From 5348d04bf1bc56fcce944251a61538ef1b871b02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 May 2026 11:20:48 +0000 Subject: [PATCH 01/11] Bump gitpython from 3.1.47 to 3.1.49 Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.47 to 3.1.49. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.47...3.1.49) --- updated-dependencies: - dependency-name: gitpython dependency-version: 3.1.49 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index cdfbb825..36df6ca8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,7 +13,7 @@ django-filter==25.1 humanize==4.12.1 version-utils==0.3.2 python-magic==0.4.27 -gitpython==3.1.47 +gitpython==3.1.49 tenacity==8.2.3 celery==5.4.0 redis==6.4.0 From 12c55ec5e20fedf884c09f5454e1ace3c0b2b751 Mon Sep 17 00:00:00 2001 From: Marcus Furlong Date: Fri, 8 May 2026 17:24:03 -0400 Subject: [PATCH 02/11] use gpg file with both keys on all distros fixes: #826 --- INSTALL.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 0d94733b..ffae8771 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -15,7 +15,7 @@ mysql or postgresql instead, see the database configuration section. ### Ubuntu 24.04 (noble) ```shell -curl -sS https://repo.openbytes.ie/openbytes.gpg > /usr/share/keyrings/openbytes.gpg +curl -sS https://repo.openbytes.ie/openbytes-1.gpg > /usr/share/keyrings/openbytes.gpg echo "deb [signed-by=/usr/share/keyrings/openbytes.gpg] https://repo.openbytes.ie/patchman/ubuntu noble-backports main" > /etc/apt/sources.list.d/patchman.list apt update apt -y install python3-patchman patchman-client @@ -25,7 +25,7 @@ patchman-manage createsuperuser ### Debian 13 (trixie) ```shell -curl -sS https://repo.openbytes.ie/openbytes.gpg > /usr/share/keyrings/openbytes.gpg +curl -sS https://repo.openbytes.ie/openbytes-1.gpg > /usr/share/keyrings/openbytes.gpg echo "deb [signed-by=/usr/share/keyrings/openbytes.gpg] https://repo.openbytes.ie/patchman/debian trixie main" > /etc/apt/sources.list.d/patchman.list apt update apt -y install python3-patchman patchman-client @@ -40,7 +40,7 @@ Client installation should work as expected. This also applies to Alma, RHEL, etc. ```shell -curl -sS https://repo.openbytes.ie/openbytes-2.gpg > /etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes +curl -sS https://repo.openbytes.ie/openbytes-1.gpg > /etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes cat <> /etc/yum.repos.d/openbytes.repo [openbytes] name=openbytes From df491f2a80788ebf2c86705075d591387d492ee6 Mon Sep 17 00:00:00 2001 From: Marcus Furlong Date: Wed, 6 May 2026 21:08:02 -0400 Subject: [PATCH 03/11] handle backported stable releases --- .../create-release-and-upload-assets.yml | 30 ++++++++++++++----- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/.github/workflows/create-release-and-upload-assets.yml b/.github/workflows/create-release-and-upload-assets.yml index 6090dcbf..5c440cb2 100644 --- a/.github/workflows/create-release-and-upload-assets.yml +++ b/.github/workflows/create-release-and-upload-assets.yml @@ -19,7 +19,11 @@ jobs: version: ${{ steps.set-vars.outputs.version }} rpm_version: ${{ steps.set-vars.outputs.rpm_version }} is_prerelease: ${{ steps.set-vars.outputs.is_prerelease }} + target_branch: ${{ steps.set-vars.outputs.target_branch }} steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 - id: set-vars run: | if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then @@ -35,10 +39,20 @@ jobs: else IS_PRERELEASE=false fi + # Detect target branch: if tag version matches VERSION.txt, use main + # otherwise use stable-X.Y branch for backport releases + MAJOR_MINOR=$(echo "$VERSION" | grep -oP '^\d+\.\d+') + CURRENT=$(cat VERSION.txt | grep -oP '^\d+\.