Release version 0.7.8

Fix: release now skips missing pyproject.toml without failing
- Updated update_pyproject_version() to gracefully skip missing or unreadable pyproject.toml - Added corresponding unit test ensuring missing file triggers no exception and no file creation - Updated test wording for spec changelog section - Ref: adjustments discussed in ChatGPT conversation (2025-12-09) - https://chatgpt.com/share/69388024-93e4-800f-a09f-bf78a6b9a53f
2025-12-09 21:03:24 +01:00 · 2025-12-09 21:02:01 +01:00 · 2025-12-09 20:52:07 +01:00 · 2025-12-09 17:54:41 +01:00 · 2025-12-09 17:53:10 +01:00 · 2025-12-09 17:14:22 +01:00
25 changed files with 928 additions and 136 deletions
--- a/.github/workflows/test-container.yml
+++ b/.github/workflows/test-container.yml
@@ -1,4 +1,4 @@
-name: Test Distribution Containers
+name: Test OS Containers

 on:
  push:
--- a/.github/workflows/test-e2e.yml
+++ b/.github/workflows/test-e2e.yml
@@ -1,4 +1,4 @@
-name: Test package-manager (e2e)
+name: Test End-To-End

 on:
  push:
--- a/.github/workflows/test-integration.yml
+++ b/.github/workflows/test-integration.yml
@@ -1,4 +1,4 @@
-name: Test package-manager (integration)
+name: Test Code Integration

 on:
  push:
@@ -21,9 +21,5 @@ jobs:
      - name: Show Docker version
        run: docker version

-      # Build Arch test image (same as used in test-unit and test-e2e)
-      - name: Build test images
-        run: make build
-
      - name: Run integration tests via make (Arch container)
-        run: make test-integration
+        run: make test-integration DISTROS="arch"
--- a/.github/workflows/test-unit.yml
+++ b/.github/workflows/test-unit.yml
@@ -1,4 +1,4 @@
-name: Test package-manager (unit)
+name: Test Units

 on:
  push:
@@ -22,4 +22,4 @@ jobs:
        run: docker version

      - name: Run unit tests via make (Arch container)
-        run: make test-unit
+        run: make test-unit DISTROS="arch"
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,28 @@
+## [0.7.8] - 2025-12-09
+
+* Missing pyproject.toml doesn't lead to an error during release
+
+
+## [0.7.7] - 2025-12-09
+
+* Added TEST_PATTERN parameter to execute dedicated tests
+
+
+## [0.7.6] - 2025-12-09
+
+* Fixed pull --preview bug in e2e test
+
+
+## [0.7.5] - 2025-12-09
+
+* Fixed wrong directory permissions for nix
+
+
+## [0.7.4] - 2025-12-09
+
+* Fixed missing build in test workflow -> Tests pass now
+
+
 ## [0.7.3] - 2025-12-09

 * Fixed bug: Ignored packages are now ignored
--- a/16
+++ b/16
@@ -12,7 +12,7 @@ NIX_CACHE_VOLUME := pkgmgr_nix_cache
 # Distro list and base images
 # (kept for documentation/reference; actual build logic is in scripts/build)
 # ------------------------------------------------------------
-DISTROS := arch debian ubuntu fedora centos
+DISTROS 		  := arch debian ubuntu fedora centos
 BASE_IMAGE_ARCH   := archlinux:latest
 BASE_IMAGE_DEBIAN := debian:stable-slim
 BASE_IMAGE_UBUNTU := ubuntu:latest
@@ -27,6 +27,10 @@ export BASE_IMAGE_UBUNTU
 export BASE_IMAGE_FEDORA
 export BASE_IMAGE_CENTOS

+# PYthon Unittest Pattern
+TEST_PATTERN	:= test_*.py
+export TEST_PATTERN
+
 # ------------------------------------------------------------
 # PKGMGR setup (developer wrapper -> scripts/installation/main.sh)
 # ------------------------------------------------------------
@@ -46,16 +50,16 @@ build:
 # Test targets (delegated to scripts/test)
 # ------------------------------------------------------------

-test-unit:
+test-unit: build-missing
 	@bash scripts/test/test-unit.sh

-test-integration:
+test-integration: build-missing
 	@bash scripts/test/test-integration.sh

-test-e2e:
+test-e2e: build-missing
 	@bash scripts/test/test-e2e.sh

-test-container:
+test-container: build-missing
 	@bash scripts/test/test-container.sh

