Release 2.20.0rc3

(python3.14 default anyway)

docs/configuration.rst

@@ -97,6 +97,15 @@ libalpm and AUR related configuration. Group name can refer to architecture, e.g
 * ``sync_files_database`` - download files database from mirror, boolean, required.
 * ``use_ahriman_cache`` - use local pacman package cache instead of system one, boolean, required. With this option enabled you might want to refresh database periodically (available as additional flag for some subcommands). If set to ``no``, databases must be synchronized manually.
 
+``aur`` group
+-------------
+
+Archlinux User Repository related configuration.
+
+* ``max_retries`` - maximum amount of retries of HTTP requests, integer, optional, default ``0``.
+* ``retry_backoff`` - retry exponential backoff, float, optional, default ``0.0``.
+* ``timeout`` - HTTP request timeout in seconds, integer, optional, default is ``30``.
+
 ``auth`` group
 --------------
 
@@ -158,7 +167,9 @@ Reporting to web service related settings. In most cases there is fallback to we
 
 * ``enabled`` - enable reporting to web service, boolean, optional, default ``yes`` for backward compatibility.
 * ``address`` - remote web service address with protocol, string, optional. In case of websocket, the ``http+unix`` scheme and URL encoded address (e.g. ``%2Fvar%2Flib%2Fahriman`` for ``/var/lib/ahriman``) must be used, e.g. ``http+unix://%2Fvar%2Flib%2Fahriman%2Fsocket``. In case if none set, it will be guessed from ``web`` section.
+* ``max_retries`` - maximum amount of retries of HTTP requests, integer, optional, default ``0``.
 * ``password`` - password to authorize in web service in order to update service status, string, required in case if authorization enabled.
+* ``retry_backoff`` - retry exponential backoff, float, optional, default ``0.0``.
 * ``suppress_http_log_errors`` - suppress HTTP log errors, boolean, optional, default ``no``. If set to ``yes``, any HTTP log errors (e.g. if web server is not available, but HTTP logging is enabled) will be suppressed.
 * ``timeout`` - HTTP request timeout in seconds, integer, optional, default is ``30``.
 * ``username`` - username to authorize in web service in order to update service status, string, required in case if authorization enabled.
@@ -250,6 +261,7 @@ Available options are:
 Remote pull trigger
 ^^^^^^^^^^^^^^^^^^^
 
+* ``type`` - type of the pull, string, optional, must be set to ``gitremote`` if exists.
 * ``pull_url`` - URL of the remote repository from which PKGBUILDs can be pulled before build process, string, required.
 * ``pull_branch`` - branch of the remote repository from which PKGBUILDs can be pulled before build process, string, optional, default is ``master``.
 
@@ -270,6 +282,7 @@ Available options are:
 Remote push trigger
 ^^^^^^^^^^^^^^^^^^^
 
+* ``type`` - type of the push, string, optional, must be set to ``gitremote`` if exists.
 * ``commit_email`` - git commit email, string, optional, default is ``ahriman@localhost``.
 * ``commit_user`` - git commit user, string, optional, default is ``ahriman``.
 * ``push_url`` - URL of the remote repository to which PKGBUILDs should be pushed after build process, string, required.
@@ -365,6 +378,8 @@ Section name must be either ``telegram`` (plus optional architecture name, e.g.
 * ``chat_id`` - telegram chat id, either string with ``@`` or integer value, required.
 * ``homepage`` - link to homepage, string, optional.
 * ``link_path`` - prefix for HTML links, string, required.
+* ``max_retries`` - maximum amount of retries of HTTP requests, integer, optional, default ``0``.
+* ``retry_backoff`` - retry exponential backoff, float, optional, default ``0.0``.
 * ``rss_url`` - link to RSS feed, string, optional.
 * ``template`` - Jinja2 template name, string, required.
 * ``template_type`` - ``parse_mode`` to be passed to telegram API, one of ``MarkdownV2``, ``HTML``, ``Markdown``, string, optional, default ``HTML``.
@@ -390,6 +405,7 @@ Type will be read from several sources:
 This feature requires GitHub key creation (see below). Section name must be either ``github`` (plus optional architecture name, e.g. ``github:x86_64``) or random name with ``type`` set.
 
 * ``type`` - type of the upload, string, optional, must be set to ``github`` if exists.
+* ``max_retries`` - maximum amount of retries of HTTP requests, integer, optional, default ``0``.
 * ``owner`` - GitHub repository owner, string, required.
 * ``password`` - created GitHub API key. In order to create it do the following:
 
@@ -399,6 +415,7 @@ This feature requires GitHub key creation (see below). Section name must be eith
   #. Generate new token. Required scope is ``public_repo`` (or ``repo`` for private repository support).
 
 * ``repository`` - GitHub repository name, string, required. Repository must be created before any action and must have active branch (e.g. with readme).
+* ``retry_backoff`` - retry exponential backoff, float, optional, default ``0.0``.
 * ``timeout`` - HTTP request timeout in seconds, integer, optional, default is ``30``.
 * ``use_full_release_name`` - if set to ``yes``, the release will contain both repository name and architecture, and only architecture otherwise, boolean, optional, default ``no`` (legacy behavior).
 * ``username`` - GitHub authorization user, string, required. Basically the same as ``owner``.
@@ -409,6 +426,8 @@ This feature requires GitHub key creation (see below). Section name must be eith
 Section name must be either ``remote-service`` (plus optional architecture name, e.g. ``remote-service:x86_64``) or random name with ``type`` set.
 
 * ``type`` - type of the report, string, optional, must be set to ``remote-service`` if exists.
+* ``max_retries`` - maximum amount of retries of HTTP requests, integer, optional, default ``0``.
+* ``retry_backoff`` - retry exponential backoff, float, optional, default ``0.0``.
 * ``timeout`` - HTTP request timeout in seconds, integer, optional, default is ``30``.
 
 ``rsync`` type

package/archlinux/PKGBUILD

@@ -2,7 +2,7 @@
 
 pkgbase='ahriman'
 pkgname=('ahriman' 'ahriman-core' 'ahriman-triggers' 'ahriman-web')
-pkgver=2.19.0
+pkgver=2.20.0rc3
 pkgrel=1
 pkgdesc="ArcH linux ReposItory MANager"
 arch=('any')

package/share/ahriman/settings/ahriman.ini

@@ -23,6 +23,14 @@ sync_files_database = yes
 ; as additional option for some subcommands). If set to no, databases must be synchronized manually.
 use_ahriman_cache = yes
 
+[aur]
+; Maximum amount of retries of HTTP requests.
+max_retries = 3
+; Retry exponential backoff.
+retry_backoff = 1.0
+; HTTP request timeout in seconds.
+;timeout = 30
+
 [build]
 ; List of additional flags passed to archbuild command.
 ;archbuild_flags =
@@ -73,8 +81,12 @@ enabled = yes
 ; In case if unix sockets are used, it might point to the valid socket with encoded path, e.g.:
 ;     address = http+unix://%2Fvar%2Flib%2Fahriman%2Fsocket
 ;address = http://${web:host}:${web:port}
+; Maximum amount of retries of HTTP requests.
+;max_retries = 0
 ; Optional password for authentication (if enabled).
 ;password =
+; Retry exponential backoff.
+;retry_backoff = 0.0
 ; Do not log HTTP errors if occurs.
 suppress_http_log_errors = yes
 ; HTTP request timeout in seconds.
@@ -216,6 +228,10 @@ templates[] = ${prefix}/share/ahriman/templates
 ;homepage=
 ; Prefix for packages links. Link to a package will be formed as link_path / filename.
 ;link_path =
+; Maximum amount of retries of HTTP requests.
+;max_retries = 0
+; Retry exponential backoff.
+;retry_backoff = 0.0
 ; Optional link to the RSS feed.
 ;rss_url =
 ; Template name to be used.
@@ -236,12 +252,16 @@ target =
 [github]
 ; Trigger type name.
 ;type = github
+; Maximum amount of retries of HTTP requests.
+;max_retries = 0
 ; GitHub repository owner username.
 ;owner =
 ; GitHub API key. public_repo (repo) scope is required.
 ;password =
 ; GitHub repository name.
 ;repository =
+; Retry exponential backoff.
+;retry_backoff = 0.0
 ; HTTP request timeout in seconds.
 ;timeout = 30
 ; Include repository name to release name (recommended).
@@ -253,6 +273,10 @@ target =
 [remote-service]
 ; Trigger type name.
 ;type = remote-service
+; Maximum amount of retries of HTTP requests.
+;max_retries = 0
+; Retry exponential backoff.
+;retry_backoff = 0.0
 ; HTTP request timeout in seconds.
 ;timeout = 30
 

package/share/ahriman/templates/build-status/table.jinja2

@@ -87,7 +87,7 @@
                         };
                     });
 
-                updateTable(table, payload);
+                updateTable(table, payload, row => row.timestamp);
                 table.bootstrapTable("hideLoading");
             },
             onFailure,

package/share/ahriman/templates/utils/bootstrap-scripts.jinja2

@@ -195,16 +195,19 @@
         return intervalId;
     }
 
-    function updateTable(table, rows) {
+    function updateTable(table, rows, rowChangedKey) {
         // instead of using load method here, we just update rows manually to avoid table reinitialization
         const currentData = table.bootstrapTable("getData").reduce((accumulator, row) => {
-            accumulator[row.id] = row["0"];
+            accumulator[row.id] = {state: row["0"], key: rowChangedKey(row)};
             return accumulator;
         }, {});
-        // insert or update rows
+        // insert or update rows, skipping ones whose status hasn't changed
         rows.forEach(row => {
             if (Object.hasOwn(currentData, row.id)) {
-                row["0"] = currentData[row.id]; // copy checkbox state
+                if (rowChangedKey(row) === currentData[row.id].key) {
+                    return;
+                }
+                row["0"] = currentData[row.id].state; // copy checkbox state
                 table.bootstrapTable("updateByUniqueId", {
                     id: row.id,
                     row: row,

package/share/bash-completion/completions/_ahriman

@@ -1,6 +1,6 @@
 # AUTOMATICALLY GENERATED by `shtab`
 
-_shtab_ahriman_subparsers=('add' 'aur-search' 'check' 'clean' 'config' 'config-validate' 'copy' 'daemon' 'help' 'help-commands-unsafe' 'help-updates' 'help-version' 'init' 'key-import' 'package-add' 'package-changes' 'package-changes-remove' 'package-copy' 'package-remove' 'package-status' 'package-status-remove' 'package-status-update' 'package-update' 'patch-add' 'patch-list' 'patch-remove' 'patch-set-add' 'rebuild' 'remove' 'remove-unknown' 'repo-backup' 'repo-check' 'repo-clean' 'repo-config' 'repo-config-validate' 'repo-create-keyring' 'repo-create-mirrorlist' 'repo-daemon' 'repo-init' 'repo-rebuild' 'repo-remove-unknown' 'repo-report' 'repo-restore' 'repo-setup' 'repo-sign' 'repo-statistics' 'repo-status-update' 'repo-sync' 'repo-tree' 'repo-triggers' 'repo-update' 'report' 'run' 'search' 'service-clean' 'service-config' 'service-config-validate' 'service-key-import' 'service-repositories' 'service-run' 'service-setup' 'service-shell' 'service-tree-migrate' 'setup' 'shell' 'sign' 'status' 'status-update' 'sync' 'update' 'user-add' 'user-list' 'user-remove' 'version' 'web')
+_shtab_ahriman_subparsers=('add' 'aur-search' 'check' 'clean' 'config' 'config-validate' 'copy' 'daemon' 'help' 'help-commands-unsafe' 'help-updates' 'help-version' 'init' 'key-import' 'package-add' 'package-changes' 'package-changes-remove' 'package-copy' 'package-remove' 'package-status' 'package-status-remove' 'package-status-update' 'package-update' 'patch-add' 'patch-list' 'patch-remove' 'patch-set-add' 'rebuild' 'remove' 'remove-unknown' 'repo-backup' 'repo-check' 'repo-clean' 'repo-config' 'repo-config-validate' 'repo-create-keyring' 'repo-create-mirrorlist' 'repo-daemon' 'repo-init' 'repo-rebuild' 'repo-remove-unknown' 'repo-report' 'repo-restore' 'repo-setup' 'repo-sign' 'repo-statistics' 'repo-status-update' 'repo-sync' 'repo-tree' 'repo-triggers' 'repo-update' 'report' 'run' 'search' 'service-clean' 'service-config' 'service-config-validate' 'service-key-import' 'service-repositories' 'service-run' 'service-setup' 'service-shell' 'service-tree-migrate' 'setup' 'shell' 'sign' 'status' 'status-update' 'sync' 'update' 'user-add' 'user-list' 'user-remove' 'version' 'web' 'web-reload')
 
 _shtab_ahriman_option_strings=('-h' '--help' '-a' '--architecture' '-c' '--configuration' '--force' '-l' '--lock' '--log-handler' '-q' '--quiet' '--report' '--no-report' '-r' '--repository' '--unsafe' '-V' '--version' '--wait-timeout')
 _shtab_ahriman_add_option_strings=('-h' '--help' '--changes' '--no-changes' '--dependencies' '--no-dependencies' '-e' '--exit-code' '--increment' '--no-increment' '-n' '--now' '-y' '--refresh' '-s' '--source' '-u' '--username' '-v' '--variable')
@@ -78,10 +78,11 @@ _shtab_ahriman_user_list_option_strings=('-h' '--help' '-e' '--exit-code' '-R' '
 _shtab_ahriman_user_remove_option_strings=('-h' '--help')
 _shtab_ahriman_version_option_strings=('-h' '--help')
 _shtab_ahriman_web_option_strings=('-h' '--help')
+_shtab_ahriman_web_reload_option_strings=('-h' '--help')
 
 
 
