Changelog¶

Unreleased¶

Added¶

submit: --with search forms (PKG, ^PKG, PKG:) now also accept pkg.git=tag, finding the task that contains that exact subtask instead of matching by package name only.
gen environment: -d now traces the whole decision path — tool availability checks, SSH key lookups, ~/.gnupg permission check, keystore classification (entries found in private-keys-v1.d), every gpg/git command with its exit status, and the chosen key-generation path.

Fixed¶

gen environment: empty private-keys-v1.d/public-keys.d directories left behind by an interrupted gpg2 migration no longer flip a classic (secring.gpg) keyring to "modern" — only a real *.key file in private-keys-v1.d counts, so key checks go through plain gpg instead of the hanging gpg2/keyboxd (#86). The stuck-lock hint now also suggests removing stale GnuPG lock files.

Added¶

submit: autodetect kernel-image repos (.gear/rules with specsubst: kflavour, spec Name: containing @kflavour@) and create the tag with -s kflavour=<flavour>, fixing gear-create-tag: specsubst variable "kflavour" is not defined. The flavour comes from -k, [specsubst] kflavour in .gear/version-up, or the branch's <flavour>/<dist> prefix (which also defaults -B to <dist>).

0.40.0 - 2026-06-09¶

Added¶

sandbox: [sandbox] specbr in .gear/version-up. With specbr = false the hybrid runner skips the package's BuildRequires — the chroot is initialised bare (hsh --initroot-only) instead of building the src.rpm; the configured packages (git, [sandbox.chroot] packages, [sandbox] packages) are still installed. Defaults to true; supersedes a custom [sandbox.chroot] prepare (warns when ignored).
submit: autodetect kernel-module template repos and create per-flavour specsubst tags (-k exposed only in such repos, comma-separated and TAB-completing flavours; default flavours come from the module's existing builds). karch is derived from the arches the kernel flavour is actually built for, so a module is not built where its kernel is absent. --dry-run prints each tag's specsubst headers.
submit: universal multi-tag --replace — for kernel-module flavours and batch specsubst submits, each new tag replaces the subtask carrying the same value (adds it if missing), instead of only the first tag.
task gitclone: new subcommand that clones the git repository of every subtask of a task into the current directory, one per package, at the exact commit built in the task. Fetches from the task's own gears over git:// (resolving archived DONE tasks automatically); skips delete and srpm subtasks.
task mkrepo: new (experimental) command — generates a local merged apt repository overlaying a task's RPMs on the base branch mirror, for testing the task against a complete snapshot. The packages to add and remove come from the task's authoritative plan/bin.list.diff (so additions, version replacements, and deletions — including delete-only tasks — are reflected). The base/ index is built by splicing pkglists (reuse the mirror's pkglist.classic, drop the removed headers, splice in the task's pkglist.task) instead of running genbasedir, so indexing reads only the task's packages and is near-instant regardless of branch size. Writes a single pkglist index — plain pkglist.classic by default, or pkglist.classic.xz with --compressed (not both). --force removes a previously generated repo before rebuilding; --clean removes it and exits. A ready apt config (apt.conf/sources.list/priorities) is written to <workdir>/<task_id>/aptconf/, and the generated release identifies the snapshot (Suite/Label = branch, Description = <branch> (<branch source task> plus task <id>)).
up: --reset-to-gear flag — hard-resets the package to its published gears/srpms state before updating, discarding local divergence, uncommitted changes, and untracked files (ignored artifacts kept). Resets the branch planned for the update (current if a known ALT branch, otherwise sisyphus) regardless of the active branch. Closes #81.

