Merge branch 'master' into pyup-update-humanize-3.13.1-to-4.11.0

Author: furlongm

.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: furlongm
+patreon: furlongm

.github/workflows/codeql-analysis.yml

@@ -2,19 +2,19 @@ name: "Code Scanning - Action"
 
 on:
   push:
-    branches: [master]
+    branches: [main]
   pull_request:
-    branches: [master]
+    branches: [main]
 
 jobs:
   CodeQL-Build:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/create-release-and-upload-assets.yml

@@ -8,10 +8,10 @@ jobs:
   create-release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: master
+          ref: main
       - name: git fetch --all
         run: |
           git fetch --all
@@ -29,18 +29,18 @@ jobs:
         run: |
           echo "${{ steps.create_release.outputs.upload_url }}" > upload_url.txt
       - name: Upload upload_url artifact
-        uses: actions/upload-artifact@v1
+        uses: actions/upload-artifact@v4
         with:
           name: upload_url.txt
           path: upload_url.txt
   update-version-and-changelog:
     needs: create-release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: master
+          ref: main
       - name: git fetch --all
         run: |
           git fetch --all
@@ -62,7 +62,7 @@ jobs:
           echo "${{ github.ref }}" | cut -dv -f2 > VERSION.txt
           git add VERSION.txt
           git diff --quiet && git diff --staged --quiet || git commit -m "${COMMIT_MSG}"
-          git push origin master
+          git push origin main
       - name: Update debian changelog
         env:
           EMAIL: furlongm@gmail.com
@@ -72,7 +72,7 @@ jobs:
             skip-checks: true
         run: |
           gbp dch --new-version=$(cat VERSION.txt)-1 --release --distribution=stable --spawn-editor=never --commit --commit-msg="${COMMIT_MSG}"
-          git push origin master
+          git push origin main
   build-and-upload-deb-assets:
     needs: update-version-and-changelog
     runs-on: ubuntu-latest
@@ -88,10 +88,10 @@ jobs:
         run: |
           rm /bin/sh
           ln -sf /bin/bash /bin/sh
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: master
+          ref: main
       - name: git fetch --all
         run: |
           git config --global --add safe.directory /__w/patchman/patchman
@@ -101,7 +101,7 @@ jobs:
           export version=$(echo "${{ github.ref }}" | cut -dv -f2)
           echo "version=${version}" >> $GITHUB_ENV
       - name: Download upload_url artifact
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: upload_url.txt
           path: /home/runner/work/patchman/patchman
@@ -126,7 +126,7 @@ jobs:
           git tag v${version}
           gbp buildpackage --git-upstream-tree=${{ github.ref }} -uc -us
       - name: Upload python3-patchman deb
-        uses: actions/upload-release-asset@v1.0.1
+        uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -135,7 +135,7 @@ jobs:
           asset_path: ../${{ format('python3-patchman_{0}-1_all.deb', env.version) }}
           asset_content_type: application/vnd.debian.binary-package
       - name: Upload patchman-client deb
-        uses: actions/upload-release-asset@v1.0.1
+        uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -153,10 +153,10 @@ jobs:
         run: |
           dnf -y install epel-release
           dnf -y install rpm-build python3 python3-setuptools git
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: master
+          ref: main
       - name: git fetch --all
         run: |
           git config --global --add safe.directory /__w/patchman/patchman
@@ -166,7 +166,7 @@ jobs:
           export version=$(echo "${{ github.ref }}" | cut -dv -f2)
           echo "version=${version}" >> $GITHUB_ENV
       - name: Download upload_url artifact
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v4
         with:
           name: upload_url.txt
           path: /home/runner/work/patchman/patchman
@@ -180,7 +180,7 @@ jobs:
           python3 setup.py bdist_rpm --python=/usr/bin/python3
           rpmbuild -bb patchman-client.spec
       - name: Upload patchman rpm
-        uses: actions/upload-release-asset@v1.0.1
+        uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -189,7 +189,7 @@ jobs:
           asset_path: ${{ format('dist/patchman-{0}-1.noarch.rpm', env.version) }}
           asset_content_type: application/x-rpm
       - name: Upload patchman-client rpm
-        uses: actions/upload-release-asset@v1.0.1
+        uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -201,9 +201,9 @@ jobs:
     needs: update-version-and-changelog
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
       - name: Set version

.github/workflows/lint-and-test.yml

@@ -10,16 +10,18 @@ jobs:
     strategy:
       max-parallel: 5
       matrix:
-        python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
+        python-version: ['3.x']
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies
         run: |
-          python -m pip install --upgrade pip
+          sudo apt update
+          sudo apt -y install libxslt-dev libxml2-dev
+          python -m pip install --upgrade pip setuptools
           pip install -r requirements.txt
       - name: Lint with flake8
         run: |
@@ -29,4 +31,6 @@ jobs:
       - name: Set secret key
         run: ./sbin/patchman-set-secret-key
       - name: Test with django
-        run: ./manage.py test
+        run: |
+          pip install legacy-cgi
+          ./manage.py test