-_shtab_ahriman_pos_0_choices=('add' 'aur-search' 'check' 'clean' 'config' 'config-validate' 'copy' 'daemon' 'help' 'help-commands-unsafe' 'help-updates' 'help-version' 'init' 'key-import' 'package-add' 'package-changes' 'package-changes-remove' 'package-copy' 'package-remove' 'package-status' 'package-status-remove' 'package-status-update' 'package-update' 'patch-add' 'patch-list' 'patch-remove' 'patch-set-add' 'rebuild' 'remove' 'remove-unknown' 'repo-backup' 'repo-check' 'repo-clean' 'repo-config' 'repo-config-validate' 'repo-create-keyring' 'repo-create-mirrorlist' 'repo-daemon' 'repo-init' 'repo-rebuild' 'repo-remove-unknown' 'repo-report' 'repo-restore' 'repo-setup' 'repo-sign' 'repo-statistics' 'repo-status-update' 'repo-sync' 'repo-tree' 'repo-triggers' 'repo-update' 'report' 'run' 'search' 'service-clean' 'service-config' 'service-config-validate' 'service-key-import' 'service-repositories' 'service-run' 'service-setup' 'service-shell' 'service-tree-migrate' 'setup' 'shell' 'sign' 'status' 'status-update' 'sync' 'update' 'user-add' 'user-list' 'user-remove' 'version' 'web')
+_shtab_ahriman_pos_0_choices=('add' 'aur-search' 'check' 'clean' 'config' 'config-validate' 'copy' 'daemon' 'help' 'help-commands-unsafe' 'help-updates' 'help-version' 'init' 'key-import' 'package-add' 'package-changes' 'package-changes-remove' 'package-copy' 'package-remove' 'package-status' 'package-status-remove' 'package-status-update' 'package-update' 'patch-add' 'patch-list' 'patch-remove' 'patch-set-add' 'rebuild' 'remove' 'remove-unknown' 'repo-backup' 'repo-check' 'repo-clean' 'repo-config' 'repo-config-validate' 'repo-create-keyring' 'repo-create-mirrorlist' 'repo-daemon' 'repo-init' 'repo-rebuild' 'repo-remove-unknown' 'repo-report' 'repo-restore' 'repo-setup' 'repo-sign' 'repo-statistics' 'repo-status-update' 'repo-sync' 'repo-tree' 'repo-triggers' 'repo-update' 'report' 'run' 'search' 'service-clean' 'service-config' 'service-config-validate' 'service-key-import' 'service-repositories' 'service-run' 'service-setup' 'service-shell' 'service-tree-migrate' 'setup' 'shell' 'sign' 'status' 'status-update' 'sync' 'update' 'user-add' 'user-list' 'user-remove' 'version' 'web' 'web-reload')
 _shtab_ahriman___log_handler_choices=('console' 'syslog' 'journald')
 _shtab_ahriman_add__s_choices=('auto' 'archive' 'aur' 'directory' 'local' 'remote' 'repository')
 _shtab_ahriman_add___source_choices=('auto' 'archive' 'aur' 'directory' 'local' 'remote' 'repository')
@@ -572,6 +573,8 @@ _shtab_ahriman_version__h_nargs=0
 _shtab_ahriman_version___help_nargs=0
 _shtab_ahriman_web__h_nargs=0
 _shtab_ahriman_web___help_nargs=0
+_shtab_ahriman_web_reload__h_nargs=0
+_shtab_ahriman_web_reload___help_nargs=0
 
 
 # $1=COMP_WORDS[1]
@@ -674,6 +677,7 @@ _shtab_ahriman() {
 
       if [[ "$current_action_nargs" != "*" ]] && \
          [[ "$current_action_nargs" != "+" ]] && \
+         [[ "$current_action_nargs" != "?" ]] && \
          [[ "$current_action_nargs" != *"..." ]] && \
          (( $word_index + 1 - $current_action_args_start_index - $pos_only >= \
             $current_action_nargs )); then

package/share/man/man1/ahriman.1

@@ -1,9 +1,9 @@
-.TH AHRIMAN "1" "2025\-06\-29" "ahriman 2.19.0" "ArcH linux ReposItory MANager"
+.TH AHRIMAN "1" "2026\-02\-20" "ahriman 2.20.0rc3" "ArcH linux ReposItory MANager"
 .SH NAME
 ahriman \- ArcH linux ReposItory MANager
 .SH SYNOPSIS
-.B ahriman
-[-h] [-a ARCHITECTURE] [-c CONFIGURATION] [--force] [-l LOCK] [--log-handler {console,syslog,journald}] [-q] [--report | --no-report] [-r REPOSITORY] [--unsafe] [-V] [--wait-timeout WAIT_TIMEOUT] {add,aur-search,check,clean,config,config-validate,copy,daemon,help,help-commands-unsafe,help-updates,help-version,init,key-import,package-add,package-changes,package-changes-remove,package-copy,package-remove,package-status,package-status-remove,package-status-update,package-update,patch-add,patch-list,patch-remove,patch-set-add,rebuild,remove,remove-unknown,repo-backup,repo-check,repo-clean,repo-config,repo-config-validate,repo-create-keyring,repo-create-mirrorlist,repo-daemon,repo-init,repo-rebuild,repo-remove-unknown,repo-report,repo-restore,repo-setup,repo-sign,repo-statistics,repo-status-update,repo-sync,repo-tree,repo-triggers,repo-update,report,run,search,service-clean,service-config,service-config-validate,service-key-import,service-repositories,service-run,service-setup,service-shell,service-tree-migrate,setup,shell,sign,status,status-update,sync,update,user-add,user-list,user-remove,version,web} ...
+.B ahriman
+[-h] [-a ARCHITECTURE] [-c CONFIGURATION] [--force] [-l LOCK] [--log-handler {console,syslog,journald}] [-q] [--report | --no-report] [-r REPOSITORY] [--unsafe] [-V] [--wait-timeout WAIT_TIMEOUT] {add,aur-search,check,clean,config,config-validate,copy,daemon,help,help-commands-unsafe,help-updates,help-version,init,key-import,package-add,package-changes,package-changes-remove,package-copy,package-remove,package-status,package-status-remove,package-status-update,package-update,patch-add,patch-list,patch-remove,patch-set-add,rebuild,remove,remove-unknown,repo-backup,repo-check,repo-clean,repo-config,repo-config-validate,repo-create-keyring,repo-create-mirrorlist,repo-daemon,repo-init,repo-rebuild,repo-remove-unknown,repo-report,repo-restore,repo-setup,repo-sign,repo-statistics,repo-status-update,repo-sync,repo-tree,repo-triggers,repo-update,report,run,search,service-clean,service-config,service-config-validate,service-key-import,service-repositories,service-run,service-setup,service-shell,service-tree-migrate,setup,shell,sign,status,status-update,sync,update,user-add,user-list,user-remove,version,web,web-reload} ...
 .SH DESCRIPTION
 ArcH linux ReposItory MANager
 
@@ -193,11 +193,14 @@ remove user
 .TP
 \fBahriman\fR \fI\,web\/\fR
 web server
+.TP
+\fBahriman\fR \fI\,web\-reload\/\fR
+reload configuration
 
 .SH COMMAND \fI\,'ahriman aur\-search'\/\fR
-usage: ahriman aur\-search [\-h] [\-e] [\-\-info | \-\-no\-info]
-                          [\-\-sort\-by {description,first_submitted,id,last_modified,maintainer,name,num_votes,out_of_date,package_base,package_base_id,popularity,repository,submitter,url,url_path,version}]
-                          search [search ...]
+usage: ahriman aur\-search [\-h] [\-e] [\-\-info | \-\-no\-info]
+                          [\-\-sort\-by {description,first_submitted,id,last_modified,maintainer,name,num_votes,out_of_date,package_base,package_base_id,popularity,repository,submitter,url,url_path,version}]
+                          search [search ...]
 
 search for package in AUR using API
 
@@ -220,7 +223,7 @@ sort field by this field. In case if two packages have the same value of the spe
 by name
 
 .SH COMMAND \fI\,'ahriman help'\/\fR
-usage: ahriman help [\-h] [subcommand]
+usage: ahriman help [\-h] [subcommand]
 
 show help message for application or command and exit
 
@@ -229,7 +232,7 @@ show help message for application or command and exit
 show help message for specific command
 
 .SH COMMAND \fI\,'ahriman help\-commands\-unsafe'\/\fR
-usage: ahriman help\-commands\-unsafe [\-h] [subcommand ...]
+usage: ahriman help\-commands\-unsafe [\-h] [subcommand ...]
 
 list unsafe commands as defined in default args
 
@@ -239,7 +242,7 @@ instead of showing commands, just test command line for unsafe subcommand and re
 otherwise
 
 .SH COMMAND \fI\,'ahriman help\-updates'\/\fR
-usage: ahriman help\-updates [\-h] [\-e]
+usage: ahriman help\-updates [\-h] [\-e]
 
 request AUR for current version and compare with current service version
 
@@ -249,15 +252,15 @@ request AUR for current version and compare with current service version
 return non\-zero exit code if updates available
 
 .SH COMMAND \fI\,'ahriman help\-version'\/\fR
-usage: ahriman help\-version [\-h]
+usage: ahriman help\-version [\-h]
 
 print application and its dependencies versions
 
 .SH COMMAND \fI\,'ahriman package\-add'\/\fR
-usage: ahriman package\-add [\-h] [\-\-changes | \-\-no\-changes] [\-\-dependencies | \-\-no\-dependencies] [\-e]
-                           [\-\-increment | \-\-no\-increment] [\-n] [\-y]
-                           [\-s {auto,archive,aur,directory,local,remote,repository}] [\-u USERNAME] [\-v VARIABLE]
-                           package [package ...]
+usage: ahriman package\-add [\-h] [\-\-changes | \-\-no\-changes] [\-\-dependencies | \-\-no\-dependencies] [\-e]
+                           [\-\-increment | \-\-no\-increment] [\-n] [\-y]
+                           [\-s {auto,archive,aur,directory,local,remote,repository}] [\-u USERNAME] [\-v VARIABLE]
+                           package [package ...]
 
 add existing or new package to the build queue
 
@@ -303,7 +306,7 @@ build as user
 apply specified makepkg variables to the next build
 
 .SH COMMAND \fI\,'ahriman package\-changes'\/\fR
-usage: ahriman package\-changes [\-h] [\-e] package
+usage: ahriman package\-changes [\-h] [\-e] package
 
 retrieve package changes stored in database
 
@@ -317,7 +320,7 @@ package base
 return non\-zero exit status if result is empty
 
 .SH COMMAND \fI\,'ahriman package\-changes\-remove'\/\fR
-usage: ahriman package\-changes\-remove [\-h] package
+usage: ahriman package\-changes\-remove [\-h] package
 
 remove the package changes stored remotely
 
@@ -326,7 +329,7 @@ remove the package changes stored remotely
 package base
 
 .SH COMMAND \fI\,'ahriman package\-copy'\/\fR
-usage: ahriman package\-copy [\-h] [\-e] [\-\-remove] source package [package ...]
+usage: ahriman package\-copy [\-h] [\-e] [\-\-remove] source package [package ...]
 
 copy package and its metadata from another repository
 
@@ -348,7 +351,7 @@ return non\-zero exit status if result is empty
 remove package from the source repository after
 
 .SH COMMAND \fI\,'ahriman package\-remove'\/\fR
-usage: ahriman package\-remove [\-h] package [package ...]
+usage: ahriman package\-remove [\-h] package [package ...]
 
 remove package from the repository
 
@@ -357,8 +360,8 @@ remove package from the repository
 package name or base
 
 .SH COMMAND \fI\,'ahriman package\-status'\/\fR
-usage: ahriman package\-status [\-h] [\-\-ahriman] [\-e] [\-\-info | \-\-no\-info] [\-s {unknown,pending,building,failed,success}]
-                              [package ...]
+usage: ahriman package\-status [\-h] [\-\-ahriman] [\-e] [\-\-info | \-\-no\-info] [\-s {unknown,pending,building,failed,success}]
+                              [package ...]
 
 request status of the package
 
@@ -384,7 +387,7 @@ show additional package information
 filter packages by status
 
 .SH COMMAND \fI\,'ahriman package\-status\-remove'\/\fR
-usage: ahriman package\-status\-remove [\-h] package [package ...]
+usage: ahriman package\-status\-remove [\-h] package [package ...]
 
 remove the package from the status page
 
@@ -393,7 +396,7 @@ remove the package from the status page
 remove specified packages from status page
 
 .SH COMMAND \fI\,'ahriman package\-status\-update'\/\fR
-usage: ahriman package\-status\-update [\-h] [\-s {unknown,pending,building,failed,success}] [package ...]
+usage: ahriman package\-status\-update [\-h] [\-s {unknown,pending,building,failed,success}] [package ...]
 
 update package status on the status page
 
@@ -407,7 +410,7 @@ set status for specified packages. If no packages supplied, service status will
 new package build status
 
 .SH COMMAND \fI\,'ahriman patch\-add'\/\fR
-usage: ahriman patch\-add [\-h] package variable [patch]
+usage: ahriman patch\-add [\-h] package variable [patch]
 
 create or update patched PKGBUILD function or variable
 
@@ -424,7 +427,7 @@ PKGBUILD variable or function name. If variable is a function, it must end with
 path to file which contains function or variable value. If not set, the value will be read from stdin
 
 .SH COMMAND \fI\,'ahriman patch\-list'\/\fR
-usage: ahriman patch\-list [\-h] [\-e] [\-v VARIABLE] package
+usage: ahriman patch\-list [\-h] [\-e] [\-v VARIABLE] package
 
 list available patches for the package
 
@@ -442,7 +445,7 @@ return non\-zero exit status if result is empty
 if set, show only patches for specified PKGBUILD variables
 
 .SH COMMAND \fI\,'ahriman patch\-remove'\/\fR
-usage: ahriman patch\-remove [\-h] [\-v VARIABLE] package
+usage: ahriman patch\-remove [\-h] [\-v VARIABLE] package
 
 remove patches for the package
 
@@ -457,7 +460,7 @@ should be used for single\-function patches in case if you wold like to remove o
 if not set, it will remove all patches related to the package
 
 .SH COMMAND \fI\,'ahriman patch\-set\-add'\/\fR
-usage: ahriman patch\-set\-add [\-h] [\-t TRACK] package
+usage: ahriman patch\-set\-add [\-h] [\-t TRACK] package
 
 create or update source patches
 
@@ -471,7 +474,7 @@ path to directory with changed files for patch addition/update
 files which has to be tracked
 
 .SH COMMAND \fI\,'ahriman repo\-backup'\/\fR
-usage: ahriman repo\-backup [\-h] path
+usage: ahriman repo\-backup [\-h] path
 
 backup repository settings and database
 
@@ -480,9 +483,9 @@ backup repository settings and database
 path of the output archive
 
 .SH COMMAND \fI\,'ahriman repo\-check'\/\fR
-usage: ahriman repo\-check [\-h] [\-\-changes | \-\-no\-changes] [\-\-check\-files | \-\-no\-check\-files] [\-e] [\-\-vcs | \-\-no\-vcs]
-                          [\-y]
-                          [package ...]
+usage: ahriman repo\-check [\-h] [\-\-changes | \-\-no\-changes] [\-\-check\-files | \-\-no\-check\-files] [\-e] [\-\-vcs | \-\-no\-vcs]
+                          [\-y]
+                          [package ...]
 
 check for packages updates. Same as repo\-update \-\-dry\-run \-\-no\-manual
 
@@ -512,20 +515,20 @@ fetch actual version of VCS packages
 download fresh package databases from the mirror before actions, \-yy to force refresh even if up to date
 