Fixed¶

up / spec parsing: the RPM built-in macro %nil now expands to the empty string during version computation. A spec composing its version as %base%sublevel%extra with %define extra_version %nil (e.g. kernel-image) previously yielded a bogus current version like 6.18.35%nil, so zoryn up failed with Cannot find any tags for current version '6.18.35%nil'.
build (--section): a short-circuit section build of a specsubst: template package (kernel-image, kernel-modules) no longer feeds rpmbuild a raw template — rpmbuild failed with Invalid symbol '@' (0x40) in: Name: kernel-image-@kflavour@. zoryn now expands @var@ placeholders before syncing the spec into the chroot, mirroring gear (values from git config gear.specsubst.<var>), and errors with a clear hint when a value is unset.
up: the upstream remote is now set up from any forge, not just GitHub/GitLab/codeberg/sourcehut. The cascade (.gear/upstream/remotes → spec Vcs: → spec Url:) is an explicit upstream declaration, so the first candidate that git ls-remote can reach (probed with a timeout and GIT_TERMINAL_PROMPT=0) is used — no host allowlist. Self-hosted Gitea/Forgejo/cgit instances (e.g. 0ad's gitea.wildfiregames.com) work now, and an upstream hosted on altlinux.space (a Forgejo) is accepted like any other reachable forge — unblocking packages like kitsune-adw.
sandbox: hybrid mode now also bind-mounts the chroot's /var (read-only) into bwrap, alongside /usr, /lib, /lib64, /etc, /bin, /sbin, with a writable /var/tmp tmpfs on top so hooks can use it as scratch.
sandbox: the hybrid chroot is now prepared once per run instead of for every hook. Re-initialising per hook was pure overhead — most visible with [sandbox] specbr = false, where the bare init (hsh --initroot-only) rebuilt the chroot from scratch before each script. The bare init also streams its output live (its lines aren't recognised as build stages, so the long basesystem step previously looked like a hang).
task mkrepo: a package rebuilt with an identical epoch:version-release is now taken from the task, not the stale base mirror. bin.list.diff omits such rebuilds, so the task's own package set is now authoritative: every task build replaces the same-named base copy in both the symlink farm and the spliced index.
gen environment: GPG key generation no longer hangs silently. zoryn now reads the passphrase itself and feeds it to gpg via --batch --passphrase-fd (so gpg never blocks on its own /dev/tty prompt after the migration messages of a legacy ~/.gnupg), pre-checks ~/.gnupg/$GNUPGHOME ownership and permissions and aborts with a fix command when unsafe, and prints recovery hints on failure. It also detects a classic keyring (secret keys in secring.gpg, no keybox) from disk and drives it with gpg instead of gpg2 — gpg2 would migrate it and can hang on keyboxd's lock. Both listing and generation then go through gpg: a genuine GnuPG 1.4 gpg generates via a batch control file (so the new key lands in the same secring.gpg the user reads), while a 2.x gpg (the common gpg→gpg2 symlink) uses the loopback --quick-generate-key path so it never prompts and re-hangs. The key-listing calls are guarded with timeout -k, so a wedged agent turns into an actionable "run gpgconf --kill all" error instead of an infinite wait. Closes #86.
commit / changelog parsing: a changelog version containing letters (e.g. AFLplusplus 5.00c) is no longer dropped. zoryn commit produced a malformed - subject because the header parser only accepted all-numeric versions; it now accepts RPM-legal version characters. Closes #85.
up (scheme detection): a merge of an upstream tag (monorepo Merge tag 'hatchling-v1.29.0') is no longer misdetected as tarball-watch. The detector now defers to the tag-based stages — recognizing prefixed v-version tags like <prefix>-v<version> — and names the actual merged tag in its reason.
up (scheme detection): a merge of an upstream release tag with a non-semver name (e.g. 0ad's Merge tag 'a27.1') is no longer misdetected as tarball-watch. When the merged commit is absent from every fetched upstream branch, the detector now also matches it by SHA against the upstream remote's own tags (git ls-remote --tags), so any upstream tag-naming convention counts as a real git-merge.
builder shell: now mounts the same paths the build uses (/proc, /dev/pts, /dev/kvm, …) and validates/auto-fixes hasher-priv allowed_mountpoints first, so packages whose BuildRequires need /proc work in the interactive shell.
submit: --replace now implies --allow-overwrite-tag for the local tag rewrite. Replacing an in-progress subtask after git commit --amend or git rebase no longer aborts with "tag points to commit not an ancestor of HEAD" — the whole point of --replace is to swap in a new commit at the same tag name. A dim notice is printed when the implication is auto-applied. --refresh and the gears-immutability check are unaffected.
submit: brand-new packages (not yet in Sisyphus) no longer get stuck on the "tag points to a commit not an ancestor of HEAD" safety check when a stale local tag remains from a previous attempt. When the gears repo is provably missing (ls-remote fails) and the package is unknown to RDB, the local tag is treated as stale and overwritten automatically with a warning. Existing packages keep the strict ancestor check.
task test-rebuild: now aborts with an error instead of silently reporting success when the task has no built repository to overlay. Previously a task whose RPMs failed to download, or whose repo was not ready, produced a green run that rebuilt dependents against the clean branch — testing nothing. The download now reports a per-architecture result; an empty listing or any failed RPM aborts the run, as does a run with no available builder architectures. The gate is the task's repository presence, not its state: an early guard only rejects tasks still building (NEW, AWAITING, PENDING, BUILDING, COMMITTING, FAILING), whose RPMS.task would be empty or partial. Terminal states proceed, including FAILED — a failed task often still has a usable (if partial) repository, and test-rebuilding it is a normal workflow; DONE warns the overlay is redundant and FAILED warns the RPM set may be partial. --local-rpms and --without-task are unaffected.
submit: --replace with multi-branch -B sisyphus,p11 now finds and replaces the matching task in each branch (one auto-search per branch). Previously the comma-joined repo string was passed as a single filter to task ls, so nothing matched and the command aborted with "no open tasks found". Explicit --replace=TASK_ID is still single-target and errors out when combined with multiple -B repos.

0.39.0 - 2026-05-26¶

Changed¶

task rebuild: default --dptype is now binary (was source). Binary dependencies match the practical "what breaks if this ABI changes" question better for the rebuild workflow.
up (merge-hooks): .gear/merge-up.d/* hooks now run only when this invocation actually produced a merge commit, or when the user explicitly asked for the stage via --stage merge-hooks / --from merge-hooks. Running the full pipeline on an already-up-to-date tree no longer re-runs hooks that already ran in the previous zoryn up (and that had no merge in this run to react to). The persistent pipeline state grew a merge_performed flag (set by stage_merge on success, preserved across --continue); explicit --stage merge-hooks invocations also opt in via a runtime-only explicit_merge_hooks flag that is not persisted, so a re-run never silently inherits yesterday's opt-in.
up: new Step 0.3 syncs the local package repo with the public gears/srpms mirror before detection — fast-forwards when behind, auto-merges on divergence, aborts on conflicts or a refused fast-forward. Only runs when the local branch is a known ALT branch (sisyphus, p11, p10, c10f2, …); topic branches like master or wip-* skip silently. Also skipped for packages unknown to RDB, dirty trees, detached HEAD, or fetch failure; fetch is bounded by GIT_HTTP_LOW_SPEED_LIMIT=1000/_TIME=10 so a slow mirror can't hang the run. Closes #80.