\d+') + if [[ "$MAJOR_MINOR" == "$CURRENT" ]]; then + TARGET_BRANCH="main" + else + TARGET_BRANCH="stable-${MAJOR_MINOR}" + fi echo "version=${VERSION}" >> $GITHUB_OUTPUT echo "rpm_version=${RPM_VERSION}" >> $GITHUB_OUTPUT echo "is_prerelease=${IS_PRERELEASE}" >> $GITHUB_OUTPUT - echo "Version: $VERSION, RPM Version: $RPM_VERSION, Pre-release: $IS_PRERELEASE" + echo "target_branch=${TARGET_BRANCH}" >> $GITHUB_OUTPUT + echo "Version: $VERSION, RPM Version: $RPM_VERSION, Pre-release: $IS_PRERELEASE, Target: $TARGET_BRANCH" create-release: needs: setup @@ -69,7 +83,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - ref: main + ref: ${{ needs.setup.outputs.target_branch }} - name: git fetch --all run: | git fetch --all @@ -91,7 +105,7 @@ jobs: echo "${{ needs.setup.outputs.version }}" > VERSION.txt git add VERSION.txt git diff --quiet && git diff --staged --quiet || git commit -m "${COMMIT_MSG}" - git push origin main + git push origin ${{ needs.setup.outputs.target_branch }} - name: Update debian changelog env: EMAIL: furlongm@gmail.com @@ -101,7 +115,7 @@ jobs: skip-checks: true run: | gbp dch --new-version=${{ needs.setup.outputs.version }}-1 --release --distribution=stable --spawn-editor=never --commit --commit-msg="${COMMIT_MSG}" - git push origin main + git push origin ${{ needs.setup.outputs.target_branch }} build-and-upload-deb-assets: needs: [setup, create-release, update-version-and-changelog] @@ -123,8 +137,8 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - # For stable releases, use main (has updated changelog); for pre-releases, use the tag - ref: ${{ needs.setup.outputs.is_prerelease == 'false' && 'main' || github.ref }} + # For stable releases, use target branch (has updated changelog); for pre-releases, use the tag + ref: ${{ needs.setup.outputs.is_prerelease == 'false' && needs.setup.outputs.target_branch || github.ref }} - name: git fetch --all run: | git config --global --add safe.directory /__w/patchman/patchman @@ -151,7 +165,7 @@ jobs: EMAIL: furlongm@gmail.com VERSION: ${{ needs.setup.outputs.version }} run: | - # VERSION.txt and changelog already updated on main by update-version-and-changelog job + # VERSION.txt and changelog already updated on target branch by update-version-and-changelog job # Recreate tag to include those commits git tag --delete v${VERSION} git tag v${VERSION} @@ -181,7 +195,7 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - ref: ${{ needs.setup.outputs.is_prerelease == 'false' && 'main' || github.ref }} + ref: ${{ needs.setup.outputs.is_prerelease == 'false' && needs.setup.outputs.target_branch || github.ref }} - name: git fetch --all run: | git config --global --add safe.directory /__w/patchman/patchman From da9eabd0990d79c3e8c569a5e16d8879f8fd9f1d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 May 2026 05:57:15 +0000 Subject: [PATCH 04/11] Bump gitpython from 3.1.49 to 3.1.50 Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.49 to 3.1.50. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](https://github.com/gitpython-developers/GitPython/compare/3.1.49...3.1.50) --- updated-dependencies: - dependency-name: gitpython dependency-version: 3.1.50 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 36df6ca8..d75ebdec 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,7 +13,7 @@ django-filter==25.1 humanize==4.12.1 version-utils==0.3.2 python-magic==0.4.27 -gitpython==3.1.49 +gitpython==3.1.50 tenacity==8.2.3 celery==5.4.0 redis==6.4.0 From 4b661b82b05b22a2b683e8889be9343f89da4664 Mon Sep 17 00:00:00 2001 From: Marcus Furlong Date: Wed, 27 May 2026 22:35:10 -0400 Subject: [PATCH 05/11] update installation docs --- INSTALL.md | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index