 .SH COMMAND \fI\,'ahriman repo\-create\-keyring'\/\fR
-usage: ahriman repo\-create\-keyring [\-h]
+usage: ahriman repo\-create\-keyring [\-h]
 
 create package which contains list of trusted keys as set by configuration. Note, that this action will only create package, the package itself has to be built manually
 
 .SH COMMAND \fI\,'ahriman repo\-create\-mirrorlist'\/\fR
-usage: ahriman repo\-create\-mirrorlist [\-h]
+usage: ahriman repo\-create\-mirrorlist [\-h]
 
 create package which contains list of available mirrors as set by configuration. Note, that this action will only create package, the package itself has to be built manually
 
 .SH COMMAND \fI\,'ahriman repo\-daemon'\/\fR
-usage: ahriman repo\-daemon [\-h] [\-i INTERVAL] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes]
-                           [\-\-check\-files | \-\-no\-check\-files] [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run]
-                           [\-\-increment | \-\-no\-increment] [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual]
-                           [\-\-partitions | \-\-no\-partitions] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
+usage: ahriman repo\-daemon [\-h] [\-i INTERVAL] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes]
+                           [\-\-check\-files | \-\-no\-check\-files] [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run]
+                           [\-\-increment | \-\-no\-increment] [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual]
+                           [\-\-partitions | \-\-no\-partitions] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
 
 start process which periodically will run update process
 
@@ -583,8 +586,8 @@ fetch actual version of VCS packages
 download fresh package databases from the mirror before actions, \-yy to force refresh even if up to date
 
 .SH COMMAND \fI\,'ahriman repo\-rebuild'\/\fR
-usage: ahriman repo\-rebuild [\-h] [\-\-depends\-on DEPENDS_ON] [\-\-dry\-run] [\-\-from\-database] [\-\-increment | \-\-no\-increment]
-                            [\-e] [\-s {unknown,pending,building,failed,success}] [\-u USERNAME]
+usage: ahriman repo\-rebuild [\-h] [\-\-depends\-on DEPENDS_ON] [\-\-dry\-run] [\-\-from\-database] [\-\-increment | \-\-no\-increment]
+                            [\-e] [\-s {unknown,pending,building,failed,success}] [\-u USERNAME]
 
 force rebuild whole repository
 
@@ -620,7 +623,7 @@ filter packages by status. Requires \-\-from\-database to be set
 build as user
 
 .SH COMMAND \fI\,'ahriman repo\-remove\-unknown'\/\fR
-usage: ahriman repo\-remove\-unknown [\-h] [\-\-dry\-run]
+usage: ahriman repo\-remove\-unknown [\-h] [\-\-dry\-run]
 
 remove packages which are missing in AUR and do not have local PKGBUILDs
 
@@ -630,12 +633,12 @@ remove packages which are missing in AUR and do not have local PKGBUILDs
 just perform check for packages without removal
 
 .SH COMMAND \fI\,'ahriman repo\-report'\/\fR
-usage: ahriman repo\-report [\-h]
+usage: ahriman repo\-report [\-h]
 
 generate repository report according to current settings
 
 .SH COMMAND \fI\,'ahriman repo\-restore'\/\fR
-usage: ahriman repo\-restore [\-h] [\-o OUTPUT] path
+usage: ahriman repo\-restore [\-h] [\-o OUTPUT] path
 
 restore settings and database
 
@@ -649,7 +652,7 @@ path of the input archive
 root path of the extracted files
 
 .SH COMMAND \fI\,'ahriman repo\-sign'\/\fR
-usage: ahriman repo\-sign [\-h] [package ...]
+usage: ahriman repo\-sign [\-h] [package ...]
 
 (re\-)sign packages and repository database according to current settings
 
@@ -658,10 +661,10 @@ usage: ahriman repo\-sign [\-h] [package ...]
 sign only specified packages
 
 .SH COMMAND \fI\,'ahriman repo\-statistics'\/\fR
-usage: ahriman repo\-statistics [\-h] [\-\-chart CHART]
-                               [\-e {package\-outdated,package\-removed,package\-update\-failed,package\-updated}]
-                               [\-\-from\-date FROM_DATE] [\-\-limit LIMIT] [\-\-offset OFFSET] [\-\-to\-date TO_DATE]
-                               [package]
+usage: ahriman repo\-statistics [\-h] [\-\-chart CHART]
+                               [\-e {package\-outdated,package\-removed,package\-update\-failed,package\-updated}]
+                               [\-\-from\-date FROM_DATE] [\-\-limit LIMIT] [\-\-offset OFFSET] [\-\-to\-date TO_DATE]
+                               [package]
 
 fetch repository statistics
 
@@ -695,7 +698,7 @@ skip specified amount of events
 only fetch events which are older than the date
 
 .SH COMMAND \fI\,'ahriman repo\-status\-update'\/\fR
-usage: ahriman repo\-status\-update [\-h] [\-s {unknown,pending,building,failed,success}]
+usage: ahriman repo\-status\-update [\-h] [\-s {unknown,pending,building,failed,success}]
 
 update repository status on the status page
 
@@ -705,12 +708,12 @@ update repository status on the status page
 new status
 
 .SH COMMAND \fI\,'ahriman repo\-sync'\/\fR
-usage: ahriman repo\-sync [\-h]
+usage: ahriman repo\-sync [\-h]
 
 sync repository files to remote server according to current settings
 
 .SH COMMAND \fI\,'ahriman repo\-tree'\/\fR
-usage: ahriman repo\-tree [\-h] [\-p PARTITIONS]
+usage: ahriman repo\-tree [\-h] [\-p PARTITIONS]
 
 dump repository tree based on packages dependencies
 
@@ -720,7 +723,7 @@ dump repository tree based on packages dependencies
 also divide packages by independent partitions
 
 .SH COMMAND \fI\,'ahriman repo\-triggers'\/\fR
-usage: ahriman repo\-triggers [\-h] [trigger ...]
+usage: ahriman repo\-triggers [\-h] [trigger ...]
 
 run triggers on empty build result as configured by settings
 
@@ -729,10 +732,10 @@ run triggers on empty build result as configured by settings
 instead of running all triggers as set by configuration, just process specified ones in order of mention
 
 .SH COMMAND \fI\,'ahriman repo\-update'\/\fR
-usage: ahriman repo\-update [\-h] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes] [\-\-check\-files | \-\-no\-check\-files]
-                           [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run] [\-e] [\-\-increment | \-\-no\-increment]
-                           [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
-                           [package ...]
+usage: ahriman repo\-update [\-h] [\-\-aur | \-\-no\-aur] [\-\-changes | \-\-no\-changes] [\-\-check\-files | \-\-no\-check\-files]
+                           [\-\-dependencies | \-\-no\-dependencies] [\-\-dry\-run] [\-e] [\-\-increment | \-\-no\-increment]
+                           [\-\-local | \-\-no\-local] [\-\-manual | \-\-no\-manual] [\-u USERNAME] [\-\-vcs | \-\-no\-vcs] [\-y]
+                           [package ...]
 
 check for packages updates and run build process if requested
 
@@ -790,8 +793,8 @@ fetch actual version of VCS packages
 download fresh package databases from the mirror before actions, \-yy to force refresh even if up to date
 
 .SH COMMAND \fI\,'ahriman service\-clean'\/\fR
-usage: ahriman service\-clean [\-h] [\-\-cache | \-\-no\-cache] [\-\-chroot | \-\-no\-chroot] [\-\-manual | \-\-no\-manual]
-                             [\-\-packages | \-\-no\-packages] [\-\-pacman | \-\-no\-pacman]
+usage: ahriman service\-clean [\-h] [\-\-cache | \-\-no\-cache] [\-\-chroot | \-\-no\-chroot] [\-\-manual | \-\-no\-manual]
+                             [\-\-packages | \-\-no\-packages] [\-\-pacman | \-\-no\-pacman]
 
 remove local caches
 
@@ -817,7 +820,7 @@ clear directory with built packages
 clear directory with pacman local database cache
 
 .SH COMMAND \fI\,'ahriman service\-config'\/\fR
-usage: ahriman service\-config [\-h] [\-\-info | \-\-no\-info] [\-\-secure | \-\-no\-secure] [section] [key]
+usage: ahriman service\-config [\-h] [\-\-info | \-\-no\-info] [\-\-secure | \-\-no\-secure] [section] [key]
 
 dump configuration for the specified architecture
 
@@ -839,7 +842,7 @@ show additional information, e.g. configuration files
 hide passwords and secrets from output
 
 .SH COMMAND \fI\,'ahriman service\-config\-validate'\/\fR
-usage: ahriman service\-config\-validate [\-h] [\-e]
+usage: ahriman service\-config\-validate [\-h] [\-e]
 
 validate configuration and print found errors
 
@@ -849,7 +852,7 @@ validate configuration and print found errors
 return non\-zero exit status if configuration is invalid
 
 .SH COMMAND \fI\,'ahriman service\-key\-import'\/\fR
-usage: ahriman service\-key\-import [\-h] [\-\-key\-server KEY_SERVER] key
+usage: ahriman service\-key\-import [\-h] [\-\-key\-server KEY_SERVER] key
 
 import PGP key from public sources to the repository user
 
@@ -863,7 +866,7 @@ PGP key to import from public server
 key server for key import
 
 .SH COMMAND \fI\,'ahriman service\-repositories'\/\fR
-usage: ahriman service\-repositories [\-h] [\-\-id\-only | \-\-no\-id\-only]
+usage: ahriman service\-repositories [\-h] [\-\-id\-only | \-\-no\-id\-only]
 
 list all available repositories
 
@@ -873,7 +876,7 @@ list all available repositories
 show machine readable identifier instead
 
 .SH COMMAND \fI\,'ahriman service\-run'\/\fR
-usage: ahriman service\-run [\-h] command [command ...]
+usage: ahriman service\-run [\-h] command [command ...]
 
 run multiple commands on success run of the previous command
 
@@ -882,11 +885,11 @@ run multiple commands on success run of the previous command
 command to be run (quoted) without ``ahriman``
 
 .SH COMMAND \fI\,'ahriman service\-setup'\/\fR
-usage: ahriman service\-setup [\-h] [\-\-build\-as\-user BUILD_AS_USER] [\-\-from\-configuration FROM_CONFIGURATION]
-                             [\-\-generate\-salt | \-\-no\-generate\-salt] [\-\-makeflags\-jobs | \-\-no\-makeflags\-jobs]
-                             [\-\-mirror MIRROR] [\-\-multilib | \-\-no\-multilib] \-\-packager PACKAGER [\-\-server SERVER]
-                             [\-\-sign\-key SIGN_KEY] [\-\-sign\-target {disabled,packages,repository}] [\-\-web\-port WEB_PORT]
-                             [\-\-web\-unix\-socket WEB_UNIX_SOCKET]
+usage: ahriman service\-setup [\-h] [\-\-build\-as\-user BUILD_AS_USER] [\-\-from\-configuration FROM_CONFIGURATION]
+                             [\-\-generate\-salt | \-\-no\-generate\-salt] [\-\-makeflags\-jobs | \-\-no\-makeflags\-jobs]
+                             [\-\-mirror MIRROR] [\-\-multilib | \-\-no\-multilib] \-\-packager PACKAGER [\-\-server SERVER]
+                             [\-\-sign\-key SIGN_KEY] [\-\-sign\-target {disabled,packages,repository}] [\-\-web\-port WEB_PORT]
+                             [\-\-web\-unix\-socket WEB_UNIX_SOCKET]
 
 create initial service configuration, requires root
 
@@ -940,7 +943,7 @@ port of the web service
 path to unix socket used for interprocess communications
 
 .SH COMMAND \fI\,'ahriman service\-shell'\/\fR
-usage: ahriman service\-shell [\-h] [\-o OUTPUT] [code]
+usage: ahriman service\-shell [\-h] [\-o OUTPUT] [code]
 
 drop into python shell
 
@@ -954,13 +957,13 @@ instead of dropping into shell, just execute the specified code
 output commands and result to the file
 
 .SH COMMAND \fI\,'ahriman service\-tree\-migrate'\/\fR
-usage: ahriman service\-tree\-migrate [\-h]
+usage: ahriman service\-tree\-migrate [\-h]
 
 migrate repository tree between versions
 
 .SH COMMAND \fI\,'ahriman user\-add'\/\fR
-usage: ahriman user\-add [\-h] [\-\-key KEY] [\-\-packager PACKAGER] [\-p PASSWORD] [\-R {unauthorized,read,reporter,full}]
-                        username
+usage: ahriman user\-add [\-h] [\-\-key KEY] [\-\-packager PACKAGER] [\-p PASSWORD] [\-R {unauthorized,read,reporter,full}]
+                        username
 
 update user for web services with the given password and role. In case if password was not entered it will be asked interactively
 
@@ -987,7 +990,7 @@ authorization type.
 user access level
 
 .SH COMMAND \fI\,'ahriman user\-list'\/\fR
-usage: ahriman user\-list [\-h] [\-e] [\-R {unauthorized,read,reporter,full}] [username]
+usage: ahriman user\-list [\-h] [\-e] [\-R {unauthorized,read,reporter,full}] [username]
 
 list users from the user mapping and their roles
 
@@ -1005,7 +1008,7 @@ return non\-zero exit status if result is empty
 filter users by role
 
 .SH COMMAND \fI\,'ahriman user\-remove'\/\fR
-usage: ahriman user\-remove [\-h] username
+usage: ahriman user\-remove [\-h] username
 
 remove user from the user mapping and update the configuration
 
@@ -1014,10 +1017,15 @@ remove user from the user mapping and update the configuration
 username for web service
 
