remove excess dependencies leaves

Since requests-2.32.0, the http+unix url scheme is brokek, check
https://github.com/msabramo/requests-unixsocket/issues/73 for more
details

.pylintrc

@@ -82,7 +82,6 @@ limit-inference-results=100
 # List of plugins (as comma separated values of python module names) to load,
 # usually to register additional checkers.
 load-plugins=pylint.extensions.docparams,
-             pylint.extensions.bad_builtin,
              definition_order,
              import_order,
 
@@ -132,8 +131,6 @@ attr-naming-style=snake_case
 # style.
 #attr-rgx=
 
-bad-functions=print,
-
 # Bad variable names which should always be refused, separated by a comma.
 bad-names=foo,
           bar,

CONTRIBUTING.md

@@ -132,7 +132,7 @@ Again, the most checks can be performed by `tox` command, though some additional
 * For any path interactions `pathlib.Path` must be used.
 * Configuration interactions must go through `ahriman.core.configuration.Configuration` class instance.
 * In case if class load requires some actions, it is recommended to create class method which can be used for class instantiating.
-* The most (expected) exceptions must be handled and printed to log, allowing service to continue work. However, fatal and (in some cases) unexpected exceptions may lead to the application termination.
+* The code must follow the exception safety, unless it is explicitly asked by end user. It means that most exceptions must be handled and printed to log, no other actions must be done (e.g. raising another exception).
 * Exceptions without parameters should be raised without parentheses, e.g.:
 
     ```python

README.md

@@ -33,12 +33,10 @@ Every available option is described in the [documentation](https://ahriman.readt
 
 The application provides reasonable defaults which allow to use it out-of-box; however additional steps (like configuring build toolchain and sudoers) are recommended and can be easily achieved by following install instructions.
 
-## [FAQ](https://ahriman.readthedocs.io/en/stable/faq/index.html)
+## [FAQ](https://ahriman.readthedocs.io/en/stable/faq.html)
 
 ## Live demos
 
 * [Build status page](https://ahriman-demo.arcanis.me). You can log in as `demo` user by using `demo` password. However, you will not be able to run tasks. [HTTP API documentation](https://ahriman-demo.arcanis.me/api-docs) is also available.
 * [Repository index](https://repo.arcanis.me/arcanisrepo/x86_64/).
 * [Telegram feed](https://t.me/arcanisrepo).
-
-Do you have any success story? You can [share it](https://github.com/arcan1s/ahriman/issues/new?template=04-discussion.md)!

docs/ahriman.core.auth.rst

@@ -36,14 +36,6 @@ ahriman.core.auth.oauth module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.core.auth.pam module
-----------------------------
-
-.. automodule:: ahriman.core.auth.pam
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 Module contents
 ---------------
 

docs/ahriman.core.rst

@@ -60,14 +60,6 @@ ahriman.core.util module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.core.utils module
--------------------------
-
-.. automodule:: ahriman.core.utils
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 Module contents
 ---------------
 

docs/ahriman.core.status.rst

@@ -12,14 +12,6 @@ ahriman.core.status.client module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.core.status.local\_client module
-----------------------------------------
-
-.. automodule:: ahriman.core.status.local_client
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 ahriman.core.status.watcher module
 ----------------------------------
 

docs/ahriman.models.rst

@@ -68,14 +68,6 @@ ahriman.models.dependencies module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.models.filesystem\_package module
------------------------------------------
-
-.. automodule:: ahriman.models.filesystem_package
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 ahriman.models.internal\_status module
 --------------------------------------
 
@@ -228,14 +220,6 @@ ahriman.models.result module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.models.scan\_paths module
----------------------------------
-
-.. automodule:: ahriman.models.scan_paths
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 ahriman.models.sign\_settings module
 ------------------------------------
 

docs/ahriman.web.schemas.rst

@@ -44,14 +44,6 @@ ahriman.web.schemas.counters\_schema module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.web.schemas.dependencies\_schema module
------------------------------------------------
-
-.. automodule:: ahriman.web.schemas.dependencies_schema
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 ahriman.web.schemas.error\_schema module
 ----------------------------------------
 
@@ -164,14 +156,6 @@ ahriman.web.schemas.package\_status\_schema module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.web.schemas.package\_version\_schema module
----------------------------------------------------
-
-.. automodule:: ahriman.web.schemas.package_version_schema
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 ahriman.web.schemas.pagination\_schema module
 ---------------------------------------------
 

docs/ahriman.web.views.v1.packages.rst

@@ -12,14 +12,6 @@ ahriman.web.views.v1.packages.changes module
    :no-undoc-members:
    :show-inheritance:
 
-ahriman.web.views.v1.packages.dependencies module
--------------------------------------------------
-
-.. automodule:: ahriman.web.views.v1.packages.dependencies
-   :members:
-   :no-undoc-members:
-   :show-inheritance:
-
 ahriman.web.views.v1.packages.logs module
 -----------------------------------------
 

docs/architecture.rst

@@ -192,7 +192,6 @@ Idea is to add package to a build queue from which it will be handled automatica
 
 * If supplied argument is file, then application moves the file to the directory with built packages. Same rule applies for directory, but in this case it copies every package-like file from the specified directory.
 * If supplied argument is directory and there is ``PKGBUILD`` file there, it will be treated as local package. In this case it will queue this package to build and copy source files (``PKGBUILD`` and ``.SRCINFO``) to caches.
-* If supplied argument looks like URL (i.e. it has scheme - e.g. ``http://`` which is neither ``data`` nor ``file``), it tries to download the package from the specified remote source.
 * If supplied argument is not file then application tries to lookup for the specified name in AUR and clones it into the directory with manual updates. This scenario can also handle package dependencies which are missing in repositories.
 
 This logic can be overwritten by specifying the ``source`` parameter, which is partially useful if you would like to add package from AUR, but there is local directory cloned from AUR. Also official repositories calls are hidden behind explicit source definition.
@@ -207,20 +206,10 @@ Remove packages
 
 This flow removes package from filesystem, updates repository database and also runs synchronization and reporting methods.
 
-Check outdated packages
-^^^^^^^^^^^^^^^^^^^^^^^
-
-There are few ways for packages to be marked as out-of-date and hence requiring rebuild. Those are following:
-
-#. User requested update of the package. It can be caused by calling ``package-add`` subcommand (or ``package-update`` with arguments).
-#. The most common way for packages to be marked as out-of-dated is that the version in AUR (or the official repositories) is newer than in the repository.
-#. In addition to the above, if package is named as VCS (e.g. has suffix ``-git``) and the last update was more than specified threshold ago, the service will also try to fetch sources and check if the revision is newer than the built one.
-#. In addition, there is ability to check if the dependencies of the package have been updated (e.g. if linked library has been renamed or the modules directory - e.g. in case of python and ruby packages - has been changed). And if so, the package will be marked as out-of-dated as well.
-
 Update packages
 ^^^^^^^^^^^^^^^
 
-This feature is divided into to the following stages: check AUR for updates and run rebuild for required packages. The package update flow is the following:
+This feature is divided into to the following stages: check AUR for updates and run rebuild for required packages. Whereas check does not do anything except for check itself, update flow is the following:
 
 #. Process every built package first. Those packages are usually added manually.
 #. Run sync and report methods.
@@ -270,24 +259,6 @@ The application is able to automatically bump package release (``pkgrel``) durin
 #. If it has ``major.minor`` notation (e.g. ``1.1``), then increment last part by 1, e.g. ``1.1 -> 1.2``, ``1.0.1 -> 1.0.2``.
 #. If ``pkgrel`` is a number (e.g. ``1``), then append 1 to the end of the string, e.g. ``1 -> 1.1``.
 
-Implicit dependencies resolution
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-In addition to the depends/optional/make/check depends lists the server also handles implicit dependencies. After success build, the application traverse through the build tree and finds
-
-* Libraries to which the binaries (ELF-files) are linked. To do so, the ``NEEDED`` section of the ELF-files are read.
-* Directories which contains files of the package, but do not belong to this package. This case covers, for example, python and ruby submodules.
-
-Having the initial dependencies tree, the application is looking for packages which contains those (both files and directories) paths and creates the initial packages list. After that, the packages list is reduced in the following way:
-
-* From any leaf exclude the package itself and possible debug packages.
-* If the entry (i.e. file or directory) belongs to the package which is in base group, it will be removed.
-* If there is a package which depends on the another package which provide the same entry, the package will be removed.
-* After that, if there is a package which *optionally* depends on the another package in the remaining list, the package will be removed.
-* And finally, if there is any path, which is the child of the entry, and it contains the same package, the package from the smaller entry will be removed.
-
-All those implicit dependencies are stored in the database and extracted on each check. In case if any of the repository packages doesn't contain any entry anymore (e.g. so version has been changed or modules directory has been changed), the dependent package will be marked as out-of-dated.
-
 Core functions reference
 ------------------------
 

docs/configuration.rst

@@ -61,17 +61,15 @@ libalpm and AUR related configuration. Group name can refer to architecture, e.g
 
 Base authorization settings. ``OAuth`` provider requires ``aioauth-client`` library to be installed.
 
-* ``target`` - specifies authorization provider, string, optional, default ``disabled``. Allowed values are ``disabled``, ``configuration``, ``oauth``, ``pam``.
+* ``target`` - specifies authorization provider, string, optional, default ``disabled``. Allowed values are ``disabled``, ``configuration``, ``oauth``.
 * ``allow_read_only`` - allow requesting status APIs without authorization, boolean, required.
 * ``client_id`` - OAuth2 application client ID, string, required in case if ``oauth`` is used.
 * ``client_secret`` - OAuth2 application client secret key, string, required in case if ``oauth`` is used.
 * ``cookie_secret_key`` - secret key which will be used for cookies encryption, string, optional. It must be 32 bytes URL-safe base64-encoded and can be generated as following ``base64.urlsafe_b64encode(os.urandom(32)).decode("utf8")``. If not set, it will be generated automatically; note, however, that in this case, all sessions will be automatically invalidated during the service restart.
-* ``full_access_group`` - name of the secondary group (e.g. ``wheel``) to be used as admin group in the service, string, required in case if ``pam`` is used.
 * ``max_age`` - parameter which controls both cookie expiration and token expiration inside the service in seconds, integer, optional, default is 7 days.
 * ``oauth_icon`` - OAuth2 login button icon, string, optional, default is ``google``. Must be valid `Bootstrap icon <https://icons.getbootstrap.com/>`__ name.
 * ``oauth_provider`` - OAuth2 provider class name as is in ``aioauth-client`` (e.g. ``GoogleClient``, ``GithubClient`` etc), string, required in case if ``oauth`` is used.
 * ``oauth_scopes`` - scopes list for OAuth2 provider, which will allow retrieving user email (which is used for checking user permissions), e.g. ``https://www.googleapis.com/auth/userinfo.email`` for ``GoogleClient`` or ``user:email`` for ``GithubClient``, space separated list of strings, required in case if ``oauth`` is used.
-* ``permit_root_login`` - allow login as root user, boolean, optional, default ``no``.
 * ``salt`` - additional password hash salt, string, optional.
 
 Authorized users are stored inside internal database, if any of external providers (e.g. ``oauth``) are used, the password field for non-service users must be empty.
@@ -81,9 +79,7 @@ Authorized users are stored inside internal database, if any of external provide
 
 Build related configuration. Group name can refer to architecture, e.g. ``build:x86_64`` can be used for x86_64 architecture specific settings.
 
-* ``allowed_scan_paths`` - paths to be used for implicit dependencies scan, scape separated list of paths, optional.
 * ``archbuild_flags`` - additional flags passed to ``archbuild`` command, space separated list of strings, optional.
-* ``blacklisted_scan_paths`` - paths to be excluded for implicit dependencies scan, scape separated list of paths, optional. Normally all elements of this option must be child paths of any of ``allowed_scan_paths`` element.
 * ``build_command`` - default build command, string, required.
 * ``ignore_packages`` - list packages to ignore during a regular update (manual update will still work), space separated list of strings, optional.
 * ``include_debug_packages`` - distribute debug packages, boolean, optional, default ``yes``.
@@ -134,7 +130,7 @@ Web server settings. This feature requires ``aiohttp`` libraries to be installed
 * ``port`` - port to bind, integer, optional.
 * ``service_only`` - disable status routes (including logs), boolean, optional, default ``no``.
 * ``static_path`` - path to directory with static files, string, required.
-* ``templates`` - path to templates directories, space separated list of paths, required.
+* ``templates`` - path to templates directories, space separated list of strings, required.
 * ``unix_socket`` - path to the listening unix socket, string, optional. If set, server will create the socket on the specified address which can (and will) be used by application. Note, that unlike usual host/port configuration, unix socket allows to perform requests without authorization.
 * ``unix_socket_unsafe`` - set unsafe (o+w) permissions to unix socket, boolean, optional, default ``yes``. This option is enabled by default, because it is supposed that unix socket is created in safe environment (only web service is supposed to be used in unsafe), but it can be disabled by configuration.
 * ``wait_timeout`` - wait timeout in seconds, maximum amount of time to be waited before lock will be free, integer, optional.
@@ -256,7 +252,7 @@ Section name must be either ``email`` (plus optional architecture name, e.g. ``e
 * ``ssl`` - SSL mode for SMTP connection, one of ``ssl``, ``starttls``, ``disabled``, optional, default ``disabled``.
 * ``template`` - Jinja2 template name, string, required.
 * ``template_full`` - Jinja2 template name for full package description index, string, optional.
-* ``templates`` - path to templates directories, space separated list of paths, required.
+* ``templates`` - path to templates directories, space separated list of strings, required.
 * ``user`` - SMTP user to authenticate, string, optional.
 
 ``html`` type
@@ -269,7 +265,7 @@ Section name must be either ``html`` (plus optional architecture name, e.g. ``ht
 * ``link_path`` - prefix for HTML links, string, required.
 * ``path`` - path to html report file, string, required.
 * ``template`` - Jinja2 template name, string, required.
-* ``templates`` - path to templates directories, space separated list of paths, required.
+* ``templates`` - path to templates directories, space separated list of strings, required.
 
 ``remote-call`` type
 ^^^^^^^^^^^^^^^^^^^^
@@ -294,7 +290,7 @@ Section name must be either ``telegram`` (plus optional architecture name, e.g.
 * ``link_path`` - prefix for HTML links, string, required.
 * ``template`` - Jinja2 template name, string, required.
 * ``template_type`` - ``parse_mode`` to be passed to telegram API, one of ``MarkdownV2``, ``HTML``, ``Markdown``, string, optional, default ``HTML``.
-* ``templates`` - path to templates directories, space separated list of paths, required.
+* ``templates`` - path to templates directories, space separated list of strings, required.
 * ``timeout`` - HTTP request timeout in seconds, integer, optional, default is ``30``.
 
 ``upload`` group

docs/faq/backup.rst

@@ -1,35 +0,0 @@
-Backup and restore
-------------------
-
-The service provides several commands aim to do easy repository backup and restore. If you would like to move repository from the server ``server1.example.com`` to another ``server2.example.com`` you have to perform the following steps:
-
-#. 
-   On the source server ``server1.example.com`` run ``repo-backup`` command, e.g.:
-
-   .. code-block:: shell
-
-      ahriman repo-backup /tmp/repo.tar.gz
-
-   This command will pack all configuration files together with database file into the archive specified as command line argument (i.e. ``/tmp/repo.tar.gz``). In addition it will also archive ``cache`` directory (the one which contains local clones used by e.g. local packages) and ``.gnupg`` of the ``ahriman`` user.
-
-#. 
-   Copy created archive from source server ``server1.example.com`` to target ``server2.example.com``.
-
-#. 
-   Install package as usual on the target server ``server2.example.com`` if you didn't yet.
-
-#. 
-   Extract archive e.g. by using subcommand:
-
-   .. code-block:: shell
-
-      ahriman repo-restore /tmp/repo.tar.gz
-
-   An additional argument ``-o``/``--output`` can be used to specify extraction root (``/`` by default).
-
-#. 
-   Rebuild repository:
-
-   .. code-block:: shell
-
-      sudo -u ahriman ahriman repo-rebuild --from-database

docs/faq/distributed.rst

@@ -1,320 +0,0 @@
-Distributed builds
-------------------
-
-The service allows to run build on multiple machines and collect packages on main node. There are several ways to achieve it, this section describes officially supported methods.
-
-Remote synchronization and remote server call
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This setup requires at least two instances of the service:
-
-#. Web service (with opt-in authorization enabled), later will be referenced as ``master`` node.
-#. Application instances responsible for build, later will be referenced as ``worker`` nodes.
-
-In this example the following settings are assumed:
-
-* Repository architecture is ``x86_64``.
-* Master node address is ``master.example.com``.
-
-Master node configuration
-"""""""""""""""""""""""""
-
-The only requirements for the master node is that API must be available for worker nodes to call (e.g. port must be exposed to internet, or local network in case of VPN, etc) and file upload must be enabled:
-
-.. code-block:: ini
-
-   [web]
-   enable_archive_upload = yes
-
-In addition, the following settings are recommended for the master node:
-
-*
-  As it has been mentioned above, it is recommended to enable authentication (see :doc:`How to enable basic authorization <web>`) and create system user which will be used later. Later this user (if any) will be referenced as ``worker-user``.
-
-*
-  In order to be able to spawn multiple processes at the same time, wait timeout must be configured:
-
-  .. code-block:: ini
-
-     [web]
-     wait_timeout = 0
-
-Worker nodes configuration
-""""""""""""""""""""""""""
-
-#.
-   First of all, in this setup you need to split your repository into chunks manually, e.g. if you have repository on master node with packages ``A``, ``B`` and ``C``, you need to split them between all available workers, as example:
-
-   * Worker #1: ``A``.
-   * Worker #2: ``B`` and ``C``.
-
-   Hint: ``repo-tree`` subcommand provides ``--partitions`` argument.
-
-#.
-   Each worker must be configured to upload files to master node:
-
-   .. code-block:: ini
-
-      [upload]
-      target = remote-service
-
-      [remote-service]
-
-#.
-   Worker must be configured to access web on master node:
-
-   .. code-block:: ini
-
-      [status]
-      address = https://master.example.com
-      username = worker-user
-      password = very-secure-password
-
-   As it has been mentioned above, ``status.address`` must be available for workers. In case if unix socket is used, it can be passed in the same option as usual. Optional ``status.username``/``status.password`` can be supplied in case if authentication was enabled on master node.
-
-#.
-   Each worker must call master node on success:
-
-   .. code-block:: ini
-
-      [report]
-      target = remote-call
-
-      [remote-call]
-      manual = yes
-
-   After success synchronization (see above), the built packages will be put into directory, from which they will be read during manual update, thus ``remote-call.manual`` flag is required.
-
-#.
-   Change order of trigger runs. This step is required, because by default the report trigger is called before the upload trigger and we would like to achieve the opposite:
-
-   .. code-block:: ini
-
-      [build]
-      triggers = ahriman.core.gitremote.RemotePullTrigger ahriman.core.upload.UploadTrigger ahriman.core.report.ReportTrigger ahriman.core.gitremote.RemotePushTrigger
-
-In addition, the following settings are recommended for workers:
-
-*
-  You might want to wait until report trigger will be completed; in this case the following option must be set:
-
-  .. code-block:: ini
-
-     [remote-call]
-     wait_timeout = 0
-
-Dependency management
-"""""""""""""""""""""
-
-By default worker nodes don't know anything about master nodes packages, thus it will try to build each dependency by its own. However, using ``AHRIMAN_REPOSITORY_SERVER`` docker variable (or ``--server`` flag for setup command), it is possible to specify address of the master node for devtools configuration.
-
-Repository and packages signing
-"""""""""""""""""""""""""""""""
-
-You can sign packages on worker nodes and then signatures will be synced to master node. In order to do so, you need to configure worker node as following, e.g.:
-
-.. code-block:: ini
-
-   [sign]
-   target = package
-   key = 8BE91E5A773FB48AC05CC1EDBED105AED6246B39
-
-Note, however, that in this case, signatures will not be validated on master node and just will be copied to repository tree.
-
-If you would like to sign only database files (aka repository sign), it has to be configured only on master node as usual, e.g.:
-
-.. code-block:: ini
-
-   [sign]
-   target = repository
-   key = 8BE91E5A773FB48AC05CC1EDBED105AED6246B39
-
-Double node minimal docker example
-""""""""""""""""""""""""""""""""""
-
-Master node config (``master.ini``) as:
-
-.. code-block:: ini
-
-   [auth]
-   target = configuration
-
-   [web]
-   enable_archive_upload = yes
-   wait_timeout = 0
-
-
-Command to run master node:
-
-.. code-block:: shell
-
-   docker run --privileged -p 8080:8080 -e AHRIMAN_PORT=8080 -v master.ini:/etc/ahriman.ini.d/overrides.ini arcan1s/ahriman:latest web
-
-The user ``worker-user`` has been created additionally. Worker node config (``worker.ini``) as:
-
-.. code-block:: ini
-
-   [status]
-   address = http://172.17.0.1:8080
-   username = worker-user
-   password = very-secure-password
-
-   [upload]
-   target = remote-service
-
-   [remote-service]
-
-   [report]
-   target = remote-call
-
-   [remote-call]
-   manual = yes
-   wait_timeout = 0
-
-   [build]
-   triggers = ahriman.core.gitremote.RemotePullTrigger ahriman.core.upload.UploadTrigger ahriman.core.report.ReportTrigger ahriman.core.gitremote.RemotePushTrigger
-
-The address above (``http://172.17.0.1:8080``) is somewhat available for worker container.
-
-Command to run worker node:
-
-.. code-block:: shell
-
-   docker run --privileged -v worker.ini:/etc/ahriman.ini.d/overrides.ini -it arcan1s/ahriman:latest package-add ahriman --now
-
-The command above will successfully build ``ahriman`` package, upload it on master node and, finally, will update master node repository.
-
-Check proof-of-concept setup `here <https://github.com/arcan1s/ahriman/tree/master/recipes/distributed-manual>`__.
-
-Addition of new package and repository update
-"""""""""""""""""""""""""""""""""""""""""""""
-
-Just run on worker command as usual, the built packages will be automatically uploaded to master node. Note that automatic update process must be disabled on master node.
-
-Package removal
-"""""""""""""""
-
-This action must be done in two steps:
-
-#. Remove package on worker.
-#. Remove package on master node.
-
-Delegate builds to remote workers
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This setup heavily uses upload feature described above and, in addition, also delegates build process automatically to build machines. Same as above, there must be at least two instances available (``master`` and ``worker``), however, all ``worker`` nodes must be run in the web service mode.
-
-Master node configuration
-"""""""""""""""""""""""""
-
-In addition to the configuration above, the worker list must be defined in configuration file (``build.workers`` option), i.e.:
-
-.. code-block:: ini
-
-   [build]
-   workers = https://worker1.example.com https://worker2.example.com
-
-   [web]
-   enable_archive_upload = yes
-   wait_timeout = 0
-
-In the example above, ``https://worker1.example.com`` and ``https://worker2.example.com`` are remote ``worker`` node addresses available for ``master`` node.
-
-In case if authentication is required (which is recommended way to setup it), it can be set by using ``status`` section as usual.
-
-Worker nodes configuration
-""""""""""""""""""""""""""
-
-It is required to point to the master node repository, otherwise internal dependencies will not be handled correctly. In order to do so, the ``--server`` argument (or ``AHRIMAN_REPOSITORY_SERVER`` environment variable for docker images) can be used.
-
-Also, in case if authentication is enabled, the same user with the same password must be created for all workers.
-
-It is also recommended to set ``web.wait_timeout`` to infinite in case of multiple conflicting runs and ``service_only`` to ``yes`` in order to disable status endpoints.
-
-Other settings are the same as mentioned above.
-
-Triple node minimal docker example
-""""""""""""""""""""""""""""""""""
-
-In this example, all instances are run on the same machine with address ``172.17.0.1`` with ports available outside of container. Master node config (``master.ini``) as:
-
-.. code-block:: ini
-
-   [auth]
-   target = configuration
-
-   [status]
-   username = builder-user
-   password = very-secure-password
-
-   [build]
-   workers = http://172.17.0.1:8081 http://172.17.0.1:8082
-
-   [web]
-   enable_archive_upload = yes
-   wait_timeout = 0
-
-Command to run master node:
-
-.. code-block:: shell
-
-   docker run --privileged -p 8080:8080 -e AHRIMAN_PORT=8080 -v master.ini:/etc/ahriman.ini.d/overrides.ini arcan1s/ahriman:latest web
-
-Worker nodes (applicable for all workers) config (``worker.ini``) as:
-
-.. code-block:: ini
-
-   [auth]
-   target = configuration
-
-   [status]
-   address = http://172.17.0.1:8080
-   username = builder-user
-   password = very-secure-password
-
-   [upload]
-   target = remote-service
-
-   [remote-service]
-
-   [report]
-   target = remote-call
-
-   [remote-call]
-   manual = yes
-   wait_timeout = 0
-
-   [web]
-   service_only = yes
-
-   [build]
-   triggers = ahriman.core.upload.UploadTrigger ahriman.core.report.ReportTrigger
-
-Command to run worker nodes (considering there will be two workers, one is on ``8081`` port and other is on ``8082``):
-
-.. code-block:: ini
-
-   docker run --privileged -p 8081:8081 -e AHRIMAN_PORT=8081 -v worker.ini:/etc/ahriman.ini.d/overrides.ini arcan1s/ahriman:latest web
-   docker run --privileged -p 8082:8082 -e AHRIMAN_PORT=8082 -v worker.ini:/etc/ahriman.ini.d/overrides.ini arcan1s/ahriman:latest web
-
-Unlike the previous setup, it doesn't require to mount repository root for ``worker`` nodes, because they don't use it anyway.
-
-Check proof-of-concept setup `here <https://github.com/arcan1s/ahriman/tree/master/recipes/distributed>`__.
-
-Addition of new package, package removal, repository update
-"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-
-In all scenarios, update process must be run only on ``master`` node. Unlike the manually distributed packages described above, automatic update must be enabled only for ``master`` node.
-
-Automatic worker nodes discovery
-""""""""""""""""""""""""""""""""
-
-Instead of setting ``build.workers`` option it is also possible to configure services to load worker list dynamically. To do so, the ``ahriman.core.distributed.WorkerLoaderTrigger`` and ``ahriman.core.distributed.WorkerTrigger`` must be used for ``master`` and ``worker`` nodes repsectively. See recipes for more details.
-
-Known limitations
-"""""""""""""""""
-
-* Workers don't support local packages. However, it is possible to build custom packages by providing sources by using ``ahriman.core.gitremote.RemotePullTrigger`` trigger.
-* No dynamic nodes discovery. In case if one of worker nodes is unavailable, the build process will fail.
-* No pkgrel bump on conflicts.
-* The identical user must be created for all workers. However, the ``master`` node user can be different from this one.

