pytest-pacman

export PYTHONPATH=/home/jelle/projects/pytest-pacman:build/lib.linux-x86_64-3.9:.
PYTEST_PLUGINS=pytest_pacman.plugin pytest --fixtures

table view

Drop jQuery tablesorter

https://www.kryogenix.org/code/browser/sorttable/sorttable.js

archweb

  • archweb repository security status for packages in dev dashboards
  • mirror signup form? Gitlab
  • dark theme / css
  • json output for dashboards for a Rust arch-package-status command!!

Dark mode

https://sparanoid.com/note/css-variables-guide/ https://lea.verou.me/2021/03/inverted-lightness-variables/ https://codesalad.dev/blog/color-manipulation-with-css-variables-and-hsl-16

Big improvements

  • Mirror monitoring reminder emails
  • Keycloak SSO
  • Upstream SASS files
  • Rest API

Small things

  • todolist - add note support from staff (UX?)
  • todolist - add /todo/json endpoint and filter on status
  • detect untrusted / signed packages in archweb for example with zorun (old repo db)
  • performance stale relations
  • django performance
  • rebuilderd-status tests -> mock requests

kuse arch-common-style with SASS

  • django-sass
  • django-compressor?

Hyperkitty uses SASS https://gitlab.com/mailman/hyperkitty/-/blob/master/hyperkitty.spec

https://ronald.ink/using-sass-django/ https://terencelucasyap.com/using-sass-django/ https://github.com/jrief/django-sass-processor https://github.com/django-compressor/django-compressor/ https://github.com/torchbox/django-libsass https://www.accordbox.com/blog/how-use-scss-sass-your-django-project-python-way/

Mirror out of date

https://github.com/archlinux/archweb/issues/142

Create a new page with a list of out of date mirrors with a button for mirror maintainers to send an email. With a different template per issue:

Keycloak

TODO

  • Test groups
  • Test updating/changing groups and relogging in
  • Syncing groups/users periodicially
  • Used the sso_accountid anywhere? Read OIDC docs about it / what happens when email changes in keycloak
  • Test JavaScript XHR actions with OIDC
  • do we implement filter_users_by_claims https://mozilla-django-oidc.readthedocs.io/en/stable/installation.html#connecting-oidc-user-identities-to-django-users
  • Hide password change logic from developer profile
  • Test Deny access for non Staff
  • Fix logout, not logging out of keycloak if that is desirable
  • Test new TU user login
  • The "Release Engineering" group is obsolete in archweb
  • Import sub ids for existing staff into archweb
  • Add Release Maintainers to Keycloak and add the logic for it
  • Onboard active testers to Keycloak, remove old testers
  • Move ex-developers/trusted users/staff to the retired group

Sync users from Keycloak

Most likely we want to create a new openid client which has "realm-management roles" such as "query-groups, query-users, view-users" and can periodically auth and sync keycloak-sync https://www.keycloak.org/docs/latest/server_admin/#_service_accounts https://github.com/marcospereirampj/python-keycloak

Blocking bugs

  • It's broken with latest requests: https://github.com/marcospereirampj/python-keycloak/issues/196
  • Document service admin example: https://github.com/marcospereirampj/python-keycloak/issues/141
  • Keycloak Rest API https://www.keycloak.org/docs-api/6.0/rest-api/index.html#_groups_resource

Self signed certificate issues with virtualenv

Fucking certifi not using the system CA bundle

# Your TLS certificates directory (Debian like)
export SSL_CERT_DIR=/etc/ssl/certs
# CA bundle PATH (Debian like again)
export CA_BUNDLE_PATH="${SSL_CERT_DIR}/ca-certificates.crt"
# If you have a virtualenv:
. ./.venv/bin/activate
# Get the current certifi CA bundle
CERTFI_PATH=`python -c 'import certifi; print(certifi.where())'`

test -L $CERTFI_PATH || rm $CERTFI_PATH
test -L $CERTFI_PATH || ln -s $CA_BUNDLE_PATH $CERTFI_PATH

Invalid redirect uri generated by archweb.. not https but http...

requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://keycloak.lxd/auth/realms/archlinux/protocol/openid-connect/token

Configuration issue with using ./manage.py and resolved by setting SECURE_PROXY_SSL_HEADER.

Devel queries

  • /devel for flagged testing if the package is in testing in_testing() is run for every "My Flagged Packages"
  • /packages/stale_relations PackageRelation.last_update is called for every package doing one query - 140 queries in 2500 ms.

inactive_users

1200 ms -> removing

  • Fix relation.get_associated_packages for all inactive user realtions, they trigger a query like: return Package.objects.normal().filter(pkgbase=self.pkgbase)

webseeds

We should be able to support webseeds again in magnets

magnet uri scheme webseeds

wrong permissions

34 times calling for wrong_permissions

  • Fix relation.get_associated_packages for all stale_relations, they trigger a query like: return Package.objects.normal().filter(pkgbase=self.pkgbase)
<td class="wrap">{{ relation.user.userprofile.allowed_repos.all|join:", " }}</td>
<td class="wrap">{{ relation.repositories|join:", " }}</td>

Calls for pagination.. for everything

  • Inactive User Relations
  • Non-existant pkgbases
  • Maintainers with Wrong Permissions

98 similiar queries: SELECT ••• FROM "packages" INNER JOIN "repos" ON ("packages"."repo_id" = "repos"."id") INNER JOIN "arches" ON ("packages"."arch_id" = "arches"."id") WHERE "packages"."pkgbase" = 'libg15render' ORDER BY "packages"."pkgname" ASC

arch common styles

Make the navbar menu resizable

Rest API

  • Token auth for permission related requests
  • Pagination
  • Signoffs
  • Search with multiple inputs (packages)
  • Todo
  • Packages
  • Reports

django-rest-framework graphene-django django-graph-api django-restsql