Update to 4.0.21

.github/workflows/create-release-and-upload-assets.yml

@@ -19,7 +19,11 @@ jobs:
       version: ${{ steps.set-vars.outputs.version }}
       rpm_version: ${{ steps.set-vars.outputs.rpm_version }}
       is_prerelease: ${{ steps.set-vars.outputs.is_prerelease }}
+      target_branch: ${{ steps.set-vars.outputs.target_branch }}
     steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       - id: set-vars
         run: |
           if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
@@ -35,10 +39,20 @@ jobs:
           else
             IS_PRERELEASE=false
           fi
+          # Detect target branch: if tag version matches VERSION.txt, use main
+          # otherwise use stable-X.Y branch for backport releases
+          MAJOR_MINOR=$(echo "$VERSION" | grep -oP '^\d+\.\d+')
+          CURRENT=$(cat VERSION.txt | grep -oP '^\d+\.\d+')
+          if [[ "$MAJOR_MINOR" == "$CURRENT" ]]; then
+            TARGET_BRANCH="main"
+          else
+            TARGET_BRANCH="stable-${MAJOR_MINOR}"
+          fi
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
           echo "rpm_version=${RPM_VERSION}" >> $GITHUB_OUTPUT
           echo "is_prerelease=${IS_PRERELEASE}" >> $GITHUB_OUTPUT
-          echo "Version: $VERSION, RPM Version: $RPM_VERSION, Pre-release: $IS_PRERELEASE"
+          echo "target_branch=${TARGET_BRANCH}" >> $GITHUB_OUTPUT
+          echo "Version: $VERSION, RPM Version: $RPM_VERSION, Pre-release: $IS_PRERELEASE, Target: $TARGET_BRANCH"
 
   create-release:
     needs: setup
@@ -69,7 +83,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: main
+          ref: ${{ needs.setup.outputs.target_branch }}
       - name: git fetch --all
         run: |
           git fetch --all
@@ -91,7 +105,7 @@ jobs:
           echo "${{ needs.setup.outputs.version }}" > VERSION.txt
           git add VERSION.txt
           git diff --quiet && git diff --staged --quiet || git commit -m "${COMMIT_MSG}"
-          git push origin main
+          git push origin ${{ needs.setup.outputs.target_branch }}
       - name: Update debian changelog
         env:
           EMAIL: furlongm@gmail.com
@@ -101,7 +115,7 @@ jobs:
             skip-checks: true
         run: |
           gbp dch --new-version=${{ needs.setup.outputs.version }}-1 --release --distribution=stable --spawn-editor=never --commit --commit-msg="${COMMIT_MSG}"
-          git push origin main
+          git push origin ${{ needs.setup.outputs.target_branch }}
 
   build-and-upload-deb-assets:
     needs: [setup, create-release, update-version-and-changelog]
@@ -123,8 +137,8 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          # For stable releases, use main (has updated changelog); for pre-releases, use the tag
-          ref: ${{ needs.setup.outputs.is_prerelease == 'false' && 'main' || github.ref }}
+          # For stable releases, use target branch (has updated changelog); for pre-releases, use the tag
+          ref: ${{ needs.setup.outputs.is_prerelease == 'false' && needs.setup.outputs.target_branch || github.ref }}
       - name: git fetch --all
         run: |
           git config --global --add safe.directory /__w/patchman/patchman
@@ -151,7 +165,7 @@ jobs:
           EMAIL: furlongm@gmail.com
           VERSION: ${{ needs.setup.outputs.version }}
         run: |
-          # VERSION.txt and changelog already updated on main by update-version-and-changelog job
+          # VERSION.txt and changelog already updated on target branch by update-version-and-changelog job
           # Recreate tag to include those commits
           git tag --delete v${VERSION}
           git tag v${VERSION}
@@ -181,7 +195,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: ${{ needs.setup.outputs.is_prerelease == 'false' && 'main' || github.ref }}
+          ref: ${{ needs.setup.outputs.is_prerelease == 'false' && needs.setup.outputs.target_branch || github.ref }}
       - name: git fetch --all
         run: |
           git config --global --add safe.directory /__w/patchman/patchman

.github/workflows/docker-build.yaml

@@ -26,7 +26,7 @@ jobs:
           file: docker/Dockerfile
           platforms: linux/amd64,linux/arm64
           push: true
-          tags: ${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:latest,${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:unstable
+          tags: ${{vars.DOCKERHUB_USERNAME}}/${{vars.DOCKERHUB_CONTAINER}}:unstable
           cache-from: type=gha
           cache-to: type=gha,mode=max
 