Added¶

task copy: --into <task_id> option to append subtasks to an existing target task instead of creating a new one. Target repo is derived from that task (-B ignored); target-task state is validated (DONE/SWEPT/EPERM rejected, in-progress states warned); dependencies are left untouched.
task copy: --subtask <SUBTASK> (repeatable, comma-separated) to copy only selected subtasks. Accepts the same syntax as zoryn task delete (numeric ID, package name, pkg.git=tag) with TAB completion from the source task.
task test-rebuild: --without-task flag — skips downloading task RPMs and rebuilds dependent packages against the current branch state (baseline). Hasher RPMs are cleared before each individual build to prevent cross-contamination between dependent packages in the same run. Logs get the baseline. prefix. Mutually exclusive with --verify-failures and --local-rpms.
task add: --replace flag to replace an existing subtask in a single command. Target subtask is derived from the action's package name (matches both pkg_name and git_repo); ambiguous matches error out asking the user to delete the unwanted subtask manually. Cannot be combined with multi-package del/rebuild. Closes #76.
task add: <task_id>^<subtask_id> positional shorthand for --before <subtask_id> — accepts task references in the form printed by task ls / task show.
task add: <task_id>/<subtask_id> positional shorthand for --replace targeting an exact subtask (bypasses auto-find by package name).

Fixed¶

submit / task batch: tag-overwrite safety rework (Closes #71)
submit recreates a stale local tag automatically when the existing tag is an ancestor of HEAD (fast-forward case) and not yet published in gears. Refuses with an actionable message otherwise. The sisyphus-only Alt_branches.is_root force-tag shortcut is gone — uniform algorithm on every branch.
--allow-overwrite-tag flag (on both submit and task batch) bypasses the gears/ancestor checks when you know the stale tag is unrelated to HEAD. --refresh continues to overwrite the local tag unconditionally regardless of this flag — it is only relevant on non-refresh submits.
Output distinguishes Created tag: X (fresh), Reusing existing tag: X (already on HEAD), and Recreated tag: X (was at <sha>) (force-overwrite). Previously every successful tag step printed Created tag even when no tag was created.
--dry-run now refuses (exit 1) when the gear specfile is missing or lacks Version/Release (previously synthesized ?-? placeholder tags).
Same safety algorithm applies to all batch tag paths (simple, first, remaining) and is consistent with non-batch submit.
Side-effect: in batch mode with includes_original_first=true, the first tag is now built via apply_batch_format like the rest of the batch. If you relied on the implicit <project>- prefix, add {name} to tag-name in [batch].
Simple-submit defers to gear-create-tag default naming when no local tag exists. Previously the fix forced <project>-<version>-<release> style, breaking packages that historically used bare <version>-<release> tags (e.g. libva-intel-media-driver). Safety algorithm still runs when an existing tag is found under either naming style.
task copy: dry-run/real run on a NEW source task whose subtasks have not been fetched yet (no srpm/package/pkgname in the API payload) no longer aborts with "No valid subtasks found". resolve_pkg_name now falls back to the git repo basename from dir so build subtasks are recognised before any artifact has been produced.
builder: clear_hasher_rpms now also wipes {hasher_dir}/repo/SRPMS.hasher/. sync_rpms_to_hasher does the same only when delete = true (its default, used by zoryn task test-rebuild); zoryn task rebuild calls it with delete:false and keeps the additive-sync semantics. Output of hsh previously accumulated indefinitely across a test-rebuild batch.
test-rebuild: fork_single_task child now clears the inherited apt-tmpdir cache, installs SIGINT/SIGTERM handlers that run cleanup_all before _exit, and explicitly cleans up on normal exit — closing the per-task /tmp/.private/<user>/zoryn.XXXXXXXX/ leak both for completed and interrupted runs.
up (merge): zoryn up (and --continue) on a branch where the target upstream tag is already merged no longer reports a bogus "Merge failed - conflicts detected". The pipeline now detects that the tag is reachable from HEAD and skips the merge step, letting the remaining stages run.
task manage: when running a task that contains rebuild/delete subtasks (or targets a stable repo), gyle's "please specify a reason" rejection no longer ends the action with an "Error: …" status. The TUI now detects gyle's reason-required errors and re-opens the build-reason input prompt prefilled with the existing task message, preserving the original run mode (default / --commit / --test-only) so the retry uses the same flags. Also fixes the previously silent path where pressing r (plain run) on a rebuild task would just fail.
gear rules parsing: any tar.<comp>: directive (where <comp> is a non-empty lowercase-alphanumeric suffix) is now recognised by the .gear/rules parser, replacing the previous hand-maintained allowlist of tar.gz: / tar.bz2: / tar.xz:. Concretely, tar.zst: was missed: in a package whose .gear/rules started with e.g. tar.zst: thunderbird followed by a secondary tar: l10n name=l10n, find_tar_directory skipped the first directive and zoryn up tried to update the l10n subdirectory instead of the main source tree. The four duplicated prefix lists (in tar_line_uses_version_template, parse_tar_directory, main_tar_uses_version_template, and rewrite_rules_for_upstream_git) now share a single helper, so future compression suffixes added by gear are picked up automatically rather than producing a silent miss.
up (merge-hooks): zoryn up on an already-updated project (or --stage merge-hooks after the fact) no longer feeds the bare spec version into $TAG, which broke hooks doing git rev-parse "$TAG^{}" with ambiguous argument '1.5.0^{}' for upstreams that tag as e.g. v1.5.0 (kryoptic). The stage now resolves the spec version to an actual tag via Gau_git.find_all_matching_tags (honoring .gear/rules tag prefixes and pkg_name- patterns), and skips merge-hooks cleanly when no tag matches instead of running with a non-ref string. Closes #78.
task batch: main package no longer fails with gear-create-tag failed (and a follow-up src refspec ... does not match any on push) when re-running for a second target repo: the per-package tag is now resolved up front and reuses the bare <version>-<release> tag on HEAD when the batch-formatted tag is not present, so push and task add reference the tag that actually exists. Fresh first runs also create the main package's tag with the batch-formatted name (gear-create-tag -n …) for consistency.