 # ------------------------------------------------------------
@@ -65,7 +69,7 @@ build-missing:
 	@bash scripts/build/build-image-missing.sh

 # Combined test target for local + CI (unit + e2e + integration)
-test: build-missing test-container test-unit test-e2e test-integration
+test: test-container test-unit test-e2e test-integration

 # ------------------------------------------------------------
 # System install (native packages, calls scripts/installation/run-package.sh)
--- a/2
+++ b/2
@@ -1,7 +1,7 @@
 # Maintainer: Kevin Veen-Birkenbach <info@veen.world>

 pkgname=package-manager
-pkgver=0.7.3
+pkgver=0.7.8
 pkgrel=1
 pkgdesc="Local-flake wrapper for Kevin's package-manager (Nix-based)."
 arch=('any')
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,33 @@
+package-manager (0.7.8-1) unstable; urgency=medium
+
+  * Missing pyproject.toml doesn't lead to an error during release
+
+ -- Kevin Veen-Birkenbach <kevin@veen.world>  Tue, 09 Dec 2025 21:03:24 +0100
+
+package-manager (0.7.7-1) unstable; urgency=medium
+
+  * Added TEST_PATTERN parameter to execute dedicated tests
+
+ -- Kevin Veen-Birkenbach <kevin@veen.world>  Tue, 09 Dec 2025 17:54:38 +0100
+
+package-manager (0.7.6-1) unstable; urgency=medium
+
+  * Fixed pull --preview bug in e2e test
+
+ -- Kevin Veen-Birkenbach <kevin@veen.world>  Tue, 09 Dec 2025 17:14:19 +0100
+
+package-manager (0.7.5-1) unstable; urgency=medium
+
+  * Fixed wrong directory permissions for nix
+
+ -- Kevin Veen-Birkenbach <kevin@veen.world>  Tue, 09 Dec 2025 16:45:42 +0100
+
+package-manager (0.7.4-1) unstable; urgency=medium
+
+  * Fixed missing build in test workflow -> Tests pass now
+
+ -- Kevin Veen-Birkenbach <kevin@veen.world>  Tue, 09 Dec 2025 16:22:00 +0100
+
 package-manager (0.7.3-1) unstable; urgency=medium

  * Fixed bug: Ignored packages are now ignored
--- a/flake.nix
+++ b/flake.nix
@@ -31,7 +31,7 @@
        rec {
          pkgmgr = pyPkgs.buildPythonApplication {
            pname   = "package-manager";
-            version = "0.7.3";
+            version = "0.7.8";

            # Use the git repo as source
            src = ./.;
--- a/package-manager.spec
+++ b/package-manager.spec
@@ -1,5 +1,5 @@
 Name:           package-manager
-Version:        0.7.3
+Version:        0.7.8
 Release:        1%{?dist}
 Summary:        Wrapper that runs Kevin's package-manager via Nix flake

@@ -77,6 +77,21 @@ echo ">>> package-manager removed. Nix itself was not removed."
 /usr/lib/package-manager/

 %changelog
+* Tue Dec 09 2025 Kevin Veen-Birkenbach <kevin@veen.world> - 0.7.8-1
+- Missing pyproject.toml doesn't lead to an error during release
+
+* Tue Dec 09 2025 Kevin Veen-Birkenbach <kevin@veen.world> - 0.7.7-1
+- Added TEST_PATTERN parameter to execute dedicated tests
+
+* Tue Dec 09 2025 Kevin Veen-Birkenbach <kevin@veen.world> - 0.7.6-1
+- Fixed pull --preview bug in e2e test
+
+* Tue Dec 09 2025 Kevin Veen-Birkenbach <kevin@veen.world> - 0.7.5-1
+- Fixed wrong directory permissions for nix
+
+* Tue Dec 09 2025 Kevin Veen-Birkenbach <kevin@veen.world> - 0.7.4-1
+- Fixed missing build in test workflow -> Tests pass now
+
 * Tue Dec 09 2025 Kevin Veen-Birkenbach <kevin@veen.world> - 0.7.3-1
 - Fixed bug: Ignored packages are now ignored

--- a/pkgmgr/actions/release/files.py
+++ b/pkgmgr/actions/release/files.py
@@ -85,7 +85,6 @@ def _open_editor_for_changelog(initial_message: Optional[str] = None) -> str:
 # File update helpers (pyproject + extra packaging + changelog)
 # ---------------------------------------------------------------------------