 .SH COMMAND \fI\,'ahriman web'\/\fR
-usage: ahriman web [\-h]
+usage: ahriman web [\-h]
 
 start web server
 
+.SH COMMAND \fI\,'ahriman web\-reload'\/\fR
+usage: ahriman web\-reload [\-h]
+
+reload web server configuration
+
 .SH COMMENTS
 Quick setup command (replace repository name, architecture and packager as needed):
 

package/share/zsh/site-functions/_ahriman

@@ -80,6 +80,7 @@ _shtab_ahriman_commands() {
     "user-remove:remove user from the user mapping and update the configuration"
     "version:print application and its dependencies versions"
     "web:start web server"
+    "web-reload:reload web server configuration"
   )
   _describe 'ahriman commands' _commands
 }
@@ -99,6 +100,9 @@ _shtab_ahriman_options=(
   "--wait-timeout[wait for lock to be free. Negative value will lead to immediate application run even if there is lock file. In case of zero value, the application will wait infinitely (default\: -1)]:wait_timeout:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_defaults_added=0
+
 _shtab_ahriman_add_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available (default\: True)]:changes:"
@@ -113,6 +117,9 @@ _shtab_ahriman_add_options=(
   "(*):package source (base name, path to local files, remote URL):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_add_defaults_added=0
+
 _shtab_ahriman_aur_search_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -121,6 +128,9 @@ _shtab_ahriman_aur_search_options=(
   "(*):search terms, can be specified multiple times, the result will match all terms:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_aur_search_defaults_added=0
+
 _shtab_ahriman_check_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available (default\: True)]:changes:"
@@ -131,6 +141,9 @@ _shtab_ahriman_check_options=(
   "(*)::filter check by package base (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_check_defaults_added=0
+
 _shtab_ahriman_clean_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--cache,--no-cache}"[clear directory with package caches (default\: False)]:cache:"
@@ -140,6 +153,9 @@ _shtab_ahriman_clean_options=(
   {--pacman,--no-pacman}"[clear directory with pacman local database cache (default\: False)]:pacman:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_clean_defaults_added=0
+
 _shtab_ahriman_config_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--info,--no-info}"[show additional information, e.g. configuration files (default\: True)]:info:"
@@ -148,11 +164,17 @@ _shtab_ahriman_config_options=(
   ":filter settings by key (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_config_defaults_added=0
+
 _shtab_ahriman_config_validate_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if configuration is invalid (default\: False)]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_config_validate_defaults_added=0
+
 _shtab_ahriman_copy_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -161,6 +183,9 @@ _shtab_ahriman_copy_options=(
   "(*):package base:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_copy_defaults_added=0
+
 _shtab_ahriman_daemon_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-i,--interval}"[interval between runs in seconds (default\: 43200)]:interval:"
@@ -178,25 +203,40 @@ _shtab_ahriman_daemon_options=(
   "*"{-y,--refresh}"[download fresh package databases from the mirror before actions, -yy to force refresh even if up to date (default\: False)]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_daemon_defaults_added=0
+
 _shtab_ahriman_help_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   ":show help message for specific command (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_help_defaults_added=0
+
 _shtab_ahriman_help_commands_unsafe_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "(*)::instead of showing commands, just test command line for unsafe subcommand and return 0 in case if command is safe and 1 otherwise (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_help_commands_unsafe_defaults_added=0
+
 _shtab_ahriman_help_updates_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit code if updates available (default\: False)]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_help_updates_defaults_added=0
+
 _shtab_ahriman_help_version_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_help_version_defaults_added=0
+
 _shtab_ahriman_init_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--build-as-user[force makepkg user to the specific one (default\: None)]:build_as_user:"
@@ -213,12 +253,18 @@ _shtab_ahriman_init_options=(
   "--web-unix-socket[path to unix socket used for interprocess communications (default\: None)]:web_unix_socket:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_init_defaults_added=0
+
 _shtab_ahriman_key_import_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--key-server[key server for key import (default\: keyserver.ubuntu.com)]:key_server:"
   ":PGP key to import from public server:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_key_import_defaults_added=0
+
 _shtab_ahriman_package_add_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available (default\: True)]:changes:"
@@ -233,17 +279,26 @@ _shtab_ahriman_package_add_options=(
   "(*):package source (base name, path to local files, remote URL):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_package_add_defaults_added=0
+
 _shtab_ahriman_package_changes_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
   ":package base:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_package_changes_defaults_added=0
+
 _shtab_ahriman_package_changes_remove_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   ":package base:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_package_changes_remove_defaults_added=0
+
 _shtab_ahriman_package_copy_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -252,11 +307,17 @@ _shtab_ahriman_package_copy_options=(
   "(*):package base:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_package_copy_defaults_added=0
+
 _shtab_ahriman_package_remove_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "(*):package name or base:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_package_remove_defaults_added=0
+
 _shtab_ahriman_package_status_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--ahriman[get service status itself (default\: False)]"
@@ -266,17 +327,26 @@ _shtab_ahriman_package_status_options=(
   "(*)::filter status by package base (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_package_status_defaults_added=0
+
 _shtab_ahriman_package_status_remove_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "(*):remove specified packages from status page:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_package_status_remove_defaults_added=0
+
 _shtab_ahriman_package_status_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-s,--status}"[new package build status (default\: success)]:status:(unknown pending building failed success)"
   "(*)::set status for specified packages. If no packages supplied, service status will be updated (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_package_status_update_defaults_added=0
+
 _shtab_ahriman_package_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available (default\: True)]:changes:"
@@ -291,6 +361,9 @@ _shtab_ahriman_package_update_options=(
   "(*):package source (base name, path to local files, remote URL):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_package_update_defaults_added=0
+
 _shtab_ahriman_patch_add_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   ":package base:"
@@ -298,6 +371,9 @@ _shtab_ahriman_patch_add_options=(
   ":path to file which contains function or variable value. If not set, the value will be read from stdin (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_patch_add_defaults_added=0
+
 _shtab_ahriman_patch_list_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -305,18 +381,27 @@ _shtab_ahriman_patch_list_options=(
   ":package base:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_patch_list_defaults_added=0
+
 _shtab_ahriman_patch_remove_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "*"{-v,--variable}"[should be used for single-function patches in case if you wold like to remove only specified PKGBUILD variables. In case if not set, it will remove all patches related to the package (default\: None)]:variable:"
   ":package base:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_patch_remove_defaults_added=0
+
 _shtab_ahriman_patch_set_add_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "*"{-t,--track}"[files which has to be tracked (default\: \[\'\*.diff\', \'\*.patch\'\])]:track:"
   ":path to directory with changed files for patch addition\/update:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_patch_set_add_defaults_added=0
+
 _shtab_ahriman_rebuild_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "*--depends-on[only rebuild packages that depend on specified packages (default\: None)]:depends_on:"
@@ -328,21 +413,33 @@ _shtab_ahriman_rebuild_options=(
   {-u,--username}"[build as user (default\: None)]:username:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_rebuild_defaults_added=0
+
 _shtab_ahriman_remove_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "(*):package name or base:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_remove_defaults_added=0
+
 _shtab_ahriman_remove_unknown_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--dry-run[just perform check for packages without removal (default\: False)]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_remove_unknown_defaults_added=0
+
 _shtab_ahriman_repo_backup_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   ":path of the output archive:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_backup_defaults_added=0
+
 _shtab_ahriman_repo_check_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--changes,--no-changes}"[calculate changes from the latest known commit if available (default\: True)]:changes:"
@@ -353,6 +450,9 @@ _shtab_ahriman_repo_check_options=(
   "(*)::filter check by package base (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_check_defaults_added=0
+
 _shtab_ahriman_repo_clean_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--cache,--no-cache}"[clear directory with package caches (default\: False)]:cache:"
@@ -362,6 +462,9 @@ _shtab_ahriman_repo_clean_options=(
   {--pacman,--no-pacman}"[clear directory with pacman local database cache (default\: False)]:pacman:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_clean_defaults_added=0
+
 _shtab_ahriman_repo_config_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--info,--no-info}"[show additional information, e.g. configuration files (default\: True)]:info:"
@@ -370,19 +473,31 @@ _shtab_ahriman_repo_config_options=(
   ":filter settings by key (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_config_defaults_added=0
+
 _shtab_ahriman_repo_config_validate_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if configuration is invalid (default\: False)]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_config_validate_defaults_added=0
+
 _shtab_ahriman_repo_create_keyring_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_create_keyring_defaults_added=0
+
 _shtab_ahriman_repo_create_mirrorlist_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_create_mirrorlist_defaults_added=0
+
 _shtab_ahriman_repo_daemon_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-i,--interval}"[interval between runs in seconds (default\: 43200)]:interval:"
@@ -400,6 +515,9 @@ _shtab_ahriman_repo_daemon_options=(
   "*"{-y,--refresh}"[download fresh package databases from the mirror before actions, -yy to force refresh even if up to date (default\: False)]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_daemon_defaults_added=0
+
 _shtab_ahriman_repo_init_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--build-as-user[force makepkg user to the specific one (default\: None)]:build_as_user:"
@@ -416,6 +534,9 @@ _shtab_ahriman_repo_init_options=(
   "--web-unix-socket[path to unix socket used for interprocess communications (default\: None)]:web_unix_socket:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_init_defaults_added=0
+
 _shtab_ahriman_repo_rebuild_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "*--depends-on[only rebuild packages that depend on specified packages (default\: None)]:depends_on:"
@@ -427,21 +548,33 @@ _shtab_ahriman_repo_rebuild_options=(
   {-u,--username}"[build as user (default\: None)]:username:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_rebuild_defaults_added=0
+
 _shtab_ahriman_repo_remove_unknown_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--dry-run[just perform check for packages without removal (default\: False)]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_remove_unknown_defaults_added=0
+
 _shtab_ahriman_repo_report_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_report_defaults_added=0
+
 _shtab_ahriman_repo_restore_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-o,--output}"[root path of the extracted files (default\: \/)]:output:"
   ":path of the input archive:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_restore_defaults_added=0
+
 _shtab_ahriman_repo_setup_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--build-as-user[force makepkg user to the specific one (default\: None)]:build_as_user:"
@@ -458,11 +591,17 @@ _shtab_ahriman_repo_setup_options=(
   "--web-unix-socket[path to unix socket used for interprocess communications (default\: None)]:web_unix_socket:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_setup_defaults_added=0
+
 _shtab_ahriman_repo_sign_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "(*)::sign only specified packages (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_sign_defaults_added=0
+
 _shtab_ahriman_repo_statistics_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--chart[create updates chart and save it to the specified path (default\: None)]:chart:"
@@ -474,25 +613,40 @@ _shtab_ahriman_repo_statistics_options=(
   ":fetch only events for the specified package (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_statistics_defaults_added=0
+
 _shtab_ahriman_repo_status_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-s,--status}"[new status (default\: success)]:status:(unknown pending building failed success)"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_status_update_defaults_added=0
+
 _shtab_ahriman_repo_sync_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_sync_defaults_added=0
+
 _shtab_ahriman_repo_tree_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-p,--partitions}"[also divide packages by independent partitions (default\: 1)]:partitions:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_tree_defaults_added=0
+
 _shtab_ahriman_repo_triggers_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "(*)::instead of running all triggers as set by configuration, just process specified ones in order of mention (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_triggers_defaults_added=0
+
 _shtab_ahriman_repo_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
@@ -510,15 +664,24 @@ _shtab_ahriman_repo_update_options=(
   "(*)::filter check by package base (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_repo_update_defaults_added=0
+
 _shtab_ahriman_report_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_report_defaults_added=0
+
 _shtab_ahriman_run_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "(*):command to be run (quoted) without \`\`ahriman\`\`:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_run_defaults_added=0
+
 _shtab_ahriman_search_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -527,6 +690,9 @@ _shtab_ahriman_search_options=(
   "(*):search terms, can be specified multiple times, the result will match all terms:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_search_defaults_added=0
+
 _shtab_ahriman_service_clean_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--cache,--no-cache}"[clear directory with package caches (default\: False)]:cache:"
@@ -536,6 +702,9 @@ _shtab_ahriman_service_clean_options=(
   {--pacman,--no-pacman}"[clear directory with pacman local database cache (default\: False)]:pacman:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_service_clean_defaults_added=0
+
 _shtab_ahriman_service_config_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--info,--no-info}"[show additional information, e.g. configuration files (default\: True)]:info:"
@@ -544,27 +713,42 @@ _shtab_ahriman_service_config_options=(
   ":filter settings by key (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_service_config_defaults_added=0
+
 _shtab_ahriman_service_config_validate_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if configuration is invalid (default\: False)]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_service_config_validate_defaults_added=0
+
 _shtab_ahriman_service_key_import_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--key-server[key server for key import (default\: keyserver.ubuntu.com)]:key_server:"
   ":PGP key to import from public server:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_service_key_import_defaults_added=0
+
 _shtab_ahriman_service_repositories_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--id-only,--no-id-only}"[show machine readable identifier instead (default\: False)]:id_only:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_service_repositories_defaults_added=0
+
 _shtab_ahriman_service_run_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "(*):command to be run (quoted) without \`\`ahriman\`\`:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_service_run_defaults_added=0
+
 _shtab_ahriman_service_setup_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--build-as-user[force makepkg user to the specific one (default\: None)]:build_as_user:"
@@ -581,16 +765,25 @@ _shtab_ahriman_service_setup_options=(
   "--web-unix-socket[path to unix socket used for interprocess communications (default\: None)]:web_unix_socket:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_service_setup_defaults_added=0
+
 _shtab_ahriman_service_shell_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-o,--output}"[output commands and result to the file (default\: None)]:output:"
   ":instead of dropping into shell, just execute the specified code (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_service_shell_defaults_added=0
+
 _shtab_ahriman_service_tree_migrate_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_service_tree_migrate_defaults_added=0
+
 _shtab_ahriman_setup_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--build-as-user[force makepkg user to the specific one (default\: None)]:build_as_user:"
@@ -607,17 +800,26 @@ _shtab_ahriman_setup_options=(
   "--web-unix-socket[path to unix socket used for interprocess communications (default\: None)]:web_unix_socket:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_setup_defaults_added=0
+
 _shtab_ahriman_shell_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-o,--output}"[output commands and result to the file (default\: None)]:output:"
   ":instead of dropping into shell, just execute the specified code (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_shell_defaults_added=0
+
 _shtab_ahriman_sign_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "(*)::sign only specified packages (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_sign_defaults_added=0
+
 _shtab_ahriman_status_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--ahriman[get service status itself (default\: False)]"
@@ -627,16 +829,25 @@ _shtab_ahriman_status_options=(
   "(*)::filter status by package base (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_status_defaults_added=0
+
 _shtab_ahriman_status_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-s,--status}"[new package build status (default\: success)]:status:(unknown pending building failed success)"
   "(*)::set status for specified packages. If no packages supplied, service status will be updated (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_status_update_defaults_added=0
+
 _shtab_ahriman_sync_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_sync_defaults_added=0
+
 _shtab_ahriman_update_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {--aur,--no-aur}"[enable or disable checking for AUR updates (default\: True)]:aur:"
@@ -654,6 +865,9 @@ _shtab_ahriman_update_options=(
   "(*)::filter check by package base (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_update_defaults_added=0
+
 _shtab_ahriman_user_add_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   "--key[optional PGP key used by this user. The private key must be imported (default\: None)]:key:"
@@ -663,6 +877,9 @@ _shtab_ahriman_user_add_options=(
   ":username for web service:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_user_add_defaults_added=0
+
 _shtab_ahriman_user_list_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   {-e,--exit-code}"[return non-zero exit status if result is empty (default\: False)]"
@@ -670,25 +887,48 @@ _shtab_ahriman_user_list_options=(
   ":filter users by username (default\: None):"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_user_list_defaults_added=0
+
 _shtab_ahriman_user_remove_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
   ":username for web service:"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_user_remove_defaults_added=0
+
 _shtab_ahriman_version_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_version_defaults_added=0
+
 _shtab_ahriman_web_options=(
   "(- : *)"{-h,--help}"[show this help message and exit]"
 )
 