0.38.0 - 2026-05-05¶

Added¶

task refresh: --run queues the task for build right after a successful refresh; pair with --test-only / --commit (mutually exclusive) and -m MESSAGE to forward those flags to task run.
changelog: web_regex parser for upstream HTML release notes (e.g. Wireshark). Configure parser = "web_regex", url, web-regex-pattern (PCRE with named groups (?<id>...) and (?<desc>...)), and optional web-regex-stop-at substring marker in .gear/version-up. URL-based parsers (web_regex, markdown, osv-json, html-table) also gain {old_version} / {new_version} placeholder substitution. CVE descriptions are RPM-macro-escaped (% → %%) before being written into the spec %changelog, so upstream prose containing literal % cannot trigger macro expansion.

Removed¶

config: dropped legacy INI config support — the zoryn_config_fix migration utility, the INI parser, and the on-load auto-detection path are gone. INI-style ~/.zoryn and .gear/version-up now print a TOML parse warning on stderr and fall back to defaults; INI-style batch configs fail with a parse error. Convert them to TOML manually.

Fixed¶

task delete/approve/disapprove/log: pkg.git=tag now picks the subtask whose tag matches (not the first sharing the git repo); a bare ambiguous pkg errors out and lists the candidates. Closes #74.
bash completion: TAB after pkg.git=tag prefix no longer stalls or duplicates the pkg.git= prefix in the reply.
config: invalid TOML in any user-edited config file now fails with zoryn: <path>:<line>:<col>: invalid TOML: <msg> and exit 1, instead of silently falling back to defaults with only a stderr warning. Previously a typo in .gear/version-up would silently swallow the entire [changelog] section so zoryn up produced an entry without CVE references; ~/.zoryn, builders.d/*.conf, and the [commands] section had the same silent-fallback hazard. Toml_utils.warn_parse_error (the helper that printed the warning) is replaced by fail_parse_error that raises Failure, caught by main.ml's top-level handler. Batch config files (which already returned Error from a result-typed API) keep their result-based behavior; only the redundant stderr warning is dropped there.
tests: test_cmd_gen_watch's "fails for nonexistent package" case now runs with ZORYN_TEST_FIXTURES set, so the binary uses fixture-mode HTTP instead of hitting live Debian/Gentoo/Arch endpoints. Without it the test was flaky on CI — a transparent proxy or stray upstream hit could mark a bogus package as "found" and the expected non-zero exit never came.
up: scheme detection now falls back to tarball-watch when every structural git-merge signal is absent but a .gear/watch (or a copy: *.watch rule / Source: *.watch) is present. Previously the scheme stayed unknown and zoryn up failed with "no upstream URL found" for packages whose upstream is a plain HTTP tarball site (e.g. dhcp_probe from www.net.princeton.edu).
up: for tarball-watch packages whose spec Url: points at PyPI, the version now comes from PyPI and the watch file is consulted only to find the matching tarball download URL. Previously the pipeline searched for a git tag matching the PyPI version (fails without an upstream git remote, e.g. python3-module-grpcio-tools), and the pure-watch fallback was prone to picking upstream pre-release tags like 1.80.0-pre1 over the real release 1.80.0.

0.37.0 - 2026-04-22¶

Security¶

up (hooks): zoryn up now lists every .gear/{up,merge-up}.d/* script by name before the [y/N] prompt when hooks would run unsandboxed (via --no-sandbox, --sandbox direct, a missing runner binary, or runner=direct in ~/.zoryn), and strips control bytes and Unicode bidi/zero-width/line-separator/BOM hazards from the displayed names (CVE-2021-42574 "Trojan Source" class). The announcement, rejection notices, and prompt all share stdout so stderr redirection cannot silence part of the picture; --continue no longer inherits --no-sandbox or cached consent across processes.

Changed¶

up (hooks) — BREAKING: symlinks under .gear/up.d/ and .gear/merge-up.d/ (and the hook directories themselves if they are symlinks) are now refused: the target may differ from the displayed name, so a .gear/up.d/innocent -> /bin/sh trick would defeat the new list-before-prompt safeguard. Replace such entries with regular files (copy, include, or use a helper script that invokes the real target).