ffae8771..f9002a15 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -7,7 +7,7 @@ mysql or postgresql instead, see the database configuration section. ## Supported Server Installation Options - [Ubuntu 24.04](#ubuntu-2404-noble) - [Debian 13](#debian-13-trixie) - - [Rocky 10](#rocky-10) + - [Rocky/Alma/RHEL](#rockyalmarhel) - [virtualenv + pip](#virtualenv--pip) - [Source](#source) @@ -32,19 +32,19 @@ apt -y install python3-patchman patchman-client patchman-manage createsuperuser ``` -### Rocky 10 +### Rocky/Alma/RHEL Server installation is currently broken due to missing upstream packages: https://github.com/furlongm/patchman/issues/669 Client installation should work as expected. -This also applies to Alma, RHEL, etc. ```shell -curl -sS https://repo.openbytes.ie/openbytes-1.gpg > /etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes +# curl -sS https://repo.openbytes.ie/openbytes.gpg > /etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes # rocky/alma/rhel 8/9 +curl -sS https://repo.openbytes.ie/openbytes-1.gpg > /etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes # rocky/alma/rhel 10 cat <> /etc/yum.repos.d/openbytes.repo [openbytes] name=openbytes -baseurl=https://repo.openbytes.ie/patchman/el10 +baseurl=https://repo.openbytes.ie/patchman/el\$releasever enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes @@ -53,15 +53,15 @@ dnf -y install epel-release dnf makecache dnf -y install patchman-client #dnf -y install patchman -systemctl restart httpd -patchman-manage createsuperuser +#systemctl restart httpd +#patchman-manage createsuperuser ``` ### virtualenv + pip ```shell apt -y install python3-venv # (debian/ubuntu) -dnf -y install python3-virtualenv # (rocky/alma/redhat) +dnf -y install python3-virtualenv # (rocky/alma/rhel) mkdir /srv/patchman cd /srv/patchman python3 -m venv .venv @@ -165,7 +165,7 @@ protocol=2 Or use the `-p 2` command line option: ```shell -$ patchman-client -s http://patchman.example.org -p 2 +$ patchman-client -s http://patchman.example.com -p 2 ``` @@ -393,14 +393,14 @@ patchman-client Install Celery for realtime processing of reports from clients and for periodic maintenance tasks. The celery configuation file is in `/etc/patchman/celery.conf` -#### Ubuntu / Debian +#### Debian/Ubuntu ```shell apt -y install python3-celery redis python3-redis python-celery-common /usr/bin/celery --broker redis://127.0.0.1:6379/0 --app patchman worker --loglevel info --beat --scheduler django_celery_beat.schedulers:DatabaseScheduler --task-events --pool threads ``` -#### Rocky / Alma / RHEL +#### Rocky/Alma/RHEL Currently waiting on https://bugzilla.redhat.com/show_bug.cgi?id=2032543 @@ -434,8 +434,9 @@ Install Redis: ```shell apt -y install redis python3-redis # (debian/ubuntu) -dnf -y install redis python3-redis # (rocky/alma/redhat) -systemctl restart redis/redis-server +dnf -y install redis python3-redis # (rocky/alma/rhel) +systemctl restart redis-server # (debian/ubuntu) +systemctl restart redis # (rocky/alma/rhel) ``` and add the following to `/etc/patchman/local_settings.py` @@ -450,13 +451,13 @@ CACHES = { } ``` -#### Memcacached +#### Memcached Install Memcached ```shell apt -y install memcached python3-pymemcache # (debian/ubuntu) -dnf -y install memcached python3-pymemcache # (rocky/alma/redhat) +dnf -y install memcached python3-pymemcache # (rocky/alma/rhel) systemctl restart memcached ``` @@ -522,7 +523,7 @@ api_key=abc123... Or use the `-k` command line option: ```shell -$ patchman-client -s http://patchman.example.org -p 2 -k abc123... +$ patchman-client -s http://patchman.example.com -p 2 -k abc123... ``` From 205c8aa3794b3db3bf9ae6a1859d54c8a45bd0c8 Mon Sep 17 00:00:00 