docs/faq/docker.rst

@@ -1,115 +0,0 @@
-Docker image
-------------
-
-We provide official images which can be found under:
-
-* docker registry ``arcan1s/ahriman``;
-* ghcr.io registry ``ghcr.io/arcan1s/ahriman``.
-
-These images are totally identical.
-
-Docker image is being updated on each commit to master as well as on each version. If you would like to use last (probably unstable) build you can use ``edge`` tag or ``latest`` for any tagged versions; otherwise you can use any version tag available.
-
-The default action (in case if no arguments provided) is ``repo-update``. Basically the idea is to run container, e.g.:
-
-.. code-block:: shell
-
-   docker run --privileged -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest
-
-``--privileged`` flag is required to make mount possible inside container. In order to make data available outside of container, you would need to mount local (parent) directory inside container by using ``-v /path/to/local/repo:/var/lib/ahriman`` argument, where ``/path/to/local/repo`` is a path to repository on local machine. In addition, you can pass own configuration overrides by using the same ``-v`` flag, e.g.:
-
-.. code-block:: shell
-
-   docker run --privileged -v /path/to/local/repo:/var/lib/ahriman -v /path/to/overrides/overrides.ini:/etc/ahriman.ini.d/10-overrides.ini arcan1s/ahriman:latest
-
-The action can be specified during run, e.g.:
-
-.. code-block:: shell
-
-   docker run --privileged -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest package-add ahriman --now
-
-For more details please refer to the docker FAQ.
-
-Environment variables
-^^^^^^^^^^^^^^^^^^^^^
-
-The following environment variables are supported:
-
-* ``AHRIMAN_ARCHITECTURE`` - architecture of the repository, default is ``x86_64``.
-* ``AHRIMAN_DEBUG`` - if set all commands will be logged to console.
-* ``AHRIMAN_FORCE_ROOT`` - force run ahriman as root instead of guessing by subcommand.
-* ``AHRIMAN_HOST`` - host for the web interface, default is ``0.0.0.0``.
-* ``AHRIMAN_MULTILIB`` - if set (default) multilib repository will be used, disabled otherwise.
-* ``AHRIMAN_OUTPUT`` - controls logging handler, e.g. ``syslog``, ``console``. The name must be found in logging configuration. Note that if ``syslog`` handler is used you will need to mount ``/dev/log`` inside container because it is not available there.
-* ``AHRIMAN_PACKAGER`` - packager name from which packages will be built, default is ``ahriman bot <ahriman@example.com>``.
-* ``AHRIMAN_PACMAN_MIRROR`` - override pacman mirror server if set.
-* ``AHRIMAN_PORT`` - HTTP server port if any, default is empty.
-* ``AHRIMAN_POSTSETUP_COMMAND`` - if set, the command which will be called (as root) after the setup command, but before any other actions.
-* ``AHRIMAN_PRESETUP_COMMAND`` - if set, the command which will be called (as root) right before the setup command.
-* ``AHRIMAN_REPOSITORY`` - repository name, default is ``aur-clone``.
-* ``AHRIMAN_REPOSITORY_SERVER`` - optional override for the repository URL. Useful if you would like to download packages from remote instead of local filesystem.
-* ``AHRIMAN_REPOSITORY_ROOT`` - repository root. Because of filesystem rights it is required to override default repository root. By default, it uses ``ahriman`` directory inside ahriman's home, which can be passed as mount volume.
-* ``AHRIMAN_UNIX_SOCKET`` - full path to unix socket which is used by web server, default is empty. Note that more likely you would like to put it inside ``AHRIMAN_REPOSITORY_ROOT`` directory (e.g. ``/var/lib/ahriman/ahriman/ahriman-web.sock``) or to ``/run/ahriman``.
-* ``AHRIMAN_USER`` - ahriman user, usually must not be overwritten, default is ``ahriman``.
-* ``AHRIMAN_VALIDATE_CONFIGURATION`` - if set (default) validate service configuration.
-
-You can pass any of these variables by using ``-e`` argument, e.g.:
-
-.. code-block:: shell
-
-   docker run --privileged -e AHRIMAN_PORT=8080 -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest
-
-Daemon service
-^^^^^^^^^^^^^^
-
-There is special ``repo-daemon`` subcommand which emulates systemd timer and will perform repository update periodically:
-
-.. code-block:: shell
-
-   docker run --privileged -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest repo-daemon
-
-This command uses same rules as ``repo-update``, thus, e.g. requires ``--privileged`` flag. Check also `examples <https://github.com/arcan1s/ahriman/tree/master/recipes/daemon>`__.
-
-Web service setup
-^^^^^^^^^^^^^^^^^
-
-For that you would need to have web container instance running forever; it can be achieved by the following command:
-
-.. code-block:: shell
-
-   docker run --privileged -p 8080:8080 -e AHRIMAN_PORT=8080 -e AHRIMAN_UNIX_SOCKET=/var/lib/ahriman/ahriman/ahriman-web.sock -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest
-
-Note about ``AHRIMAN_PORT`` environment variable which is required in order to enable web service. An additional port bind by ``-p 8080:8080`` is required to pass docker port outside of container.
-
-The ``AHRIMAN_UNIX_SOCKET`` variable is not required, however, highly recommended as it can be used for interprocess communications. If you set this variable you would like to be sure that this path is available outside of container if you are going to use multiple docker instances.
-
-If you are using ``AHRIMAN_UNIX_SOCKET`` variable, for every next container run it has to be passed also, e.g.:
-
-.. code-block:: shell
-
-   docker run --privileged -e AHRIMAN_UNIX_SOCKET=/var/lib/ahriman/ahriman/ahriman-web.sock -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest
-
-Otherwise, you would need to pass ``AHRIMAN_PORT`` and mount container network to the host system (``--net=host``), e.g.:
-
-.. code-block:: shell
-
-   docker run --privileged --net=host -e AHRIMAN_PORT=8080 -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest
-
-Simple server with authentication can be found in `examples <https://github.com/arcan1s/ahriman/tree/master/recipes/web>`__ too.
-
-Mutli-repository web service
-""""""""""""""""""""""""""""
-
-Idea is pretty same as to just run web service. However, it is required to run setup commands for each repository, except for one which is specified by ``AHRIMAN_REPOSITORY`` and ``AHRIMAN_ARCHITECTURE`` variables.
-
-In order to create configuration for additional repositories, the ``AHRIMAN_POSTSETUP_COMMAND`` variable should be used, e.g.:
-
-.. code-block:: shell
-
-   docker run --privileged -p 8080:8080 -e AHRIMAN_PORT=8080 -e AHRIMAN_UNIX_SOCKET=/var/lib/ahriman/ahriman/ahriman-web.sock -e AHRIMAN_POSTSETUP_COMMAND="ahriman --architecture x86_64 --repository aur-clone-v2 service-setup --build-as-user ahriman --packager 'ahriman bot <ahriman@example.com>'" -v /path/to/local/repo:/var/lib/ahriman arcan1s/ahriman:latest
-
-The command above will also create configuration for the repository named ``aur-clone-v2``.
-
-Note, however, that the command above is only required in case if the service is going to be used to run subprocesses. Otherwise, everything else (web interface, status, etc) will be handled as usual.
-
-Configuration `example <https://github.com/arcan1s/ahriman/tree/master/recipes/multirepo>`__.

docs/faq/examples.rst

@@ -1,12 +0,0 @@
-Use cases
----------
-
-There is a collection of some specific recipes which can be found in `the repository <https://github.com/arcan1s/ahriman/tree/master/recipes>`__.
-
-Most of them can be run (``AHRIMAN_PASSWORD`` environment variable is required in the most setups) as simple as:
-
-.. code-block:: shell
-
-   AHRIMAN_PASSWORD=demo docker compose up
-
-Note, however, they are just an examples of specific configuration for specific cases and they are never intended to be used as is in real environment.

docs/faq/general.rst

@@ -1,431 +0,0 @@
-General topics
---------------
-
-What is the purpose of the project
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This project has been created in order to maintain self-hosted Arch Linux user repository without manual intervention - checking for updates and building packages.
-
-How to install ahriman
-^^^^^^^^^^^^^^^^^^^^^^
-
-TL;DR
-
-.. code-block:: shell
-
-   yay -S ahriman
-   ahriman -a x86_64 -r aur-clone service-setup --packager "ahriman bot <ahriman@example.com>"
-   systemctl enable --now ahriman@x86_64-aur-clone.timer
-
-Long answer
-"""""""""""
-
-The idea is to install the package as usual, create working directory tree, create configuration for ``sudo`` and ``devtools``. Detailed description of the setup instruction can be found :doc:`here </setup>`.
-
-Run as daemon
-"""""""""""""
-
-The alternative way (though not recommended) is to run service instead of timer:
-
-.. code-block:: shell
-
-   systemctl enable --now ahriman-daemon@x86_64-aur-clone
-
-How to validate settings
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-There is special command which can be used in order to validate current configuration:
-
-.. code-block:: shell
-
-   ahriman service-config-validate --exit-code
-
-This command will print found errors, based on `cerberus <https://docs.python-cerberus.org/>`__, e.g.:
-
-.. code-block:: shell
-
-   auth
-                   ssalt: unknown field
-                   target: none or more than one rule validate
-                           oneof definition 0: unallowed value mapping
-                           oneof definition 1: field 'salt' is required
-                           oneof definition 2: unallowed value mapping
-                           oneof definition 2: field 'salt' is required
-                           oneof definition 2: field 'client_id' is required
-                           oneof definition 2: field 'client_secret' is required
-   gitremote
-                   pull_url: unknown field
-
-If an additional flag ``--exit-code`` is supplied, the application will return non-zero exit code, which can be used partially in scripts.
-
-What does "architecture specific" mean / How to configure for different architectures
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Some sections can be configured per architecture. The service will merge architecture specific values into common settings. In order to specify settings for specific architecture you must point it in section name.
-
-For example, the section
-
-.. code-block:: ini
-
-   [build]
-   build_command = extra-x86_64-build
-
-states that default build command is ``extra-x86_64-build``. But if there is section
-
-.. code-block:: ini
-
-   [build:i686]
-   build_command = extra-i686-build
-
-the ``extra-i686-build`` command will be used for ``i686`` architecture. You can also override settings for different repositories and architectures; in this case section names will be ``build:aur-clone`` (repository name only) and ``build:aur-clone:i686`` (both repository name and architecture).
-
-How to generate build reports
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Normally you would probably like to generate only one report for the specific type, e.g. only one email report. In order to do so you will need to have the following configuration:
-
-.. code-block:: ini
-
-   [report]
-   target = email
-
-   [email]
-   ...
-
-or in case of multiple architectures and *different* reporting settings:
-
-.. code-block:: ini
-
-   [report]
-   target = email
-
-   [email:i686]
-   ...
-
-   [email:x86_64]
-   ...
-
-But for some cases you would like to have multiple different reports with the same type (e.g. sending different templates to different addresses). For these cases you will need to specify section name in target and type in section, e.g. the following configuration can be used:
-
-.. code-block:: ini
-
-   [report]
-   target = email_1 email_2
-
-   [email_1]
-   type = email
-   ...
-
-   [email_2]
-   type = email
-   ...
-
-How to add new package
-^^^^^^^^^^^^^^^^^^^^^^
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman package-add ahriman --now
-
-``--now`` flag is totally optional and just run ``repo-update`` subcommand after the registering the new package. Thus the extended flow is the following:
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman package-add ahriman
-   sudo -u ahriman ahriman repo-update
-
-How to build package from local PKGBUILD
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-TL;DR
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman package-add /path/to/local/directory/with/PKGBUILD --now
-
-Before using this command you will need to create local directory, put ``PKGBUILD`` there and generate ``.SRCINFO`` by using ``makepkg --printsrcinfo > .SRCINFO`` command. These packages will be stored locally and *will be ignored* during automatic update; in order to update the package you will need to run ``package-add`` command again.
-
-How to copy package from another repository
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-As simple as add package from archive. Considering case when you would like to copy package ``package`` with version ``ver-rel`` from repository ``source-repository`` to ``target-respository`` (same architecture), the command will be following:
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman -r target-repository package-add /var/lib/ahriman/repository/source-repository/x86_64/package-ver-rel-x86_64.pkg.tar.zst
-
-In addition, you can remove source package as usual later.
-
-This feature in particular useful if for managing multiple repositories like ``[testing]`` and ``[extra]``.
-
-How to fetch PKGBUILDs from remote repository
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-For that purpose you could use ``RemotePullTrigger`` trigger. To do so you will need to configure trigger as following:
-
-.. code-block:: ini
-
-   [remote-pull]
-   target = gitremote
-
-   [gitremote]
-   pull_url = https://github.com/username/repository
-
-During the next application run it will fetch repository from the specified URL and will try to find packages there which can be used as local sources.
-
-This feature can be also used to build packages which are not listed in AUR, the example of the feature use can be found `here <https://github.com/arcan1s/ahriman/tree/master/recipes/pull>`__.
-
-How to push updated PKGBUILDs to remote repository
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-For that purpose you'd need to use another trigger called ``RemotePushTrigger``. Configure trigger as following:
-
-.. code-block:: ini
-
-   [remote-push]
-   target = gitremote
-
-   [gitremote]
-   push_url = https://github.com/username/repository
-
-Unlike ``RemotePullTrigger`` trigger, the ``RemotePushTrigger`` more likely will require authorization. It is highly recommended to use application tokens for that instead of using your password (e.g. for GitHub you can generate tokens `here <https://github.com/settings/tokens>`__ with scope ``public_repo``). Authorization can be supplied by using authorization part of the URL, e.g. ``https://key:token@github.com/username/repository``.
-
-How to change PKGBUILDs before build
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Well it is supported also. The recommended way is to patch specific function, e.g. by running
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman patch-add ahriman version
-
-This command will prompt for new value of the PKGBUILD variable ``version``. You can also write it to file and read from it:
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman patch-add ahriman version version.patch
-
-The command also supports arrays, but in this case you need to specify full array, e.g.
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman patch-add ahriman depends
-
-   Post new function or variable value below. Press Ctrl-D to finish:
-   (python python-aiohttp)
-   ^D
-
-will set depends PKGBUILD variable (exactly) to array ``["python", "python-aiohttp"]``.
-
-Alternatively you can create full-diff patches, which are calculated by using ``git diff`` from current PKGBUILD master branch:
-
-#.
-   Clone sources from AUR.
-
-#.
-   Make changes you would like to (e.g. edit ``PKGBUILD``, add external patches).
-
-#.
-   Run command
-
-   .. code-block:: shell
-
-      sudo -u ahriman ahriman patch-set-add /path/to/local/directory/with/PKGBUILD
-
-The last command will calculate diff from current tree to the ``HEAD`` and will store it locally. Patches will be applied on any package actions (e.g. it can be used for dependency management).
-
-It is also possible to create simple patch during package addition, e.g.:
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman package-add ahriman --variable PKGEXT=.pkg.tar.xz
-
-The ``--variable`` argument accepts variables in shell like format: quotation and lists are supported as usual, but functions are not. This feature is useful in particular in order to override specific makepkg variables during build.
-
-How to build package from official repository
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-It is the same as adding any other package, but due to restrictions you must specify source explicitly, e.g.:
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman package-add pacman --source repository
-
-This feature is heavily depends on local pacman cache. In order to use this feature it is recommended to either run ``pacman -Sy`` before the interaction or use internal application cache with ``--refresh`` flag.
-
-Package build fails because it cannot validate PGP signature of source files
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-TL;DR
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman service-key-import ...
-
-How to update VCS packages
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Normally the service handles VCS packages correctly, however it requires additional dependencies:
-
-.. code-block:: shell
-
-   pacman -S breezy darcs mercurial subversion
-
-How to review changes before build
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-In this scenario, the update process must be separated into several stages. First, it is required to check updates:
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman repo-check
-
-During the check process, the service will generate changes from the last known commit and will send it to remote service. In order to verify source files changes, the web interface or special subcommand can be used:
-
-.. code-block:: shell
-
-   ahriman package-changes ahriman
-
-After validation, the operator can run update process with approved list of packages, e.g.:
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman repo-update ahriman
-
-How to remove package
-^^^^^^^^^^^^^^^^^^^^^
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman package-remove ahriman
-
-Also, there is command ``repo-remove-unknown`` which checks packages in AUR and local storage and removes ones which have been removed.
-
-Remove commands also remove any package files (patches, caches etc).
-
-How to sign repository
-^^^^^^^^^^^^^^^^^^^^^^
-
-Repository sign feature is available in several configurations. The recommended way is just to sign repository database file by single key instead of trying to sign each package. However, the steps are pretty same, just configuration is a bit different. For more details about options kindly refer to :doc:`configuration reference </configuration>`.
-
-#.
-   First you would need to create the key on your local machine:
-
-   .. code-block:: shell
-
-      gpg --full-generate-key
-
-   This command will prompt you for several questions. Most of them may be left default, but you will need to fill real name and email address with some data. Because at the moment the service doesn't support passphrases, it must be left blank.
-
-#.
-   The command above will generate key and print its fingerprint, something like ``8BE91E5A773FB48AC05CC1EDBED105AED6246B39``. Copy it.
-
-#.
-   Export your private key by using the fingerprint above:
-
-   .. code-block:: shell
-
-      gpg --export-secret-keys -a 8BE91E5A773FB48AC05CC1EDBED105AED6246B39 > repository-key.gpg
-
-#.
-
-   Copy the specified key to the build machine (i.e. where the service is running).
-
-#.
-   Import the specified key to the service user:
-
-   .. code-block:: shell
-
-      sudo -u ahriman gpg --import repository-key.gpg
-
-   Don't forget to remove the key from filesystem after import.
-
-#.
-   Change trust level to ``ultimate``:
-
-   .. code-block:: shell
-
-      sudo -u ahriman gpg --edit-key 8BE91E5A773FB48AC05CC1EDBED105AED6246B39
-
-   The command above will drop you into gpg shell, in which you will need to type ``trust``, choose ``5 = I trust ultimately``, confirm and exit ``quit``.
-
-#.
-   Proceed with service configuration according to the :doc:`configuration </configuration>`:
-
-   .. code-block:: ini
-
-      [sign]
-      target = repository
-      key = 8BE91E5A773FB48AC05CC1EDBED105AED6246B39
-
-
-How to rebuild packages after library update
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-TL;DR
-
-.. code-block:: shell
-
-   sudo -u ahriman ahriman repo-rebuild --depends-on python
-
-You can even rebuild the whole repository (which is particular useful in case if you would like to change packager) if you do not supply ``--depends-on`` option. This action will automatically increment ``pkgrel`` value; in case if you don't want to, the ``--no-increment`` option has to be supplied.
-
-However, note that you do not need to rebuild repository in case if you just changed signing option, just use ``repo-sign`` command instead.
-
-Automated broken dependencies detection
-"""""""""""""""""""""""""""""""""""""""
-
-After the success build the application extracts all linked libraries and used directories and stores them in database. During the check process, the application extracts pacman databases and checks if file names have been changed (e.g. new python release caused ``/usr/lib/python3.x`` directory renaming to ``/usr/lib/python3.y`` or soname for a linked library has been changed). In case if broken dependencies have been detected, the package will be added to the rebuild queue.
-
-In order to disable this check completely, the ``--no-check-files`` flag can be used.
-
-In addition, there is possibility to control paths which will be used for checking, by using options ``build.allowed_scan_paths`` and ``build.blacklisted_scan_paths``. Leaving ``build.allowed_scan_paths`` blank will effectively disable any check too.
-
-How to install built packages
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Add the following lines to your ``pacman.conf``:
-
-.. code-block:: ini
-
-   [repository]
-   Server = file:///var/lib/ahriman/repository/$repo/$arch
-
-(You might need to add ``SigLevel`` option according to the pacman documentation.)
-
-How to serve repository
-^^^^^^^^^^^^^^^^^^^^^^^
-
-Easy. For example, nginx configuration (without SSL) will look like:
-
-.. code-block::
-
-   server {
-       listen 80;
-       server_name repo.example.com;
-
-       location / {
-           autoindex on;
-           root /var/lib/ahriman/repository;
-       }
-   }
-
-Example of the status page configuration is the following (status service is using 8080 port):
-
-.. code-block::
-
-   server {
-       listen 80;
-       server_name builds.example.com;
-
-       location / {
-           proxy_set_header Host $host;
-           proxy_set_header X-Real-IP $remote_addr;
-           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-           proxy_set_header X-Forwarder-Proto $scheme;
-
-           proxy_pass http://127.0.0.1:8080;
-       }
-   }
-
-Some more examples can be found in configuration `recipes <https://github.com/arcan1s/ahriman/tree/master/recipes>`__.