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_web_defaults_added=0
+
+_shtab_ahriman_web_reload_options=(
+  "(- : *)"{-h,--help}"[show this help message and exit]"
+)
+
+# guard to ensure default positional specs are added only once per session
+_shtab_ahriman_web_reload_defaults_added=0
+
 
 _shtab_ahriman() {
-  local context state line curcontext="$curcontext" one_or_more='(-)*' remainder='(*)'
+  local context state line curcontext="$curcontext" one_or_more='(*)' remainder='(-)*' default='*::: :->ahriman'
 
-  if ((${_shtab_ahriman_options[(I)${(q)one_or_more}*]} + ${_shtab_ahriman_options[(I)${(q)remainder}*]} == 0)); then  # noqa: E501
-    _shtab_ahriman_options+=(': :_shtab_ahriman_commands' '*::: :->ahriman')
+  # Add default positional/remainder specs only if none exist, and only once per session
+  if (( ! _shtab_ahriman_defaults_added )); then
+    if (( ${_shtab_ahriman_options[(I)${(q)one_or_more}*]} +          ${_shtab_ahriman_options[(I)${(q)remainder}*]} +          ${_shtab_ahriman_options[(I)${(q)default}]} == 0 )); then
+      _shtab_ahriman_options+=(': :_shtab_ahriman_commands' '*::: :->ahriman')
+    fi
+    _shtab_ahriman_defaults_added=1
   fi
   _arguments -C -s $_shtab_ahriman_options
 
@@ -773,6 +1013,7 @@ _shtab_ahriman() {
         user-remove) _arguments -C -s $_shtab_ahriman_user_remove_options ;;
         version) _arguments -C -s $_shtab_ahriman_version_options ;;
         web) _arguments -C -s $_shtab_ahriman_web_options ;;
+        web-reload) _arguments -C -s $_shtab_ahriman_web_reload_options ;;
       esac
   esac
 }

src/ahriman/__init__.py

@@ -17,4 +17,4 @@
 # You should have received a copy of the GNU General Public License
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
-__version__ = "2.19.0"
+__version__ = "2.20.0rc3"

src/ahriman/application/application/application_repository.py

@@ -22,6 +22,7 @@ from collections.abc import Iterable
 from ahriman.application.application.application_properties import ApplicationProperties
 from ahriman.application.application.workers import Updater
 from ahriman.core.build_tools.sources import Sources
+from ahriman.core.exceptions import UnknownPackageError
 from ahriman.models.package import Package
 from ahriman.models.packagers import Packagers
 from ahriman.models.result import Result
@@ -116,7 +117,7 @@ class ApplicationRepository(ApplicationProperties):
             for single in probe.packages:
                 try:
                     _ = Package.from_aur(single, None)
-                except Exception:
+                except UnknownPackageError:
                     packages.append(single)
             return packages
 

src/ahriman/application/handlers/backup.py

@@ -81,11 +81,13 @@ class Backup(Handler):
         Returns:
             set[Path]: map of the filesystem paths
         """
-        paths = set(configuration.include.glob("*.ini"))
-
+        # configuration files
         root, _ = configuration.check_loaded()
-        paths.add(root)  # the configuration itself
-        paths.add(SQLite.database_path(configuration))  # database
+        paths = set(configuration.includes)
+        paths.add(root)
+
+        # database
+        paths.add(SQLite.database_path(configuration))
 
         # local caches
         repository_paths = configuration.repository_paths

src/ahriman/application/handlers/restore.py

@@ -47,7 +47,7 @@ class Restore(Handler):
             report(bool): force enable or disable reporting
         """
         with tarfile.open(args.path) as archive:
-            archive.extractall(path=args.output)  # nosec
+            archive.extractall(path=args.output, filter="data")
 
     @staticmethod
     def _set_repo_restore_parser(root: SubParserAction) -> argparse.ArgumentParser:

src/ahriman/core/auth/helpers.py

@@ -22,6 +22,11 @@ try:
 except ImportError:
     aiohttp_security = None  # type: ignore[assignment]
 
+try:
+    import aiohttp_session
+except ImportError:
+    aiohttp_session = None  # type: ignore[assignment]
+
 from typing import Any
 
 
@@ -50,7 +55,7 @@ async def check_authorized(*args: Any, **kwargs: Any) -> Any:
 
     Args:
         *args(Any): argument list as provided by check_authorized function
-        **kwargs(Any): named argument list as provided by authorized_userid function
+        **kwargs(Any): named argument list as provided by check_authorized function
 
     Returns:
         Any: ``None`` in case if no aiohttp_security module found and function call otherwise
@@ -66,7 +71,7 @@ async def forget(*args: Any, **kwargs: Any) -> Any:
 
     Args:
         *args(Any): argument list as provided by forget function
-        **kwargs(Any): named argument list as provided by authorized_userid function
+        **kwargs(Any): named argument list as provided by forget function
 
     Returns:
         Any: ``None`` in case if no aiohttp_security module found and function call otherwise
@@ -76,13 +81,29 @@ async def forget(*args: Any, **kwargs: Any) -> Any:
     return None
 
 
+async def get_session(*args: Any, **kwargs: Any) -> Any:
+    """
+    handle aiohttp session methods
+
+    Args:
+        *args(Any): argument list as provided by get_session function
+        **kwargs(Any): named argument list as provided by get_session function
+
+    Returns:
+        Any: empty dictionary in case if no aiohttp_session module found and function call otherwise
+    """
+    if aiohttp_session is not None:
+        return await aiohttp_session.get_session(*args, **kwargs)
+    return {}
+
+
 async def remember(*args: Any, **kwargs: Any) -> Any:
     """
     handle disabled auth
 
     Args:
         *args(Any): argument list as provided by remember function
-        **kwargs(Any): named argument list as provided by authorized_userid function
+        **kwargs(Any): named argument list as provided by remember function
 
     Returns:
         Any: ``None`` in case if no aiohttp_security module found and function call otherwise

src/ahriman/core/auth/oauth.py

@@ -19,6 +19,8 @@
 #
 import aioauth_client
 
+from typing import Any
+
 from ahriman.core.auth.mapping import Mapping
 from ahriman.core.configuration import Configuration
 from ahriman.core.database import SQLite
@@ -53,7 +55,7 @@ class OAuth(Mapping):
         self.client_secret = configuration.get("auth", "client_secret")
         # in order to use OAuth feature the service must be publicity available
         # thus we expect that address is set
-        self.redirect_uri = f"""{configuration.get("web", "address")}/api/v1/login"""
+        self.redirect_uri = f"{configuration.get("web", "address")}/api/v1/login"
         self.provider = self.get_provider(configuration.get("auth", "oauth_provider"))
         # it is list, but we will have to convert to string it anyway
         self.scopes = configuration.get("auth", "oauth_scopes")
@@ -84,7 +86,7 @@ class OAuth(Mapping):
         Raises:
             OptionError: in case if invalid OAuth provider name supplied
         """
-        provider: type[aioauth_client.OAuth2Client] = getattr(aioauth_client, name)
+        provider: type = getattr(aioauth_client, name, type(None))
         try:
             is_oauth2_client = issubclass(provider, aioauth_client.OAuth2Client)
         except TypeError:  # what if it is random string?
@@ -102,27 +104,35 @@ class OAuth(Mapping):
         """
         return self.provider(client_id=self.client_id, client_secret=self.client_secret)
 
-    def get_oauth_url(self) -> str:
+    def get_oauth_url(self, state: str) -> str:
         """
         get authorization URI for the specified settings
 
+        Args:
+            state(str): CSRF token to pass to OAuth2 provider
+
         Returns:
             str: authorization URI as a string
         """
         client = self.get_client()
-        uri: str = client.get_authorize_url(scope=self.scopes, redirect_uri=self.redirect_uri)
+        uri: str = client.get_authorize_url(scope=self.scopes, redirect_uri=self.redirect_uri, state=state)
         return uri
 
-    async def get_oauth_username(self, code: str) -> str | None:
+    async def get_oauth_username(self, code: str, state: str | None, session: dict[str, Any]) -> str | None:
         """
         extract OAuth username from remote
 
         Args:
             code(str): authorization code provided by external service
+            state(str | None): CSRF token returned by external service
+            session(dict[str, Any]): current session instance
 
         Returns:
             str | None: username as is in OAuth provider
         """
+        if state is None or state != session.get("state"):
+            return None
+
         try:
             client = self.get_client()
             access_token, _ = await client.get_access_token(code, redirect_uri=self.redirect_uri)

src/ahriman/core/configuration/schema.py

@@ -97,6 +97,26 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
             },
         },
     },
+    "aur": {
+        "type": "dict",
+        "schema": {
+            "max_retries": {
+                "type": "integer",
+                "coerce": "integer",
+                "min": 0,
+            },
+            "retry_backoff": {
+                "type": "float",
+                "coerce": "float",
+                "min": 0,
+            },
+            "timeout": {
+                "type": "integer",
+                "coerce": "integer",
+                "min": 0,
+            },
+        },
+    },
     "auth": {
         "type": "dict",
         "schema": {
@@ -296,10 +316,20 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = {
                 "empty": False,
                 "is_url": [],
             },
+            "max_retries": {
+                "type": "integer",
+                "coerce": "integer",
+                "min": 0,
+            },
             "password": {
                 "type": "string",
                 "empty": False,
             },
+            "retry_backoff": {
+                "type": "float",
+                "coerce": "float",
+                "min": 0,
+            },
             "suppress_http_log_errors": {
                 "type": "boolean",
                 "coerce": "boolean",

src/ahriman/core/configuration/validator.py

@@ -76,6 +76,19 @@ class Validator(RootValidator):
         converted: bool = self.configuration._convert_to_boolean(value)  # type: ignore[attr-defined]
         return converted
 
+    def _normalize_coerce_float(self, value: str) -> float:
+        """
+        extract float from string value
+
+        Args:
+            value(str): converting value
+
+        Returns:
+            float: value converted to float according to configuration rules
+        """
+        del self
+        return float(value)
+
     def _normalize_coerce_integer(self, value: str) -> int:
         """
         extract integer from string value

src/ahriman/core/database/operations/logs_operations.py

@@ -141,14 +141,15 @@ class LogsOperations(Operations):
             connection.execute(
                 """
                 delete from logs
-                where (package_base, version, repository, process_id) not in (
-                  select package_base, version, repository, process_id from logs
-                  where (package_base, version, repository, created) in (
-                    select package_base, version, repository, max(created) from logs
-                    where repository = :repository
-                    group by package_base, version, repository
+                where repository = :repository
+                  and (package_base, version, repository, process_id) not in (
+                    select package_base, version, repository, process_id from logs
+                    where (package_base, version, repository, created) in (
+                      select package_base, version, repository, max(created) from logs
+                      where repository = :repository
+                      group by package_base, version, repository
+                    )
                   )
-                )
                 """,
                 {
                     "repository": repository_id.id,

src/ahriman/core/gitremote/remote_pull_trigger.py

@@ -48,6 +48,10 @@ class RemotePullTrigger(Trigger):
         "gitremote": {
             "type": "dict",
             "schema": {
+                "type": {
+                    "type": "string",
+                    "allowed": ["gitremote"],
+                },
                 "pull_url": {
                     "type": "string",
                     "required": True,
@@ -60,7 +64,6 @@ class RemotePullTrigger(Trigger):
             },
         },
     }
-    CONFIGURATION_SCHEMA_FALLBACK = "gitremote"
 
     def __init__(self, repository_id: RepositoryId, configuration: Configuration) -> None:
         """
@@ -89,7 +92,6 @@ class RemotePullTrigger(Trigger):
         trigger action which will be called at the start of the application
         """
         for target in self.targets:
-            section, _ = self.configuration.gettype(
-                target, self.repository_id, fallback=self.CONFIGURATION_SCHEMA_FALLBACK)
+            section, _ = self.configuration.gettype(target, self.repository_id, fallback="gitremote")
             runner = RemotePull(self.repository_id, self.configuration, section)
             runner.run()

src/ahriman/core/gitremote/remote_push_trigger.py

@@ -52,6 +52,10 @@ class RemotePushTrigger(Trigger):
         "gitremote": {
             "type": "dict",
             "schema": {
+                "type": {
+                    "type": "string",
+                    "allowed": ["gitremote"],
+                },
                 "commit_email": {
                     "type": "string",
                     "empty": False,
@@ -72,7 +76,6 @@ class RemotePushTrigger(Trigger):
             },
         },
     }
-    CONFIGURATION_SCHEMA_FALLBACK = "gitremote"
 
     def __init__(self, repository_id: RepositoryId, configuration: Configuration) -> None:
         """
@@ -111,7 +114,6 @@ class RemotePushTrigger(Trigger):
         reporter = ctx.get(Client)
 
         for target in self.targets:
-            section, _ = self.configuration.gettype(
-                target, self.repository_id, fallback=self.CONFIGURATION_SCHEMA_FALLBACK)
+            section, _ = self.configuration.gettype(target, self.repository_id, fallback="gitremote")
             runner = RemotePush(reporter, self.configuration, section)
             runner.run(result)

src/ahriman/core/http/sync_ahriman_client.py

@@ -20,10 +20,9 @@
 import contextlib
 import requests
 
-from functools import cached_property
+from requests.adapters import BaseAdapter
 from urllib.parse import urlparse
 
-from ahriman import __version__
 from ahriman.core.http.sync_http_client import SyncHttpClient
 
 
@@ -37,32 +36,36 @@ class SyncAhrimanClient(SyncHttpClient):
 
     address: str
 
-    @cached_property
-    def session(self) -> requests.Session:
+    def _login_url(self) -> str:
         """
-        get or create session
+        get url for the login api
 
         Returns:
-            request.Session: created session object
+            str: full url for web service to log in
         """
-        if urlparse(self.address).scheme == "http+unix":
-            import requests_unixsocket
-            session: requests.Session = requests_unixsocket.Session()  # type: ignore[no-untyped-call]
-            session.headers["User-Agent"] = f"ahriman/{__version__}"
-            return session
+        return f"{self.address}/api/v1/login"
 