2001 From: Marcus Furlong Date: Wed, 27 May 2026 22:40:52 -0400 Subject: [PATCH 06/11] fix tz and local_settings getting overwritten --- debian/python3-patchman.conffiles | 1 + patchman/settings.py | 2 +- scripts/rpm-install.sh | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 debian/python3-patchman.conffiles diff --git a/debian/python3-patchman.conffiles b/debian/python3-patchman.conffiles new file mode 100644 index 00000000..f05a6c32 --- /dev/null +++ b/debian/python3-patchman.conffiles @@ -0,0 +1 @@ +/etc/patchman/local_settings.py diff --git a/patchman/settings.py b/patchman/settings.py index cb86644d..54b98a6f 100644 --- a/patchman/settings.py +++ b/patchman/settings.py @@ -65,7 +65,7 @@ # Internationalization LANGUAGE_CODE = 'en-us' -TIME_ZONE = 'America/NewYork' +TIME_ZONE = 'UTC' USE_I18N = True USE_TZ = True diff --git a/scripts/rpm-install.sh b/scripts/rpm-install.sh index 73b62783..f47f63be 100644 --- a/scripts/rpm-install.sh +++ b/scripts/rpm-install.sh @@ -19,4 +19,4 @@ for i in `cat INSTALLED_FILES`; do done cat DIRS > INSTALLED_FILES -sed -e '/\/etc\//s|^|%config(noreplace) |' FILES >>INSTALLED_FILES +sed -e '/\/etc\//s|^|%config |' FILES >>INSTALLED_FILES From ab2a8f5701289dc5b7a8f70c75a1c09ebbb5e275 Mon Sep 17 00:00:00 2001 From: "Gedminas, Marius" Date: Thu, 14 May 2026 16:11:24 +0300 Subject: [PATCH 07/11] Use underscore names in setup.cfg Fixes two build-time warnings from setuptools, each repeated twice: /tmp/build-env-7f8vloah/lib/python3.12/site-packages/setuptools/dist.py:599: SetuptoolsDeprecationWarning: Invalid dash-separated key 'install-script' in 'bdist_rpm' (setup.cfg), please use the underscore name 'install_script' instead. !! ******************************************************************************** Usage of dash-separated 'install-script' will not be supported in future versions. Please use the underscore name 'install_script' instead. Available configuration options are listed in: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html This deprecation is overdue, please update your project and remove deprecated calls to avoid build errors in the future. See https://github.com/pypa/setuptools/discussions/5011 for details. ******************************************************************************** !! opt = self._enforce_underscore(opt, section) /tmp/build-env-7f8vloah/lib/python3.12/site-packages/setuptools/dist.py:599: SetuptoolsDeprecationWarning: Invalid dash-separated key 'post-install' in 'bdist_rpm' (setup.cfg), please use the underscore name 'post_install' instead. !! ******************************************************************************** Usage of dash-separated 'post-install' will not be supported in future versions. Please use the underscore name 'post_install' instead. Available configuration options are listed in: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html This deprecation is overdue, please update your project and remove deprecated calls to avoid build errors in the future. See https://github.com/pypa/setuptools/discussions/5011 for details. ******************************************************************************** !! opt = self._enforce_underscore(opt, section) --- setup.cfg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.cfg b/setup.cfg index 48415b86..8797ec89 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,7 +1,7 @@ [bdist_rpm] doc_files = README.md AUTHORS COPYING INSTALL.md -install-script = scripts/rpm-install.sh -post-install = scripts/rpm-post-install.sh +install_script = scripts/rpm-install.sh +post_install = scripts/rpm-post-install.sh requires = /usr/bin/python3 python3-django >= 4.2.20 python3-django-taggit From 