INSTALL.md

@@ -7,15 +7,15 @@ mysql or postgresql instead, see the database configuration section.
 ## Supported Server Installation Options
   - [Ubuntu 24.04](#ubuntu-2404-noble)
   - [Debian 13](#debian-13-trixie)
-  - [Rocky 10](#rocky-10)
+  - [Rocky/Alma/RHEL](#rockyalmarhel)
   - [virtualenv + pip](#virtualenv--pip)
   - [Source](#source)
 
 
 ### Ubuntu 24.04 (noble)
 
 ```shell
-curl -sS https://repo.openbytes.ie/openbytes.gpg > /usr/share/keyrings/openbytes.gpg
+curl -sS https://repo.openbytes.ie/openbytes-1.gpg > /usr/share/keyrings/openbytes.gpg
 echo "deb [signed-by=/usr/share/keyrings/openbytes.gpg] https://repo.openbytes.ie/patchman/ubuntu noble-backports main" > /etc/apt/sources.list.d/patchman.list
 apt update
 apt -y install python3-patchman patchman-client
@@ -25,26 +25,26 @@ patchman-manage createsuperuser
 ### Debian 13 (trixie)
 
 ```shell
-curl -sS https://repo.openbytes.ie/openbytes.gpg > /usr/share/keyrings/openbytes.gpg
+curl -sS https://repo.openbytes.ie/openbytes-1.gpg > /usr/share/keyrings/openbytes.gpg
 echo "deb [signed-by=/usr/share/keyrings/openbytes.gpg] https://repo.openbytes.ie/patchman/debian trixie main" > /etc/apt/sources.list.d/patchman.list
 apt update
 apt -y install python3-patchman patchman-client
 patchman-manage createsuperuser
 ```
 
-### Rocky 10
+### Rocky/Alma/RHEL
 
 Server installation is currently broken due to missing upstream packages: https://github.com/furlongm/patchman/issues/669
 Client installation should work as expected.
 
-This also applies to Alma, RHEL, etc.
 
 ```shell
-curl -sS https://repo.openbytes.ie/openbytes-2.gpg > /etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes
+# curl -sS https://repo.openbytes.ie/openbytes.gpg > /etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes  # rocky/alma/rhel 8/9
+curl -sS https://repo.openbytes.ie/openbytes-1.gpg > /etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes  # rocky/alma/rhel 10
 cat <<EOF >> /etc/yum.repos.d/openbytes.repo
 [openbytes]
 name=openbytes
-baseurl=https://repo.openbytes.ie/patchman/el10
+baseurl=https://repo.openbytes.ie/patchman/el\$releasever
 enabled=1
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-openbytes
@@ -53,15 +53,15 @@ dnf -y install epel-release
 dnf makecache
 dnf -y install patchman-client
 #dnf -y install patchman
-systemctl restart httpd
-patchman-manage createsuperuser
+#systemctl restart httpd
+#patchman-manage createsuperuser
 ```
 
 ### virtualenv + pip
 
 ```shell
 apt -y install python3-venv        # (debian/ubuntu)
-dnf -y install python3-virtualenv  # (rocky/alma/redhat)
+dnf -y install python3-virtualenv  # (rocky/alma/rhel)
 mkdir /srv/patchman
 cd /srv/patchman
 python3 -m venv .venv
@@ -165,7 +165,7 @@ protocol=2
 Or use the `-p 2` command line option:
 
 ```shell
-$ patchman-client -s http://patchman.example.org -p 2
+$ patchman-client -s http://patchman.example.com -p 2
 ```
 
 
@@ -393,14 +393,14 @@ patchman-client
 Install Celery for realtime processing of reports from clients and for periodic
 maintenance tasks. The celery configuation file is in `/etc/patchman/celery.conf`
 
-#### Ubuntu / Debian
+#### Debian/Ubuntu
 
 ```shell
 apt -y install python3-celery redis python3-redis python-celery-common
 /usr/bin/celery --broker redis://127.0.0.1:6379/0 --app patchman worker --loglevel info --beat --scheduler django_celery_beat.schedulers:DatabaseScheduler --task-events --pool threads
 ```
 