docs/faq/index.rst

@@ -1,17 +0,0 @@
-FAQ
-===
-
-.. toctree::
-   :maxdepth: 2
-
-   general
-   docker
-   non-x86_64-setup
-   synchronization
-   reporting
-   distributed
-   maintenance-packages
-   web
-   backup
-   examples
-   misc

docs/faq/maintenance-packages.rst

@@ -1,73 +0,0 @@
-Maintenance packages
---------------------
-
-Generate keyring package
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-The application provides special plugin which generates keyring package. This plugin heavily depends on ``sign`` group settings, however it is possible to override them. The minimal package can be generated in the following way:
-
-#.
-   Edit configuration:
-
-   .. code-block:: ini
-
-      [keyring]
-      target = keyring-generator
-
-   By default it will use ``sign.key`` as trusted key and all other keys as packagers ones. For all available options refer to :doc:`configuration </configuration>`.
-
-#.
-   Create package source files:
-
-   .. code-block:: shell
-
-      sudo -u ahriman ahriman repo-create-keyring
-
-   This command will generate PKGBUILD, revoked and trusted listings and keyring itself and will register the package in database.
-
-#.
-   Build new package as usual:
-
-   .. code-block:: shell
-
-      sudo -u ahriman ahriman package-add aur-clone-keyring --source local --now
-
-   where ``aur-clone`` is your repository name.
-
-This plugin might have some issues, in case of any of them, kindly create `new issue <https://github.com/arcan1s/ahriman/issues/new/choose>`__.
-
-Generate mirrorlist package
-^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The application provides special plugin which generates mirrorlist package also. It is possible to distribute this package as usual later. The package can be generated in the following way:
-
-#.
-   Edit configuration:
-
-   .. code-block:: ini
-
-      [mirrorlist]
-      target = mirrorlist-generator
-
-      [mirrorlist-generator]
-      servers = https://repo.example.com/$arch
-
-   The ``mirrorlist-generator.servers`` must contain list of available mirrors, the ``$arch`` and ``$repo`` variables are supported. For more options kindly refer to :doc:`configuration </configuration>`.
-
-#.
-   Create package source files:
-
-   .. code-block:: shell
-
-      sudo -u ahriman ahriman repo-create-mirrorlist
-
-   This command will generate PKGBUILD and mirrorlist file and will register the package in database.
-
-#.
-   Build new package as usual:
-
-   .. code-block:: shell
-
-      sudo -u ahriman ahriman package-add aur-clone-mirrorlist --source local --now
-
-   where ``aur-clone`` is your repository name.

docs/faq/misc.rst

@@ -1,100 +0,0 @@
-Other topics
-------------
-
-How does it differ from %another-manager%?
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Short answer - I do not know. Also for some references credits to `Alad <https://github.com/AladW>`__, he `did <https://wiki.archlinux.org/title/User:Alad/Local_repo_tools>`__ really good investigation of existing alternatives.
-
-`arch-repo-manager <https://github.com/Martchus/arch-repo-manager>`__
-"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-
-Looks actually pretty good, in case if I would find it, I would probably didn't start this project; the most of features (like web interface or additional helpers) are already implemented or planned to be. However, this project seems to be at early alpha stage (as for Nov 2022), written in C++ (not pro or con) and misses documentation.
-
-`archrepo2 <https://github.com/lilydjwg/archrepo2>`__
-"""""""""""""""""""""""""""""""""""""""""""""""""""""
-
-Don't know, haven't tried it. But it lacks of documentation at least.
-
-* ``ahriman`` has web interface.
-* ``archrepo2`` doesn't have synchronization and reporting.
-* ``archrepo2`` actively uses direct shell calls and ``yaourt`` components.
-* ``archrepo2`` has constantly running process instead of timer process (it is not pro or con).
-
-`repoctl <https://github.com/cassava/repoctl>`__
-""""""""""""""""""""""""""""""""""""""""""""""""
-
-* ``ahriman`` has web interface.
-* ``repoctl`` does not have reporting feature.
-* ``repoctl`` does not support local packages and patches.
-* Some actions are not fully automated in ``repoctl`` (e.g. package update still requires manual intervention for the build itself).
-* ``repoctl`` has better AUR interaction features. With colors!
-* ``repoctl`` has much easier configuration and even completion.
-* ``repoctl`` is able to store old packages.
-* Ability to host repository from same command in ``repoctl`` vs external services (e.g. nginx) in ``ahriman``.
-
-`repod <https://gitlab.archlinux.org/archlinux/repod>`__
-""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-
-Official tool provided by distribution, has clean logic, but it is just a helper for ``repo-add``, e.g. it doesn't work with AUR and all packages builds have to be handled separately.
-
-`repo-scripts <https://github.com/arcan1s/repo-scripts>`__
-""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
-
-Though originally I've created ahriman by trying to improve the project, it still lacks a lot of features:
-
-* ``ahriman`` has web interface.
-* ``ahriman`` has better reporting with template support.
-* ``ahriman`` has more synchronization features (there was only ``rsync`` based).
-* ``ahriman`` supports local packages and patches.
-* ``repo-scripts`` doesn't have dependency management.
-
-...and so on. ``repo-scripts`` also has bad architecture and bad quality code and uses out-of-dated ``yaourt`` and ``package-query``.
-
-`toolbox <https://github.com/chaotic-aur/toolbox>`__
-""""""""""""""""""""""""""""""""""""""""""""""""""""
-
-It is automation tools for ``repoctl`` mentioned above. Except for using shell it looks pretty cool and also offers some additional features like patches, remote synchronization (isn't it?) and reporting.
-
-How to check service logs
-^^^^^^^^^^^^^^^^^^^^^^^^^
-
-By default, the service writes logs to ``journald`` which can be accessed by using ``journalctl`` command (logs are written to the journal of the user under which command is run). In order to retrieve logs for the process you can use the following command:
-
-.. code-block:: shell
-
-   sudo journalctl SYSLOG_IDENTIFIER=ahriman
-
-You can also ask to forward logs to ``stderr``, just set ``--log-handler`` flag, e.g.:
-
-.. code-block:: shell
-
-   ahriman --log-handler console ...
-
-You can even configure logging as you wish, but kindly refer to python ``logging`` module `configuration <https://docs.python.org/3/library/logging.config.html>`__.
-
-The application uses java concept to log messages, e.g. class ``Application`` imported from ``ahriman.application.application`` package will have logger called ``ahriman.application.application.Application``. In order to e.g. change logger name for whole application package it is possible to change values for ``ahriman.application`` package; thus editing ``ahriman`` logger configuration will change logging for whole application (unless there are overrides for another logger).
-
-Html customization
-^^^^^^^^^^^^^^^^^^
-
-It is possible to customize html templates. In order to do so, create files somewhere (refer to Jinja2 documentation and the service source code for available parameters) and prepend ``templates`` with value pointing to this directory.
-
-In addition, default html templates supports style customization out-of-box. In order to customize style, just put file named ``user-style.jinja2`` to the templates directory.
-
-Web API extension
-^^^^^^^^^^^^^^^^^
-
-The application loads web views dynamically, so it is possible relatively easy extend its API. In order to do so:
-
-#. Create view class which is derived from ``ahriman.web.views.base.BaseView`` class.
-#. Create implementation for this class.
-#. Put file into ``ahriman.web.views`` package.
-#. Restart application.
-
-For more details about implementation and possibilities, kindly refer to module documentation and source code and `aiohttp documentation <https://docs.aiohttp.org/en/stable/>`__.
-
-I did not find my question
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-`Create an issue <https://github.com/arcan1s/ahriman/issues>`__ with type **Question**.

docs/faq/non-x86_64-setup.rst

@@ -1,99 +0,0 @@
-Non-x86_64 architecture setup
------------------------------
-
-The following section describes how to setup ahriman with architecture different from x86_64, as example i686. For most cases you have base repository available, e.g. archlinux32 repositories for i686 architecture; in case if base repository is not available, steps are a bit different, however, idea remains the same.
-
-The example of setup with docker compose can be found `here <https://github.com/arcan1s/ahriman/tree/master/recipes/i686>`__.
-
-Physical server setup
-^^^^^^^^^^^^^^^^^^^^^
-
-In this example we are going to use files and packages which are provided by official repositories of the used architecture. Note, that versions might be different, thus you need to find correct versions on the distribution web site, e.g. `archlinux32 packages <https://www.archlinux32.org/packages/>`__.
-
-#.
-   First, considering having base Arch Linux system, we need to install keyring for the specified repositories, e.g.:
-
-   .. code-block:: shell
-
-      wget https://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
-      pacman -U archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
-
-#.
-   In order to run ``devtools`` scripts for custom architecture they also need specific ``makepkg`` configuration, it can be retrieved by installing the ``devtools`` package of the distribution, e.g.:
-
-   .. code-block:: shell
-
-      wget https://pool.mirror.archlinux32.org/i686/extra/devtools-20221208-1.2-any.pkg.tar.zst
-      pacman -U devtools-20221208-1.2-any.pkg.tar.zst
-
-   Alternatively, you can create your own ``makepkg`` configuration and save it as ``/usr/share/devtools/makepkg.conf.d/i686.conf``.
-
-#.
-   Setup repository as usual:
-
-   .. code-block:: shell
-
-      ahriman -a i686 service-setup --mirror 'https://de.mirror.archlinux32.org/$arch/$repo'--no-multilib ...
-
-   In addition to usual options, you need to specify the following options:
-
-   * ``--mirror`` - link to the mirrors which will be used instead of official repositories.
-   * ``--no-multilib`` - in the example we are using i686 architecture for which multilib repository doesn't exist.
-
-#.
-   That's all Folks!
-
-Docker container setup
-^^^^^^^^^^^^^^^^^^^^^^
-
-There are two possible ways to achieve same setup, by using docker container. The first one is just mount required files inside container and run it as usual (with specific environment variables). Another one is to create own container based on official one:
-
-#.
-   Clone official container as base:
-
-   .. code-block:: dockerfile
-
-      FROM arcan1s/ahriman:latest
-
-#.
-   Init pacman keys. This command is required in order to populate distribution keys:
-
-   .. code-block:: dockerfile
-
-      RUN pacman-key --init
-
-#.
-   Install packages as it was described above:
-
-   .. code-block:: dockerfile
-
-      RUN pacman --noconfirm -Sy wget
-      RUN wget https://pool.mirror.archlinux32.org/i686/extra/devtools-20221208-1.2-any.pkg.tar.zst && pacman --noconfirm -U devtools-20221208-1.2-any.pkg.tar.zst
-      RUN wget https://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-20230705-1.0-any.pkg.tar.zst && pacman --noconfirm -U archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
-
-#.
-   At that point you should have full ``Dockerfile`` like:
-
-   .. code-block:: dockerfile
-
-      FROM arcan1s/ahriman:latest
-
-      RUN pacman-key --init
-
-      RUN pacman --noconfirm -Sy wget
-      RUN wget https://pool.mirror.archlinux32.org/i686/extra/devtools-20221208-1.2-any.pkg.tar.zst && pacman --noconfirm -U devtools-20221208-1.2-any.pkg.tar.zst
-      RUN wget https://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-20230705-1.0-any.pkg.tar.zst && pacman --noconfirm -U archlinux32-keyring-20230705-1.0-any.pkg.tar.zst
-
-#.
-   After that you can build you own container, e.g.:
-
-   .. code-block:: shell
-
-      docker build --tag ahriman-i686:latest
-
-#.
-   Now you can run locally built container as usual with passing environment variables for setup command:
-
-   .. code-block:: shell
-
-      docker run --privileged -p 8080:8080 -e AHRIMAN_ARCHITECTURE=i686 -e AHRIMAN_PACMAN_MIRROR='https://de.mirror.archlinux32.org/$arch/$repo' -e AHRIMAN_MULTILIB= ahriman-i686:latest

docs/faq/reporting.rst

@@ -1,99 +0,0 @@
-Reporting
----------
-
-How to report by email
-^^^^^^^^^^^^^^^^^^^^^^
-
-#.
-   Install dependencies:
-
-   .. code-block:: shell
-
-      yay -S --asdeps python-jinja
-
-#.
-   Configure the service:
-
-   .. code-block:: ini
-
-      [report]
-      target = email
-
-      [email]
-      host = smtp.example.com
-      link_path = http://example.com/aur-clone/x86_64
-      password = ...
-      port = 465
-      receivers = me@example.com
-      sender = me@example.com
-      user = me@example.com
-
-How to generate index page for S3
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-#.
-   Install dependencies:
-
-   .. code-block:: shell
-
-      yay -S --asdeps python-jinja
-
-#.
-   Configure the service:
-
-   .. code-block:: ini
-
-      [report]
-      target = html
-
-      [html]
-      path = /var/lib/ahriman/repository/aur-clone/x86_64/index.html
-      link_path = http://example.com/aur-clone/x86_64
-
-After these steps ``index.html`` file will be automatically synced to S3.
-
-How to post build report to telegram
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-#.
-   It still requires additional dependencies:
-
-   .. code-block:: shell
-
-      yay -S --asdeps python-jinja
-
-#.
-   Register bot in telegram. You can do it by starting chat with `@BotFather <https://t.me/botfather>`__. For more details please refer to `official documentation <https://core.telegram.org/bots>`__.
-
-#.
-   Optionally (if you want to post message in chat):
-
-   #. Create telegram channel.
-   #. Invite your bot into the channel.
-   #. Make your channel public
-
-#.
-   Get chat id if you want to use by numerical id or just use id prefixed with ``@`` (e.g. ``@ahriman``). If you are not using chat the chat id is your user id. If you don't want to make channel public you can use `this guide <https://stackoverflow.com/a/33862907>`__.
-
-#.
-   Configure the service:
-
-   .. code-block:: ini
-
-      [report]
-      target = telegram
-
-      [telegram]
-      api_key = aaAAbbBBccCC
-      chat_id = @ahriman
-      link_path = http://example.com/aur-clone/x86_64
-
-   ``api_key`` is the one sent by `@BotFather <https://t.me/botfather>`__, ``chat_id`` is the value retrieved from previous step.
-
-If you did everything fine you should receive the message with the next update. Quick credentials check can be done by using the following command:
-
-.. code-block:: shell
-
-   curl 'https://api.telegram.org/bot{api_key}/sendMessage?chat_id={chat_id}&text=hello'
-
-(replace ``{chat_id}`` and ``{api_key}`` with the values from configuration).

docs/faq/synchronization.rst

@@ -1,131 +0,0 @@
-Remote synchronization
-----------------------
-
-How to sync repository to another server
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-There are several choices:
-
-#.
-   Easy and cheap, just share your local files through the internet, e.g. for ``nginx``:
-
-   .. code-block::
-
-       server {
-           location / {
-               autoindex on;
-               root /var/lib/ahriman/repository/;
-           }
-       }
-
-#.
-   You can also upload your packages using ``rsync`` to any available server. In order to use it you would need to configure ahriman first:
-
-   .. code-block:: ini
-
-       [upload]
-       target = rsync
-
-       [rsync]
-       remote = 192.168.0.1:/srv/repo
-
-   After that just add ``/srv/repo`` to the ``pacman.conf`` as usual. You can also upload to S3 (``Server = https://s3.eu-central-1.amazonaws.com/repository/aur-clone/x86_64``) or to GitHub (``Server = https://github.com/ahriman/repository/releases/download/aur-clone-x86_64``).
-
-How to sync to S3
-^^^^^^^^^^^^^^^^^
-
-#.
-   Install dependencies:
-
-   .. code-block:: shell
-
-      pacman -S python-boto3
-
-#.
-   Create a bucket (e.g. ``repository``).
-
-#.
-   Create an user with write access to the bucket:
-
-   .. code-block::
-
-       {
-           "Version": "2012-10-17",
-           "Statement": [
-               {
-                   "Sid": "ListObjectsInBucket",
-                   "Effect": "Allow",
-                   "Action": [
-                       "s3:ListBucket"
-                   ],
-                   "Resource": [
-                       "arn:aws:s3:::repository"
-                   ]
-               },
-               {
-                   "Sid": "AllObjectActions",
-                   "Effect": "Allow",
-                   "Action": "s3:*Object",
-                   "Resource": [
-                       "arn:aws:s3:::repository/*"
-                   ]
-               }
-           ]
-       }
-
-#.
-   Create an API key for the user and store it.
-
-#.
-   Configure the service as following:
-
-   .. code-block:: ini
-
-       [upload]
-       target = s3
-
-       [s3]
-       access_key = ...
-       bucket = repository
-       region = eu-central-1
-       secret_key = ...
-
-S3 with SSL
-"""""""""""
-
-In order to configure S3 on custom domain with SSL (and some other features, like redirects), the CloudFront should be used.
-
-#. Configure S3 as described above.
-#. In bucket properties, enable static website hosting with hosting type "Host a static website".
-#. Go to AWS Certificate Manager and create public certificate on your domain. Validate domain as suggested.
-#. Go to CloudFront and create distribution. The following settings are required:
-
-   * Origin domain choose S3 bucket.
-   * Tick use website endpoint.
-   * Disable caching.
-   * Select issued certificate.
-
-#. Point DNS record to CloudFront address.
-
-How to sync to GitHub releases
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-#.
-   Create a repository.
-
-#.
-   `Create API key <https://github.com/settings/tokens>`__ with scope ``public_repo``.
-
-#.
-   Configure the service as following:
-
-   .. code-block:: ini
-
-       [upload]
-       target = github
-
-       [github]
-       owner = ahriman
-       password = ...
-       repository = repository
-       username = ahriman

