Implement Bearer token validation using jsonwebtoken with JWKS caching
and automatic key rotation handling. AuthState fetches keys from the
configured OIDC provider's jwks_uri at startup and refreshes on unknown
kid. Axum middleware (require_auth) protects write routes, injecting
AuthenticatedUser into request extensions. The auth_check admin endpoint
now performs real JWT validation when oauth2 is configured.
Includes architecture plan for the full publish API with RBAC at
docs/ai/plans/2026-04-09-publish-api-oidc.md.
fetch_manifest and the receiver were parsing legacy text manifests which
reference SHA1 hashes, while pkg5-imported repos store files under SHA-256.
Prefer the JSON manifest (.json) everywhere so payload lookups find the
correct files. Fixes archive creation, archive import, and local
FileBackend-to-FileBackend receive for pkg5-imported repositories.
Also completes the search REST API: v0 now returns 204 for empty results
per the pkg5 spec, and publisher-less routes (/search/0/, /search/1/) are
added for clients that omit the publisher prefix.
Merge both the UI handler (index, ui modules) and the legacy pkg5
search endpoint changes. Remove the obsolete JSON-based
build_search_index method since search now uses FTS5 via
sqlite_catalog::build_shards.
Replace the cramped FMRI badge and install-cmd div with full-width
copyable blocks that have labeled headers, single-line horizontal
scrolling (no wrapping), and a copy-to-clipboard button. The button
shows a checkmark on success. The install command copy strips the
leading $ prompt.
Read last-modified from catalog.attrs instead of using get_info() which
falls back to current time when the package directory scan finds nothing.
Widened publisher card grid min-width from 320px to 420px so the
formatted date doesn't get cut off.
Dependency FMRIs are version constraints (e.g. SUNWcs@0.5.11-151056.0)
not exact versions, so they don't match any specific manifest. Now
dependency links use the package name only, and the detail handler
resolves name-only or partial-version FMRIs by finding the latest
version from list_packages and redirecting to it.
The external CSS file wasn't loading on the deployed server despite
being embedded in the binary — likely a route matching or reverse
proxy issue. Moved all CSS into an inline <style> tag in the base
template. Since Askama compiles templates into the binary, this
guarantees the styles render with the HTML on first paint with zero
external dependencies. HTMX JS remains as an embedded route handler.
Static files (CSS, JS) were served via ServeDir using CARGO_MANIFEST_DIR
which only exists on the build machine, not on deployed servers. This
caused: white unstyled page, always-visible loading indicators, and
broken manifest loading.
- Embed style.css and htmx.min.js into the binary via include_str!
- Serve them from dedicated handlers with proper content-type and caching
- Move Google Fonts from CSS @import to <link> tags with preconnect
for non-blocking font loading
- Remove ServeDir dependency from routes
Fix package detail 404: FMRI in URL paths now uses just name@version
instead of the full pkg://publisher/name@version, since the publisher
is already a separate path segment. This affected package detail,
manifest loading, dependency links, and search result links.
Drop Pico.css CDN dependency — it was fighting the custom dark theme
causing visual issues. Replaced with a complete standalone stylesheet
with proper reset, giving full control over the design.
Design overhaul:
- Dark "Solaris Engineering" theme with amber accent colors
- JetBrains Mono + Source Sans 3 typography via Google Fonts
- Publisher cards with accent borders and stats layout
- Styled package tables with hover states
- Breadcrumb navigation and active nav indicators
- Colored dependency type badges (require/optional/incorporate)
- Terminal-style install command display
- Floating pill-shaped P5I cart with enter animation
- Custom scrollbars for manifest viewer
Bug fixes:
- P5I cart now hidden by default (was visible with 0 items)
- "Updated" timestamp now formatted via format_packaging_date
- Package count falls back to list_packages when get_info reports 0
Add a human-facing web interface at /ui/ for browsing IPS package
repositories. Uses Askama templates, HTMX for interactivity, and
Pico.css for styling.
Routes:
- /ui/ - Publisher list with package counts
- /ui/packages/:publisher - Paginated package list
- /ui/search - Search with HTMX search-as-you-type
- /ui/package/:publisher/*fmri - Package detail with lazy manifest
- /ui/p5i - P5I file generation for installing package sets
- Updated `FileBackend::open` calls to use immutable `repo` variables across multiple modules.
- Improved dependency action string construction by integrating optional properties, predicates, and facets for better clarity and flexibility.
- Transitioned the catalog backend from `redb` to `rusqlite` for better compatibility and concurrency.
- Updated `IpsProvider` to use SQLite for package querying, dependency resolution, and obsolescence handling.
- Removed `decode_manifest_bytes_local` and unused `manifest` cache logic.
- Simplified catalog-related functions and integrated `sqlite_catalog` module.
- Enhanced test functions and added schemas for managing SQLite databases.
- Introduced scripts and configurations for manual testing using `anyvm` with OpenIndiana and OmniOS.
- Implemented repository fetching (`fetch_repo.sh`) and server startup (`run_depotd.sh`) scripts.
- Enhanced `pkg6depotd` to support default publisher routes and trailing slashes.
- Updated integration tests to verify new publisher route behavior.
