(), json=payload)
-
     def package_changes_get(self, package_base: str) -> Changes:
         """
         get package changes
@@ -165,7 +176,7 @@ class WebClient(Client, SyncAhrimanClient):
 
         return Changes()
 
-    def package_changes_set(self, package_base: str, changes: Changes) -> None:
+    def package_changes_update(self, package_base: str, changes: Changes) -> None:
         """
         update package changes
 
@@ -177,6 +188,37 @@ class WebClient(Client, SyncAhrimanClient):
             self.make_request("POST", self._changes_url(package_base),
                               params=self.repository_id.query(), json=changes.view())
 
+    def package_dependencies_get(self, package_base: str) -> Dependencies:
+        """
+        get package dependencies
+
+        Args:
+            package_base(str): package base to retrieve
+
+        Returns:
+            list[Dependencies]: package implicit dependencies if available
+        """
+        with contextlib.suppress(Exception):
+            response = self.make_request("GET", self._dependencies_url(package_base),
+                                         params=self.repository_id.query())
+            response_json = response.json()
+
+            return Dependencies.from_json(response_json)
+
+        return Dependencies()
+
+    def package_dependencies_update(self, package_base: str, dependencies: Dependencies) -> None:
+        """
+        update package dependencies
+
+        Args:
+            package_base(str): package base to update
+            dependencies(Dependencies): dependencies descriptor
+        """
+        with contextlib.suppress(Exception):
+            self.make_request("POST", self._dependencies_url(package_base),
+                              params=self.repository_id.query(), json=dependencies.view())
+
     def package_get(self, package_base: str | None) -> list[tuple[Package, BuildStatus]]:
         """
         get package status
@@ -199,17 +241,18 @@ class WebClient(Client, SyncAhrimanClient):
 
         return []
 
-    def package_logs(self, log_record_id: LogRecordId, record: logging.LogRecord) -> None:
+    def package_logs_add(self, log_record_id: LogRecordId, created: float, message: str) -> None:
         """
         post log record
 
         Args:
             log_record_id(LogRecordId): log record id
-            record(logging.LogRecord): log record to post to api
+            created(float): log created timestamp
+            message(str): log message
         """
         payload = {
-            "created": record.created,
-            "message": record.getMessage(),
+            "created": created,
+            "message": message,
             "version": log_record_id.version,
         }
 
@@ -219,6 +262,83 @@ class WebClient(Client, SyncAhrimanClient):
         self.make_request("POST", self._logs_url(log_record_id.package_base),
                           params=self.repository_id.query(), json=payload, suppress_errors=True)
 
+    def package_logs_get(self, package_base: str, limit: int = -1, offset: int = 0) -> list[tuple[float, str]]:
+        """
+        get package logs
+
+        Args:
+            package_base(str): package base
+            limit(int, optional): limit records to the specified count, -1 means unlimited (Default value = -1)
+            offset(int, optional): records offset (Default value = 0)
+
+        Returns:
+            list[tuple[float, str]]: package logs
+        """
+        with contextlib.suppress(Exception):
+            query = self.repository_id.query() + [("limit", str(limit)), ("offset", str(offset))]
+            response = self.make_request("GET", self._logs_url(package_base), params=query)
+            response_json = response.json()
+
+            return [(record["created"], record["message"]) for record in response_json]
+
+        return []
+
+    def package_logs_remove(self, package_base: str, version: str | None) -> None:
+        """
+        remove package logs
+
+        Args:
+            package_base(str): package base
+            version(str | None): package version to remove logs. If None set, all logs will be removed
+        """
+        with contextlib.suppress(Exception):
+            query = self.repository_id.query()
+            if version is not None:
+                query += [("version", version)]
+            self.make_request("DELETE", self._logs_url(package_base), params=query)
+
+    def package_patches_get(self, package_base: str, variable: str | None) -> list[PkgbuildPatch]:
+        """
+        get package patches
+
+        Args:
+            package_base(str): package base to retrieve
+            variable(str | None): optional filter by patch variable
+
+        Returns:
+            list[PkgbuildPatch]: list of patches for the specified package
+        """
+        with contextlib.suppress(Exception):
+            response = self.make_request("GET", self._patches_url(package_base, variable or ""))
+            response_json = response.json()
+
+            patches = response_json if variable is None else [response_json]
+            return [PkgbuildPatch.from_json(patch) for patch in patches]
+
+        return []
+
+    def package_patches_remove(self, package_base: str, variable: str | None) -> None:
+        """
+        remove package patch
+
+        Args:
+            package_base(str): package base to update
+            variable(str | None): patch name. If None set, all patches will be removed
+        """
+        with contextlib.suppress(Exception):
+            self.make_request("DELETE", self._patches_url(package_base, variable or ""))
+
+    def package_patches_update(self, package_base: str, patch: PkgbuildPatch) -> None:
+        """
+        create or update package patch
+
+        Args:
+            package_base(str): package base to update
+            patch(PkgbuildPatch): package patch
+        """
+        with contextlib.suppress(Exception):
+            self.make_request("POST", self._patches_url(package_base), json=patch.view())
+
     def package_remove(self, package_base: str) -> None:
         """
         remove packages from watcher
@@ -229,19 +349,41 @@ class WebClient(Client, SyncAhrimanClient):
         with contextlib.suppress(Exception):
             self.make_request("DELETE", self._package_url(package_base), params=self.repository_id.query())
 