-#### Rocky / Alma / RHEL
+#### Rocky/Alma/RHEL
 
 Currently waiting on https://bugzilla.redhat.com/show_bug.cgi?id=2032543
 
@@ -434,8 +434,9 @@ Install Redis:
 
 ```shell
 apt -y install redis python3-redis  # (debian/ubuntu)
-dnf -y install redis python3-redis  # (rocky/alma/redhat)
-systemctl restart redis/redis-server
+dnf -y install redis python3-redis  # (rocky/alma/rhel)
+systemctl restart redis-server  # (debian/ubuntu)
+systemctl restart redis         # (rocky/alma/rhel)
 ```
 
 and add the following to `/etc/patchman/local_settings.py`
@@ -450,13 +451,13 @@ CACHES = {
 }
 ```
 
-#### Memcacached
+#### Memcached
 
 Install Memcached
 
 ```shell
 apt -y install memcached python3-pymemcache  # (debian/ubuntu)
-dnf -y install memcached python3-pymemcache  # (rocky/alma/redhat)
+dnf -y install memcached python3-pymemcache  # (rocky/alma/rhel)
 systemctl restart memcached
 ```
 
@@ -522,7 +523,7 @@ api_key=abc123...
 Or use the `-k` command line option:
 
 ```shell
-$ patchman-client -s http://patchman.example.org -p 2 -k abc123...
+$ patchman-client -s http://patchman.example.com -p 2 -k abc123...
 ```
 
 

VERSION.txt

@@ -1 +1 @@
-4.0.20
+4.0.21

debian/changelog

@@ -1,3 +1,26 @@
+patchman (4.0.21-1) stable; urgency=medium
+
+  [ dependabot[bot] ]
+  * Bump gitpython from 3.1.47 to 3.1.49
+
+  [ Marcus Furlong ]
+  * use gpg file with both keys on all distros
+  * handle backported stable releases
+
+  [ dependabot[bot] ]
+  * Bump gitpython from 3.1.49 to 3.1.50
+  * update installation docs
+  * fix tz and local_settings getting overwritten
+
+  [ Gedminas, Marius ]
+  * Use underscore names in setup.cfg
+  * Use SPDX license expression in setup.py
+
+  [ Marcus Furlong ]
+  * auto-commit to update version skip-checks: true
+
+ -- Marcus Furlong <furlongm@gmail.com>  Fri, 29 May 2026 05:33:43 +0000
+
 patchman (4.0.20-1) stable; urgency=medium
 
   * django 5.2 compatibility updates

debian/python3-patchman.conffiles

@@ -0,0 +1 @@
+/etc/patchman/local_settings.py

patchman/settings.py

@@ -65,7 +65,7 @@
 
 # Internationalization
 LANGUAGE_CODE = 'en-us'
-TIME_ZONE = 'America/NewYork'
+TIME_ZONE = 'UTC'
 USE_I18N = True
 USE_TZ = True
 

requirements.txt

@@ -13,7 +13,7 @@ django-filter==25.1
 humanize==4.12.1
 version-utils==0.3.2
 python-magic==0.4.27
-gitpython==3.1.47
+gitpython==3.1.50
 tenacity==8.2.3
 celery==5.4.0
 redis==6.4.0

scripts/rpm-install.sh

@@ -19,4 +19,4 @@ for i in `cat INSTALLED_FILES`; do
 done
 
 cat DIRS > INSTALLED_FILES
-sed -e '/\/etc\//s|^|%config(noreplace) |' FILES >>INSTALLED_FILES
+sed -e '/\/etc\//s|^|%config |' FILES >>INSTALLED_FILES

setup.cfg

@@ -1,7 +1,7 @@
 [bdist_rpm]
 doc_files = README.md AUTHORS COPYING INSTALL.md
-install-script = scripts/rpm-install.sh
-post-install = scripts/rpm-post-install.sh
+install_script = scripts/rpm-install.sh
+post_install = scripts/rpm-post-install.sh
 requires = /usr/bin/python3
     python3-django >= 4.2.20
     python3-django-taggit

setup.py

@@ -67,7 +67,7 @@
     author='Marcus Furlong',
     author_email='furlongm@gmail.com',
     description='Django based patch status monitoring tool for linux systems',
-    license='GPLv3',
+    license='GPL-3.0-only',
     keywords='django patch status monitoring linux spacewalk patchman',
     packages=find_packages(),
     install_requires=install_requires,
@@ -84,6 +84,5 @@
         'Environment :: Web Environment',
         'Framework :: Django',
         'Topic :: Internet :: WWW/HTTP :: WSGI :: Application',
-        'License :: OSI Approved :: GNU General Public License v3 (GPLv3)',
     ],
 )