docs/faq/web.rst

@@ -1,145 +0,0 @@
-Web service
------------
-
-How to setup web service
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-#. 
-   Install dependencies:
-
-   .. code-block:: shell
-
-      yay -S --asdeps python-aiohttp python-aiohttp-jinja2 python-aiohttp-apispec>=3.0.0 python-aiohttp-cors
-
-#. 
-   Configure service:
-
-   .. code-block:: ini
-
-      [web]
-      port = 8080
-
-#. 
-   Start the web service ``systemctl enable --now ahriman-web``.
-
-How to enable basic authorization
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-#. 
-   Install dependencies 😊:
-
-   .. code-block:: shell
-
-      yay -S --asdeps python-aiohttp-security python-aiohttp-session python-cryptography
-
-#. 
-   Configure the service to enable authorization:
-
-   .. code-block:: ini
-
-      [auth]
-      target = configuration
-      salt = somerandomstring
-
-   The ``salt`` parameter is optional, but recommended, and can be set to any (random) string.
-
-#.
-   In order to provide access for reporting from application instances you can (the recommended way) use unix sockets by the following configuration (note, that it requires ``python-requests-unixsocket2`` package to be installed):
-
-   .. code-block:: ini
-
-      [web]
-      unix_socket = /run/ahriman/ahriman-web.sock
-
-   This socket path must be available for web service instance and must be available for all application instances (e.g. in case if you are using docker container - see above - you need to make sure that the socket is passed to the root filesystem).
-
-   By the way, unix socket variable will be automatically set in case if ``--web-unix-socket`` argument is supplied to the ``setup`` subcommand.
-
-   Alternatively, you need to create user for the service:
-
-   .. code-block:: shell
-
-      sudo -u ahriman ahriman user-add -r full api
-
-   This command will ask for the password, just type it in stdin; **do not** leave the field blank, user will not be able to authorize, and finally configure the application:
-
-   .. code-block:: ini
-
-      [status]
-      username = api
-      password = pa55w0rd
-
-#.
-   Create end-user with password:
-
-   .. code-block:: shell
-
-      sudo -u ahriman ahriman user-add -r full my-first-user
-
-#.
-   Restart web service ``systemctl restart ahriman-web``.
-
-Using PAM authentication
-""""""""""""""""""""""""
-
-There is also ability to allow system users to log in. To do so, the following configuration have to be set:
-
-.. code-block:: ini
-
-   [auth]
-   target = pam
-   full_access_group = wheel
-
-With this setup, every user (except root) will be able to log in by using system password. If user belongs to the ``wheel`` group, the full access will be automatically granted. It is also possible to manually add, block user or change user rights via usual user management process.
-
-How to enable OAuth authorization
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-#. 
-   Create OAuth web application, download its ``client_id`` and ``client_secret``.
-
-#.
-   Guess what? Install dependencies:
-
-   .. code-block:: shell
-
-      yay -S --asdeps python-aiohttp-security python-aiohttp-session python-cryptography python-aioauth-client
-
-#. 
-   Configure the service:
-
-   .. code-block:: ini
-
-      [auth]
-      target = oauth
-      client_id = ...
-      client_secret = ...
-
-      [web]
-      address = https://example.com
-
-   Configure ``oauth_provider`` and ``oauth_scopes`` in case if you would like to use different from Google provider. Scope must grant access to user email. ``web.address`` is required to make callback URL available from internet.
-
-#. 
-   If you are not going to use unix socket, you also need to create service user (remember to set ``auth.salt`` option before if required):
-
-   .. code-block:: shell
-
-      sudo -u ahriman ahriman user-add --as-service -r full api
-
-#. 
-   Create end-user:
-
-   .. code-block:: shell
-
-      sudo -u ahriman ahriman user-add -r full my-first-user
-
-   When it will ask for the password leave it blank.
-
-#.
-   Restart web service ``systemctl restart ahriman-web``.
-
-How to implement own interface
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-You can write your own interface by using API which is provided by the web service. Full autogenerated API documentation is available at ``http://localhost:8080/api-docs``.

docs/index.rst

@@ -33,7 +33,7 @@ Contents
    setup
    configuration
    command-line
-   faq/index
+   faq
    migration
    architecture
    advanced-usage

package/archlinux/PKGBUILD

@@ -1,7 +1,7 @@
 # Maintainer: Evgeniy Alekseev
 
 pkgname='ahriman'
-pkgver=2.14.1
+pkgver=2.13.8
 pkgrel=1
 pkgdesc="ArcH linux ReposItory MANager"
 arch=('any')

package/archlinux/ahriman.tmpfiles

@@ -1,2 +1 @@
-d /var/lib/ahriman 0755 ahriman ahriman
-d /run/ahriman 0755 ahriman ahriman
+d /var/lib/ahriman 0755 ahriman ahriman

package/share/ahriman/settings/ahriman.ini

@@ -34,8 +34,6 @@ allow_read_only = yes
 ; Cookie secret key to be used for cookies encryption. Must be valid 32 bytes URL-safe base64-encoded string.
 ; If not set, it will be generated automatically.
 ;cookie_secret_key =
-; Name of the secondary group to be used as admin group in the service.
-;full_access_group = wheel
 ; Authentication cookie expiration in seconds.
 ;max_age = 604800
 ; OAuth2 provider icon for the web interface.
@@ -44,18 +42,12 @@ allow_read_only = yes
 ;oauth_provider = GoogleClient
 ; Scopes list for OAuth2 provider. Required if oauth is used.
 ;oauth_scopes = https://www.googleapis.com/auth/userinfo.email
-; Allow login as root user (only if PAM is used).
-;permit_root_login = no
 ; Optional password salt.
 ;salt =
 
 [build]
-; List of paths to be used for implicit dependency scan
-allowed_scan_paths = /usr/lib
 ; List of additional flags passed to archbuild command.
 ;archbuild_flags =
-; List of paths to be excluded for implicit dependency scan. Usually they should be subpaths of allowed_scan_paths
-blacklisted_scan_paths = /usr/lib/cmake
 ; Path to build command
 ;build_command =
 ; List of packages to be ignored during automatic updates.

package/share/ahriman/templates/build-status/alerts.jinja2

@@ -21,7 +21,7 @@
 
         alertPlaceholder.append(wrapper);
         const toast = new bootstrap.Toast(wrapper);
-        wrapper.addEventListener("hidden.bs.toast", _ => {
+        wrapper.addEventListener("hidden.bs.toast", () => {
             wrapper.remove();  // bootstrap doesn't remove elements
             (action || reload)();
         });

package/share/ahriman/templates/build-status/key-import-modal.jinja2

@@ -87,8 +87,8 @@
         }
     }
 
-    $(_ => {
-        keyImportModal.on("hidden.bs.modal", _ => {
+    $(() => {
+        keyImportModal.on("hidden.bs.modal", () => {
             keyImportBodyInput.text("");
             keyImportForm.trigger("reset");
         });

package/share/ahriman/templates/build-status/login-modal.jinja2

@@ -53,13 +53,10 @@
                 contentType: "application/json",
                 success: _ => {
                     loginModal.modal("hide");
-                    showSuccess("Logged in", `Successfully logged in as ${username}`, _ => location.href = "/");
+                    showSuccess("Logged in", `Successfully logged in as ${username}`, () => location.href = "/");
                 },
                 error: (jqXHR, _, errorThrown) => {
-                    const message = _ =>
-                        username === "admin" && password === "admin"
-                            ? "You've entered a password for user \"root\", did you make a typo in username?"
-                            : `Could not login as ${username}`;
+                    const message = _ => `Could not login as ${username}`;
                     showFailure("Login error", message, jqXHR, errorThrown);
                 },
             });
@@ -78,8 +75,8 @@
         }
     }
 
-    $(_ => {
-        loginModal.on("hidden.bs.modal", _ => {
+    $(() => {
+        loginModal.on("hidden.bs.modal", () => {
             loginForm.trigger("reset");
         });
     });

package/share/ahriman/templates/build-status/package-add-modal.jinja2

@@ -126,18 +126,18 @@
         }
     }
 
-    $(_ => {
-        packageAddModal.on("shown.bs.modal", _ => {
+    $(() => {
+        packageAddModal.on("shown.bs.modal", () => {
             $(`#package-add-repository-input option[value="${repository.architecture}-${repository.repository}"]`).prop("selected", true);
         });
-        packageAddModal.on("hidden.bs.modal", _ => {
+        packageAddModal.on("hidden.bs.modal", () => {
             packageAddVariablesDiv.empty();
             packageAddForm.trigger("reset");
         });
 
-        packageAddInput.keyup(_ => {
+        packageAddInput.keyup(() => {
             clearTimeout(packageAddInput.data("timeout"));
-            packageAddInput.data("timeout", setTimeout($.proxy(_ => {
+            packageAddInput.data("timeout", setTimeout($.proxy(() => {
                 const value = packageAddInput.val();
 
                 if (value.length >= 3) {

package/share/ahriman/templates/build-status/package-info-modal.jinja2

@@ -290,8 +290,8 @@
         if (isPackageBaseSet) packageInfoModal.modal("show");
     }
 
-    $(_ => {
-        packageInfoModal.on("hidden.bs.modal", _ => {
+    $(() => {
+        packageInfoModal.on("hidden.bs.modal", () => {
             packageInfoAurUrl.empty();
             packageInfoDepends.empty();
             packageInfoGroups.empty();

package/share/ahriman/templates/build-status/package-rebuild-modal.jinja2

@@ -50,11 +50,11 @@
         }
     }
 
-    $(_ => {
-        packageRebuildModal.on("shown.bs.modal", _ => {
+    $(() => {
+        packageRebuildModal.on("shown.bs.modal", () => {
             $(`#package-rebuild-repository-input option[value="${repository.architecture}-${repository.repository}"]`).prop("selected", true);
 
         });
-        packageRebuildModal.on("hidden.bs.modal", _ => { packageRebuildForm.trigger("reset"); });
+        packageRebuildModal.on("hidden.bs.modal", () => { packageRebuildForm.trigger("reset"); });
     });
 </script>

package/share/ahriman/templates/build-status/table.jinja2

@@ -182,7 +182,7 @@
         return {classes: cellClass(value)};
     }
 
-    $(_ => {
+    $(() => {
         $("#repositories a").on("click", event => {
             const element = event.target;
             repository = {
@@ -194,7 +194,7 @@
             reload();
         });
 
-        table.on("check.bs.table uncheck.bs.table check-all.bs.table uncheck-all.bs.table", _ => {
+        table.on("check.bs.table uncheck.bs.table check-all.bs.table uncheck-all.bs.table", () => {
             packageRemoveButton.prop("disabled", !table.bootstrapTable("getSelections").length);
         });
         table.on("click-row.bs.table", (self, data, row, cell) => {
@@ -203,7 +203,7 @@
                 table.bootstrapTable(method, {field: "id", values: [data.id]});
             } else showPackageInfo(data.id);
         });
-        table.on("created-controls.bs.table", _ => {
+        table.on("created-controls.bs.table", () => {
             const pickerInput = $(".bootstrap-table-filter-control-timestamp");
             pickerInput.daterangepicker({
                 autoUpdateInput: false,
@@ -217,7 +217,7 @@
                 table.bootstrapTable("triggerSearch");
             });
 
-            pickerInput.on("cancel.daterangepicker", _ => {
+            pickerInput.on("cancel.daterangepicker", () => {
                 pickerInput.val("");
                 table.bootstrapTable("triggerSearch");
             });

package/share/ahriman/templates/repo-index.jinja2

@@ -123,8 +123,8 @@ SigLevel = Database{% if has_repo_signed %}Required{% else %}Never{% endif %} Pa
                 return extractDataList(table.bootstrapTable("getData"), "licenses");
             }
 
-            $(_ => {
-                table.on("created-controls.bs.table", _ => {
+            $(() => {
+                table.on("created-controls.bs.table", () => {
                     const pickerInput = $(".bootstrap-table-filter-control-timestamp");
                     pickerInput.daterangepicker({
                         autoUpdateInput: false,
@@ -138,7 +138,7 @@ SigLevel = Database{% if has_repo_signed %}Required{% else %}Never{% endif %} Pa
                         table.bootstrapTable("triggerSearch");
                     });
 
-                    pickerInput.on("cancel.daterangepicker", _ => {
+                    pickerInput.on("cancel.daterangepicker", () => {
                         pickerInput.val("");
                         table.bootstrapTable("triggerSearch");
                     });

package/share/man/man1/ahriman.1

@@ -1,4 +1,4 @@
-.TH AHRIMAN "1" "2024\-09\-04" "ahriman" "Generated Python Manual"
+.TH AHRIMAN "1" "2024\-05\-12" "ahriman" "Generated Python Manual"
 .SH NAME
 ahriman
 .SH SYNOPSIS
@@ -391,7 +391,7 @@ PKGBUILD variable or function name. If variable is a function, it must end with
 path to file which contains function or variable value. If not set, the value will be read from stdin
 
 .SH COMMAND \fI\,'ahriman patch\-list'\/\fR
-usage: ahriman patch\-list [\-h] [\-e] [\-v VARIABLE] package
+usage: ahriman patch\-list [\-h] [\-e] [\-v VARIABLE] [package]
 
 list available patches for the package
 

package/share/zsh/site-functions/_ahriman

@@ -86,7 +86,7 @@ _shtab_ahriman_options=(
   {-a,--architecture}"[filter by target architecture (default\: None)]:architecture:"
   {-c,--configuration}"[configuration path (default\: \/etc\/ahriman.ini)]:configuration:"
   "--force[force run, remove file lock (default\: False)]"
-  {-l,--lock}"[lock file (default\: ahriman.pid)]:lock:"
+  {-l,--lock}"[lock file (default\: \/tmp\/ahriman.lock)]:lock:"
   "--log-handler[explicit log handler specification. If none set, the handler will be guessed from environment (default\: None)]:log_handler:(console syslog journald)"
   {-q,--quiet}"[force disable any logging (default\: False)]"
   {--report,--no-report}"[force enable or disable reporting to web service (default\: True)]:report:"
@@ -280,7 +280,7 @@ _shtab_ahriman_patch_list_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
   "*"{-v,--variable}"[if set, show only patches for specified PKGBUILD variables (default\: None)]:variable:"
-  ":package base:"
+  ":package base (default\: None):"
 )
 
 _shtab_ahriman_patch_remove_options=(

recipes/README.md

@@ -12,7 +12,6 @@ Collection of the examples of docker compose configuration files, which covers s
 * [Index](index): repository with index page generator enabled.
 * [Multi repo](multirepo): run web service with two separated repositories.
 * [OAuth](oauth): web service with OAuth (GitHub provider) authentication enabled.
-* [PAM](pam): web service with PAM authentication enabled.
 * [Pull](pull): normal service, but in addition with pulling packages from another source (e.g. GitHub repository).
 * [Sign](sign): create repository with database signing.
 * [Web](web): simple web service with authentication enabled.

recipes/pam/README.md

@@ -1,6 +0,0 @@
-# PAM
-
-1. Create system user `demo` with password from `AHRIMAN_PASSWORD` environment variable and group `wheel`.
-2. Setup repository named `ahriman-demo` with architecture `x86_64`.
-3. Start web server at port `8080`.
-4. Repository is available at `http://localhost:8080/repo`.

recipes/pam/compose.yml

@@ -1,63 +0,0 @@
-services:
-  backend:
-    image: arcan1s/ahriman:edge
-    privileged: true
-
-    environment:
-      AHRIMAN_DEBUG: yes
-      AHRIMAN_OUTPUT: console
-      AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
-      AHRIMAN_PORT: 8080
-      AHRIMAN_PRESETUP_COMMAND: useradd -d / -G wheel -M demo; (cat /run/secrets/password; echo; cat /run/secrets/password) | passwd demo
-      AHRIMAN_REPOSITORY: ahriman-demo
-      AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
-
-    configs:
-      - source: service
-        target: /etc/ahriman.ini.d/99-settings.ini
-    secrets:
-      - password
-
-    volumes:
-      - type: volume
-        source: repository
-        target: /var/lib/ahriman
-        volume:
-          nocopy: true
-
-    healthcheck:
-      test: curl --fail --silent --output /dev/null http://backend:8080/api/v1/info
-      interval: 10s
-      start_period: 30s
-
-    command: web
-
-  frontend:
-    image: nginx
-    ports:
-      - 8080:80
-
-    configs:
-      - source: nginx
-        target: /etc/nginx/conf.d/default.conf
-
-    volumes:
-      - type: volume
-        source: repository
-        target: /srv
-        read_only: true
-        volume:
-          nocopy: true
-
-configs:
-  nginx:
-    file: nginx.conf
-  service:
-    file: service.ini
-
-secrets:
-  password:
-    environment: AHRIMAN_PASSWORD
-
-volumes:
-  repository:

recipes/pam/nginx.conf

@@ -1,18 +0,0 @@
-server {
-    listen 80;
-
-    location /repo {
-        rewrite ^/repo/(.*) /$1 break;
-        autoindex on;
-        root /srv/ahriman/repository;
-    }
-
-    location / {
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarder-Proto $scheme;
-
-        proxy_pass http://backend:8080;
-    }
-}

recipes/pam/service.ini

@@ -1,3 +0,0 @@
-[auth]
-target = pam
-full_access_group = wheel

src/ahriman/__init__.py

@@ -17,4 +17,4 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
-__version__ = "2.14.1"
+__version__ = "2.13.8"

src/ahriman/application/ahriman.py

@@ -19,13 +19,14 @@
 #
 # pylint: disable=too-many-lines
 import argparse
+import tempfile
 
 from pathlib import Path
 from typing import TypeVar
 
 from ahriman import __version__
 from ahriman.application import handlers
-from ahriman.core.utils import enum_values, extract_user
+from ahriman.core.util import enum_values, extract_user
 from ahriman.models.action import Action
 from ahriman.models.build_status import BuildStatusEnum
 from ahriman.models.log_handler import LogHandler
@@ -72,7 +73,8 @@ def _parser() -> argparse.ArgumentParser:
     parser.add_argument("-c", "--configuration", help="configuration path", type=Path,
                         default=Path("/") / "etc" / "ahriman.ini")
     parser.add_argument("--force", help="force run, remove file lock", action="store_true")
-    parser.add_argument("-l", "--lock", help="lock file", type=Path, default=Path("ahriman.pid"))
+    parser.add_argument("-l", "--lock", help="lock file", type=Path,
+                        default=Path(tempfile.gettempdir()) / "ahriman.lock")
     parser.add_argument("--log-handler", help="explicit log handler specification. If none set, the handler will be "
                                               "guessed from environment",
                         type=LogHandler, choices=enum_values(LogHandler))
@@ -626,7 +628,8 @@ def _set_repo_daemon_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("-y", "--refresh", help="download fresh package databases from the mirror before actions, "
                                                 "-yy to force refresh even if up to date",
                         action="count", default=False)
-    parser.set_defaults(handler=handlers.Daemon, exit_code=False, lock=Path("ahriman-daemon.pid"), package=[])
+    parser.set_defaults(handler=handlers.Daemon, exit_code=False,
+                        lock=Path(tempfile.gettempdir()) / "ahriman-daemon.lock", package=[])
     return parser
 
 
@@ -877,7 +880,7 @@ def _set_service_clean_parser(root: SubParserAction) -> argparse.ArgumentParser:
                         action=argparse.BooleanOptionalAction, default=False)
     parser.add_argument("--pacman", help="clear directory with pacman local database cache",
                         action=argparse.BooleanOptionalAction, default=False)
-    parser.set_defaults(handler=handlers.Clean, lock=None, quiet=True, unsafe=True)
+    parser.set_defaults(handler=handlers.Clean, quiet=True, unsafe=True)
     return parser
 
 
@@ -1136,8 +1139,8 @@ def _set_web_parser(root: SubParserAction) -> argparse.ArgumentParser:
         argparse.ArgumentParser: created argument parser
     """
     parser = root.add_parser("web", help="web server", description="start web server", formatter_class=_formatter)
-    parser.set_defaults(handler=handlers.Web, architecture="", lock=Path("ahriman-web.pid"), report=False,
-                        repository="", parser=_parser)
+    parser.set_defaults(handler=handlers.Web, architecture="", lock=Path(tempfile.gettempdir()) / "ahriman-web.lock",
+                        report=False, repository="", parser=_parser)
     return parser
 
 

src/ahriman/application/application/application_packages.py

@@ -27,7 +27,7 @@ from typing import Any
 from ahriman.application.application.application_properties import ApplicationProperties
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.exceptions import UnknownPackageError
-from ahriman.core.utils import package_like
+from ahriman.core.util import package_like
 from ahriman.models.package import Package
 from ahriman.models.package_source import PackageSource
 from ahriman.models.result import Result

src/ahriman/application/handlers/patch.py

@@ -98,7 +98,6 @@ class Patch(Handler):
             PkgbuildPatch: created patch for the PKGBUILD function
         """
         if patch_path is None:
-            # pylint: disable=bad-builtin
             print("Post new function or variable value below. Press Ctrl-D to finish:", file=sys.stderr)
             patch = "".join(list(sys.stdin))
         else:

src/ahriman/application/handlers/search.py

@@ -43,7 +43,7 @@ class Search(Handler):
     SORT_FIELDS = {
         field.name
         for field in fields(AURPackage)
-        if field.default_factory is not list
+        if field.default_factory is not list  # type: ignore[comparison-overlap]
     }
 
     @classmethod

src/ahriman/application/handlers/update.py

@@ -77,5 +77,5 @@ class Update(Handler):
             Callable[[str], None]: in case if dry_run is set it will return print, logger otherwise
         """
         def inner(line: str) -> None:
-            return print(line) if dry_run else application.logger.info(line)  # pylint: disable=bad-builtin
+            return print(line) if dry_run else application.logger.info(line)
         return inner

src/ahriman/application/lock.py

@@ -18,10 +18,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import argparse
-import fcntl
-import os
 