Fixed¶

task approve/disapprove all: delegate the all target to gyle in a single SSH call so stale client-side subtask state no longer yields subtask #N not found cascades before the real subtasks are reached. Also warn when --revoke is combined with -m (gyle ignores the message). Closes #68.
task refresh: stop picking stale repo snapshots on girar — get_last_done_task_id sorted candidate tasks by task_id descending and picked the first DONE one, but girar does not commit tasks in task_id order (a task with a higher id can finish before one with a lower id). The reference snapshot could therefore predate already-committed newer versions, so task refresh reported "all packages up to date" even when subtasks were clearly behind repo. Now sort by task_changed descending (with task_id desc as a tiebreaker) to pick the latest-committed DONE task.
task manage: no more "ghost symbols" on the subtask-detail and dependencies headers — the colored #task_id / Sub #sub_id -- STATE -- repo -- owner overlay on the subtask-detail screen was drawn one column left of the plain header text (" / Sub " is 7 chars, not 6), so each value's trailing char bled through from the uncolored underlay (Sub#1000, try 11, sisyphuss, nickell). The -- Dependencies of #id overlay was off by one the other way (the prefix is 19, not 20 chars), rendering a doubled ##id. Closes #70.
task manage: mouse selection no longer leaks across screen boundaries — clicking on TaskList, then entering the log viewer (or the other way around) used to leave the old (row, col) selection in place; the log view then re-interpreted it as logical (screen_line, col) and painted reverse-video in the wrong spot, and the idle-release copy grabbed whatever happened to live at those coordinates. Selection overlays and the copy path are now gated on the screen the selection was started on.
task manage: mouse selection is cleared on every data refresh (manual R/F5, SSE push, auto-poll fallback). The absolute (row, col) coordinates became stale as soon as the task list / detail was reloaded, so the copy-on-release path risked returning text from an unrelated row.
task manage: Copied: … preview truncation is UTF-8 safe and no longer slices a multi-byte character mid-sequence (the status line used String.sub on byte offsets).
Shell mock layer (tests): SSH commands now require a fixture when ZORYN_TEST_FIXTURES is set — previously the test harness silently fell back to real ssh when the fixture file was missing, so tests could accidentally connect to a live build server against the developer's credentials (and pass or fail depending on their real task state). Missing fixtures now raise a clear Shell fixture missing error. Fall-through behaviour is preserved for git/gear/hsh because many tests rely on real local-only git operations on fixture-built repos.

Added¶

task manage: full mouse text selection on the task list, detail, deps and subtask detail screens — drag to select a range, double-click to select a word. Triple-click on a task list entry's wrapped package block selects all pkg=version items of that task (for other triple-click targets the clicked screen line is selected). Multi-row copies are joined with spaces (no line breaks) so a block of packages lands on a single paste-ready line. Copy fires automatically on mouse release (after ~0.4 s idle) via OSC 52. Single click on a #NNN token still selects just the digits and copies the bare number.
docs/site: project website at https://rider.altlinux.team/zoryn/ — a bilingual landing page plus full MkDocs Material documentation (Installation, Quick start, Configuration, Build farm, Hooks, Sandbox, Batch configs, per-command reference). Sources under docs/{en,ru}/; this CHANGELOG.md at the repo root is the single source for the "Changelog" page (symlinked from docs/en/changelog.md; RU falls back to EN via mkdocs-static-i18n).
ci: .forgejo/workflows/deploy-site.yaml — builds the MkDocs site and publishes site/ to Forgejo Pages on every push to master touching site/, docs/, mkdocs.yml, overrides/, or dune-project. The landing's version badge is baked from dune-project at build time by overrides/hooks.py — one source of truth for the displayed version. Closes #28.
up: new [tarball] subdir config field — subdirectory name inside the tarball to extract (passed as gear-update --subdir=<value>). Supports {version} and {name} placeholders, e.g. subdir = "thunderbird-{version}". Validated against shell metacharacters, path separators (/) and directory-traversal values (., .., or a .. prefix) before use so it cannot escape the intended extraction directory. Useful for tarballs with multiple top-level entries like Mozilla source tarballs
up: new parser = "mozilla" in [changelog] — fetches CVEs from mozilla/foundation-security-advisories for Firefox, Firefox ESR, Thunderbird (override with mozilla-product).

0.36.0 - 2026-04-15¶

Added¶

task manage: show approval/disapproval status in the task list — aggregated ✓/✗ line with usernames between task header and package list
Persistent search history in TUI search inputs (test-rebuild, up, task manage). Use Up/Down (or Ctrl+P/Ctrl+N) to walk previous patterns and Ctrl+R for reverse incremental search, readline-style. History is kept in ~/.local/state/zoryn/<tui>.search.history (max 500 entries per TUI). Closes #61.
build --section: new bb and ba values (with long-form aliases pkgbinary and pkgall) — run rpmbuild -bb --short-circuit / -ba --short-circuit in the existing chroot to repackage only (Processing files → rpm, or src.rpm + rpm), reusing the %prep/%build/%install artifacts from the previous build. Useful when iterating on %files, packaging macros, or metadata without rerunning the full pipeline through hsh.