-        session = requests.Session()
-        session.headers["User-Agent"] = f"ahriman/{__version__}"
-        self._login(session)
-
-        return session
-
-    def _login(self, session: requests.Session) -> None:
+    def adapters(self) -> dict[str, BaseAdapter]:
         """
-        process login to the service
+        get registered adapters
+
+        Returns:
+            dict[str, BaseAdapter]: map of protocol and adapter used for this protocol
+        """
+        adapters = SyncHttpClient.adapters(self)
+
+        if (scheme := urlparse(self.address).scheme) == "http+unix":
+            from requests_unixsocket.adapters import UnixAdapter
+            adapters[f"{scheme}://"] = UnixAdapter()  # type: ignore[no-untyped-call]
+
+        return adapters
+
+    def on_session_creation(self, session: requests.Session) -> None:
+        """
+        method which will be called on session creation
 
         Args:
-            session(requests.Session): request session to login
+            session(requests.Session): created requests session
         """
         if self.auth is None:
             return  # no auth configured
@@ -74,12 +77,3 @@ class SyncAhrimanClient(SyncHttpClient):
         }
         with contextlib.suppress(Exception):
             self.make_request("POST", self._login_url(), json=payload, session=session)
-
-    def _login_url(self) -> str:
-        """
-        get url for the login api
-
-        Returns:
-            str: full url for web service to log in
-        """
-        return f"{self.address}/api/v1/login"

src/ahriman/core/http/sync_http_client.py

@@ -21,7 +21,9 @@ import requests
 import sys
 
 from functools import cached_property
+from requests.adapters import BaseAdapter, HTTPAdapter
 from typing import Any, IO, Literal
+from urllib3.util.retry import Retry
 
 from ahriman import __version__
 from ahriman.core.configuration import Configuration
@@ -38,10 +40,14 @@ class SyncHttpClient(LazyLogging):
 
     Attributes:
         auth(tuple[str, str] | None): HTTP basic auth object if set
+        retry(Retry): retry policy of the HTTP client. Disabled by default
         suppress_errors(bool): suppress logging of request errors
         timeout(int | None): HTTP request timeout in seconds
     """
 
+    retry: Retry = Retry()
+    timeout: int | None = None
+
     def __init__(self, configuration: Configuration | None = None, section: str | None = None, *,
                  suppress_errors: bool = False) -> None:
         """
@@ -50,18 +56,21 @@ class SyncHttpClient(LazyLogging):
             section(str | None, optional): settings section name (Default value = None)
             suppress_errors(bool, optional): suppress logging of request errors (Default value = False)
         """
-        if configuration is None:
-            configuration = Configuration()  # dummy configuration
-        if section is None:
-            section = configuration.default_section
+        configuration = configuration or Configuration()  # dummy configuration
+        section = section or configuration.default_section
 
         username = configuration.get(section, "username", fallback=None)
         password = configuration.get(section, "password", fallback=None)
         self.auth = (username, password) if username and password else None
 
-        self.timeout: int | None = configuration.getint(section, "timeout", fallback=30)
         self.suppress_errors = suppress_errors
 
+        self.timeout = configuration.getint(section, "timeout", fallback=30)
+        self.retry = SyncHttpClient.retry_policy(
+            max_retries=configuration.getint(section, "max_retries", fallback=0),
+            retry_backoff=configuration.getfloat(section, "retry_backoff", fallback=0.0),
+        )
+
     @cached_property
     def session(self) -> requests.Session:
         """
@@ -71,11 +80,17 @@ class SyncHttpClient(LazyLogging):
             request.Session: created session object
         """
         session = requests.Session()
+
+        for protocol, adapter in self.adapters().items():
+            session.mount(protocol, adapter)
+
         python_version = ".".join(map(str, sys.version_info[:3]))  # just major.minor.patch
         session.headers["User-Agent"] = f"ahriman/{__version__} " \
             f"{requests.utils.default_user_agent()} " \
             f"python/{python_version}"
 
+        self.on_session_creation(session)
+
         return session
 
     @staticmethod
@@ -92,6 +107,39 @@ class SyncHttpClient(LazyLogging):
         result: str = exception.response.text if exception.response is not None else ""
         return result
 
+    @staticmethod
+    def retry_policy(max_retries: int = 0, retry_backoff: float = 0.0) -> Retry:
+        """
+        build retry policy for class
+
+        Args:
+            max_retries(int, optional): maximum amount of retries allowed (Default value = 0)
+            retry_backoff(float, optional): retry exponential backoff (Default value = 0.0)
+
+        Returns:
+            Retry: built retry policy
+        """
+        return Retry(
+            total=max_retries,
+            connect=max_retries,
+            read=max_retries,
+            status=max_retries,
+            status_forcelist=[429, 500, 502, 503, 504],
+            backoff_factor=retry_backoff,
+        )
+
+    def adapters(self) -> dict[str, BaseAdapter]:
+        """
+        get registered adapters
+
+        Returns:
+            dict[str, BaseAdapter]: map of protocol and adapter used for this protocol
+        """
+        return {
+            "http://": HTTPAdapter(max_retries=self.retry),
+            "https://": HTTPAdapter(max_retries=self.retry),
+        }
+
     def make_request(self, method: Literal["DELETE", "GET", "HEAD", "POST", "PUT"], url: str, *,
                      headers: dict[str, str] | None = None,
                      params: list[tuple[str, str]] | None = None,
@@ -139,3 +187,11 @@ class SyncHttpClient(LazyLogging):
             if not suppress_errors:
                 self.logger.exception("could not perform http request")
             raise
+
+    def on_session_creation(self, session: requests.Session) -> None:
+        """
+        method which will be called on session creation
+
+        Args:
+            session(requests.Session): created requests session
+        """

src/ahriman/core/report/email.py

@@ -74,6 +74,18 @@ class Email(Report, JinjaTemplate):
         self.ssl = SmtpSSLSettings.from_option(configuration.get(section, "ssl", fallback="disabled"))
         self.user = configuration.get(section, "user", fallback=None)
 
+    @property
+    def _smtp_session(self) -> type[smtplib.SMTP]:
+        """
+        build SMTP session based on configuration settings
+
+        Returns:
+            type[smtplib.SMTP]: SMTP or SMTP_SSL session depending on whether SSL is enabled or not
+        """
+        if self.ssl == SmtpSSLSettings.SSL:
+            return smtplib.SMTP_SSL
+        return smtplib.SMTP
+
     def _send(self, text: str, attachment: dict[str, str]) -> None:
         """
         send email callback
@@ -93,16 +105,13 @@ class Email(Report, JinjaTemplate):
             attach.add_header("Content-Disposition", "attachment", filename=filename)
             message.attach(attach)
 
-        if self.ssl != SmtpSSLSettings.SSL:
-            session = smtplib.SMTP(self.host, self.port)
+        with self._smtp_session(self.host, self.port) as session:
             if self.ssl == SmtpSSLSettings.STARTTLS:
                 session.starttls()
-        else:
-            session = smtplib.SMTP_SSL(self.host, self.port)
-        if self.user is not None and self.password is not None:
-            session.login(self.user, self.password)
-        session.sendmail(self.sender, self.receivers, message.as_string())
-        session.quit()
+
+            if self.user is not None and self.password is not None:
+                session.login(self.user, self.password)
+            session.sendmail(self.sender, self.receivers, message.as_string())
 
     def generate(self, packages: list[Package], result: Result) -> None:
         """

src/ahriman/core/report/report_trigger.py

@@ -302,6 +302,16 @@ class ReportTrigger(Trigger):
                     "empty": False,
                     "is_url": [],
                 },
+                "max_retries": {
+                    "type": "integer",
+                    "coerce": "integer",
+                    "min": 0,
+                },
+                "retry_backoff": {
+                    "type": "float",
+                    "coerce": "float",
+                    "min": 0,
+                },
                 "rss_url": {
                     "type": "string",
                     "empty": False,

src/ahriman/core/repository/repository.py

@@ -21,6 +21,7 @@ from typing import Self
 
 from ahriman.core import _Context, context
 from ahriman.core.alpm.pacman import Pacman
+from ahriman.core.alpm.remote import AUR
 from ahriman.core.configuration import Configuration
 from ahriman.core.database import SQLite
 from ahriman.core.repository.executor import Executor
@@ -73,9 +74,26 @@ class Repository(Executor, UpdateHandler):
         """
         instance = cls(repository_id, configuration, database,
                        report=report, refresh_pacman_database=refresh_pacman_database)
+
+        instance._set_globals(configuration)
         instance._set_context()
+
         return instance
 
+    @staticmethod
+    def _set_globals(configuration: Configuration) -> None:
+        """
+        set global settings based on configuration via class attributes
+
+        Args:
+            configuration(Configuration): configuration instance
+        """
+        AUR.timeout = configuration.getint("aur", "timeout", fallback=30)
+        AUR.retry = AUR.retry_policy(
+            max_retries=configuration.getint("aur", "max_retries", fallback=0),
+            retry_backoff=configuration.getfloat("aur", "retry_backoff", fallback=0.0),
+        )
+
     def _set_context(self) -> None:
         """
         create context variables and set their values

src/ahriman/core/repository/update_handler.py

@@ -185,8 +185,9 @@ class UpdateHandler(PackageInfo, Cleaner):
                 else:
                     self.reporter.set_pending(local.base)
                 self.event(local.base, EventType.PackageOutdated, "Manual update is requested")
+
+            self.clear_queue()
         except Exception:
             self.logger.exception("could not load packages from database")
-        self.clear_queue()
 
         return result

src/ahriman/core/triggers/trigger.py

@@ -34,8 +34,6 @@ class Trigger(LazyLogging):
 
     Attributes:
         CONFIGURATION_SCHEMA(ConfigurationSchema): (class attribute) configuration schema template
-        CONFIGURATION_SCHEMA_FALLBACK(str | None): (class attribute) optional fallback option for defining
-            configuration schema type used
         REQUIRES_REPOSITORY(bool): (class attribute) either trigger requires loaded repository or not
         configuration(Configuration): configuration instance
         repository_id(RepositoryId): repository unique identifier
@@ -59,7 +57,6 @@ class Trigger(LazyLogging):
     """
 
     CONFIGURATION_SCHEMA: ClassVar[ConfigurationSchema] = {}
-    CONFIGURATION_SCHEMA_FALLBACK: ClassVar[str | None] = None
     REQUIRES_REPOSITORY: ClassVar[bool] = True
 
     def __init__(self, repository_id: RepositoryId, configuration: Configuration) -> None:

src/ahriman/core/upload/upload_trigger.py

@@ -54,6 +54,11 @@ class UploadTrigger(Trigger):
                     "type": "string",
                     "allowed": ["github"],
                 },
+                "max_retries": {
+                    "type": "integer",
+                    "coerce": "integer",
+                    "min": 0,
+                },
                 "owner": {
                     "type": "string",
                     "required": True,
@@ -68,6 +73,11 @@ class UploadTrigger(Trigger):
                     "required": True,
                     "empty": False,
                 },
+                "retry_backoff": {
+                    "type": "float",
+                    "coerce": "float",
+                    "min": 0,
+                },
                 "timeout": {
                     "type": "integer",
                     "coerce": "integer",
@@ -90,6 +100,16 @@ class UploadTrigger(Trigger):
                     "type": "string",
                     "allowed": ["ahriman", "remote-service"],
                 },
+                "max_retries": {
+                    "type": "integer",
+                    "coerce": "integer",
+                    "min": 0,
+                },
+                "retry_backoff": {
+                    "type": "float",
+                    "coerce": "float",
+                    "min": 0,
+                },
                 "timeout": {
                     "type": "integer",
                     "coerce": "integer",

src/ahriman/core/utils.py

@@ -164,6 +164,11 @@ def check_output(*args: str, exception: Exception | Callable[[int, list[str], st
         if key in ("PATH",)  # whitelisted variables only
     } | environment
 
+    result: dict[str, list[str]] = {
+        "stdout": [],
+        "stderr": [],
+    }
+
     with subprocess.Popen(args, cwd=cwd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
                           user=user, env=full_environment, text=True, encoding="utf8", errors="backslashreplace",
                           bufsize=1) as process:
@@ -172,30 +177,27 @@ def check_output(*args: str, exception: Exception | Callable[[int, list[str], st
             input_channel.write(input_data)
             input_channel.close()
 
-        selector = selectors.DefaultSelector()
-        selector.register(get_io(process, "stdout"), selectors.EVENT_READ, data="stdout")
-        selector.register(get_io(process, "stderr"), selectors.EVENT_READ, data="stderr")
+        with selectors.DefaultSelector() as selector:
+            selector.register(get_io(process, "stdout"), selectors.EVENT_READ, data="stdout")
+            selector.register(get_io(process, "stderr"), selectors.EVENT_READ, data="stderr")
 
-        result: dict[str, list[str]] = {
-            "stdout": [],
-            "stderr": [],
-        }
-        while selector.get_map():  # while there are unread selectors, keep reading
-            for key_data, output in poll(selector):
-                result[key_data].append(output)
-
-        stdout = "\n".join(result["stdout"]).rstrip("\n")  # remove newline at the end of any
-        stderr = "\n".join(result["stderr"]).rstrip("\n")
+            while selector.get_map():  # while there are unread selectors, keep reading
+                for key_data, output in poll(selector):
+                    result[key_data].append(output)
 
         status_code = process.wait()
-        if status_code != 0:
-            if isinstance(exception, Exception):
-                raise exception
-            if callable(exception):
-                raise exception(status_code, list(args), stdout, stderr)
-            raise CalledProcessError(status_code, list(args), stderr)
 
-        return stdout
+    stdout = "\n".join(result["stdout"]).rstrip("\n")  # remove newline at the end of any
+    stderr = "\n".join(result["stderr"]).rstrip("\n")
+
+    if status_code != 0:
+        if isinstance(exception, Exception):
+            raise exception
+        if callable(exception):
+            raise exception(status_code, list(args), stdout, stderr)
+        raise CalledProcessError(status_code, list(args), stderr)
+
+    return stdout
 
 
 def check_user(root: Path, *, unsafe: bool) -> None:
@@ -329,10 +331,10 @@ def list_flatmap(source: Iterable[T], extractor: Callable[[T], Iterable[R]]) ->
 
     Args:
         source(Iterable[T]): source list
-        extractor(Callable[[T], list[R]): property extractor
+        extractor(Callable[[T], Iterable[R]]): property extractor
 