-from io import TextIOWrapper
 from pathlib import Path
 from types import TracebackType
 from typing import Literal, Self
@@ -31,7 +28,7 @@ from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import DuplicateRunError
 from ahriman.core.log import LazyLogging
 from ahriman.core.status import Client
-from ahriman.core.utils import check_user
+from ahriman.core.util import check_user
 from ahriman.models.build_status import BuildStatusEnum
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.waiter import Waiter
@@ -39,7 +36,7 @@ from ahriman.models.waiter import Waiter
 
 class Lock(LazyLogging):
     """
-    wrapper for application lock file. Credits for idea to https://github.com/bmhatfield/python-pidfile.git
+    wrapper for application lock file
 
     Attributes:
         force(bool): remove lock file on start if any
@@ -73,15 +70,8 @@ class Lock(LazyLogging):
             repository_id(RepositoryId): repository unique identifier
             configuration(Configuration): configuration instance
         """
-        self.path: Path | None = None
-        if args.lock is not None:
-            self.path = args.lock
-            if not repository_id.is_empty:
-                self.path = self.path.with_stem(f"{args.lock.stem}_{repository_id.id}")
-            if not self.path.is_absolute():
-                # prepend full path to the lock file
-                self.path = Path("/") / "run" / "ahriman" / self.path
-        self._pid_file: TextIOWrapper | None = None
+        self.path: Path | None = \
+            args.lock.with_stem(f"{args.lock.stem}_{repository_id.id}") if args.lock is not None else None
 
         self.force: bool = args.force
         self.unsafe: bool = args.unsafe
@@ -90,72 +80,6 @@ class Lock(LazyLogging):
         self.paths = configuration.repository_paths
         self.reporter = Client.load(repository_id, configuration, report=args.report)
 
-    @staticmethod
-    def perform_lock(fd: int) -> bool:
-        """
-        perform file lock
-
-        Args:
-            fd(int): file descriptor:
-
-        Returns:
-            bool: True in case if file is locked and False otherwise
-        """
-        try:
-            fcntl.flock(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
-        except OSError:
-            return False
-
-        return True
-
-    def _open(self) -> None:
-        """
-        create lock file
-        """
-        if self.path is None:
-            return
-        self._pid_file = self.path.open("a+")
-
-    def _watch(self) -> bool:
-        """
-        watch until lock disappear
-
-        Returns:
-            bool: True in case if file is locked and False otherwise
-        """
-        # there are reasons why we are not using inotify here. First of all, if we would use it, it would bring to
-        # race conditions because multiple processes will be notified at the same time. Secondly, it is good library,
-        # but platform-specific, and we only need to check if file exists
-        if self._pid_file is None:
-            return False
-
-        waiter = Waiter(self.wait_timeout)
-        return bool(waiter.wait(lambda fd: not self.perform_lock(fd), self._pid_file.fileno()))
-
-    def _write(self, *, is_locked: bool = False) -> None:
-        """
-        write pid to the lock file
-
-        Args:
-            is_locked(bool, optional): indicates if file was already locked or not (Default value = False)
-
-        Raises:
-            DuplicateRunError: if it cannot lock PID file
-        """
-        if self._pid_file is None:
-            return
-        if not is_locked:
-            if not self.perform_lock(self._pid_file.fileno()):
-                raise DuplicateRunError
-
-        self._pid_file.seek(0)  # reset position and remove file content if any
-        self._pid_file.truncate()
-
-        self._pid_file.write(str(os.getpid()))  # write current pid
-        self._pid_file.flush()  # flush data to disk
-
-        self._pid_file.seek(0)  # reset position again
-
     def check_user(self) -> None:
         """
         check if current user is actually owner of ahriman root
@@ -176,33 +100,46 @@ class Lock(LazyLogging):
         """
         remove lock file
         """
-        if self._pid_file is not None:  # close file descriptor
-            try:
-                self._pid_file.close()
-            except IOError:
-                pass  # suppress any IO errors occur
-        if self.path is not None:  # remove lock file
-            self.path.unlink(missing_ok=True)
+        if self.path is None:
+            return
+        self.path.unlink(missing_ok=True)
 
-    def lock(self) -> None:
+    def create(self) -> None:
         """
-        create pid file
+        create lock file
+
+        Raises:
+            DuplicateRunError: if lock exists and no force flag supplied
         """
-        if self.force:  # remove lock if force flag is set
-            self.clear()
-        self._open()
-        is_locked = self._watch()
-        self._write(is_locked=is_locked)
+        if self.path is None:
+            return
+        try:
+            self.path.touch(exist_ok=self.force)
+        except FileExistsError:
+            raise DuplicateRunError from None
+
+    def watch(self) -> None:
+        """
+        watch until lock disappear
+        """
+        # there are reasons why we are not using inotify here. First of all, if we would use it, it would bring to
+        # race conditions because multiple processes will be notified in the same time. Secondly, it is good library,
+        # but platform-specific, and we only need to check if file exists
+        if self.path is None:
+            return
+
+        waiter = Waiter(self.wait_timeout)
+        waiter.wait(self.path.is_file)
 
     def __enter__(self) -> Self:
         """
         default workflow is the following:
 
             #. Check user UID
+            #. Check if there is lock file
             #. Check web status watcher status
-            #. Open lock file
             #. Wait for lock file to be free
-            #. Write current PID to the lock file
+            #. Create lock file and directory tree
             #. Report to status page if enabled
 
         Returns:
@@ -210,7 +147,8 @@ class Lock(LazyLogging):
         """
         self.check_user()
         self.check_version()
-        self.lock()
+        self.watch()
+        self.create()
         self.reporter.status_update(BuildStatusEnum.Building)
         return self
 

src/ahriman/core/alpm/pacman.py

@@ -17,7 +17,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
-import itertools
 import shutil
 import tarfile
 
@@ -30,7 +29,7 @@ from string import Template
 from ahriman.core.alpm.pacman_database import PacmanDatabase
 from ahriman.core.configuration import Configuration
 from ahriman.core.log import LazyLogging
-from ahriman.core.utils import trim_package
+from ahriman.core.util import trim_package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 from ahriman.models.repository_id import RepositoryId
 
@@ -43,7 +42,7 @@ class Pacman(LazyLogging):
         configuration(Configuration): configuration instance
         refresh_database(PacmanSynchronization): synchronize local cache to remote
         repository_id(RepositoryId): repository unique identifier
-        repository_paths(RepositoryPaths): repository paths instance
+        repository_path(RepositoryPaths): repository paths instance
     """
 
     def __init__(self, repository_id: RepositoryId, configuration: Configuration, *,
@@ -178,48 +177,37 @@ class Pacman(LazyLogging):
             PacmanDatabase(database, self.configuration).sync(force=force)
         transaction.release()
 
-    def files(self, packages: Iterable[str]) -> dict[str, set[str]]:
+    def files(self, packages: Iterable[str] | None = None) -> dict[str, set[str]]:
         """
         extract list of known packages from the databases
 
         Args:
-            packages(Iterable[str]): filter by package names
+            packages(Iterable[str] | None, optional): filter by package names (Default value = None)
 
         Returns:
             dict[str, set[str]]: map of package name to its list of files
         """
-        def extract(tar: tarfile.TarFile, versions: dict[str, str]) -> Generator[tuple[str, set[str]], None, None]:
-            for package_name, version in versions.items():
-                path = Path(f"{package_name}-{version}") / "files"
-                try:
-                    content = tar.extractfile(str(path))
-                except KeyError:
-                    # in case if database and its files has been desync somehow, the extractfile will raise
-                    # KeyError because the entry doesn't exist
-                    content = None
+        packages = packages or []
+
+        def extract(tar: tarfile.TarFile) -> Generator[tuple[str, set[str]], None, None]:
+            for descriptor in filter(lambda info: info.path.endswith("/files"), tar.getmembers()):
+                package, *_ = str(Path(descriptor.path).parent).rsplit("-", 2)
+                if packages and package not in packages:
+                    continue  # skip unused packages
+                content = tar.extractfile(descriptor)
                 if content is None:
                     continue
+                files = {filename.decode("utf8").rstrip() for filename in content.readlines()}
 
-                # this is just array of files, however, the directories are with trailing slash,
-                # which previously has been removed by the conversion to ``pathlib.Path``
-                files = {filename.decode("utf8").rstrip().removesuffix("/") for filename in content.readlines()}
-                yield package_name, files
-
-        # sort is required for the following group by operation
-        descriptors = sorted(
-            (package for package_name in packages for package in self.package(package_name)),
-            key=lambda package: package.db.name
-        )
+                yield package, files
 
         result: dict[str, set[str]] = {}
-        for database_name, pacman_packages in itertools.groupby(descriptors, lambda package: package.db.name):
-            database_file = self.repository_paths.pacman / "sync" / f"{database_name}.files.tar.gz"
+        for database in self.handle.get_syncdbs():
+            database_file = self.repository_paths.pacman / "sync" / f"{database.name}.files.tar.gz"
             if not database_file.is_file():
                 continue  # no database file found
-
-            package_names = {package.name: package.version for package in pacman_packages}
             with tarfile.open(database_file, "r:gz") as archive:
-                result.update(extract(archive, package_names))
+                result.update(extract(archive))
 
         return result
 

src/ahriman/core/alpm/pacman_database.py

@@ -59,8 +59,7 @@ class PacmanDatabase(SyncHttpClient):
 
         self.sync_files_database = configuration.getboolean("alpm", "sync_files_database")
 
-    @staticmethod
-    def copy(remote_path: Path, local_path: Path) -> None:
+    def copy(self, remote_path: Path, local_path: Path) -> None:
         """
         copy local database file
 

src/ahriman/core/alpm/repo.py

@@ -21,7 +21,7 @@ from pathlib import Path
 
 from ahriman.core.exceptions import BuildError
 from ahriman.core.log import LazyLogging
-from ahriman.core.utils import check_output
+from ahriman.core.util import check_output
 from ahriman.models.repository_paths import RepositoryPaths
 
 

src/ahriman/core/auth/auth.py

@@ -81,18 +81,15 @@ class Auth(LazyLogging):
             case AuthSettings.OAuth:
                 from ahriman.core.auth.oauth import OAuth
                 return OAuth(configuration, database)
-            case AuthSettings.PAM:
-                from ahriman.core.auth.pam import PAM
-                return PAM(configuration, database)
             case _:
                 return Auth(configuration)
 
-    async def check_credentials(self, username: str, password: str | None) -> bool:
+    async def check_credentials(self, username: str | None, password: str | None) -> bool:
         """
         validate user password
 
         Args:
-            username(str): username
+            username(str | None): username
             password(str | None): entered password
 
         Returns:
@@ -101,12 +98,12 @@ class Auth(LazyLogging):
         del username, password
         return True
 
-    async def known_username(self, username: str) -> bool:
+    async def known_username(self, username: str | None) -> bool:
         """
         check if user is known
 
         Args:
-            username(str): username
+            username(str | None): username
 
         Returns:
             bool: True in case if user is known and can be authorized and False otherwise

src/ahriman/core/auth/mapping.py

@@ -48,18 +48,18 @@ class Mapping(Auth):
         self.database = database
         self.salt = configuration.get("auth", "salt", fallback="")
 
-    async def check_credentials(self, username: str, password: str | None) -> bool:
+    async def check_credentials(self, username: str | None, password: str | None) -> bool:
         """
         validate user password
 
         Args:
-            username(str): username
+            username(str | None): username
             password(str | None): entered password
 
         Returns:
             bool: True in case if password matches, False otherwise
         """
-        if password is None:
+        if username is None or password is None:
             return False  # invalid data supplied
         user = self.get_user(username)
         return user is not None and user.check_credentials(password, self.salt)
@@ -76,12 +76,12 @@ class Mapping(Auth):
         """
         return self.database.user_get(username)
 
-    async def known_username(self, username: str) -> bool:
+    async def known_username(self, username: str | None) -> bool:
         """
         check if user is known
 
         Args:
-            username(str): username
+            username(str | None): username
 
         Returns:
             bool: True in case if user is known and can be authorized and False otherwise

src/ahriman/core/auth/pam.py

@@ -1,131 +0,0 @@
-#
-# Copyright (c) 2021-2024 ahriman team.
-#
-# This file is part of ahriman
-# (see https://github.com/arcan1s/ahriman).
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-from grp import getgrnam
-from pwd import getpwnam
-
-from ahriman.core.auth.mapping import Mapping
-from ahriman.core.configuration import Configuration
-from ahriman.core.database import SQLite
-from ahriman.core.exceptions import CalledProcessError
-from ahriman.core.utils import check_output
-from ahriman.models.auth_settings import AuthSettings
-from ahriman.models.user_access import UserAccess
-
-
-class PAM(Mapping):
-    """
-    User authorization implementation by using default PAM
-
-    Attributes:
-        full_access_group(str): group name users of which have full access
-        permit_root_login(bool): permit login as root
-    """
-
-    def __init__(self, configuration: Configuration, database: SQLite,
-                 provider: AuthSettings = AuthSettings.PAM) -> None:
-        """
-        default constructor
-
-        Args:
-            configuration(Configuration): configuration instance
-            database(SQLite): database instance
-            provider(AuthSettings, optional): authorization type definition (Default value = AuthSettings.PAM)
-        """
-        Mapping.__init__(self, configuration, database, provider)
-        self.full_access_group = configuration.get("auth", "full_access_group")
-        self.permit_root_login = configuration.getboolean("auth", "permit_root_login", fallback=False)
-
-    @staticmethod
-    def group_members(group_name: str) -> list[str]:
-        """
-        extract current group members
-
-        Args:
-            group_name(str): group name
-
-        Returns:
-            list[str]: list of users which belong to the specified group. In case if group wasn't found, the empty list
-            will be returned
-        """
-        try:
-            group = getgrnam(group_name)
-        except KeyError:
-            return []
-        return group.gr_mem
-
-    async def check_credentials(self, username: str, password: str | None) -> bool:
-        """
-        validate user password
-
-        Args:
-            username(str): username
-            password(str | None): entered password
-
-        Returns:
-            bool: True in case if password matches, False otherwise
-        """
-        if password is None:
-            return False  # invalid data supplied
-        if not self.permit_root_login and username == "root":
-            return False  # login as root is not allowed
-        # the reason why do we call su here is that python-pam actually read shadow file
-        # and hence requires root privileges
-        try:
-            check_output("su", "--command", "true", "-", username, input_data=password)
-            return True
-        except CalledProcessError:
-            return await Mapping.check_credentials(self, username, password)
-
-    async def known_username(self, username: str) -> bool:
-        """
-        check if user is known
-
-        Args:
-            username(str): username
-
-        Returns:
-            bool: True in case if user is known and can be authorized and False otherwise
-        """
-        try:
-            _ = getpwnam(username)
-            return True
-        except KeyError:
-            return await Mapping.known_username(self, username)
-
-    async def verify_access(self, username: str, required: UserAccess, context: str | None) -> bool:
-        """
-        validate if user has access to requested resource
-
-        Args:
-            username(str): username
-            required(UserAccess): required access level
-            context(str | None): URI request path
-
-        Returns:
-            bool: True in case if user is allowed to do this request and False otherwise
-        """
-        # this method is basically inverted, first we check overrides in database and then fallback to the PAM logic
-        if (user := self.get_user(username)) is not None:
-            return user.verify_access(required)
-        # if username is in admin group, then we treat it as full access
-        if username in self.group_members(self.full_access_group):
-            return UserAccess.Full.permits(required)
-        # fallback to read-only accounts
-        return UserAccess.Read.permits(required)

src/ahriman/core/build_tools/sources.py

@@ -19,12 +19,11 @@
 #
 import shutil
 
-from collections.abc import Generator
 from pathlib import Path
 
 from ahriman.core.exceptions import CalledProcessError
 from ahriman.core.log import LazyLogging
-from ahriman.core.utils import check_output, utcnow, walk
+from ahriman.core.util import check_output, utcnow, walk
 from ahriman.models.package import Package
 from ahriman.models.pkgbuild_patch import PkgbuildPatch
 from ahriman.models.remote_source import RemoteSource
@@ -39,14 +38,10 @@ class Sources(LazyLogging):
         DEFAULT_BRANCH(str): (class attribute) default branch to process git repositories.
             Must be used only for local stored repositories, use RemoteSource descriptor instead for real packages
         DEFAULT_COMMIT_AUTHOR(tuple[str, str]): (class attribute) default commit author to be used if none set
-        GITCONFIG(dict[str, str]): (class attribute) git config options to suppress annoying hints
     """
 
     DEFAULT_BRANCH = "master"  # default fallback branch
     DEFAULT_COMMIT_AUTHOR = ("ahriman", "ahriman@localhost")
-    GITCONFIG = {
-        "init.defaultBranch": DEFAULT_BRANCH,
-    }
 
     @staticmethod
     def changes(source_dir: Path, last_commit_sha: str | None) -> str | None:
@@ -111,15 +106,15 @@ class Sources(LazyLogging):
             instance.fetch_until(sources_dir, branch=branch)
         elif remote.git_url is not None:
             instance.logger.info("clone remote %s to %s using branch %s", remote.git_url, sources_dir, branch)
-            check_output(*instance.git(), "clone", "--quiet", "--depth", "1", "--branch", branch, "--single-branch",
+            check_output("git", "clone", "--quiet", "--depth", "1", "--branch", branch, "--single-branch",
                          remote.git_url, str(sources_dir), cwd=sources_dir.parent, logger=instance.logger)
         else:
             # it will cause an exception later
             instance.logger.error("%s is not initialized, but no remote provided", sources_dir)
 
         # and now force reset to our branch
-        check_output(*instance.git(), "checkout", "--force", branch, cwd=sources_dir, logger=instance.logger)
-        check_output(*instance.git(), "reset", "--quiet", "--hard", f"origin/{branch}",
+        check_output("git", "checkout", "--force", branch, cwd=sources_dir, logger=instance.logger)
+        check_output("git", "reset", "--quiet", "--hard", f"origin/{branch}",
                      cwd=sources_dir, logger=instance.logger)
 
         # move content if required
@@ -141,7 +136,7 @@ class Sources(LazyLogging):
             bool: True in case if there is any remote and false otherwise
         """
         instance = Sources()
-        remotes = check_output(*instance.git(), "remote", cwd=sources_dir, logger=instance.logger)
+        remotes = check_output("git", "remote", cwd=sources_dir, logger=instance.logger)
         return bool(remotes)
 
     @staticmethod
@@ -155,7 +150,7 @@ class Sources(LazyLogging):
         instance = Sources()
         if not (sources_dir / ".git").is_dir():
             # skip initializing in case if it was already
-            check_output(*instance.git(), "init", "--quiet", "--initial-branch", instance.DEFAULT_BRANCH,
+            check_output("git", "init", "--quiet", "--initial-branch", instance.DEFAULT_BRANCH,
                          cwd=sources_dir, logger=instance.logger)
 
         # extract local files...
@@ -225,7 +220,7 @@ class Sources(LazyLogging):
             return  # no changes to push, just skip action
 
         git_url, branch = remote.git_source()
-        check_output(*instance.git(), "push", "--quiet", git_url, branch, cwd=sources_dir, logger=instance.logger)
+        check_output("git", "push", "--quiet", git_url, branch, cwd=sources_dir, logger=instance.logger)
 
     def add(self, sources_dir: Path, *pattern: str, intent_to_add: bool = False) -> None:
         """
@@ -246,7 +241,7 @@ class Sources(LazyLogging):
         self.logger.info("found matching files %s", found_files)
         # add them to index
         args = ["--intent-to-add"] if intent_to_add else []
-        check_output(*self.git(), "add", *args, *[str(fn.relative_to(sources_dir)) for fn in found_files],
+        check_output("git", "add", *args, *[str(fn.relative_to(sources_dir)) for fn in found_files],
                      cwd=sources_dir, logger=self.logger)
 
     def commit(self, sources_dir: Path, message: str | None = None,
@@ -269,16 +264,15 @@ class Sources(LazyLogging):
         if message is None:
             message = f"Autogenerated commit at {utcnow()}"
         args = ["--message", message]
+        environment: dict[str, str] = {}
 
         if commit_author is None:
             commit_author = self.DEFAULT_COMMIT_AUTHOR
         user, email = commit_author
-        gitconfig = {
-            "user.email": email,
-            "user.name": user,
-        }
+        environment["GIT_AUTHOR_NAME"] = environment["GIT_COMMITTER_NAME"] = user
+        environment["GIT_AUTHOR_EMAIL"] = environment["GIT_COMMITTER_EMAIL"] = email
 
-        check_output(*self.git(gitconfig), "commit", "--quiet", *args, cwd=sources_dir, logger=self.logger)
+        check_output("git", "commit", "--quiet", *args, cwd=sources_dir, logger=self.logger, environment=environment)
 
         return True
 
@@ -296,7 +290,7 @@ class Sources(LazyLogging):
         args = []
         if sha is not None:
             args.append(sha)
-        return check_output(*self.git(), "diff", *args, cwd=sources_dir, logger=self.logger)
+        return check_output("git", "diff", *args, cwd=sources_dir, logger=self.logger)
 
     def fetch_until(self, sources_dir: Path, *, branch: str | None = None, commit_sha: str | None = None) -> None:
         """
@@ -312,37 +306,18 @@ class Sources(LazyLogging):
 
         commits_count = 1
         while commit_sha is not None:
-            command = self.git() + ["fetch", "--quiet", "--depth", str(commits_count)]
+            command = ["git", "fetch", "--quiet", "--depth", str(commits_count)]
             if branch is not None:
                 command += ["origin", branch]
             check_output(*command, cwd=sources_dir, logger=self.logger)  # fetch one more level
 
             try:
                 # check if there is an object in current git directory
-                check_output(*self.git(), "cat-file", "-e", commit_sha, cwd=sources_dir, logger=self.logger)
+                check_output("git", "cat-file", "-e", commit_sha, cwd=sources_dir, logger=self.logger)
                 commit_sha = None  # reset search
             except CalledProcessError:
                 commits_count += 1  # increase depth
 
