The Arch Linux Security Tracker is a lightweight flask based panel for tracking vulnerabilities in Arch Linux packages, displaying vulnerability details and generating security advisories.
- Issue tracking
- Issue grouping
- libalpm support
- Todo lists
- Advisory scheduling
- Advisory generation
- SSO or local users
- python >= 3.4
- python-sqlalchemy
- python-sqlalchemy-continuum
- python-flask
- python-flask-sqlalchemy
- python-flask-talisman
- python-flask-wtf
- python-flask-login
- python-flask-migrate
- python-authlib
- python-email-validator
- python-requests
- python-scrypt
- python-feedgen
- python-pytz
- python-markupsafe
- pyalpm
- sqlite
- python-isort
- python-pytest
- python-pytest-cov
Python dependencies can be installed in a virtual environment (venv
), by running:
python -m venv .virtualenv
. .virtualenv/bin/activate
pip install -r requirements.txt
For running tests:
pip install -r test-requirements.txt
make
run debug mode:
make run
adding a new user:
make user
run tests:
make test
For production run it through uwsgi
The trackerctl
script provides access to the command line interface
that controls and operates different parts of the tracker. All commands
and subcommands provide a --help
option that describes the operation
and all its available options.
The configurations are all placed into the config
directory and
applied as a sorted cascade.
The default values in the 00-default.conf
file should not be
altered for customization. If some tweaking is required, simply create
a new configuration file with a .local.conf
suffix and some non
zero prefix like 20-user.local.conf
. Files using this suffix are
on the .gitignore
and not handled as untracked or dirty.
A simple test environment for SSO can be configured using Keycloak:
-
Run a local Keycloak installation via docker as described upstream.
-
Create an
arch-security-tracker
client in Keycloak like in test/data/openid-client.json. Make sure the client contains a mapper for the group memberships calledgroups
which is included as a claim. -
Create a local tracker config file with enabled SSO and configure OIDC secrets, groups and metadata url accordingly.
Help is appreciated, for some guidelines and recommendations check our Contribution file.