.gitignore

@@ -9,3 +9,10 @@ tmp*
 .svn
 .tox
 patchman.egg-info
+build
+dist
+run
+pyvenv.cfg
+.vscode
+.venv
+*.xml

INSTALL.md

@@ -63,8 +63,8 @@ apt -y install gcc libxml2-dev libxslt1-dev virtualenv python3-dev zlib1g-dev  #
 dnf -y install gcc libxml2-devel libxslt-devel python3-virtualenv              # (centos/rocky/alma)
 mkdir /srv/patchman
 cd /srv/patchman
-virtualenv .
-. bin/activate
+python3 -m venv .venv
+. .venv/bin/activate
 pip install --upgrade pip
 pip install patchman gunicorn whitenoise==3.3.1
 patchman-manage migrate
@@ -119,6 +119,28 @@ be configured:
    * STATIC_ROOT - should point to `/srv/patchman/run/static` if installing from
      source
 
+## Patchman-client Settings
+
+The client comes with a default configuration. This configuration will attempt to upload the reports to a server at *patchman.example.com*. This configuration needs to be updated to connect to your own patchman installation.
+
+In `/etc/patchman/patchman-client.conf`, look for the following line(s):
+
+```
+# Patchman server
+server=https://patchman.example.com 
+
+# Options to curl
+curl_options="--insecure --connect-timeout 60 --max-time 300"
+
+...
+```
+ * *server* needs to point the URL where your patchman server 
+is running
+ * *--insecure* in the curl_options tells the client to ignore certificates, if you set them up correctly and are using patchman with "https:/...", you could remove this flag to increase security
+
+
+
+
 
 ## Configure Database
 

README.md

@@ -106,6 +106,7 @@ python3-requests
 python3-colorama
 python3-magic
 python3-humanize
+python3-yaml
 ```
 
 The server can optionally make use of celery to asynchronously process the

TODO

@@ -1,15 +1,21 @@
-* allow sending updates from Red Hat / SuSE machines
-* web interface support for updating repos, finding updates
 * add checkrestart-style options to see which services need restarting
-* CVE/OVAL apps
+* OVAL/OSCAP apps
 * CA support (tinyca?)
-* native python client, using apt/yum/debian libraries
+* native python/go client, using apt/yum/debian libraries
 * record the history of installed packages on a host
 * also store package descriptions/tags/urls
 * check for unused repos
 * suggest names for repos with the same checksum
 * helper script to change paths (e.g. /usr/lib/python3/dist-packages/patchman)
 * Dockerfile/Dockerimage
 * compressed reports
-* add cronjobs to built packages
-* install celery/rabbit/memcache with packages
+* add cronjobs to build packages
+* dnf5 support
+* proxy support
+* GLSA support
+* only use date for errata issue date?
+* parallelize package extraction
+* use django-tables2
+* autonaming for deb repos
+* associate repos with gentoo hosts
+* populate authenticated repos with package lists from hosts?

VERSION.txt

@@ -1 +1 @@
-3.0.10
+3.0.19

arch/utils.py

@@ -0,0 +1,52 @@
+# Copyright 2025 Marcus Furlong <furlongm@gmail.com>
+#
+# This file is part of Patchman.
+#
+# Patchman is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 only.
+#
+# Patchman is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Patchman. If not, see <http://www.gnu.org/licenses/>
+
+from arch.models import PackageArchitecture, MachineArchitecture
+from patchman.signals import info_message
+
+
+def clean_package_architectures():
+    """ Remove package architectures that are no longer in use
+    """
+    parches = PackageArchitecture.objects.filter(package__isnull=True)
+    plen = parches.count()
+    if plen == 0:
+        info_message.send(sender=None, text='No orphaned PackageArchitectures found.')
+    else:
+        info_message.send(sender=None, text=f'Removing {plen} orphaned PackageArchitectures')
+        parches.delete()
+
+
+def clean_machine_architectures():
+    """ Remove machine architectures that are no longer in use
+    """
+    marches = MachineArchitecture.objects.filter(
+        host__isnull=True,
+        repository__isnull=True,
+    )
+    mlen = marches.count()
+    if mlen == 0:
+        info_message.send(sender=None, text='No orphaned MachineArchitectures found.')
+    else:
+        info_message.send(sender=None, text=f'Removing {mlen} orphaned MachineArchitectures')
+        marches.delete()
+
+
+def clean_architectures():
+    """ Remove architectures that are no longer in use
+    """
+    clean_package_architectures()
+    clean_machine_architectures()