-    def git(self, gitconfig: dict[str, str] | None = None) -> list[str]:
-        """
-        git command prefix
-
-        Args:
-            gitconfig(dict[str, str] | None, optional): additional git config flags if any (Default value = None)
-
-        Returns:
-            list[str]: git command prefix with valid default flags
-        """
-        gitconfig = gitconfig or {}
-
-        def configuration_flags() -> Generator[str, None, None]:
-            for option, value in (self.GITCONFIG | gitconfig).items():
-                yield "-c"
-                yield f"{option}=\"{value}\""
-
-        return ["git"] + list(configuration_flags())
-
     def has_changes(self, sources_dir: Path) -> bool:
         """
         check if there are changes in current git tree
@@ -354,7 +329,7 @@ class Sources(LazyLogging):
             bool: True if there are uncommitted changes and False otherwise
         """
         # there is --exit-code argument to diff, however, there might be other process errors
-        changes = check_output(*self.git(), "diff", "--cached", "--name-only", cwd=sources_dir, logger=self.logger)
+        changes = check_output("git", "diff", "--cached", "--name-only", cwd=sources_dir, logger=self.logger)
         return bool(changes)
 
     def head(self, sources_dir: Path, ref_name: str = "HEAD") -> str:
@@ -369,7 +344,7 @@ class Sources(LazyLogging):
             str: HEAD commit hash
         """
         # we might want to parse git files instead though
-        return check_output(*self.git(), "rev-parse", ref_name, cwd=sources_dir, logger=self.logger)
+        return check_output("git", "rev-parse", ref_name, cwd=sources_dir, logger=self.logger)
 
     def move(self, pkgbuild_dir: Path, sources_dir: Path) -> None:
         """
@@ -397,7 +372,7 @@ class Sources(LazyLogging):
         # create patch
         self.logger.info("apply patch %s from database at %s", patch.key, sources_dir)
         if patch.is_plain_diff:
-            check_output(*self.git(), "apply", "--ignore-space-change", "--ignore-whitespace",
+            check_output("git", "apply", "--ignore-space-change", "--ignore-whitespace",
                          cwd=sources_dir, input_data=patch.serialize(), logger=self.logger)
         else:
             patch.write(sources_dir / "PKGBUILD")

src/ahriman/core/build_tools/task.py

@@ -23,7 +23,7 @@ from ahriman.core.build_tools.sources import Sources
 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import BuildError
 from ahriman.core.log import LazyLogging
-from ahriman.core.utils import check_output
+from ahriman.core.util import check_output
 from ahriman.models.package import Package
 from ahriman.models.pkgbuild_patch import PkgbuildPatch
 from ahriman.models.repository_paths import RepositoryPaths

src/ahriman/core/configuration/schema.py

@@ -115,7 +115,6 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                         "oauth_provider",
                         "oauth_scopes",
                     ]},
-                    {"allowed": ["pam"], "dependencies": ["full_access_group"]},
                 ],
             },
             "allow_read_only": {
@@ -136,10 +135,6 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                 "minlength": 32,
                 "maxlength": 64,  # we cannot verify maxlength, because base64 representation might be longer than bytes
             },
-            "full_access_group": {
-                "type": "string",
-                "empty": False,
-            },
             "max_age": {
                 "type": "integer",
                 "coerce": "integer",
@@ -157,10 +152,6 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                 "type": "string",
                 "empty": False,
             },
-            "permit_root_login": {
-                "type": "boolean",
-                "coerce": "boolean",
-            },
             "salt": {
                 "type": "string",
             },
@@ -169,14 +160,6 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
     "build": {
         "type": "dict",
         "schema": {
-            "allowed_scan_paths": {
-                "type": "list",
-                "coerce": "list",
-                "schema": {
-                    "type": "path",
-                    "coerce": "absolute_path",
-                },
-            },
             "archbuild_flags": {
                 "type": "list",
                 "coerce": "list",
@@ -185,14 +168,6 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                     "empty": False,
                 },
             },
-            "blacklisted_scan_paths": {
-                "type": "list",
-                "coerce": "list",
-                "schema": {
-                    "type": "path",
-                    "coerce": "absolute_path",
-                },
-            },
             "build_command": {
                 "type": "string",
                 "required": True,

src/ahriman/core/database/migrations/m005_make_opt_depends.py

@@ -21,7 +21,7 @@ from sqlite3 import Connection
 
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.configuration import Configuration
-from ahriman.core.utils import package_like
+from ahriman.core.util import package_like
 from ahriman.models.package import Package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 

src/ahriman/core/database/migrations/m007_check_depends.py

@@ -21,7 +21,7 @@ from sqlite3 import Connection
 
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.configuration import Configuration
-from ahriman.core.utils import package_like
+from ahriman.core.util import package_like
 from ahriman.models.package import Package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 

src/ahriman/core/database/migrations/m008_packagers.py

@@ -21,7 +21,7 @@ from sqlite3 import Connection
 
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.configuration import Configuration
-from ahriman.core.utils import package_like
+from ahriman.core.util import package_like
 from ahriman.models.package import Package
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 

src/ahriman/core/database/sqlite.py

@@ -27,7 +27,6 @@ from ahriman.core.configuration import Configuration
 from ahriman.core.database.migrations import Migrations
 from ahriman.core.database.operations import AuthOperations, BuildOperations, ChangesOperations, \
     DependenciesOperations, LogsOperations, PackageOperations, PatchOperations
-from ahriman.models.repository_id import RepositoryId
 
 
 # pylint: disable=too-many-ancestors
@@ -103,26 +102,23 @@ class SQLite(
             self.with_connection(lambda connection: Migrations.migrate(connection, configuration))
         paths.chown(self.path)
 
-    def package_clear(self, package_base: str, repository_id: RepositoryId | None = None) -> None:
+    def package_clear(self, package_base: str) -> None:
         """
         completely remove package from all tables
 
         Args:
             package_base(str): package base to remove
-            repository_id(RepositoryId, optional): repository unique identifier override (Default value = None)
 
         Examples:
             This method completely removes the package from all tables and must be used, e.g. on package removal::
 
             >>> database.package_clear("ahriman")
         """
-        self.build_queue_clear(package_base, repository_id)
-        self.patches_remove(package_base, None)
-        self.logs_remove(package_base, None, repository_id)
-        self.changes_remove(package_base, repository_id)
-        self.dependencies_remove(package_base, repository_id)
-
-        self.package_remove(package_base, repository_id)
+        self.build_queue_clear(package_base)
+        self.patches_remove(package_base, [])
+        self.logs_remove(package_base, None)
+        self.changes_remove(package_base)
+        self.dependencies_remove(package_base)
 
         # remove local cache too
         self._repository_paths.tree_clear(package_base)

src/ahriman/core/formatters/aur_printer.py

@@ -18,7 +18,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 from ahriman.core.formatters.string_printer import StringPrinter
-from ahriman.core.utils import pretty_datetime
+from ahriman.core.util import pretty_datetime
 from ahriman.models.aur_package import AURPackage
 from ahriman.models.property import Property
 

src/ahriman/core/formatters/update_printer.py

@@ -18,7 +18,6 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 from ahriman.core.formatters.string_printer import StringPrinter
-from ahriman.core.utils import full_version, parse_version
 from ahriman.models.package import Package
 from ahriman.models.property import Property
 
@@ -42,7 +41,7 @@ class UpdatePrinter(StringPrinter):
         """
         StringPrinter.__init__(self, remote.base)
         self.package = remote
-        self.local_version = local_version
+        self.local_version = local_version or "N/A"
 
     def properties(self) -> list[Property]:
         """
@@ -51,9 +50,4 @@ class UpdatePrinter(StringPrinter):
         Returns:
             list[Property]: list of content properties
         """
-        if (pkgrel := self.package.next_pkgrel(self.local_version)) is not None:
-            epoch, pkgver, _ = parse_version(self.package.version)
-            effective_new_version = full_version(epoch, pkgver, pkgrel)
-        else:
-            effective_new_version = self.package.version
-        return [Property(self.local_version or "N/A", effective_new_version, is_required=True)]
+        return [Property(self.local_version, self.package.version, is_required=True)]

src/ahriman/core/gitremote/remote_pull.py

@@ -26,7 +26,7 @@ from ahriman.core.build_tools.sources import Sources
 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import GitRemoteError
 from ahriman.core.log import LazyLogging
-from ahriman.core.utils import walk
+from ahriman.core.util import walk
 from ahriman.models.package import Package
 from ahriman.models.package_source import PackageSource
 from ahriman.models.remote_source import RemoteSource

src/ahriman/core/http/sync_ahriman_client.py

@@ -46,8 +46,8 @@ class SyncAhrimanClient(SyncHttpClient):
             request.Session: created session object
         """
         if urlparse(self.address).scheme == "http+unix":
-            import requests_unixsocket
-            session: requests.Session = requests_unixsocket.Session()  # type: ignore[no-untyped-call]
+            import requests_unixsocket  # type: ignore[import-untyped]
+            session: requests.Session = requests_unixsocket.Session()
             session.headers["User-Agent"] = f"ahriman/{__version__}"
             return session
 

src/ahriman/core/report/email.py

@@ -25,7 +25,7 @@ from email.mime.text import MIMEText
 from ahriman.core.configuration import Configuration
 from ahriman.core.report.jinja_template import JinjaTemplate
 from ahriman.core.report.report import Report
-from ahriman.core.utils import pretty_datetime, utcnow
+from ahriman.core.util import pretty_datetime, utcnow
 from ahriman.models.package import Package
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.result import Result

src/ahriman/core/report/jinja_template.py

@@ -24,7 +24,7 @@ from pathlib import Path
 
 from ahriman.core.configuration import Configuration
 from ahriman.core.sign.gpg import GPG
-from ahriman.core.utils import pretty_datetime, pretty_size
+from ahriman.core.util import pretty_datetime, pretty_size
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.result import Result
 from ahriman.models.sign_settings import SignSettings

src/ahriman/core/repository/executor.py

@@ -26,7 +26,7 @@ from tempfile import TemporaryDirectory
 from ahriman.core.build_tools.task import Task
 from ahriman.core.repository.cleaner import Cleaner
 from ahriman.core.repository.package_info import PackageInfo
-from ahriman.core.utils import safe_filename
+from ahriman.core.util import safe_filename
 from ahriman.models.changes import Changes
 from ahriman.models.package import Package
 from ahriman.models.package_archive import PackageArchive
@@ -80,8 +80,7 @@ class Executor(PackageInfo, Cleaner):
                     # clear changes and update commit hash
                     self.reporter.package_changes_update(single.base, Changes(last_commit_sha))
                     # update dependencies list
-                    package_archive = PackageArchive(self.paths.build_directory, single, self.pacman, self.scan_paths)
-                    dependencies = package_archive.depends_on()
+                    dependencies = PackageArchive(self.paths.build_directory, single, self.pacman).depends_on()
                     self.reporter.package_dependencies_update(single.base, dependencies)
                     # update result set
                     result.add_updated(single)

src/ahriman/core/repository/package_info.py

@@ -23,7 +23,7 @@ from tempfile import TemporaryDirectory
 
 from ahriman.core.build_tools.sources import Sources
 from ahriman.core.repository.repository_properties import RepositoryProperties
-from ahriman.core.utils import package_like
+from ahriman.core.util import package_like
 from ahriman.models.changes import Changes
 from ahriman.models.package import Package
 

src/ahriman/core/repository/repository_properties.py

@@ -29,7 +29,6 @@ from ahriman.models.packagers import Packagers
 from ahriman.models.pacman_synchronization import PacmanSynchronization
 from ahriman.models.repository_id import RepositoryId
 from ahriman.models.repository_paths import RepositoryPaths
-from ahriman.models.scan_paths import ScanPaths
 from ahriman.models.user import User
 from ahriman.models.user_access import UserAccess
 
@@ -47,7 +46,6 @@ class RepositoryProperties(LazyLogging):
         repo(Repo): repo commands wrapper instance
         reporter(Client): build status reporter instance
         repository_id(RepositoryId): repository unique identifier
-        scan_paths(ScanPaths): scan paths for the implicit dependencies
         sign(GPG): GPG wrapper instance
         triggers(TriggerLoader): triggers holder
         vcs_allowed_age(int): maximal age of the VCS packages before they will be checked
@@ -80,11 +78,6 @@ class RepositoryProperties(LazyLogging):
         self.reporter = Client.load(repository_id, configuration, database, report=report)
         self.triggers = TriggerLoader.load(repository_id, configuration)
 
-        self.scan_paths = ScanPaths(
-            allowed_paths=configuration.getpathlist("build", "allowed_scan_paths", fallback=[]),
-            blacklisted_paths=configuration.getpathlist("build", "blacklisted_scan_paths", fallback=[]),
-        )
-
     @property
     def architecture(self) -> str:
         """

src/ahriman/core/sign/gpg.py

@@ -22,7 +22,7 @@ from pathlib import Path
 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import BuildError
 from ahriman.core.http import SyncHttpClient
-from ahriman.core.utils import check_output
+from ahriman.core.util import check_output
 from ahriman.models.sign_settings import SignSettings
 
 

src/ahriman/core/status/client.py

@@ -310,7 +310,7 @@ class Client:
     def set_unknown(self, package: Package) -> None:
         """
         set package status to unknown. Unlike other methods, this method also checks if package is known,
-        and - in case if it is - it silently skips update
+        and - in case if it is - it silently skips updatd
 
         Args:
             package(Package): current package properties

src/ahriman/core/status/local_client.py

@@ -184,7 +184,7 @@ class LocalClient(Client):
         Args:
             package_base(str): package base to remove
         """
-        self.database.package_clear(package_base, self.repository_id)
+        self.database.package_clear(package_base)
 
     def package_status_update(self, package_base: str, status: BuildStatusEnum) -> None:
         """

src/ahriman/core/status/watcher.py

@@ -140,6 +140,7 @@ class Watcher(LazyLogging):
         with self._lock:
             self._known.pop(package_base, None)
         self.client.package_remove(package_base)
+        self.package_logs_remove(package_base, None)
 
     def package_status_update(self, package_base: str, status: BuildStatusEnum) -> None:
         """

src/ahriman/core/support/pkgbuild/pkgbuild_generator.py

@@ -23,7 +23,7 @@ import itertools
 from collections.abc import Callable, Generator
 from pathlib import Path
 
-from ahriman.core.utils import utcnow
+from ahriman.core.util import utcnow
 from ahriman.models.pkgbuild_patch import PkgbuildPatch
 
 

src/ahriman/core/tree.py

@@ -23,7 +23,7 @@ from collections.abc import Iterable
 from functools import partial
 
 from ahriman.core.exceptions import PartitionError
-from ahriman.core.utils import minmax, partition
+from ahriman.core.util import minmax, partition
 from ahriman.models.package import Package
 
 

src/ahriman/core/upload/github.py

@@ -26,7 +26,7 @@ from typing import Any
 from ahriman.core.configuration import Configuration
 from ahriman.core.upload.http_upload import HttpUpload
 from ahriman.core.upload.upload import Upload
-from ahriman.core.utils import walk
+from ahriman.core.util import walk
 from ahriman.models.package import Package
 from ahriman.models.repository_id import RepositoryId
 

src/ahriman/core/upload/rsync.py

@@ -21,7 +21,7 @@ from pathlib import Path
 
 from ahriman.core.configuration import Configuration
 from ahriman.core.upload.upload import Upload
-from ahriman.core.utils import check_output
+from ahriman.core.util import check_output
 from ahriman.models.package import Package
 from ahriman.models.repository_id import RepositoryId
 

src/ahriman/core/upload/s3.py

@@ -26,7 +26,7 @@ from typing import Any
 
 from ahriman.core.configuration import Configuration
 from ahriman.core.upload.upload import Upload
-from ahriman.core.utils import walk
+from ahriman.core.util import walk
 from ahriman.models.package import Package
 from ahriman.models.repository_id import RepositoryId
 