     Returns:
-        list[T]: combined list of unique entries in properties list
+        list[R]: combined list of unique entries in properties list
     """
     def generator() -> Iterator[R]:
         for inner in source:

src/ahriman/models/package.py

@@ -155,7 +155,7 @@ class Package(LazyLogging):
             bool: ``True`` in case if package base looks like VCS package and ``False`` otherwise
         """
         return self.base.endswith("-bzr") \
-            or self.base.endswith("-csv") \
+            or self.base.endswith("-cvs") \
             or self.base.endswith("-darcs") \
             or self.base.endswith("-git") \
             or self.base.endswith("-hg") \

src/ahriman/web/apispec/info.py

@@ -72,7 +72,7 @@ def _security() -> list[dict[str, Any]]:
     return [{
         "token": {
             "type": "apiKey",  # as per specification we are using api key
-            "name": "API_SESSION",
+            "name": "AHRIMAN",
             "in": "cookie",
         }
     }]

src/ahriman/web/middlewares/auth_handler.py

@@ -149,11 +149,17 @@ def setup_auth(application: Application, configuration: Configuration, validator
         Application: configured web application
     """
     secret_key = _cookie_secret_key(configuration)
-    storage = EncryptedCookieStorage(secret_key, cookie_name="API_SESSION", max_age=validator.max_age)
+    storage = EncryptedCookieStorage(
+        secret_key,
+        cookie_name="AHRIMAN",
+        max_age=validator.max_age,
+        httponly=True,
+        samesite="Lax",
+    )
     setup_session(application, storage)
 
     authorization_policy = _AuthorizationPolicy(validator)
-    identity_policy = aiohttp_security.SessionIdentityPolicy()
+    identity_policy = aiohttp_security.SessionIdentityPolicy("SESSION")
 
     aiohttp_security.setup(application, identity_policy, authorization_policy)
     application.middlewares.append(_auth_handler(validator.allow_read_only))

src/ahriman/web/schemas/auth_schema.py

@@ -25,6 +25,6 @@ class AuthSchema(Schema):
     request cookie authorization schema
     """
 
-    API_SESSION = fields.String(required=True, metadata={
+    AHRIMAN = fields.String(required=True, metadata={
         "description": "API session key as returned from authorization",
     })

src/ahriman/web/schemas/oauth2_schema.py

@@ -28,3 +28,6 @@ class OAuth2Schema(Schema):
     code = fields.String(metadata={
         "description": "OAuth2 authorization code. In case if not set, the redirect to provider will be initiated",
     })
+    state = fields.String(metadata={
+        "description": "CSRF token returned by OAuth2 provider",
+    })

src/ahriman/web/views/v1/user/login.py

@@ -18,9 +18,10 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 from aiohttp.web import HTTPBadRequest, HTTPFound, HTTPMethodNotAllowed, HTTPUnauthorized
+from secrets import token_urlsafe
 from typing import ClassVar
 
-from ahriman.core.auth.helpers import remember
+from ahriman.core.auth.helpers import get_session, remember
 from ahriman.models.user_access import UserAccess
 from ahriman.web.apispec.decorators import apidocs
 from ahriman.web.schemas import LoginSchema, OAuth2Schema
@@ -68,15 +69,18 @@ class LoginView(BaseView):
             raise HTTPMethodNotAllowed(self.request.method, ["POST"])
 
         oauth_provider = self.validator
-        if not isinstance(oauth_provider, OAuth):  # there is actually property, but mypy does not like it anyway
+        if not isinstance(oauth_provider, OAuth):
             raise HTTPMethodNotAllowed(self.request.method, ["POST"])
 
+        session = await get_session(self.request)
+
         code = self.request.query.get("code")
         if not code:
-            raise HTTPFound(oauth_provider.get_oauth_url())
+            state = session["state"] = token_urlsafe()
+            raise HTTPFound(oauth_provider.get_oauth_url(state))
 
         response = HTTPFound("/")
-        identity = await oauth_provider.get_oauth_username(code)
+        identity = await oauth_provider.get_oauth_username(code, self.request.query.get("state"), session)
         if identity is not None and await self.validator.known_username(identity):
             await remember(self.request, response, identity)
             raise response

tests/ahriman/application/application/test_application_repository.py

@@ -5,6 +5,7 @@ from pytest_mock import MockerFixture
 from unittest.mock import call as MockCall
 
 from ahriman.application.application.application_repository import ApplicationRepository
+from ahriman.core.exceptions import UnknownPackageError
 from ahriman.core.tree import Leaf, Tree
 from ahriman.models.changes import Changes
 from ahriman.models.package import Package
@@ -135,7 +136,7 @@ def test_unknown_no_aur(application_repository: ApplicationRepository, package_a
     must return empty list in case if there is locally stored PKGBUILD
     """
     mocker.patch("ahriman.core.repository.repository.Repository.packages", return_value=[package_ahriman])
-    mocker.patch("ahriman.models.package.Package.from_aur", side_effect=Exception)
+    mocker.patch("ahriman.models.package.Package.from_aur", side_effect=UnknownPackageError(package_ahriman.base))
     mocker.patch("ahriman.models.package.Package.from_build", return_value=package_ahriman)
     mocker.patch("pathlib.Path.is_dir", return_value=True)
     mocker.patch("ahriman.core.build_tools.sources.Sources.has_remotes", return_value=False)
@@ -149,7 +150,7 @@ def test_unknown_no_aur_no_local(application_repository: ApplicationRepository,
     must return list of packages missing in aur and in local storage
     """
     mocker.patch("ahriman.core.repository.repository.Repository.packages", return_value=[package_ahriman])
-    mocker.patch("ahriman.models.package.Package.from_aur", side_effect=Exception)
+    mocker.patch("ahriman.models.package.Package.from_aur", side_effect=UnknownPackageError(package_ahriman.base))
     mocker.patch("pathlib.Path.is_dir", return_value=False)
 
     packages = application_repository.unknown()

tests/ahriman/application/handlers/test_handler_restore.py

@@ -34,7 +34,7 @@ def test_run(args: argparse.Namespace, configuration: Configuration, mocker: Moc
 
     _, repository_id = configuration.check_loaded()
     Restore.run(args, repository_id, configuration, report=False)
-    extract_mock.extractall.assert_called_once_with(path=args.output)
+    extract_mock.extractall.assert_called_once_with(path=args.output, filter="data")
 
 
 def test_disallow_multi_architecture_run() -> None:

tests/ahriman/core/auth/test_helpers.py

@@ -13,6 +13,13 @@ def test_import_aiohttp_security() -> None:
     assert helpers.aiohttp_security
 
 
+def test_import_aiohttp_session() -> None:
+    """
+    must import aiohttp_session correctly
+    """
+    assert helpers.aiohttp_session
+
+
 async def test_authorized_userid_dummy(mocker: MockerFixture) -> None:
     """
     must not call authorized_userid from library if not enabled
@@ -55,6 +62,23 @@ async def test_forget_dummy(mocker: MockerFixture) -> None:
     await helpers.forget()
 
 
+async def test_get_session_dummy(mocker: MockerFixture) -> None:
+    """
+    must return empty dict if no aiohttp_session module found
+    """
+    mocker.patch.object(helpers, "aiohttp_session", None)
+    assert await helpers.get_session() == {}
+
+
+async def test_get_session_library(mocker: MockerFixture) -> None:
+    """
+    must call get_session from library if enabled
+    """
+    get_session_mock = mocker.patch("aiohttp_session.get_session")
+    await helpers.get_session()
+    get_session_mock.assert_called_once_with()
+
+
 async def test_forget_library(mocker: MockerFixture) -> None:
     """
     must call forget from library if enabled
@@ -88,3 +112,12 @@ def test_import_aiohttp_security_missing(mocker: MockerFixture) -> None:
     mocker.patch.dict(sys.modules, {"aiohttp_security": None})
     importlib.reload(helpers)
     assert helpers.aiohttp_security is None
+
+
+def test_import_aiohttp_session_missing(mocker: MockerFixture) -> None:
+    """
+    must set missing flag if no aiohttp_session module found
+    """
+    mocker.patch.dict(sys.modules, {"aiohttp_session": None})
+    importlib.reload(helpers)
+    assert helpers.aiohttp_session is None

tests/ahriman/core/auth/test_oauth.py

@@ -57,8 +57,8 @@ def test_get_oauth_url(oauth: OAuth, mocker: MockerFixture) -> None:
     must generate valid OAuth authorization URL
     """
     authorize_url_mock = mocker.patch("aioauth_client.GoogleClient.get_authorize_url")
-    oauth.get_oauth_url()
-    authorize_url_mock.assert_called_once_with(scope=oauth.scopes, redirect_uri=oauth.redirect_uri)
+    oauth.get_oauth_url(state="state")
+    authorize_url_mock.assert_called_once_with(scope=oauth.scopes, redirect_uri=oauth.redirect_uri, state="state")
 
 
 async def test_get_oauth_username(oauth: OAuth, mocker: MockerFixture) -> None:
@@ -69,10 +69,9 @@ async def test_get_oauth_username(oauth: OAuth, mocker: MockerFixture) -> None:
     user_info_mock = mocker.patch("aioauth_client.GoogleClient.user_info",
                                   return_value=(aioauth_client.User(email="email"), ""))
 
-    email = await oauth.get_oauth_username("code")
+    assert await oauth.get_oauth_username("code", state="state", session={"state": "state"}) == "email"
     access_token_mock.assert_called_once_with("code", redirect_uri=oauth.redirect_uri)
     user_info_mock.assert_called_once_with()
-    assert email == "email"
 
 
 async def test_get_oauth_username_empty_email(oauth: OAuth, mocker: MockerFixture) -> None:
@@ -82,8 +81,7 @@ async def test_get_oauth_username_empty_email(oauth: OAuth, mocker: MockerFixtur
     mocker.patch("aioauth_client.GoogleClient.get_access_token", return_value=("token", ""))
     mocker.patch("aioauth_client.GoogleClient.user_info", return_value=(aioauth_client.User(username="username"), ""))
 
-    username = await oauth.get_oauth_username("code")
-    assert username == "username"
+    assert await oauth.get_oauth_username("code", state="state", session={"state": "state"}) == "username"
 
 
 async def test_get_oauth_username_exception_1(oauth: OAuth, mocker: MockerFixture) -> None:
@@ -93,8 +91,7 @@ async def test_get_oauth_username_exception_1(oauth: OAuth, mocker: MockerFixtur
     mocker.patch("aioauth_client.GoogleClient.get_access_token", side_effect=Exception)
     user_info_mock = mocker.patch("aioauth_client.GoogleClient.user_info")
 
-    email = await oauth.get_oauth_username("code")
-    assert email is None
+    assert await oauth.get_oauth_username("code", state="state", session={"state": "state"}) is None
     user_info_mock.assert_not_called()
 
 
@@ -105,5 +102,19 @@ async def test_get_oauth_username_exception_2(oauth: OAuth, mocker: MockerFixtur
     mocker.patch("aioauth_client.GoogleClient.get_access_token", return_value=("token", ""))
     mocker.patch("aioauth_client.GoogleClient.user_info", side_effect=Exception)
 
-    email = await oauth.get_oauth_username("code")
-    assert email is None
+    username = await oauth.get_oauth_username("code", state="state", session={"state": "state"})
+    assert username is None
+
+
+async def test_get_oauth_username_csrf_missing(oauth: OAuth) -> None:
+    """
+    must return None if CSRF state is missing
+    """
+    assert await oauth.get_oauth_username("code", state=None, session={"state": "state"}) is None
+
+
+async def test_get_oauth_username_csrf_mismatch(oauth: OAuth) -> None:
+    """
+    must return None if CSRF state does not match session
+    """
+    assert await oauth.get_oauth_username("code", state="wrong", session={"state": "state"}) is None

tests/ahriman/core/configuration/test_validator.py

@@ -33,6 +33,14 @@ def test_normalize_coerce_boolean(validator: Validator, mocker: MockerFixture) -
     convert_mock.assert_called_once_with("1")
 
 
+def test_normalize_coerce_float(validator: Validator) -> None:
+    """
+    must convert string value to float by using configuration converters
+    """
+    assert validator._normalize_coerce_float("1.5") == 1.5
+    assert validator._normalize_coerce_float("0.0") == 0.0
+
+
 def test_normalize_coerce_integer(validator: Validator) -> None:
     """
     must convert string value to integer by using configuration converters

tests/ahriman/core/http/test_sync_ahriman_client.py

@@ -1,6 +1,5 @@
 import pytest
 import requests
-import requests_unixsocket
 
 from pytest_mock import MockerFixture
 
@@ -8,31 +7,32 @@ from ahriman.core.http import SyncAhrimanClient
 from ahriman.models.user import User
 
 
-def test_session(ahriman_client: SyncAhrimanClient, mocker: MockerFixture) -> None:
+def test_adapters(ahriman_client: SyncAhrimanClient) -> None:
     """
-    must create normal requests session
+    must return native adapters
     """
-    login_mock = mocker.patch("ahriman.core.http.SyncAhrimanClient._login")
-
-    assert isinstance(ahriman_client.session, requests.Session)
-    assert not isinstance(ahriman_client.session, requests_unixsocket.Session)
-    login_mock.assert_called_once_with(pytest.helpers.anyvar(int))
+    assert "http+unix://" not in ahriman_client.adapters()
 
 
-def test_session_unix_socket(ahriman_client: SyncAhrimanClient, mocker: MockerFixture) -> None:
+def test_adapters_unix_socket(ahriman_client: SyncAhrimanClient) -> None:
     """
-    must create unix socket session
+    must register unix socket adapter
     """
-    login_mock = mocker.patch("ahriman.core.http.SyncAhrimanClient._login")
     ahriman_client.address = "http+unix://path"
-
-    assert isinstance(ahriman_client.session, requests_unixsocket.Session)
-    login_mock.assert_not_called()
+    assert "http+unix://" in ahriman_client.adapters()
 
 
-def test_login(ahriman_client: SyncAhrimanClient, user: User, mocker: MockerFixture) -> None:
+def test_login_url(ahriman_client: SyncAhrimanClient) -> None:
     """
-    must login user
+    must generate login url correctly
+    """
+    assert ahriman_client._login_url().startswith(ahriman_client.address)
+    assert ahriman_client._login_url().endswith("/api/v1/login")
+
+
+def test_on_session_creation(ahriman_client: SyncAhrimanClient, user: User, mocker: MockerFixture) -> None:
+    """
+    must log in user on start
     """
     ahriman_client.auth = (user.username, user.password)
     requests_mock = mocker.patch("ahriman.core.http.SyncAhrimanClient.make_request")
@@ -42,40 +42,32 @@ def test_login(ahriman_client: SyncAhrimanClient, user: User, mocker: MockerFixt
     }
     session = requests.Session()
 
-    ahriman_client._login(session)
+    ahriman_client.on_session_creation(session)
     requests_mock.assert_called_once_with("POST", pytest.helpers.anyvar(str, True), json=payload, session=session)
 
