export PYTHONPATH=/home/jelle/projects/pytest-pacman:build/lib.linux-x86_64-3.9:.
PYTEST_PLUGINS=pytest_pacman.plugin pytest --fixtures

table view

Drop jQuery tablesorter


  • archweb repository security status for packages in dev dashboards
  • mirror signup form? Gitlab
  • dark theme / css
  • json output for dashboards for a Rust arch-package-status command!!

Dark mode

Big improvements

  • Mirror monitoring reminder emails
  • Keycloak SSO
  • Upstream SASS files
  • Rest API

Small things

  • todolist - add note support from staff (UX?)
  • todolist - add /todo/json endpoint and filter on status
  • detect untrusted / signed packages in archweb for example with zorun (old repo db)
  • performance stale relations
  • django performance
  • rebuilderd-status tests -> mock requests

kuse arch-common-style with SASS

  • django-sass
  • django-compressor?

Hyperkitty uses SASS

Mirror out of date

Create a new page with a list of out of date mirrors with a button for mirror maintainers to send an email. With a different template per issue:



  • Test groups
  • Test updating/changing groups and relogging in
  • Syncing groups/users periodicially
  • Used the sso_accountid anywhere? Read OIDC docs about it / what happens when email changes in keycloak
  • Test JavaScript XHR actions with OIDC
  • do we implement filter_users_by_claims
  • Hide password change logic from developer profile
  • Test Deny access for non Staff
  • Fix logout, not logging out of keycloak if that is desirable
  • Test new TU user login
  • The "Release Engineering" group is obsolete in archweb
  • Import sub ids for existing staff into archweb
  • Add Release Maintainers to Keycloak and add the logic for it
  • Onboard active testers to Keycloak, remove old testers
  • Move ex-developers/trusted users/staff to the retired group

Sync users from Keycloak

Most likely we want to create a new openid client which has "realm-management roles" such as "query-groups, query-users, view-users" and can periodically auth and sync keycloak-sync

Blocking bugs

  • It's broken with latest requests:
  • Document service admin example:
  • Keycloak Rest API

Self signed certificate issues with virtualenv

Fucking certifi not using the system CA bundle

# Your TLS certificates directory (Debian like)
export SSL_CERT_DIR=/etc/ssl/certs
# CA bundle PATH (Debian like again)
export CA_BUNDLE_PATH="${SSL_CERT_DIR}/ca-certificates.crt"
# If you have a virtualenv:
. ./.venv/bin/activate
# Get the current certifi CA bundle
CERTFI_PATH=`python -c 'import certifi; print(certifi.where())'`


Invalid redirect uri generated by archweb.. not https but http...

requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://keycloak.lxd/auth/realms/archlinux/protocol/openid-connect/token

Configuration issue with using ./ and resolved by setting SECURE_PROXY_SSL_HEADER.

Devel queries

  • /devel for flagged testing if the package is in testing in_testing() is run for every "My Flagged Packages"
  • /packages/stale_relations PackageRelation.last_update is called for every package doing one query - 140 queries in 2500 ms.


1200 ms -> removing

  • Fix relation.get_associated_packages for all inactive user realtions, they trigger a query like: return Package.objects.normal().filter(pkgbase=self.pkgbase)


We should be able to support webseeds again in magnets

magnet uri scheme webseeds

wrong permissions

34 times calling for wrong_permissions

  • Fix relation.get_associated_packages for all stale_relations, they trigger a query like: return Package.objects.normal().filter(pkgbase=self.pkgbase)
<td class="wrap">{{ relation.user.userprofile.allowed_repos.all|join:", " }}</td>
<td class="wrap">{{ relation.repositories|join:", " }}</td>

Calls for pagination.. for everything

  • Inactive User Relations
  • Non-existant pkgbases
  • Maintainers with Wrong Permissions

98 similiar queries: SELECT ••• FROM "packages" INNER JOIN "repos" ON ("packages"."repo_id" = "repos"."id") INNER JOIN "arches" ON ("packages"."arch_id" = "arches"."id") WHERE "packages"."pkgbase" = 'libg15render' ORDER BY "packages"."pkgname" ASC

arch common styles

Make the navbar menu resizable

Rest API

  • Token auth for permission related requests
  • Pagination
  • Signoffs
  • Search with multiple inputs (packages)
  • Todo
  • Packages
  • Reports

django-rest-framework graphene-django django-graph-api django-restsql