Changed¶

test-rebuild log-viewer: pressing Enter on an empty search now re-runs the most recent history entry instead of clearing the match highlight.
build (python auto-deps): auto-fix retry now uses hsh-rebuild to reuse the existing chroot instead of a clean hsh build, significantly reducing rebuild time since all BuildRequires are already installed. Falls back to clean build if chroot is unavailable. (#56)

Fixed¶

task rebuild: --skip <pkg> now filters the dependency list in --deps-by-pkg/--from-log/default modes as well (previously silently ignored outside --all-subtasks); numeric subtask IDs in --skip still apply only to --all-subtasks and now emit a warning elsewhere.
up: upstream fetch no longer aborts when a local tag would clobber an upstream tag — the fetch is split into a mandatory branches step (--no-tags) and a non-fatal tags step. Errors now name the spec file and the real reason instead of the generic "No upstream remote available".
submit: no longer attaches bogus --deps on tasks from a different build chain. Girar.is_repo_fresher used a flat branch_sorting_order index, so p11 (p-chain) was ranked "fresher" than c10f2 (c-chain) and find_upstream_tasks fed those tasks into --deps. It now consults Alt_branches.get_build_predecessors, which understands the real chains sisyphus → p11 → p10 → p9 → p8 and sisyphus → c10f2 → c9f2. For c10f2 only sisyphus is considered upstream; p11/p10 tasks are ignored. (#65)
build --section install: drop --nocheck from the rpmbuild arguments. ALT Linux rpmbuild does not accept --nocheck (it's a hsh-level option), so zoryn build --section install failed immediately with --nocheck: unknown option. The flag was also redundant: --short-circuit tells rpmbuild to jump straight to the requested stage, so -bi --short-circuit runs only %install and %check is never reached.
build (python auto-deps): auto-fix now detects when upstream has changed the check dependencies source (e.g., switching from setuptools to hatchling) causing a source's deps to become empty in pyproject_deps.json. Previously the build would silently succeed with cached chroot packages but fail on fresh builds. Now zoryn aborts with a clear message asking to update the %pyproject_deps_resync_check_* macros in the spec file. (#62)

0.35.0 - 2026-04-09¶

Added¶

commit: new zoryn commit command — native replacement for gear-commit, extracts changelog from spec file as commit message; supports --spec, -m, --no-edit, --amend, -a flags. By default opens the message in the same editor git commit uses (resolved via git var GIT_EDITOR). For vim-family editors (vim/vi/nvim/gvim) the prefilled message is piped through stdin and the buffer is renamed via :file, which makes vim mark the buffer as modified — so ZZ, :wq, :x on an unchanged prefilled buffer all commit (unlike opening vim directly on a file, where these commands are no-ops on unchanged content). Save/abort detection is by file existence: :q! aborts, empty buffer aborts ("commit message is empty"), :cq aborts with non-zero exit. For non-vim editors falls back to git commit -F file --edit, which has standard git semantics. Exports GEAR_COMMIT and GEAR_COMMIT_AMEND env vars for git hooks compatibility

Changed¶

task rebuild / batch rebuild: local SRPM lookup is now stricter — only files whose release starts with alt are considered. Previously the legacy Hasher.find_srpm accepted any release suffix, so a directory containing third-party rebuilds (e.g. foo-1.0-1.fc38.src.rpm, foo-1.0-1.mga9.src.rpm, or vendor packages with no alt prefix at all) could be matched by name. After the unification onto Builder.find_srpm_in_path (which shares its matcher with the existing Builder.find_srpm used everywhere else), such files are silently ignored and task rebuild will print "No src.rpm found" for them. If you mirror non-ALT SRPMs into your [sources] srpms_path, keep them in a separate directory; task rebuild only consumes ALT-tagged SRPMs (this matches the behaviour Builder.find_srpm has always used for remote builders). Package names are now also validated through Gau_common.Validation.validate_package_name before lookup, mirroring the rest of the builder API.