 
-def test_login_failed(ahriman_client: SyncAhrimanClient, user: User, mocker: MockerFixture) -> None:
+def test_on_session_creation_failed(ahriman_client: SyncAhrimanClient, user: User, mocker: MockerFixture) -> None:
     """
-    must suppress any exception happened during login
+    must suppress any exception happened during session start
     """
     ahriman_client.user = user
     mocker.patch("requests.Session.request", side_effect=Exception)
-    ahriman_client._login(requests.Session())
+    ahriman_client.on_session_creation(requests.Session())
 
 
-def test_login_failed_http_error(ahriman_client: SyncAhrimanClient, user: User, mocker: MockerFixture) -> None:
+def test_start_failed_http_error(ahriman_client: SyncAhrimanClient, user: User, mocker: MockerFixture) -> None:
     """
-    must suppress HTTP exception happened during login
+    must suppress HTTP exception happened during session start
     """
     ahriman_client.user = user
     mocker.patch("requests.Session.request", side_effect=requests.HTTPError)
-    ahriman_client._login(requests.Session())
+    ahriman_client.on_session_creation(requests.Session())
 
 
-def test_login_skip(ahriman_client: SyncAhrimanClient, mocker: MockerFixture) -> None:
+def test_start_skip(ahriman_client: SyncAhrimanClient, mocker: MockerFixture) -> None:
     """
     must skip login if no user set
     """
     requests_mock = mocker.patch("requests.Session.request")
-    ahriman_client._login(requests.Session())
+    ahriman_client.on_session_creation(requests.Session())
     requests_mock.assert_not_called()
-
-
-def test_login_url(ahriman_client: SyncAhrimanClient) -> None:
-    """
-    must generate login url correctly
-    """
-    assert ahriman_client._login_url().startswith(ahriman_client.address)
-    assert ahriman_client._login_url().endswith("/api/v1/login")

tests/ahriman/core/http/test_sync_http_client.py

@@ -4,6 +4,7 @@ import requests
 from pytest_mock import MockerFixture
 from unittest.mock import MagicMock, call as MockCall
 
+from ahriman.core.alpm.remote import AUR
 from ahriman.core.configuration import Configuration
 from ahriman.core.http import SyncHttpClient
 
@@ -33,12 +34,29 @@ def test_init_auth_empty() -> None:
     assert SyncHttpClient().auth is None
 
 
-def test_session() -> None:
+def test_session(mocker: MockerFixture) -> None:
     """
     must generate valid session
     """
+    on_session_creation_mock = mocker.patch("ahriman.core.http.sync_http_client.SyncHttpClient.on_session_creation")
+
     session = SyncHttpClient().session
     assert "User-Agent" in session.headers
+    on_session_creation_mock.assert_called_once_with(pytest.helpers.anyvar(int))
+
+
+def test_retry_policy() -> None:
+    """
+    must set retry policy
+    """
+    SyncHttpClient.retry = SyncHttpClient.retry_policy(1, 2.0)
+    AUR.retry = AUR.retry_policy(3, 4.0)
+
+    assert SyncHttpClient.retry.connect == 1
+    assert SyncHttpClient.retry.backoff_factor == 2.0
+
+    assert AUR.retry.connect == 3
+    assert AUR.retry.backoff_factor == 4.0
 
 
 def test_exception_response_text() -> None:
@@ -60,6 +78,18 @@ def test_exception_response_text_empty() -> None:
     assert SyncHttpClient.exception_response_text(exception) == ""
 
 
+def test_adapters() -> None:
+    """
+    must create adapters with retry policy
+    """
+    client = SyncHttpClient()
+    adapters = client.adapters()
+
+    assert "http://" in adapters
+    assert "https://" in adapters
+    assert all(adapter.max_retries == client.retry for adapter in adapters.values())
+
+
 def test_make_request(mocker: MockerFixture) -> None:
     """
     must make HTTP request
@@ -158,3 +188,11 @@ def test_make_request_session() -> None:
     session_mock.request.assert_called_once_with(
         "GET", "url", params=None, data=None, headers=None, files=None, json=None,
         stream=None, auth=None, timeout=client.timeout)
+
+
+def test_on_session_creation() -> None:
+    """
+    must do nothing on start
+    """
+    client = SyncHttpClient()
+    client.on_session_creation(client.session)

tests/ahriman/core/report/test_email.py

@@ -1,3 +1,5 @@
+import smtplib
+
 import pytest
 
 from pytest_mock import MockerFixture
@@ -6,6 +8,7 @@ from ahriman.core.configuration import Configuration
 from ahriman.core.report.email import Email
 from ahriman.models.package import Package
 from ahriman.models.result import Result
+from ahriman.models.smtp_ssl_settings import SmtpSSLSettings
 
 
 def test_template(configuration: Configuration) -> None:
@@ -37,17 +40,36 @@ def test_template_full(configuration: Configuration) -> None:
     assert Email(repository_id, configuration, "email").template_full == root.parent / template
 
 
+def test_smtp_session(email: Email) -> None:
+    """
+    must build normal SMTP session if SSL is disabled
+    """
+    email.ssl = SmtpSSLSettings.Disabled
+    assert email._smtp_session == smtplib.SMTP
+
+    email.ssl = SmtpSSLSettings.STARTTLS
+    assert email._smtp_session == smtplib.SMTP
+
+
+def test_smtp_session_ssl(email: Email) -> None:
+    """
+    must build SMTP_SSL session if SSL is enabled
+    """
+    email.ssl = SmtpSSLSettings.SSL
+    assert email._smtp_session == smtplib.SMTP_SSL
+
+
 def test_send(email: Email, mocker: MockerFixture) -> None:
     """
     must send an email with attachment
     """
     smtp_mock = mocker.patch("smtplib.SMTP")
+    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
 
     email._send("a text", {"attachment.html": "an attachment"})
     smtp_mock.return_value.starttls.assert_not_called()
     smtp_mock.return_value.login.assert_not_called()
     smtp_mock.return_value.sendmail.assert_called_once_with(email.sender, email.receivers, pytest.helpers.anyvar(int))
-    smtp_mock.return_value.quit.assert_called_once_with()
 
 
 def test_send_auth(configuration: Configuration, mocker: MockerFixture) -> None:
@@ -57,6 +79,7 @@ def test_send_auth(configuration: Configuration, mocker: MockerFixture) -> None:
     configuration.set_option("email", "user", "username")
     configuration.set_option("email", "password", "password")
     smtp_mock = mocker.patch("smtplib.SMTP")
+    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
     _, repository_id = configuration.check_loaded()
 
     email = Email(repository_id, configuration, "email")
@@ -70,6 +93,7 @@ def test_send_auth_no_password(configuration: Configuration, mocker: MockerFixtu
     """
     configuration.set_option("email", "user", "username")
     smtp_mock = mocker.patch("smtplib.SMTP")
+    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
     _, repository_id = configuration.check_loaded()
 
     email = Email(repository_id, configuration, "email")
@@ -83,6 +107,7 @@ def test_send_auth_no_user(configuration: Configuration, mocker: MockerFixture)
     """
     configuration.set_option("email", "password", "password")
     smtp_mock = mocker.patch("smtplib.SMTP")
+    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
     _, repository_id = configuration.check_loaded()
 
     email = Email(repository_id, configuration, "email")
@@ -96,6 +121,7 @@ def test_send_ssl_tls(configuration: Configuration, mocker: MockerFixture) -> No
     """
     configuration.set_option("email", "ssl", "ssl")
     smtp_mock = mocker.patch("smtplib.SMTP_SSL")
+    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
     _, repository_id = configuration.check_loaded()
 
     email = Email(repository_id, configuration, "email")
@@ -103,7 +129,6 @@ def test_send_ssl_tls(configuration: Configuration, mocker: MockerFixture) -> No
     smtp_mock.return_value.starttls.assert_not_called()
     smtp_mock.return_value.login.assert_not_called()
     smtp_mock.return_value.sendmail.assert_called_once_with(email.sender, email.receivers, pytest.helpers.anyvar(int))
-    smtp_mock.return_value.quit.assert_called_once_with()
 
 
 def test_send_starttls(configuration: Configuration, mocker: MockerFixture) -> None:
@@ -112,6 +137,7 @@ def test_send_starttls(configuration: Configuration, mocker: MockerFixture) -> N
     """
     configuration.set_option("email", "ssl", "starttls")
     smtp_mock = mocker.patch("smtplib.SMTP")
+    smtp_mock.return_value.__enter__.return_value = smtp_mock.return_value
     _, repository_id = configuration.check_loaded()
 
     email = Email(repository_id, configuration, "email")

tests/ahriman/core/repository/test_repository.py

@@ -2,6 +2,7 @@ from pytest_mock import MockerFixture
 from unittest.mock import call as MockCall
 
 from ahriman.core.alpm.pacman import Pacman
+from ahriman.core.alpm.remote import AUR
 from ahriman.core.configuration import Configuration
 from ahriman.core.database import SQLite
 from ahriman.core.repository import Repository
@@ -13,13 +14,27 @@ def test_load(configuration: Configuration, database: SQLite, mocker: MockerFixt
     """
     must correctly load instance
     """
+    globals_mock = mocker.patch("ahriman.core.repository.Repository._set_globals")
     context_mock = mocker.patch("ahriman.core.repository.Repository._set_context")
     _, repository_id = configuration.check_loaded()
 
     Repository.load(repository_id, configuration, database, report=False)
+    globals_mock.assert_called_once_with(configuration)
     context_mock.assert_called_once_with()
 
 
+def test_set_globals(configuration: Configuration) -> None:
+    """
+    must correctly set globals
+    """
+    configuration.set_option("aur", "timeout", "42")
+    configuration.set_option("aur", "max_retries", "10")
+
+    Repository._set_globals(configuration)
+    assert AUR.timeout == 42
+    assert AUR.retry.connect == 10
+
+
 def test_set_context(configuration: Configuration, database: SQLite, mocker: MockerFixture) -> None:
     """
     must set context variables

tests/ahriman/core/repository/test_update_handler.py

@@ -357,4 +357,8 @@ def test_updates_manual_with_failures(update_handler: UpdateHandler, package_ahr
     """
     mocker.patch("ahriman.core.database.SQLite.build_queue_get", side_effect=Exception)
     mocker.patch("ahriman.core.repository.update_handler.UpdateHandler.packages", return_value=[package_ahriman])
+
     assert update_handler.updates_manual() == []
+
+    from ahriman.core.repository.cleaner import Cleaner
+    Cleaner.clear_queue.assert_not_called()

tests/ahriman/core/triggers/test_trigger.py

@@ -70,7 +70,6 @@ def test_configuration_schema_variables() -> None:
     must return empty schema
     """
     assert Trigger.CONFIGURATION_SCHEMA == {}
-    assert Trigger.CONFIGURATION_SCHEMA_FALLBACK is None
 
 
 def test_configuration_sections(configuration: Configuration) -> None:

tests/ahriman/web/apispec/test_info.py

@@ -23,7 +23,7 @@ def test_security() -> None:
     must generate security definitions for swagger
     """
     token = next(iter(_security()))["token"]
-    assert token == {"type": "apiKey", "name": "API_SESSION", "in": "cookie"}
+    assert token == {"type": "apiKey", "name": "AHRIMAN", "in": "cookie"}
 
 
 def test_servers(application: Application) -> None:

tests/ahriman/web/schemas/test_auth_schema.py

@@ -6,4 +6,4 @@ def test_schema() -> None:
     must return valid schema
     """
     schema = AuthSchema()
-    assert not schema.validate({"API_SESSION": "key"})
+    assert not schema.validate({"AHRIMAN": "key"})

tests/ahriman/web/views/api/test_view_api_swagger.py

@@ -27,7 +27,7 @@ def _client(client: TestClient, mocker: MockerFixture) -> TestClient:
                     "parameters": [
                         {
                             "in": "cookie",
-                            "name": "API_SESSION",
+                            "name": "AHRIMAN",
                             "schema": {
                                 "type": "string",
                             },
@@ -39,7 +39,7 @@ def _client(client: TestClient, mocker: MockerFixture) -> TestClient:
                     "parameters": [
                         {
                             "in": "cookie",
-                            "name": "API_SESSION",
+                            "name": "AHRIMAN",
                             "schema": {
                                 "type": "string",
                             },
@@ -60,7 +60,7 @@ def _client(client: TestClient, mocker: MockerFixture) -> TestClient:
             {
                 "token": {
                     "type": "apiKey",
-                    "name": "API_SESSION",
+                    "name": "AHRIMAN",
                     "in": "cookie",
                 },
             },

tests/ahriman/web/views/v1/user/test_view_v1_user_login.py

@@ -54,7 +54,7 @@ async def test_get_redirect_to_oauth(client_with_oauth_auth: TestClient) -> None
     assert not request_schema.validate(payload)
     response = await client_with_oauth_auth.get("/api/v1/login", params=payload, allow_redirects=False)
     assert response.ok
-    oauth.get_oauth_url.assert_called_once_with()
+    oauth.get_oauth_url.assert_called_once_with(pytest.helpers.anyvar(str))
 
 
 async def test_get_redirect_to_oauth_empty_code(client_with_oauth_auth: TestClient) -> None:
@@ -69,13 +69,15 @@ async def test_get_redirect_to_oauth_empty_code(client_with_oauth_auth: TestClie
     assert not request_schema.validate(payload)
     response = await client_with_oauth_auth.get("/api/v1/login", params=payload, allow_redirects=False)
     assert response.ok
-    oauth.get_oauth_url.assert_called_once_with()
+    oauth.get_oauth_url.assert_called_once_with(pytest.helpers.anyvar(str))
 
 
 async def test_get(client_with_oauth_auth: TestClient, mocker: MockerFixture) -> None:
     """
     must log in user correctly from OAuth
     """
+    session = {"state": "state"}
+    mocker.patch("ahriman.web.views.v1.user.login.get_session", return_value=session)
     oauth = client_with_oauth_auth.app[AuthKey]
     oauth.get_oauth_username.return_value = "user"
     oauth.known_username.return_value = True
@@ -84,12 +86,12 @@ async def test_get(client_with_oauth_auth: TestClient, mocker: MockerFixture) ->
     remember_mock = mocker.patch("ahriman.web.views.v1.user.login.remember")
     request_schema = pytest.helpers.schema_request(LoginView.get, location="querystring")
 
-    payload = {"code": "code"}
+    payload = {"code": "code", "state": "state"}
     assert not request_schema.validate(payload)
     response = await client_with_oauth_auth.get("/api/v1/login", params=payload)
 
     assert response.ok
-    oauth.get_oauth_username.assert_called_once_with("code")
+    oauth.get_oauth_username.assert_called_once_with("code", "state", session)
     oauth.known_username.assert_called_once_with("user")
     remember_mock.assert_called_once_with(
         pytest.helpers.anyvar(int), pytest.helpers.anyvar(int), pytest.helpers.anyvar(int))