-
 def update_pyproject_version(
    pyproject_path: str,
    new_version: str,
@@ -99,13 +98,25 @@ def update_pyproject_version(
        version = "X.Y.Z"

    and replaces the version part with the given new_version string.
+
+    If the file does not exist, it is skipped without failing the release.
    """
+    if not os.path.exists(pyproject_path):
+        print(
+            f"[INFO] pyproject.toml not found at: {pyproject_path}, "
+            "skipping version update."
+        )
+        return
+
    try:
        with open(pyproject_path, "r", encoding="utf-8") as f:
            content = f.read()
-    except FileNotFoundError:
-        print(f"[ERROR] pyproject.toml not found at: {pyproject_path}")
-        sys.exit(1)
+    except OSError as exc:
+        print(
+            f"[WARN] Could not read pyproject.toml at {pyproject_path}: {exc}. "
+            "Skipping version update."
+        )
+        return

    pattern = r'^(version\s*=\s*")([^"]+)(")'
    new_content, count = re.subn(
--- a/pkgmgr/actions/repository/install/installers/nix_flake.py
+++ b/pkgmgr/actions/repository/install/installers/nix_flake.py
@@ -13,6 +13,13 @@ Behavior:
      * Then install the flake outputs (`pkgmgr`, `default`) via `nix profile install`.
  - Failure installing `pkgmgr` is treated as fatal.
  - Failure installing `default` is logged as an error/warning but does not abort.
+
+Special handling for dev shells / CI:
+  - If IN_NIX_SHELL is set (e.g. inside `nix develop`), the installer is
+    disabled. In that environment the flake outputs are already provided
+    by the dev shell and we must not touch the user profile.
+  - If PKGMGR_DISABLE_NIX_FLAKE_INSTALLER=1 is set, the installer is
+    globally disabled (useful for CI or debugging).
 """

 import os
@@ -36,14 +43,45 @@ class NixFlakeInstaller(BaseInstaller):
    FLAKE_FILE = "flake.nix"
    PROFILE_NAME = "package-manager"

+    def _in_nix_shell(self) -> bool:
+        """
+        Return True if we appear to be running inside a Nix dev shell.
+
+        Nix sets IN_NIX_SHELL in `nix develop` environments. In that case
+        the flake outputs are already available, and touching the user
+        profile (nix profile install/remove) is undesirable.
+        """
+        return bool(os.environ.get("IN_NIX_SHELL"))
+
    def supports(self, ctx: "RepoContext") -> bool:
        """
        Only support repositories that:
-          - Have a flake.nix
+          - Are NOT inside a Nix dev shell (IN_NIX_SHELL unset),
+          - Are NOT explicitly disabled via PKGMGR_DISABLE_NIX_FLAKE_INSTALLER=1,
+          - Have a flake.nix,
          - And have the `nix` command available.
        """
+        # 1) Skip when running inside a dev shell – flake is already active.
+        if self._in_nix_shell():
+            print(
+                "[INFO] IN_NIX_SHELL detected; skipping NixFlakeInstaller. "
+                "Flake outputs are provided by the development shell."
+            )
+            return False
+
+        # 2) Optional global kill-switch for CI or debugging.
+        if os.environ.get("PKGMGR_DISABLE_NIX_FLAKE_INSTALLER") == "1":
+            print(
+                "[INFO] PKGMGR_DISABLE_NIX_FLAKE_INSTALLER=1 – "
+                "NixFlakeInstaller is disabled."
+            )
+            return False
+
+        # 3) Nix must be available.
        if shutil.which("nix") is None:
            return False
+
+        # 4) flake.nix must exist in the repository.
        flake_path = os.path.join(ctx.repo_dir, self.FLAKE_FILE)
        return os.path.exists(flake_path)