src/ahriman/core/util.py

@@ -17,5 +17,488 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
-# backward compatibility wrapper
-from ahriman.core.utils import *  # pylint: disable=wildcard-import,unused-wildcard-import
+# pylint: disable=too-many-lines
+import datetime
+import io
+import itertools
+import logging
+import os
+import re
+import selectors
+import subprocess
+
+from collections.abc import Callable, Generator, Iterable
+from dataclasses import asdict
+from enum import Enum
+from pathlib import Path
+from pwd import getpwuid
+from typing import Any, IO, TypeVar
+
+from ahriman.core.exceptions import CalledProcessError, OptionError, UnsafeRunError
+from ahriman.models.repository_paths import RepositoryPaths
+
+
+__all__ = [
+    "check_output",
+    "check_user",
+    "dataclass_view",
+    "enum_values",
+    "extract_user",
+    "filter_json",
+    "full_version",
+    "minmax",
+    "package_like",
+    "parse_version",
+    "partition",
+    "pretty_datetime",
+    "pretty_size",
+    "safe_filename",
+    "srcinfo_property",
+    "srcinfo_property_list",
+    "trim_package",
+    "utcnow",
+    "walk",
+]
+
+
+T = TypeVar("T")
+
+
+# pylint: disable=too-many-locals
+def check_output(*args: str, exception: Exception | Callable[[int, list[str], str, str], Exception] | None = None,
+                 cwd: Path | None = None, input_data: str | None = None,
+                 logger: logging.Logger | None = None, user: int | None = None,
+                 environment: dict[str, str] | None = None) -> str:
+    """
+    subprocess wrapper
+
+    Args:
+        *args(str): command line arguments
+        exception(Exception | Callable[[int, list[str], str, str]] | None, optional): exception which has to be raised
+            instead of default subprocess exception. If callable us is supplied, the
+            :exc:`subprocess.CalledProcessError` arguments will be passed (Default value = None)
+        cwd(Path | None, optional): current working directory (Default value = None)
+        input_data(str | None, optional): data which will be written to command stdin (Default value = None)
+        logger(logging.Logger | None, optional): logger to log command result if required (Default value = None)
+        user(int | None, optional): run process as specified user (Default value = None)
+        environment(dict[str, str] | None, optional): optional environment variables if any (Default value = None)
+
+    Returns:
+        str: command output
+
+    Raises:
+        CalledProcessError: if subprocess ended with status code different from 0 and no exception supplied
+
+    Examples:
+        Simply call the function::
+
+            >>> check_output("echo", "hello world")
+
+        The more complicated calls which include result logging and input data are also possible::
+
+            >>> import logging
+            >>>
+            >>> logger = logging.getLogger()
+            >>> check_output("python", "-c", "greeting = input('say hello: '); print(); print(greeting)",
+            >>>              input_data="hello world", logger=logger)
+
+        An additional argument ``exception`` can be supplied in order to override the default exception::
+
+            >>> check_output("false", exception=RuntimeError("An exception occurred"))
+    """
+    # hack for IO[str] handle
+    def get_io(proc: subprocess.Popen[str], channel_name: str) -> IO[str]:
+        channel: IO[str] | None = getattr(proc, channel_name, None)
+        return channel if channel is not None else io.StringIO()
+
+    # wrapper around selectors polling
+    def poll(sel: selectors.BaseSelector) -> Generator[tuple[str, str], None, None]:
+        for key, _ in sel.select():  # we don't need to check mask here because we have only subscribed on reading
+            line = key.fileobj.readline()  # type: ignore[union-attr]
+            if not line:  # in case of empty line we remove selector as there is no data here anymore
+                sel.unregister(key.fileobj)
+                continue
+            line = line.rstrip()
+
+            if logger is not None:
+                logger.debug(line)
+
+            yield key.data, line
+
+    # build system environment based on args and current environment
+    environment = environment or {}
+    if user is not None:
+        environment["HOME"] = getpwuid(user).pw_dir
+    full_environment = {
+        key: value
+        for key, value in os.environ.items()
+        if key in ("PATH",)  # whitelisted variables only
+    } | environment
+
+    with subprocess.Popen(args, cwd=cwd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+                          user=user, env=full_environment, text=True, encoding="utf8", bufsize=1) as process:
+        if input_data is not None:
+            input_channel = get_io(process, "stdin")
+            input_channel.write(input_data)
+            input_channel.close()
+
+        selector = selectors.DefaultSelector()
+        selector.register(get_io(process, "stdout"), selectors.EVENT_READ, data="stdout")
+        selector.register(get_io(process, "stderr"), selectors.EVENT_READ, data="stderr")
+
+        result: dict[str, list[str]] = {
+            "stdout": [],
+            "stderr": [],
+        }
+        while selector.get_map():  # while there are unread selectors, keep reading
+            for key_data, output in poll(selector):
+                result[key_data].append(output)
+
+        stdout = "\n".join(result["stdout"]).rstrip("\n")  # remove newline at the end of any
+        stderr = "\n".join(result["stderr"]).rstrip("\n")
+
+        status_code = process.wait()
+        if status_code != 0:
+            if isinstance(exception, Exception):
+                raise exception
+            if callable(exception):
+                raise exception(status_code, list(args), stdout, stderr)
+            raise CalledProcessError(status_code, list(args), stderr)
+
+        return stdout
+
+
+def check_user(paths: RepositoryPaths, *, unsafe: bool) -> None:
+    """
+    check if current user is the owner of the root
+
+    Args:
+        paths(RepositoryPaths): repository paths object
+        unsafe(bool): if set no user check will be performed before path creation
+
+    Raises:
+        UnsafeRunError: if root uid differs from current uid and check is enabled
+
+    Examples:
+        Simply run function with arguments::
+
+            >>> check_user(paths, unsafe=False)
+    """
+    if not paths.root.exists():
+        return  # no directory found, skip check
+    if unsafe:
+        return  # unsafe flag is enabled, no check performed
+    current_uid = os.getuid()
+    root_uid, _ = paths.root_owner
+    if current_uid != root_uid:
+        raise UnsafeRunError(current_uid, root_uid)
+
+
+def dataclass_view(instance: Any) -> dict[str, Any]:
+    """
+    convert dataclass instance to json object
+
+    Args:
+        instance(Any): dataclass instance
+
+    Returns:
+        dict[str, Any]: json representation of the dataclass with empty field removed
+    """
+    return asdict(instance, dict_factory=lambda fields: {key: value for key, value in fields if value is not None})
+
+
+def enum_values(enum: type[Enum]) -> list[str]:
+    """
+    generate list of enumeration values from the source
+
+    Args:
+        enum(type[Enum]): source enumeration class
+
+    Returns:
+        list[str]: available enumeration values as string
+    """
+    return [str(key.value) for key in enum]  # explicit str conversion for typing
+
+
+def extract_user() -> str | None:
+    """
+    extract user from system environment
+
+    Returns:
+        str | None: SUDO_USER in case if set and USER otherwise. It can return None in case if environment has been
+    cleared before application start
+    """
+    return os.getenv("SUDO_USER") or os.getenv("DOAS_USER") or os.getenv("USER")
+
+
+def filter_json(source: dict[str, Any], known_fields: Iterable[str]) -> dict[str, Any]:
+    """
+    filter json object by fields used for json-to-object conversion
+
+    Args:
+        source(dict[str, Any]): raw json object
+        known_fields(Iterable[str]): list of fields which have to be known for the target object
+
+    Returns:
+        dict[str, Any]: json object without unknown and empty fields
+
+    Examples:
+        This wrapper is mainly used for the dataclasses, thus the flow must be something like this::
+
+            >>> from dataclasses import fields
+            >>> from ahriman.models.package import Package
+            >>>
+            >>> known_fields = [pair.name for pair in fields(Package)]
+            >>> properties = filter_json(dump, known_fields)
+            >>> package = Package(**properties)
+    """
+    return {key: value for key, value in source.items() if key in known_fields and value is not None}
+
+
+def full_version(epoch: str | int | None, pkgver: str, pkgrel: str) -> str:
+    """
+    generate full version from components
+
+    Args:
+        epoch(str | int | None): package epoch if any
+        pkgver(str): package version
+        pkgrel(str): package release version (arch linux specific)
+
+    Returns:
+        str: generated version
+    """
+    prefix = f"{epoch}:" if epoch else ""
+    return f"{prefix}{pkgver}-{pkgrel}"
+
+
+def minmax(source: Iterable[T], *, key: Callable[[T], Any] | None = None) -> tuple[T, T]:
+    """
+    get min and max value from iterable
+
+    Args:
+        source(Iterable[T]): source list to find min and max values
+        key(Callable[[T], Any] | None, optional): key to sort (Default value = None)
+
+    Returns:
+        tuple[T, T]: min and max values for sequence
+    """
+    first_iter, second_iter = itertools.tee(source)
+    # typing doesn't expose SupportLessThan, so we just ignore this in typecheck
+    return min(first_iter, key=key), max(second_iter, key=key)  # type: ignore
+
+
+def package_like(filename: Path) -> bool:
+    """
+    check if file looks like package
+
+    Args:
+        filename(Path): name of file to check
+
+    Returns:
+        bool: True in case if name contains ``.pkg.`` and not signature, False otherwise
+    """
+    name = filename.name
+    return not name.startswith(".") and ".pkg." in name and not name.endswith(".sig")
+
+
+def parse_version(version: str) -> tuple[str | None, str, str]:
+    """
+    parse version and returns its components
+
+    Args:
+        version(str): full version string
+
+    Returns:
+        tuple[str | None, str, str]: epoch if any, pkgver and pkgrel variables
+    """
+    if ":" in version:
+        epoch, version = version.split(":", maxsplit=1)
+    else:
+        epoch = None
+    pkgver, pkgrel = version.rsplit("-", maxsplit=1)
+
+    return epoch, pkgver, pkgrel
+
+
+def partition(source: Iterable[T], predicate: Callable[[T], bool]) -> tuple[list[T], list[T]]:
+    """
+    partition list into two based on predicate, based on https://docs.python.org/dev/library/itertools.html#itertools-recipes
+
+    Args:
+        source(Iterable[T]): source list to be partitioned
+        predicate(Callable[[T], bool]): filter function
+
+    Returns:
+        tuple[list[T], list[T]]: two lists, first is which ``predicate`` is ``True``, second is ``False``
+    """
+    first_iter, second_iter = itertools.tee(source)
+    return list(filter(predicate, first_iter)), list(itertools.filterfalse(predicate, second_iter))
+
+
+def pretty_datetime(timestamp: datetime.datetime | float | int | None) -> str:
+    """
+    convert datetime object to string
+
+    Args:
+        timestamp(datetime.datetime | float | int | None): datetime to convert
+
+    Returns:
+        str: pretty printable datetime as string
+    """
+    if timestamp is None:
+        return ""
+    if isinstance(timestamp, (int, float)):
+        timestamp = datetime.datetime.fromtimestamp(timestamp, datetime.UTC)
+    return timestamp.strftime("%Y-%m-%d %H:%M:%S")
+
+
+def pretty_size(size: float | None, level: int = 0) -> str:
+    """
+    convert size to string
+
+    Args:
+        size(float | None): size to convert
+        level(int, optional): represents current units, 0 is B, 1 is KiB, etc. (Default value = 0)
+
+    Returns:
+        str: pretty printable size as string
+
+    Raises:
+        OptionError: if size is more than 1TiB
+    """
+    def str_level() -> str:
+        match level:
+            case 0:
+                return "B"
+            case 1:
+                return "KiB"
+            case 2:
+                return "MiB"
+            case 3:
+                return "GiB"
+            case _:
+                raise OptionError(level)  # must never happen actually
+
+    if size is None:
+        return ""
+    if size < 1024 or level >= 3:
+        return f"{size:.1f} {str_level()}"
+    return pretty_size(size / 1024, level + 1)
+
+
+def safe_filename(source: str) -> str:
+    """
+    convert source string to its safe representation
+
+    Args:
+        source(str): string to convert
+
+    Returns:
+        str: result string in which all unsafe characters are replaced by dash
+    """
+    # RFC-3986 https://datatracker.ietf.org/doc/html/rfc3986 states that unreserved characters are
+    # https://datatracker.ietf.org/doc/html/rfc3986#section-2.3
+    #     unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
+    # however we would like to allow some gen-delims characters in filename, because those characters are used
+    # as delimiter in other URI parts. The ones we allow to are:
+    #     ":" - used as separator in schema and userinfo
+    #     "[" and "]" - used for host part
+    #     "@" - used as separator between host and userinfo
+    return re.sub(r"[^A-Za-z\d\-._~:\[\]@]", "-", source)
+
+
+def srcinfo_property(key: str, srcinfo: dict[str, Any], package_srcinfo: dict[str, Any], *,
+                     default: Any = None) -> Any:
+    """
+    extract property from SRCINFO. This method extracts property from package if this property is presented in
+    ``srcinfo``. Otherwise, it looks for the same property in root srcinfo. If none found, the default value will be
+    returned
+
+    Args:
+        key(str): key to extract
+        srcinfo(dict[str, Any]): root structure of SRCINFO
+        package_srcinfo(dict[str, Any]): package specific SRCINFO
+        default(Any, optional): the default value for the specified key (Default value = None)
+
+    Returns:
+        Any: extracted value from SRCINFO
+    """
+    return package_srcinfo.get(key) or srcinfo.get(key) or default
+
+
+def srcinfo_property_list(key: str, srcinfo: dict[str, Any], package_srcinfo: dict[str, Any], *,
+                          architecture: str | None = None) -> list[Any]:
+    """
+    extract list property from SRCINFO. Unlike :func:`srcinfo_property()` it supposes that default return value is
+    always empty list. If ``architecture`` is supplied, then it will try to lookup for architecture specific values and
+    will append it at the end of result
+
+    Args:
+        key(str): key to extract
+        srcinfo(dict[str, Any]): root structure of SRCINFO
+        package_srcinfo(dict[str, Any]): package specific SRCINFO
+        architecture(str | None, optional): package architecture if set (Default value = None)
+
+    Returns:
+        list[Any]: list of extracted properties from SRCINFO
+    """
+    values: list[Any] = srcinfo_property(key, srcinfo, package_srcinfo, default=[])
+    if architecture is not None:
+        values.extend(srcinfo_property(f"{key}_{architecture}", srcinfo, package_srcinfo, default=[]))
+    return values
+
+
+def trim_package(package_name: str) -> str:
+    """
+    remove version bound and description from package name. Pacman allows to specify version bound (=, <=, >= etc.) for
+    packages in dependencies and also allows to specify description (via ``:``); this function removes trailing parts
+    and return exact package name
+
+    Args:
+        package_name(str): source package name
+
+    Returns:
+        str: package name without description or version bound
+    """
+    for symbol in ("<", "=", ">", ":"):
+        package_name = package_name.partition(symbol)[0]
+    return package_name
+
+
+def utcnow() -> datetime.datetime:
+    """
+    get current time
+
+    Returns:
+        datetime.datetime: current time in UTC
+    """
+    return datetime.datetime.now(datetime.UTC)
+
+
+def walk(directory_path: Path) -> Generator[Path, None, None]:
+    """
+    list all file paths in given directory
+    Credits to https://stackoverflow.com/a/64915960
+
+    Args:
+        directory_path(Path): root directory path
+
+    Yields:
+        Path: all found files in given directory with full path
+
+    Examples:
+        Since the :mod:`pathlib` module does not provide an alternative to :func:`os.walk()`, this wrapper
+        can be used instead::
+
+            >>> from pathlib import Path
+            >>>
+            >>> for file_path in walk(Path.cwd()):
+            >>>     print(file_path)
+
+        Note, however, that unlike the original method, it does not yield directories.
+    """
+    for element in directory_path.iterdir():
+        if element.is_dir():
+            yield from walk(element)
+            continue
+        yield element

src/ahriman/core/utils.py

@@ -1,504 +0,0 @@
-#
-# Copyright (c) 2021-2024 ahriman team.
-#
-# This file is part of ahriman
-# (see https://github.com/arcan1s/ahriman).
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-# pylint: disable=too-many-lines
-import datetime
-import io
-import itertools
-import logging
-import os
-import re
-import selectors
-import subprocess
-
-from collections.abc import Callable, Generator, Iterable
-from dataclasses import asdict
-from enum import Enum
-from pathlib import Path
-from pwd import getpwuid
-from typing import Any, IO, TypeVar
-
-from ahriman.core.exceptions import CalledProcessError, OptionError, UnsafeRunError
-from ahriman.models.repository_paths import RepositoryPaths
-
-
-__all__ = [
-    "check_output",
-    "check_user",
-    "dataclass_view",
-    "enum_values",
-    "extract_user",
-    "filter_json",
-    "full_version",
-    "minmax",
-    "package_like",
-    "parse_version",
-    "partition",
-    "pretty_datetime",
-    "pretty_size",
-    "safe_filename",
-    "srcinfo_property",
-    "srcinfo_property_list",
-    "trim_package",
-    "utcnow",
-    "walk",
-]
-
-
-T = TypeVar("T")
-
-
-# pylint: disable=too-many-locals
-def check_output(*args: str, exception: Exception | Callable[[int, list[str], str, str], Exception] | None = None,
-                 cwd: Path | None = None, input_data: str | None = None,
-                 logger: logging.Logger | None = None, user: int | None = None,
-                 environment: dict[str, str] | None = None) -> str:
-    """
-    subprocess wrapper
-
-    Args:
-        *args(str): command line arguments
-        exception(Exception | Callable[[int, list[str], str, str]] | None, optional): exception which has to be raised
-            instead of default subprocess exception. If callable us is supplied, the
-            :exc:`subprocess.CalledProcessError` arguments will be passed (Default value = None)
-        cwd(Path | None, optional): current working directory (Default value = None)
-        input_data(str | None, optional): data which will be written to command stdin (Default value = None)
-        logger(logging.Logger | None, optional): logger to log command result if required (Default value = None)
-        user(int | None, optional): run process as specified user (Default value = None)
-        environment(dict[str, str] | None, optional): optional environment variables if any (Default value = None)
-
-    Returns:
-        str: command output
-
-    Raises:
-        CalledProcessError: if subprocess ended with status code different from 0 and no exception supplied
-
-    Examples:
-        Simply call the function::
-
-            >>> check_output("echo", "hello world")
-
-        The more complicated calls which include result logging and input data are also possible::
-
-            >>> import logging
-            >>>
-            >>> logger = logging.getLogger()
-            >>> check_output("python", "-c", "greeting = input('say hello: '); print(); print(greeting)",
-            >>>              input_data="hello world", logger=logger)
-
-        An additional argument ``exception`` can be supplied in order to override the default exception::
-
-            >>> check_output("false", exception=RuntimeError("An exception occurred"))
-    """
-    # hack for IO[str] handle
-    def get_io(proc: subprocess.Popen[str], channel_name: str) -> IO[str]:
-        channel: IO[str] | None = getattr(proc, channel_name, None)
-        return channel if channel is not None else io.StringIO()
-
-    # wrapper around selectors polling
-    def poll(sel: selectors.BaseSelector) -> Generator[tuple[str, str], None, None]:
-        for key, _ in sel.select():  # we don't need to check mask here because we have only subscribed on reading
-            line = key.fileobj.readline()  # type: ignore[union-attr]
-            if not line:  # in case of empty line we remove selector as there is no data here anymore
-                sel.unregister(key.fileobj)
-                continue
-            line = line.rstrip()
-
-            if logger is not None:
-                logger.debug(line)
-
-            yield key.data, line
-
-    # build system environment based on args and current environment
-    environment = environment or {}
-    if user is not None:
-        environment["HOME"] = getpwuid(user).pw_dir
-    full_environment = {
-        key: value
-        for key, value in os.environ.items()
-        if key in ("PATH",)  # whitelisted variables only
-    } | environment
-
-    with subprocess.Popen(args, cwd=cwd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
-                          user=user, env=full_environment, text=True, encoding="utf8", bufsize=1) as process:
-        if input_data is not None:
-            input_channel = get_io(process, "stdin")
-            input_channel.write(input_data)
-            input_channel.close()
-
-        selector = selectors.DefaultSelector()
-        selector.register(get_io(process, "stdout"), selectors.EVENT_READ, data="stdout")
-        selector.register(get_io(process, "stderr"), selectors.EVENT_READ, data="stderr")
-
-        result: dict[str, list[str]] = {
-            "stdout": [],
-            "stderr": [],
-        }
-        while selector.get_map():  # while there are unread selectors, keep reading
-            for key_data, output in poll(selector):
-                result[key_data].append(output)
-
-        stdout = "\n".join(result["stdout"]).rstrip("\n")  # remove newline at the end of any
-        stderr = "\n".join(result["stderr"]).rstrip("\n")
-
-        status_code = process.wait()
-        if status_code != 0:
-            if isinstance(exception, Exception):
-                raise exception
-            if callable(exception):
-                raise exception(status_code, list(args), stdout, stderr)
-            raise CalledProcessError(status_code, list(args), stderr)
-
-        return stdout
-
-
-def check_user(paths: RepositoryPaths, *, unsafe: bool) -> None:
-    """
-    check if current user is the owner of the root
-
-    Args:
-        paths(RepositoryPaths): repository paths object
-        unsafe(bool): if set no user check will be performed before path creation
-
-    Raises:
-        UnsafeRunError: if root uid differs from current uid and check is enabled
-
-    Examples:
-        Simply run function with arguments::
-
-            >>> check_user(paths, unsafe=False)
-    """
-    if not paths.root.exists():
-        return  # no directory found, skip check
-    if unsafe:
-        return  # unsafe flag is enabled, no check performed
-    current_uid = os.getuid()
-    root_uid, _ = paths.root_owner
-    if current_uid != root_uid:
-        raise UnsafeRunError(current_uid, root_uid)
-
-
-def dataclass_view(instance: Any) -> dict[str, Any]:
-    """
-    convert dataclass instance to json object
-
-    Args:
-        instance(Any): dataclass instance
-
-    Returns:
-        dict[str, Any]: json representation of the dataclass with empty field removed
-    """
-    return asdict(instance, dict_factory=lambda fields: {key: value for key, value in fields if value is not None})
-
-
-def enum_values(enum: type[Enum]) -> list[str]:
-    """
-    generate list of enumeration values from the source
-
-    Args:
-        enum(type[Enum]): source enumeration class
-
-    Returns:
-        list[str]: available enumeration values as string
-    """
-    return [str(key.value) for key in enum]  # explicit str conversion for typing
-
-
-def extract_user() -> str | None:
-    """
-    extract user from system environment
-
-    Returns:
-        str | None: SUDO_USER in case if set and USER otherwise. It can return None in case if environment has been
-    cleared before application start
-    """
-    return os.getenv("SUDO_USER") or os.getenv("DOAS_USER") or os.getenv("USER")
-
-
-def filter_json(source: dict[str, Any], known_fields: Iterable[str]) -> dict[str, Any]:
-    """
-    filter json object by fields used for json-to-object conversion
-
-    Args:
-        source(dict[str, Any]): raw json object
-        known_fields(Iterable[str]): list of fields which have to be known for the target object
-
-    Returns:
-        dict[str, Any]: json object without unknown and empty fields
-
-    Examples:
-        This wrapper is mainly used for the dataclasses, thus the flow must be something like this::
-
-            >>> from dataclasses import fields
-            >>> from ahriman.models.package import Package
-            >>>
-            >>> known_fields = [pair.name for pair in fields(Package)]
-            >>> properties = filter_json(dump, known_fields)
-            >>> package = Package(**properties)
-    """
-    return {key: value for key, value in source.items() if key in known_fields and value is not None}
-
-
-def full_version(epoch: str | int | None, pkgver: str, pkgrel: str) -> str:
-    """
-    generate full version from components
-
-    Args:
-        epoch(str | int | None): package epoch if any
-        pkgver(str): package version
-        pkgrel(str): package release version (arch linux specific)
-
-    Returns:
-        str: generated version
-    """
-    prefix = f"{epoch}:" if epoch else ""
-    return f"{prefix}{pkgver}-{pkgrel}"
-
-
-def minmax(source: Iterable[T], *, key: Callable[[T], Any] | None = None) -> tuple[T, T]:
-    """
-    get min and max value from iterable
-
-    Args:
-        source(Iterable[T]): source list to find min and max values
-        key(Callable[[T], Any] | None, optional): key to sort (Default value = None)
-
-    Returns:
-        tuple[T, T]: min and max values for sequence
-    """
-    first_iter, second_iter = itertools.tee(source)
-    # typing doesn't expose SupportLessThan, so we just ignore this in typecheck
-    return min(first_iter, key=key), max(second_iter, key=key)  # type: ignore
-
-
-def package_like(filename: Path) -> bool:
-    """
-    check if file looks like package
-
-    Args:
-        filename(Path): name of file to check
-
-    Returns:
-        bool: True in case if name contains ``.pkg.`` and not signature, False otherwise
-    """
-    name = filename.name
-    return not name.startswith(".") and ".pkg." in name and not name.endswith(".sig")
-
-
-def parse_version(version: str) -> tuple[str | None, str, str]:
-    """
-    parse version and returns its components
-
-    Args:
-        version(str): full version string
-
-    Returns:
-        tuple[str | None, str, str]: epoch if any, pkgver and pkgrel variables
-    """
-    if ":" in version:
-        epoch, version = version.split(":", maxsplit=1)
-    else:
-        epoch = None
-    pkgver, pkgrel = version.rsplit("-", maxsplit=1)
-
-    return epoch, pkgver, pkgrel
-
-
-def partition(source: Iterable[T], predicate: Callable[[T], bool]) -> tuple[list[T], list[T]]:
-    """
-    partition list into two based on predicate, based on https://docs.python.org/dev/library/itertools.html#itertools-recipes
-
-    Args:
-        source(Iterable[T]): source list to be partitioned
-        predicate(Callable[[T], bool]): filter function
-
-    Returns:
-        tuple[list[T], list[T]]: two lists, first is which ``predicate`` is ``True``, second is ``False``
-    """
-    first_iter, second_iter = itertools.tee(source)
-    return list(filter(predicate, first_iter)), list(itertools.filterfalse(predicate, second_iter))
-
-
-def pretty_datetime(timestamp: datetime.datetime | float | int | None) -> str:
-    """
-    convert datetime object to string
-
-    Args:
-        timestamp(datetime.datetime | float | int | None): datetime to convert
-
-    Returns:
-        str: pretty printable datetime as string
-    """
-    if timestamp is None:
-        return ""
-    if isinstance(timestamp, (int, float)):
-        timestamp = datetime.datetime.fromtimestamp(timestamp, datetime.UTC)
-    return timestamp.strftime("%Y-%m-%d %H:%M:%S")
-
-
-def pretty_size(size: float | None, level: int = 0) -> str:
-    """
-    convert size to string
-
-    Args:
-        size(float | None): size to convert
-        level(int, optional): represents current units, 0 is B, 1 is KiB, etc. (Default value = 0)
-
-    Returns:
-        str: pretty printable size as string
-
-    Raises:
-        OptionError: if size is more than 1TiB
-    """
-    def str_level() -> str:
-        match level:
-            case 0:
-                return "B"
-            case 1:
-                return "KiB"
-            case 2:
-                return "MiB"
-            case 3:
-                return "GiB"
-            case _:
-                raise OptionError(level)  # must never happen actually
-
-    if size is None:
-        return ""
-    if size < 1024 or level >= 3:
-        return f"{size:.1f} {str_level()}"
-    return pretty_size(size / 1024, level + 1)
-
-
-def safe_filename(source: str) -> str:
-    """
-    convert source string to its safe representation
-
-    Args:
-        source(str): string to convert
-
-    Returns:
-        str: result string in which all unsafe characters are replaced by dash
-    """
-    # RFC-3986 https://datatracker.ietf.org/doc/html/rfc3986 states that unreserved characters are
-    # https://datatracker.ietf.org/doc/html/rfc3986#section-2.3
-    #     unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"
-    # however we would like to allow some gen-delims characters in filename, because those characters are used
-    # as delimiter in other URI parts. The ones we allow to are:
-    #     ":" - used as separator in schema and userinfo
-    #     "[" and "]" - used for host part
-    #     "@" - used as separator between host and userinfo
-    return re.sub(r"[^A-Za-z\d\-._~:\[\]@]", "-", source)
-
-
-def srcinfo_property(key: str, srcinfo: dict[str, Any], package_srcinfo: dict[str, Any], *,
-                     default: Any = None) -> Any:
-    """
-    extract property from SRCINFO. This method extracts property from package if this property is presented in
-    ``srcinfo``. Otherwise, it looks for the same property in root srcinfo. If none found, the default value will be
-    returned
-
-    Args:
-        key(str): key to extract
-        srcinfo(dict[str, Any]): root structure of SRCINFO
-        package_srcinfo(dict[str, Any]): package specific SRCINFO
-        default(Any, optional): the default value for the specified key (Default value = None)
-
-    Returns:
-        Any: extracted value from SRCINFO
-    """
-    return package_srcinfo.get(key) or srcinfo.get(key) or default
-
-
-def srcinfo_property_list(key: str, srcinfo: dict[str, Any], package_srcinfo: dict[str, Any], *,
-                          architecture: str | None = None) -> list[Any]:
-    """
-    extract list property from SRCINFO. Unlike :func:`srcinfo_property()` it supposes that default return value is
-    always empty list. If ``architecture`` is supplied, then it will try to lookup for architecture specific values and
-    will append it at the end of result
-
-    Args:
-        key(str): key to extract
-        srcinfo(dict[str, Any]): root structure of SRCINFO
-        package_srcinfo(dict[str, Any]): package specific SRCINFO
-        architecture(str | None, optional): package architecture if set (Default value = None)
-
-    Returns:
-        list[Any]: list of extracted properties from SRCINFO
-    """
-    values: list[Any] = srcinfo_property(key, srcinfo, package_srcinfo, default=[])
-    if architecture is not None:
-        values.extend(srcinfo_property(f"{key}_{architecture}", srcinfo, package_srcinfo, default=[]))
-    return values
-
-
-def trim_package(package_name: str) -> str:
-    """
-    remove version bound and description from package name. Pacman allows to specify version bound (=, <=, >= etc.) for
-    packages in dependencies and also allows to specify description (via ``:``); this function removes trailing parts
-    and return exact package name
-
-    Args:
-        package_name(str): source package name
-
-    Returns:
-        str: package name without description or version bound
-    """
-    for symbol in ("<", "=", ">", ":"):
-        package_name = package_name.partition(symbol)[0]
-    return package_name
-
-
-def utcnow() -> datetime.datetime:
-    """
-    get current time
-
-    Returns:
-        datetime.datetime: current time in UTC
-    """
-    return datetime.datetime.now(datetime.UTC)
-
-
-def walk(directory_path: Path) -> Generator[Path, None, None]:
-    """
-    list all file paths in given directory
-    Credits to https://stackoverflow.com/a/64915960
-
-    Args:
-        directory_path(Path): root directory path
-
-    Yields:
-        Path: all found files in given directory with full path
-
-    Examples:
-        Since the :mod:`pathlib` module does not provide an alternative to :func:`os.walk()`, this wrapper
-        can be used instead::
-
-            >>> from pathlib import Path
-            >>>
-            >>> for file_path in walk(Path.cwd()):
-            >>>     print(file_path)
-
-        Note, however, that unlike the original method, it does not yield directories.
-    """
-    for element in directory_path.iterdir():
-        if element.is_dir():
-            yield from walk(element)
-            continue
-        yield element