Fixed¶

task rebuild / batch rebuild: SRPM lookup no longer matches files whose name shares a suffix with the requested package. Previously the matcher in Hasher.find_srpm used an unanchored regex (Re.eos only, no Re.bos), so a search for qt6-webengine would substring-match inside dqt6-webengine-6.10.2-alt0.dde.1.src.rpm and return the wrong file. The duplicate path-based finder has been removed: both bin/zoryn/cmd_task_rebuild.ml and lib/batch_pipeline/batch_pipeline.ml now use the new Builder.find_srpm_in_path, which shares its fully-anchored matcher (^pkg-…$) with Builder.find_srpm. The "no src.rpm found" warning in task rebuild was also updated to describe the new pattern (%s-{version}-alt{release}.src.rpm) instead of the old permissive one.
up: state file location is now resolved via git rev-parse --absolute-git-dir instead of the hardcoded .git/zoryn-up-state.json path, so zoryn up (and the build pipeline it drives) works inside a git worktree. Previously the top-level .git in a worktree is a regular file (a gitdir: pointer), not a directory, so writing the state file failed with ENOTDIR. The new path lives in the per-worktree git directory (.git/worktrees/<name>/zoryn-up-state.json), which is also naturally isolated — two parallel zoryn up runs in two worktrees of the same package no longer collide. (#60)
up: scheme detection on packages whose .gear/upstream/remotes exists (or whose spec carries only a Url: to a public forge, no VCS:) no longer requires the maintainer to add the local upstream remote by hand and no longer takes minutes on repos with hundreds of merge commits. stage_detect now resolves the upstream URL from .gear/upstream/remotes → spec Vcs: → spec Url: (with Git_url.normalize + is_github_or_gitlab_url filter) and fetches BEFORE running scheme detection. The remote-discovery cascade is conservative and never destroys maintainer state: (1) it first walks all local remotes and reuses the one whose canonical URL matches the determined upstream URL — regardless of its name, so vendor/tools/phobos/etc. conventions are honored; (2) failing that, it respects an existing upstream remote even when its URL differs from the spec (the maintainer may have pointed it at a mirror or fork deliberately); (3) only when neither match exists does it git remote add upstream <url> from the determined URL. Fetches use --tags without --force, so packaging-side tags whose name coincides with upstream tags are preserved. With upstream fetched, scheme detection runs a new structural fast path: pick the upstream tag matching the current spec version (v<v>, <v>, release-<v>, release_<v>, rel-<v>, <pkg>-<v>), VERIFY it actually came from upstream by checking that its commit is reachable from refs/remotes/<upstream>/* (so a maintainer-side packaging tag with the same name does not poison the result), and run a single git merge-base HEAD <tag> — non-empty result means HEAD shares SHAs with upstream → git-merge; empty means tarball-imported synthetic SHAs → tarball-watch. Tarball imports cannot fake content-hash identity. Falls through to the legacy Tier 1 / Tier 2 cascade when no matching upstream tag exists locally OR when no candidate is verified as upstream. stage_fetch now reuses the same safe helper as a fallback when stage_detect could not determine a URL, and skips the redundant remote-setup step when the URL is already in state.upstream_url. (e.g. microsoft/onnxruntime: scheme detection went from ~30s of slow tag walking to a single merge-base call.)
up: Tier 1 (changelog-history scheme detector) now short-circuits on the first upstream-shaped merge instead of eagerly classifying every merge in the version-bump range — for packages with hundreds of merges between two version bumps and no configured upstream remote, this turns an O(N) walk into O(1) on the common case. The "all merges proven non-upstream → Tarball" branch still requires walking the whole range and remains correct.
up: scheme detection no longer misclassifies git-merge packages as tarball-watch when the maintainer uses non-standard merge commit messages such as Merge upstream tag 'X' (e.g. oneDNN). The detector now classifies the last update structurally. The primary signal is commit-identity via the upstream remote: a merge is upstream-shaped iff any non-first parent is reachable from refs/remotes/<upstream>/*, where the upstream remote is resolved from .gear/upstream/remotes (proper git-config parsing with [remote "name"] section headers, case-insensitive keys, #/; comments), spec Vcs:/Url:, or a local remote named upstream/vendor. SHA1 identity is cryptographic — tarball imports cannot fake it. When a remote is configured, its negative answer is authoritative (no fall-through to weaker tag heuristics), so packaging-branch merges with coincidental tags cannot be misclassified. When no remote is configured, the detector falls back to tag-based heuristics (tag pointing at merge commit, tag in parent diff). Tier 1 walks the spec's Version:-bump history with --follow --topo-order, verifies ancestry to skip meaningless ranges after rebase, and handles octopus merges. is_github_or_gitlab_url explicitly excludes ALT-internal hosts (*.altlinux.org, *.basealt.ru, etc.) so ALT's gitlab-based infra is never misclassified as upstream. Multi-subproject packages (dmd-style with [remote "tools"] + [remote "phobos"]) are handled correctly by matching gear section names against local remote names.
check version-up: spec file lookup now respects spec: directive in .gear/rules. Previously the command only scanned the repository root and printed "No spec file found, use --from for simulation" for packages whose .spec lives inside .gear/ (e.g. python3-module-hypothesis).
up: PyPI tag lookup now finds tags whose .gear/version-up pattern carries a decorative prefix (e.g. hypothesis-python-{major:+}.{minor:+}.{patch:+}) without needing an explicit template; [version] filter is still respected. (#57)
gen version-up: when run from .gear/ or any subdirectory of a git repository, write .gear/version-up to the repository root instead of creating a nested .gear/.gear/version-up. The -C/--chdir option still defines the working directory explicitly. (#59)
builder add: --hasher-dir was ignored in --multi-add mode; now supports {hasher_number} template (e.g., --hasher-dir '/tmp/h_{hasher_number}'). Without placeholder, template is derived automatically with a warning. Priority: --hasher-dir > --based > default ~/hasher_{hasher_number}
task add: TAB completion for package names now searches across all branches instead of filtering by the task's target branch — previously e.g. zoryn task add 411104 copy ocaml-l<TAB> (task for p11) hid ocaml-lzma because it does not yet exist in p11
gen pypi2spec: emit VCS: tag when the repository URL comes only from home_page (no project_urls.Repository), e.g. fasttext.
gen pypi2spec: --url now overrides any URL discovered in PyPI metadata (was: only used as a fallback) and is reflected in the spec's VCS: line.
gen pypi2spec: normalise PyPI repository URLs through a shared Gau_common.Git_url helper — handles git+https:/git: prefixes, trailing slashes, and .git suffix uniformly across all code paths.