0971c1c65269bcd93461935b2b0e50623d4dc403 Mon Sep 17 00:00:00 2001 From: "Gedminas, Marius" Date: Thu, 14 May 2026 16:13:29 +0300 Subject: [PATCH 08/11] Use SPDX license expression in setup.py Fixes a build-time warning from setuptools: /tmp/build-env-7cm02e4g/lib/python3.12/site-packages/setuptools/dist.py:765: SetuptoolsDeprecationWarning: License classifiers are deprecated. !! ******************************************************************************** Please consider removing the following classifiers in favor of a SPDX license expression: License :: OSI Approved :: GNU General Public License v3 (GPLv3) See https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license for details. ******************************************************************************** !! self._finalize_license_expression() --- setup.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup.py b/setup.py index a7dbfc68..82074ece 100755 --- a/setup.py +++ b/setup.py @@ -67,7 +67,7 @@ author='Marcus Furlong', author_email='furlongm@gmail.com', description='Django based patch status monitoring tool for linux systems', - license='GPLv3', + license='GPL-3.0-only', keywords='django patch status monitoring linux spacewalk patchman', packages=find_packages(), install_requires=install_requires, @@ -84,6 +84,5 @@ 'Environment :: Web Environment', 'Framework :: Django', 'Topic :: Internet :: WWW/HTTP :: WSGI :: Application', - 'License :: OSI Approved :: GNU General Public License v3 (GPLv3)', ], ) From f8179591ba3340b50f57baea6cb858486f7d76c8 Mon Sep 17 00:00:00 2001 From: Marcus Furlong Date: Fri, 29 May 2026 05:33:41 +0000 Subject: [PATCH 09/11] auto-commit to update version skip-checks: true --- VERSION.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION.txt b/VERSION.txt index 86edc68d..249b676a 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -4.0.20 +4.0.21 From a5056fffd472583474be3416fa861a228e23865c Mon Sep 17 00:00:00 2001 From: Marcus Furlong Date: Fri, 29 May 2026 05:33:43 +0000 Subject: [PATCH 10/11] auto-commit to update debian changelog skip-checks: true --- debian/changelog | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/debian/changelog b/debian/changelog index d07e4a60..bef9185f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,26 @@ +patchman (4.0.21-1) stable; urgency=medium + + [ dependabot[bot] ] + * Bump gitpython from 3.1.47 to 3.1.49 + + [ Marcus Furlong ] + * use gpg file with both keys on all distros + * handle backported stable releases + + [ dependabot[bot] ] + * Bump gitpython from 3.1.49 to 3.1.50 + * update installation docs + * fix tz and local_settings getting overwritten + + [ Gedminas, Marius ] + * Use underscore names in setup.cfg + * Use SPDX license expression in setup.py + + [ Marcus Furlong ] + * auto-commit to update version skip-checks: true + + -- Marcus Furlong Fri, 29 May 2026 05:33:43 +0000 + patchman (4.0.20-1) stable; urgency=medium * django 5.2 compatibility updates From ff14217a3244597f90b5ac66662e9612b7ee1eef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ricardo=20Jer=C3=B3nimo?= Date: Fri, 29 May 2026 12:38:44 +0100 Subject: [PATCH 11/11] Removed 'latest' tag from build workflow --- .github/workflows/docker-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index 6287e429..4825c77b 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -26,7 +26,7 @@ jobs: file: docker/Dockerfile platforms: linux/amd64,linux/arm64 push: true - tags: ${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:latest,${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:unstable + tags: ${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:unstable cache-from: type=gha cache-to: type=gha,mode=max