-    def package_update(self, package_base: str, status: BuildStatusEnum) -> None:
+    def package_status_update(self, package_base: str, status: BuildStatusEnum) -> None:
         """
-        update package build status. Unlike :func:`package_add()` it does not update package properties
+        update package build status. Unlike :func:`package_update()` it does not update package properties
 
         Args:
             package_base(str): package base to update
             status(BuildStatusEnum): current package build status
+
+        Raises:
+            NotImplementedError: not implemented method
         """
         payload = {"status": status.value}
         with contextlib.suppress(Exception):
             self.make_request("POST", self._package_url(package_base),
                               params=self.repository_id.query(), json=payload)
 
+    def package_update(self, package: Package, status: BuildStatusEnum) -> None:
+        """
+        add new package or update existing one with status
+
+        Args:
+            package(Package): package properties
+            status(BuildStatusEnum): current package build status
+
+        Raises:
+            NotImplementedError: not implemented method
+        """
+        payload = {
+            "status": status.value,
+            "package": package.view(),
+        }
+        with contextlib.suppress(Exception):
+            self.make_request("POST", self._package_url(package.base),
+                              params=self.repository_id.query(), json=payload)
+
     def status_get(self) -> InternalStatus:
         """
         get internal service status

src/ahriman/core/support/keyring_trigger.py

@@ -24,7 +24,6 @@ from ahriman.core.sign.gpg import GPG
 from ahriman.core.support.package_creator import PackageCreator
 from ahriman.core.support.pkgbuild.keyring_generator import KeyringGenerator
 from ahriman.core.triggers import Trigger
-from ahriman.models.context_key import ContextKey
 from ahriman.models.repository_id import RepositoryId
 
 
@@ -134,8 +133,8 @@ class KeyringTrigger(Trigger):
         trigger action which will be called at the start of the application
         """
         ctx = context.get()
-        sign = ctx.get(ContextKey("sign", GPG))
-        database = ctx.get(ContextKey("database", SQLite))
+        sign = ctx.get(GPG)
+        database = ctx.get(SQLite)
 
         for target in self.targets:
             generator = KeyringGenerator(database, sign, self.repository_id, self.configuration, target)

src/ahriman/core/support/package_creator.py

@@ -19,13 +19,13 @@
 #
 import shutil
 
+from pathlib import Path
+
 from ahriman.core import context
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.configuration import Configuration
-from ahriman.core.database import SQLite
+from ahriman.core.status import Client
 from ahriman.core.support.pkgbuild.pkgbuild_generator import PkgbuildGenerator
-from ahriman.models.build_status import BuildStatus
-from ahriman.models.context_key import ContextKey
 from ahriman.models.package import Package
 
 
@@ -49,23 +49,39 @@ class PackageCreator:
         self.configuration = configuration
         self.generator = generator
 
+    def package_create(self, path: Path) -> None:
+        """
+        create package files
+
+        Args:
+            path(Path): path to directory with package files
+        """
+        # clear old tree if any
+        shutil.rmtree(path, ignore_errors=True)
+
+        # create local tree
+        path.mkdir(mode=0o755, parents=True, exist_ok=True)
+        self.generator.write_pkgbuild(path)
+        Sources.init(path)
+
+    def package_register(self, path: Path) -> None:
+        """
+        register package in build worker
+
+        Args:
+            path(Path): path to directory with package files
+        """
+        ctx = context.get()
+        reporter = ctx.get(Client)
+        _, repository_id = self.configuration.check_loaded()
+        package = Package.from_build(path, repository_id.architecture, None)
+
+        reporter.set_unknown(package)
+
     def run(self) -> None:
         """
         create new local package
         """
         local_path = self.configuration.repository_paths.cache_for(self.generator.pkgname)
-
-        # clear old tree if any
-        shutil.rmtree(local_path, ignore_errors=True)
-
-        # create local tree
-        local_path.mkdir(mode=0o755, parents=True, exist_ok=True)
-        self.generator.write_pkgbuild(local_path)
-        Sources.init(local_path)
-
-        # register package
-        ctx = context.get()
-        database: SQLite = ctx.get(ContextKey("database", SQLite))
-        _, repository_id = self.configuration.check_loaded()
-        package = Package.from_build(local_path, repository_id.architecture, None)
-        database.package_update(package, BuildStatus())
+        self.package_create(local_path)
+        self.package_register(local_path)

src/ahriman/core/support/pkgbuild/pkgbuild_generator.py

@@ -23,7 +23,7 @@ import itertools
 from collections.abc import Callable, Generator
 from pathlib import Path
 
-from ahriman.core.util import utcnow
+from ahriman.core.utils import utcnow
 from ahriman.models.pkgbuild_patch import PkgbuildPatch
 
 

src/ahriman/core/tree.py

@@ -23,7 +23,7 @@ from collections.abc import Iterable
 from functools import partial
 
 from ahriman.core.exceptions import PartitionError
-from ahriman.core.util import minmax, partition
+from ahriman.core.utils import minmax, partition
 from ahriman.models.package import Package
 
 

src/ahriman/core/upload/github.py

@@ -26,7 +26,7 @@ from typing import Any
 from ahriman.core.configuration import Configuration
 from ahriman.core.upload.http_upload import HttpUpload
 from ahriman.core.upload.upload import Upload
-from ahriman.core.util import walk
+from ahriman.core.utils import walk
 from ahriman.models.package import Package
 from ahriman.models.repository_id import RepositoryId