0.34.0 - 2026-04-06¶

Added¶

task refresh: --from <branch> flag for cross-branch sync — detect stale subtasks and replace with copy from source branch
task refresh: --types <types> flag to control which subtask types are checked (copy, rebuild, build=gear+srpm, ALL)
task test-rebuild: warn about packages already FTBFS on beehive before building; add --skip-ftbfs to skip per-architecture build tasks where the package is already FTBFS
TAB completion for package names from Repoteka API in clone, check, task, and gen watch commands

Fixed¶

task ls/show: fixed missing package names for delete/copy/rebuild subtasks — used pkgname field from Tasks API instead of absent package

Changed¶

build: unified single-builder and multi-builder batch build code paths — removed ~300 lines of duplicated logic and the first-package special case

0.33.0 - 2026-04-05¶

Added¶

tui: mouse text selection in log viewer — click+drag to select, y to copy original text (without wrapping) to clipboard via OSC 52 (#52)
tui: Space (page down) and b (page up) keys in log viewer — matching standard less keybindings (#50)
Syntax highlighting for log output using sublime-syntax engine (#46)
build: --section flag to run a specific rpmbuild section (prep, build, install, check) in an existing chroot with automatic spec file sync, --rpmbuild-args for passing extra rpmbuild arguments — for iterative build development and debugging
build: configurable log filename template log_filename in [build] config section (~/.zoryn). Supported variables: {builder}, {batch}, {pkgname}. Default: build.{batch}.{builder}.log
build, up: --skip-check now supports rpmbuild value to skip %check section via --rpmbuild-args='--without=check'; bare --skip-check without value skips everything (rpmbuild + post-build checks) (#45)
gen pypi2spec: %pyproject_runtimedeps_metadata for upstream runtime dependencies (#48)
gen pypi2spec: AutoReq: yes, nopython3 to disable python3 autoreq (#48)
gen pypi2spec: %global _unpackaged_files_terminate_build 1 in generated spec (#48)

Changed¶

tui: log viewer line wrapping is now character-based instead of word-based — better for logs with long strings without spaces (#54)
build: default log filename format: build-log.{builder} -> build.{batch}.{builder}.log
build: removed separate .err log files for parallel builds — stderr is now written to the main log
gen pypi2spec: spec filename changed from python3-module-<name>.spec to <normalized-pypi-name>.spec (e.g. .gear/hdbscan.spec) (#48)
gen pypi2spec: Url: tag now always uses https://pypi.org/project/<name>/ instead of homepage from metadata (#48)
gen pypi2spec: removed %doc line from %files — don't package docs and license files (#48)

Fixed¶

tui: last character lost when wrapping long lines in log viewer — byte offset for syntax highlighting was calculated incorrectly due to a missing space at the wrap boundary (#53)
build: show SKIP (yellow) instead of FAIL (red) when architecture is excluded in spec file (ExcludeArch) — detected from build log (error: Architecture is excluded: ...) (#49)
gen pypi2spec: add %define pypi_name to generated spec and use %{pyproject_distinfo %pypi_name} instead of %pyproject_distinfo %name — fixes incorrect dist-info path matching (#44)

0.32.0 - 2026-03-31¶

Added¶

submit: automatically squash duplicate release commits — when re-running zoryn submit after changes, if the previous commit has the same version-release subject (e.g. 6.151.10-alt1), amends it instead of creating a duplicate
PyPI version source: for Python packages with URL: https://pypi.org/project/<name>/ in spec, zoryn up and zoryn check version now use PyPI as the source of truth for version numbers instead of git tags — prevents updating to yanked (withdrawn) versions; PEP 440 normalization handles version format differences between PyPI and git tags; use --tag to bypass PyPI detection
task test-rebuild --top: full TUI rewrite using LTerm — no more screen flickering, syntax-highlighted build logs with search (/, n/N), full-screen log viewer with follow-mode, build log list (l) showing all results, help screen (F1), hotkeys synced with task manage
tui_logview: new shared library for log viewer logic (classifier, word wrap, caching, search) — used by both task manage and task test-rebuild
zoryn task abort command — abort a running task by ID (with TAB completion for task IDs)
zoryn task approve / zoryn task disapprove commands — approve or disapprove task subtasks from CLI (by subtask number, package name, or all), with optional -m message and --revoke
Changelog CVE parser: support CVE:YYYY-NNNNN format (used by ISC Kea/BIND) — normalized to standard CVE-YYYY-NNNNN
Changelog version header: support Product X.Y.Z (status) released on Date format (ISC ChangeLog)
Tests for Io.read_package_list_file (path traversal, comments, blank lines, errors)
Tests for Custom_packages.collect (combined --package/--packages-file logic)
Tests for List_utils.chunk with size <= 0
Test for Stats.create ~custom_packages:[] normalization to None
Extract Custom_packages.collect into test_rebuild library for testability
task test-rebuild: --package PKG (repeatable) and --packages-file FILE flags to rebuild a custom set of packages instead of the full RDB dependency tree

Changed¶

task manage: log viewer logic extracted to shared tui_logview library (no user-visible change)
task test-rebuild --top: event loop migrated from Unix.select to Lwt for LTerm integration

Fixed¶

gen version-up: tags with package name prefix and v-prefixed version (e.g. --tag freeipmi-1-6-17 --to-version v1.6.17) generated wrong pattern with 4 groups instead of recognizing freeipmi- as prefix — now strips v/V prefix before matching
task test-rebuild --top: pressing [f] to view failures on the completion screen did nothing — render always showed the completion box ignoring view_mode, and the post-completion input loop never re-rendered
task test-rebuild --top: pressing Enter on failures without log files (e.g. "SRPM not found") did nothing — now shows the error message inline with a "press any key" prompt
package_spec: is_alt_release now accepts branch releases (alt1.M110P.1) and architecture-specific releases (alt1_e2k1) — previously only digits and dots were allowed after alt, causing release to be merged into version and breaking version comparison
task test-rebuild: --continue-no-refresh now updates packages_to_rebuild in stats when package list changes between runs, preventing stale diff comparisons on subsequent --continue
task manage: approve/disapprove with message and run-with-commit message failed in TUI — interactive_quiet mode appended `