src/ahriman/models/aur_package.py

@@ -25,7 +25,7 @@ from dataclasses import dataclass, field, fields
 from pyalpm import Package  # type: ignore[import-not-found]
 from typing import Any, Self
 
-from ahriman.core.utils import filter_json, full_version
+from ahriman.core.util import filter_json, full_version
 
 
 @dataclass(frozen=True, kw_only=True)

src/ahriman/models/auth_settings.py

@@ -30,13 +30,11 @@ class AuthSettings(StrEnum):
         Disabled(AuthSettings): (class attribute) authorization is disabled
         Configuration(AuthSettings): (class attribute) configuration based authorization
         OAuth(AuthSettings): (class attribute) OAuth based provider
-        PAM(AuthSettings): (class attribute) PAM based provider
     """
 
     Disabled = "disabled"
     Configuration = "configuration"
     OAuth = "oauth2"
-    PAM = "pam"
 
     @property
     def is_enabled(self) -> bool:
@@ -64,7 +62,5 @@ class AuthSettings(StrEnum):
                 return AuthSettings.Configuration
             case "oauth" | "oauth2":
                 return AuthSettings.OAuth
-            case "pam":
-                return AuthSettings.PAM
             case _:
                 return AuthSettings.Disabled

src/ahriman/models/build_status.py

@@ -21,7 +21,7 @@ from dataclasses import dataclass, field, fields
 from enum import StrEnum
 from typing import Any, Self
 
-from ahriman.core.utils import filter_json, pretty_datetime, utcnow
+from ahriman.core.util import filter_json, pretty_datetime, utcnow
 
 
 class BuildStatusEnum(StrEnum):

src/ahriman/models/changes.py

@@ -20,7 +20,7 @@
 from dataclasses import dataclass, fields
 from typing import Any, Self
 
-from ahriman.core.utils import dataclass_view, filter_json
+from ahriman.core.util import dataclass_view, filter_json
 
 
 @dataclass(frozen=True)

src/ahriman/models/counters.py

@@ -20,7 +20,7 @@
 from dataclasses import dataclass, fields
 from typing import Any, Self
 
-from ahriman.core.utils import filter_json
+from ahriman.core.util import filter_json
 from ahriman.models.build_status import BuildStatus
 from ahriman.models.package import Package
 

src/ahriman/models/dependencies.py

@@ -20,7 +20,7 @@
 from dataclasses import dataclass, field, fields
 from typing import Any, Self
 
-from ahriman.core.utils import dataclass_view, filter_json
+from ahriman.core.util import dataclass_view, filter_json
 
 
 @dataclass(frozen=True)

src/ahriman/models/filesystem_package.py

@@ -17,14 +17,9 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
-from __future__ import annotations
-
-from collections.abc import Iterable
 from dataclasses import dataclass, field
 from pathlib import Path
 
-from ahriman.core.utils import trim_package
-
 
 @dataclass(frozen=True, kw_only=True)
 class FilesystemPackage:
@@ -33,58 +28,28 @@ class FilesystemPackage:
 
     Attributes:
         package_name(str): package name
-        depends(set[str]): list of package dependencies
-        directories(set[Path]): list of directories this package contains
+        dependencies(list[str]): list of package dependencies
+        directories(list[Path]): list of directories this package contains
         files(list[Path]): list of files this package contains
-        opt_depends(set[str]): list of package optional dependencies
+        groups(list[str]): list of groups of the package
     """
 
     package_name: str
-    depends: set[str]
-    opt_depends: set[str]
+    groups: set[str]
+    dependencies: set[str]
     directories: list[Path] = field(default_factory=list)
     files: list[Path] = field(default_factory=list)
 
-    def __post_init__(self) -> None:
+    @property
+    def is_valid(self) -> bool:
         """
-        update dependencies list accordingly
-        """
-        object.__setattr__(self, "depends", {trim_package(package) for package in self.depends})
-        object.__setattr__(self, "opt_depends", {trim_package(package) for package in self.opt_depends})
-
-    def depends_on(self, package_name: str, *, include_optional: bool) -> bool:
-        """
-        check if package depends on given package name
-
-        Args:
-            package_name(str): package name to check dependencies
-            include_optional(bool): include optional dependencies to check
+        quick check if this package must be used for the dependencies calculation. It checks that
+        1) package is not in the base group
 
         Returns:
-            bool: ``True`` in case if the given package in the dependencies lists
+            bool: True in case if this package must be used for the dependencies calculation or False otherwise
         """
-        if package_name in self.depends:
-            return True
-        if include_optional and package_name in self.opt_depends:
-            return True
-        return False
+        return "base" not in self.groups
 
-    def is_root_package(self, packages: Iterable[FilesystemPackage], *, include_optional: bool) -> bool:
-        """
-        check if the package is the one of the root packages. This method checks if there are any packages which are
-        dependency of the package and - to avoid circular dependencies - does not depend on the package. In addition,
-        if ``include_optional`` is set to ``True``, then it will also check optional dependencies of the package
-
-        Args:
-            packages(Iterable[FilesystemPackage]): list of packages in which we need to search
-            include_optional(bool): include optional dependencies to check
-
-        Returns:
-            bool: whether this package depends on any other package in the list of packages
-        """
-        return not any(
-            package
-            for package in packages
-            if self.depends_on(package.package_name, include_optional=include_optional)
-            and not package.depends_on(self.package_name, include_optional=False)
-        )
+    def __repr__(self):
+        return f'FilesystemPackage(package_name="{self.package_name}", dependencies={self.dependencies})'

src/ahriman/models/internal_status.py

@@ -20,7 +20,7 @@
 from dataclasses import dataclass, field
 from typing import Any, Self
 
-from ahriman.core.utils import dataclass_view
+from ahriman.core.util import dataclass_view
 from ahriman.models.build_status import BuildStatus
 from ahriman.models.counters import Counters
 

src/ahriman/models/package.py

@@ -34,7 +34,7 @@ from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.alpm.remote import AUR, Official, OfficialSyncdb
 from ahriman.core.exceptions import PackageInfoError
 from ahriman.core.log import LazyLogging
-from ahriman.core.utils import check_output, dataclass_view, full_version, parse_version, srcinfo_property_list, utcnow
+from ahriman.core.util import check_output, dataclass_view, full_version, parse_version, srcinfo_property_list, utcnow
 from ahriman.models.package_description import PackageDescription
 from ahriman.models.package_source import PackageSource
 from ahriman.models.remote_source import RemoteSource
@@ -539,23 +539,20 @@ class Package(LazyLogging):
         result: int = vercmp(self.version, remote_version)
         return result < 0
 
-    def next_pkgrel(self, local_version: str | None) -> str | None:
+    def next_pkgrel(self, local_version: str) -> str | None:
         """
         generate next pkgrel variable. The package release will be incremented if ``local_version`` is more or equal to
         the :attr:`version`; in this case the function will return new pkgrel value, otherwise ``None`` will be
         returned
 
         Args:
-            local_version(str | None): locally stored package version if available
+            local_version(str): locally stored package version
 
         Returns:
             str | None: new generated package release version if any. In case if the release contains dot (e.g. 1.2),
                 the minor part will be incremented by 1. If the release does not contain major.minor notation, the minor
                 version equals to 1 will be appended
         """
-        if local_version is None:
-            return None  # local version not found, keep upstream pkgrel
-
         epoch, pkgver, _ = parse_version(self.version)
         local_epoch, local_pkgver, local_pkgrel = parse_version(local_version)
 

src/ahriman/models/package_archive.py

@@ -26,11 +26,10 @@ from typing import IO
 from ahriman.core.alpm.pacman import Pacman
 from ahriman.core.alpm.remote import OfficialSyncdb
 from ahriman.core.exceptions import UnknownPackageError
-from ahriman.core.utils import walk
+from ahriman.core.util import walk
 from ahriman.models.dependencies import Dependencies
 from ahriman.models.filesystem_package import FilesystemPackage
 from ahriman.models.package import Package
-from ahriman.models.scan_paths import ScanPaths
 
 
 @dataclass
@@ -40,15 +39,12 @@ class PackageArchive:
 
     Attributes:
         package(Package): package descriptor
-        pacman(Pacman): alpm wrapper instance
         root(Path): path to root filesystem
-        scan_paths(ScanPaths): scan paths holder
     """
 
     root: Path
     package: Package
     pacman: Pacman
-    scan_paths: ScanPaths
 
     @staticmethod
     def dynamic_needed(binary_path: Path) -> list[str]:
@@ -89,7 +85,7 @@ class PackageArchive:
             content(IO[bytes]): content of the file
 
         Returns:
-            bool: ``True`` in case if file has elf header and ``False`` otherwise
+            bool: True in case if file has elf header and False otherwise
         """
         expected = b"\x7fELF"
         length = len(expected)
@@ -114,79 +110,11 @@ class PackageArchive:
             pacman_package = OfficialSyncdb.info(package_name, pacman=self.pacman)
             return FilesystemPackage(
                 package_name=package_name,
-                depends=set(pacman_package.depends),
-                opt_depends=set(pacman_package.opt_depends),
+                groups=set(pacman_package.groups),
+                dependencies=set(pacman_package.depends),
             )
         except UnknownPackageError:
-            return FilesystemPackage(package_name=package_name, depends=set(), opt_depends=set())
-
-    def _raw_dependencies_packages(self) -> dict[Path, list[FilesystemPackage]]:
-        """
-        extract the initial list of packages which contain specific path this package depends on
-
-        Returns:
-            dict[Path, list[FilesystemPackage]]: map of path to packages containing this path
-        """
-        dependencies, roots = self.depends_on_paths()
-        installed_packages = self.installed_packages()
-        # build list of packages, which contains both the package itself and (possible) debug packages
-        packages = list(self.package.packages) + [f"{package}-debug" for package in self.package.packages]
-
-        # build initial map of file path -> packages containing this path
-        # in fact, keys will contain all libraries the package linked to and all directories it contains
-        dependencies_per_path: dict[Path, list[FilesystemPackage]] = {}
-        for package_base, package in installed_packages.items():
-            if package_base in packages:
-                continue  # skip package itself
-
-            required_by = [directory for directory in package.directories if directory in roots]
-            required_by.extend(library for library in package.files if library.name in dependencies)
-
-            for path in required_by:
-                dependencies_per_path.setdefault(path, []).append(package)
-
-        return dependencies_per_path
-
-    def _refine_dependencies(self, source: dict[Path, list[FilesystemPackage]]) -> dict[Path, list[FilesystemPackage]]:
-        """
-        reduce the initial dependency list by removing packages which are already satisfied (e.g. by other path or by
-        dependency list, or belonging to the base packages)
-
-        Args:
-            source(dict[Path, list[FilesystemPackage]]): the initial map of path to packages containing it
-
-        Returns:
-            dict[Path, list[FilesystemPackage]]: reduced source map of packages
-        """
-        # base packages should be always excluded from checking
-        base_packages = OfficialSyncdb.info("base", pacman=self.pacman).depends
-
-        result: dict[Path, list[FilesystemPackage]] = {}
-        # sort items from children directories to root
-        for path, packages in reversed(sorted(source.items())):
-            # skip if this path belongs to the one of the base packages
-            if any(package.package_name in base_packages for package in packages):
-                continue
-
-            # check path against the black/white listed
-            if not self.scan_paths.is_allowed(path):
-                continue
-
-            # remove explicit dependencies
-            packages = [package for package in packages if package.is_root_package(packages, include_optional=False)]
-            # remove optional dependencies
-            packages = [package for package in packages if package.is_root_package(packages, include_optional=True)]
-
-            # check if there is already parent of current path in the result and has the same packages
-            for children_path, children_packages in result.items():
-                if not children_path.is_relative_to(path):
-                    continue
-                children_packages_names = {package.package_name for package in children_packages}
-                packages = [package for package in packages if package.package_name not in children_packages_names]
-
-            result[path] = packages
-
-        return result
+            return FilesystemPackage(package_name=package_name, groups=set(), dependencies=set())
 
     def depends_on(self) -> Dependencies:
         """
@@ -195,14 +123,38 @@ class PackageArchive:
         Returns:
             Dependencies: map of the package name to set of paths used by this package
         """
-        initial_packages = self._raw_dependencies_packages()
-        refined_packages = self._refine_dependencies(initial_packages)
+        dependencies, roots = self.depends_on_paths()
+        installed_packages = self.installed_packages()
 
-        paths = {
-            str(path): [package.package_name for package in packages]
-            for path, packages in refined_packages.items()
-        }
-        return Dependencies(paths)
+        dependencies_per_path: dict[Path, list[FilesystemPackage]] = {}
+        for package_base, package in installed_packages.items():
+            if package_base in self.package.packages:
+                continue  # skip package itself
+
+            required_by = [directory for directory in package.directories if directory in roots]
+            required_by.extend(library for library in package.files if library.name in dependencies)
+
+            for path in required_by:
+                dependencies_per_path.setdefault(path, []).append(package)
+
+        # reduce trees
+        result = {}
+        for path, packages in dependencies_per_path.items():
+            package_names = [package.package_name for package in packages]
+            result[str(path)] = [
+                package.package_name
+                for package in packages
+                # if there is any package which is dependency of this package, we can skip it here
+                # also skip packages which didn't pass validation
+                if not package.dependencies.intersection(package_names) and package.is_valid
+            ]
+
+            if str(path) == 'usr/lib/python3.12/site-packages':
+                print(package_names)
+                print(packages)
+                print(result[str(path)])
+
+        return Dependencies(result)
 
     def depends_on_paths(self) -> tuple[set[str], set[Path]]:
         """
@@ -214,12 +166,11 @@ class PackageArchive:
         dependencies = set()
         roots: set[Path] = set()
 
-        for package in self.package.packages:
-            package_dir = self.root / "build" / self.package.base / "pkg" / package
-            for path in filter(lambda p: p.is_file(), walk(package_dir)):
-                dependencies.update(PackageArchive.dynamic_needed(path))
-                filesystem_path = Path(*path.relative_to(package_dir).parts)
-                roots.update(filesystem_path.parents[:-1])  # last element is always . because paths are relative
+        package_dir = self.root / "build" / self.package.base / "pkg"
+        for path in filter(lambda p: p.is_file(), walk(package_dir)):
+            dependencies.update(PackageArchive.dynamic_needed(path))
+            filesystem_path = Path(*path.relative_to(package_dir).parts[1:])
+            roots.update(filesystem_path.parents[:-1])  # last element is always . because paths are relative
 
         return dependencies, roots
 
@@ -228,7 +179,7 @@ class PackageArchive:
         extract list of the installed packages and their content
 
         Returns:
-            dict[str, FilesystemPackage]; map of package name to list of directories and files contained
+            dict[str, tuple[list[Path], list[Path]]]; map of package name to list of directories and files contained
             by this package
         """
         result = {}
@@ -237,13 +188,13 @@ class PackageArchive:
         for path in filter(lambda fn: fn.name == "files", walk(pacman_local_files)):
             package = self._load_pacman_package(path)
 
-            is_files_section = False
+            is_files = False
             for line in path.read_text(encoding="utf8").splitlines():
                 if not line:  # skip empty lines
                     continue
                 if line.startswith("%") and line.endswith("%"):  # directive started
-                    is_files_section = line == "%FILES%"
-                if not is_files_section:  # not a files directive
+                    is_files = line == "%FILES%"
+                if not is_files:  # not a files directive
                     continue
 
                 entry = Path(line)

src/ahriman/models/package_description.py

@@ -22,7 +22,7 @@ from pathlib import Path
 from pyalpm import Package  # type: ignore[import-not-found]
 from typing import Any, Self
 
-from ahriman.core.utils import dataclass_view, filter_json, trim_package
+from ahriman.core.util import dataclass_view, filter_json, trim_package
 from ahriman.models.aur_package import AURPackage
 
 

src/ahriman/models/package_source.py

@@ -23,7 +23,7 @@ from enum import StrEnum
 from pathlib import Path
 from urllib.parse import urlparse
 
-from ahriman.core.utils import package_like
+from ahriman.core.util import package_like
 from ahriman.models.repository_paths import RepositoryPaths
 
 

src/ahriman/models/pkgbuild_patch.py

@@ -23,7 +23,7 @@ from dataclasses import dataclass, fields
 from pathlib import Path
 from typing import Any, Generator, Self
 
-from ahriman.core.utils import dataclass_view, filter_json
+from ahriman.core.util import dataclass_view, filter_json
 
 
 @dataclass(frozen=True)

src/ahriman/models/remote_source.py

@@ -22,7 +22,7 @@ from pathlib import Path
 from typing import Any, Self
 
 from ahriman.core.exceptions import InitializeError
-from ahriman.core.utils import dataclass_view, filter_json
+from ahriman.core.util import dataclass_view, filter_json
 from ahriman.models.package_source import PackageSource
 
 

src/ahriman/models/repository_id.py

@@ -41,12 +41,9 @@ class RepositoryId:
 
         Returns:
             str: unique id for this repository
-
-        Raises:
-            ValueError: if repository identifier is empty
         """
         if self.is_empty:
-            raise ValueError("Repository ID is called on empty repository identifier")
+            return ""
         return f"{self.architecture}-{self.name}"  # basically the same as used for command line
 
     @property

src/ahriman/models/repository_paths.py

@@ -113,7 +113,7 @@ class RepositoryPaths(LazyLogging):
         Returns:
             Path: full patch to devtools chroot directory
         """
-        # for the chroot directory devtools will create own tree, and we don't have to specify architecture here
+        # for the chroot directory devtools will create own tree, and we don"t have to specify architecture here
         return self.root / "chroot" / self.repository_id.name
 
     @property