archlinux/arch-security-tracker archlinux/arch-security-tracker

  • Stars
    star
    119
  • Rank 297,930 (Top 6 %)
  • Language
    Python
  • License
    MIT License
  • Created about 8 years ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
archlinux/arch-security-tracker
github

archlinux

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Arch Linux Security Tracker

Arch Linux Security Tracker Build Status

The Arch Linux Security Tracker is a lightweight flask based panel for tracking vulnerabilities in Arch Linux packages, displaying vulnerability details and generating security advisories.

Features

  • Issue tracking
  • Issue grouping
  • libalpm support
  • Todo lists
  • Advisory scheduling
  • Advisory generation
  • SSO or local users

Dependencies

Application

  • python >= 3.4
  • python-sqlalchemy
  • python-sqlalchemy-continuum
  • python-flask
  • python-flask-sqlalchemy
  • python-flask-talisman
  • python-flask-wtf
  • python-flask-login
  • python-flask-migrate
  • python-authlib
  • python-email-validator
  • python-requests
  • python-scrypt
  • python-feedgen
  • python-pytz
  • python-markupsafe
  • pyalpm
  • sqlite

Tests

  • python-isort
  • python-pytest
  • python-pytest-cov

Virtualenv

Python dependencies can be installed in a virtual environment (venv), by running:

python -m venv .virtualenv
. .virtualenv/bin/activate
pip install -r requirements.txt

For running tests:

pip install -r test-requirements.txt

Setup

make

run debug mode:

make run

adding a new user:

make user

run tests:

make test

For production run it through uwsgi

Command line interface

The trackerctl script provides access to the command line interface that controls and operates different parts of the tracker. All commands and subcommands provide a --help option that describes the operation and all its available options.

Configuration

The configurations are all placed into the config directory and applied as a sorted cascade.

The default values in the 00-default.conf file should not be altered for customization. If some tweaking is required, simply create a new configuration file with a .local.conf suffix and some non zero prefix like 20-user.local.conf. Files using this suffix are on the .gitignore and not handled as untracked or dirty.

SSO setup

A simple test environment for SSO can be configured using Keycloak:

  1. Run a local Keycloak installation via docker as described upstream.

  2. Create an arch-securiy-tracker client in Keycloak like in test/data/openid-client.json. Make sure the client contains a mapper for the group memberships called groups which is included as a claim.

  3. Create a local tracker config file with enabled SSO and configure OIDC secrets, groups and metadata url accordingly.

Contribution

Help is appreciated, for some guidelines and recommendations check our Contribution file.

More Repositories

1

archinstall

Arch Linux installer - guided, templates etc.
Python
6,002
star
2

archlinux-docker

Docker Base Image for Arch Linux (read-only mirror)
Shell
450
star
3

arch-install-scripts

Useful scripts for installing Arch Linux (read-only mirror)
Shell
331
star
4

svntogit-packages

Automatic import of svn 'packages' repo (read-only mirror)
Shell
317
star
5

archweb

Arch Linux website code
Python
314
star
6

svntogit-community

Automatic import of svn 'community' repo (read-only mirror)
Shell
302
star
7

asp

Arch Build Source Management Tool
Shell
292
star
8

arch-boxes

Arch-boxes provides automated builds of the Arch Linux releases for different providers and post-processors (read-only mirror)
Shell
217
star
9

archiso

Official archiso scripts Repository (read-only mirror)
Shell
209
star
10

mkinitcpio

Arch Linux initramfs generation tools (read-only mirror)
Shell
201
star
11

aur

⚠️⚠️Experimental aur.git mirror⚠️⚠️ (read-only mirror)
152
star
12

archwiki

MediaWiki used on Arch Linux websites (read-only mirror)
PHP
146
star
13

archlinux-repro

Tools to reproduce arch linux packages
Shell
125
star
14

alpm.rs

Rust bindings for libalpm
Rust
112
star
15

devtools

Tools for Arch Linux package maintainers (read-only mirror)
Shell
92
star
16

infrastructure

Official Arch Linux Infrastructure Repository (read-only mirror)
Jinja
92
star
17

contrib

Arch contrib scripts
Shell
64
star
18

pyalpm

Python 3 bindings for libalpm (read-only mirror)
C
56
star
19

aurweb

Hosting platform for the Arch User Repository (AUR), a collection of packaging scripts created by the Arch Linux community (read-only mirror)
Python
40
star
20

dbscripts

Arch Linux repository management scripts (read-only mirror)
Shell
30
star
21

archmanweb

Codebase for the Arch manual pages repository (read-only mirror)
Python
22
star
22

pacman-contrib

Contributed scripts and tools for pacman systems (read-only mirror)
Shell
20
star
23

arch-repro-status

Check the reproducibility status of your Arch Linux packages (read-only mirror)
Rust
19
star
24

arch-rebuild-order

WIP Rust based rebuild order generation script (read-only mirror)
Rust
19
star
25

repod

(read-only mirror)
Python
17
star
26

archlinux-keyring

Arch Linux PGP keyring (read-only mirror)
Python
11
star
27

gluebuddy

A secure helper daemon that watches several aspects of the Arch Linux infrastructure and makes sure that certain conditions are met (read-only mirror)
Rust
10
star
28

archbbs

Arch customized FluxBB install (read-only mirror)
PHP
9
star
29

libudev0-shim

libudev.so.0 compatibility library for systems with newer udev versions
C
9
star
30

conf.archlinux.org

Arch Linux Conference Website (read-only mirror)
CSS
8
star
31

.github

(read-only mirror)
8
star
32

mkinitcpio-archiso

Initcpio scripts used by archiso (read-only mirror)
Shell
7
star
33

sandcrawler

A tool to get all versions of a given of software project (read-only mirror)
6
star
34

neoasknot

Contribution landing page for Arch Linux (read-only mirror)
Svelte
5
star
35

state

Git packaging repository state (read-only mirror)
Roff
5
star
36

releng

Arch Linux release engineering (read-only mirror)
Shell
4
star
37

signstar

A secure enclave signing solution (read-only mirror)
4
star
38

arch-release-promotion

Promote official releases with signatures and additional artifacts (read-only mirror)
Python
3
star
39

tu-bylaws

The bylaws which govern the Arch Linux Trusted Users (read-only mirror)
Makefile
2
star
40

rebuilderd-website

Arch Linux Rebuilderd status webpage (read-only mirror)
JavaScript
2
star
41

pytest-pacman

A pytest plugin which provides helpers to create pacman's localdb and sync db's (read-only mirror)
Python
1
star