- Introduced a searchable index with structured `IndexEntry` support for packages, files, directories, and dependencies.
- Added `search` method in `DepotRepo` with wildcard and case-sensitive query handling.
- Created `/search/0` and `/search/1` routes for search API, supporting publishers and token-based queries.
- Updated `SearchIndex` handling to map tokens to detailed `IndexEntry` structures.
- Improved index building to include attributes for files, directories, and dependencies.
- Added `/file/1/{digest}` route to support file retrieval without specifying the algorithm.
- Implemented a Python-compatible JSON serializer to ensure consistent formatting for catalog artifacts.
- Replaced `HashMap` with `BTreeMap` for deterministic ordering in catalog serialization and updates.
- Updated integration tests to validate the new route functionality and ensure response correctness.
- Refactored `format_iso8601_basic` to improve timestamp formatting consistency.
- Adjusted indentation and line breaks for structs, functions, and method calls to comply with Rust formatting standards.
- Improved error message formatting and consistency across `PkgTreeError` instances.
- Restructured long function arguments and chained calls for clarity and maintainability.
- Simplified conditional statements and loops for better readability.
- No functional changes introduced.
- Introduced caching headers (`Cache-Control`, `ETag`, `Last-Modified`) for file responses to improve client-side caching.
- Added HTTP admin routes for health check and authentication validation.
- Made `cache_max_age` configurable via server configuration with a default of 3600 seconds.
- Enhanced file handler with metadata-based `Last-Modified` computation.
- Updated integration tests to cover new functionality and ensure correctness.
- Enhanced `get_info` handler to parse version components into `Build Release`, `Branch`, and `Packaging Date`.
- Added proper FMRI formatting in `pkg://<publisher>/<name>@<version>` format.
- Implemented license content resolution with file-based lookup, gzip decompression, and content truncation.
- Introduced compressed and uncompressed package size calculations for manifest actions.
- Updated dependencies to include `chrono` and `flate2` for date parsing and gzip decompression.
- Ensured correct `Content-Type` header for catalog artifacts (`catalog.attrs` and `catalog.*`) in HTTP responses.
- Added SHA-1 based weak ETag generation for manifest responses to improve caching and legacy compatibility.
- Updated `integration_tests` to validate content-type and ETag correctness.
- Added new dependency `sha1` for hashing support.
- Introduced `BatchOptions` for configurable batched catalog rebuilds.
- Added `rebuild_catalog_batched` in `file_backend` for batched processing with deterministic package order and progress tracking.
- Updated `rebuild_catalog` to leverage the new batched implementation with default options.
- Added integration test `test_ini_only_repo_serving_catalog` to validate functionality with an INI-only repository configuration.
- Enhanced test coverage for legacy catalog handling via `pkg5.repository`.
- Removed now-redundant catalog path resolution logic in `repo.rs`.
- Updated `file_backend` with a unified method for fetching catalog file paths, addressing invalid path prefixes.
- Adjusted HTTP handler to use the updated method.
- Added `Operation` enum and `SupportedOperation` struct to encapsulate supported operations and versions.
- Updated response generation to dynamically include the `pkg6depotd` version and supported operations.
- Enhanced integration tests to validate version string format changes.
- Expanded repository structure by introducing methods for fetching legacy catalogs, catalog file paths, and repository info.
- Added new REST API v1 endpoints for catalog, manifest, file, and publisher handling.
- Implemented `publisher` handler module with `get_publisher_v0` and `get_publisher_v1` methods to retrieve publisher details in pkg5 format.
- Updated `integration_tests` to validate new endpoints and ensure compatibility with legacy and modern catalog/manifest handling.
- Removed unused dependency `walkdir` and refactored test cases for clarity and efficiency.
- Implemented `DepotRepo` for repository access, including methods for catalog path, file path, and manifest retrieval.
- Introduced foundational HTTP routes for catalog, manifest, file, and package info retrieval.
- Added integration tests to validate repository setup and basic server functionality.
- Modularized HTTP handlers for better maintainability and extended them with new implementations like `info` and `manifest` handling.
- Refactored `main` function to simplify initialization and leverage reusable `run` logic in a new `lib.rs`.
- Updated `Cargo.toml` and `Cargo.lock` to include new dependencies: `walkdir` and updated testing utilities.
- Added initial implementation of the `pkg6depotd` server with modular components for CLI parsing, configuration management, HTTP handling, repository access, and daemonization.
- Implemented basic server startup logic with a default router and placeholder handlers.
- Integrated telemetry initialization and configuration fallback mechanism for ease of development.
- Updated `Cargo.toml` and `Cargo.lock` to include dependencies necessary for server functionality.
- Add methods to find and clean up obsoleted packages older than a specified TTL (`find_obsoleted_packages_older_than_ttl` and `cleanup_obsoleted_packages_older_than_ttl`) in `libips`.
- Implement a new `CleanupObsoleted` command in `pkg6repo` to handle cleanup operations.
- Update workspace `Cargo.toml` files with unified attributes for better consistency.
- Adjust dependencies (`libips` version patterns, `thiserror` updates) and enhance metadata management for obsoleted packages.
- Enhance repository operations by adding batch processing and robust logging during cleanup.