@@ -76,6 +114,14 @@ class NixFlakeInstaller(BaseInstaller):
        Any failure installing `pkgmgr` is treated as fatal (SystemExit).
        A failure installing `default` is logged but does not abort.
        """
+        # Extra guard in case run() is called directly without supports().
+        if self._in_nix_shell():
+            print(
+                "[INFO] IN_NIX_SHELL detected in run(); "
+                "skipping Nix flake profile installation."
+            )
+            return
+
        # Reuse supports() to keep logic in one place
        if not self.supports(ctx):  # type: ignore[arg-type]
            return
@@ -91,7 +137,12 @@ class NixFlakeInstaller(BaseInstaller):
            try:
                # For 'default' we don't want the process to exit on error
                allow_failure = output == "default"
-                run_command(cmd, cwd=ctx.repo_dir, preview=ctx.preview, allow_failure=allow_failure)
+                run_command(
+                    cmd,
+                    cwd=ctx.repo_dir,
+                    preview=ctx.preview,
+                    allow_failure=allow_failure,
+                )
                print(f"Nix flake output '{output}' successfully installed.")
            except SystemExit as e:
                print(f"[Error] Failed to install Nix flake output '{output}': {e}")
--- a/pkgmgr/actions/repository/install/installers/os_packages/debian_control.py
+++ b/pkgmgr/actions/repository/install/installers/os_packages/debian_control.py
@@ -17,7 +17,6 @@ apt/dpkg tooling are available.
 import glob
 import os
 import shutil
-
 from typing import List

 from pkgmgr.actions.repository.install.context import RepoContext
@@ -68,6 +67,32 @@ class DebianControlInstaller(BaseInstaller):
        pattern = os.path.join(parent, "*.deb")
        return sorted(glob.glob(pattern))

+    def _privileged_prefix(self) -> str | None:
+        """
+        Determine how to run privileged commands:
+
+          - If 'sudo' is available, return 'sudo '.
+          - If we are running as root (e.g. inside CI/container), return ''.
+          - Otherwise, return None, meaning we cannot safely elevate.
+
+        Callers are responsible for handling the None case (usually by
+        warning and skipping automatic installation).
+        """
+        sudo_path = shutil.which("sudo")
+
+        is_root = False
+        try:
+            is_root = os.geteuid() == 0
+        except AttributeError:  # pragma: no cover - non-POSIX platforms
+            # On non-POSIX systems, fall back to assuming "not root".
+            is_root = False
+
+        if sudo_path is not None:
+            return "sudo "
+        if is_root:
+            return ""
+        return None
+
    def _install_build_dependencies(self, ctx: RepoContext) -> None:
        """
        Install build dependencies using `apt-get build-dep ./`.
@@ -86,12 +111,25 @@ class DebianControlInstaller(BaseInstaller):
            )
            return

+        prefix = self._privileged_prefix()
+        if prefix is None:
+            print(
+                "[Warning] Neither 'sudo' is available nor running as root. "
+                "Skipping automatic build-dep installation for Debian. "
+                "Please install build dependencies from debian/control manually."
+            )
+            return
+
        # Update package lists first for reliable build-dep resolution.
-        run_command("sudo apt-get update", cwd=ctx.repo_dir, preview=ctx.preview)
+        run_command(
+            f"{prefix}apt-get update",
+            cwd=ctx.repo_dir,
+            preview=ctx.preview,
+        )

        # Install build dependencies based on debian/control in the current tree.
        # `apt-get build-dep ./` uses the source in the current directory.
-        builddep_cmd = "sudo apt-get build-dep -y ./"
+        builddep_cmd = f"{prefix}apt-get build-dep -y ./"
        run_command(builddep_cmd, cwd=ctx.repo_dir, preview=ctx.preview)

    def run(self, ctx: RepoContext) -> None:
@@ -101,7 +139,7 @@ class DebianControlInstaller(BaseInstaller):
        Steps:
          1. apt-get build-dep ./ (automatic build dependency installation)
          2. dpkg-buildpackage -b -us -uc
-          3. sudo dpkg -i ../*.deb
+          3. sudo dpkg -i ../*.deb   (or plain dpkg -i when running as root)
        """
        control_path = self._control_path(ctx)
        if not os.path.exists(control_path):
@@ -123,7 +161,17 @@ class DebianControlInstaller(BaseInstaller):
            )
            return

+        prefix = self._privileged_prefix()
+        if prefix is None:
+            print(
+                "[Warning] Neither 'sudo' is available nor running as root. "
+                "Skipping automatic .deb installation. "
+                "You can manually install the following files with dpkg -i:\n  "
+                + "\n  ".join(debs)
+            )
+            return
+
        # 4) Install .deb files
-        install_cmd = "sudo dpkg -i " + " ".join(os.path.basename(d) for d in debs)
+        install_cmd = prefix + "dpkg -i " + " ".join(os.path.basename(d) for d in debs)
        parent = os.path.dirname(ctx.repo_dir)
        run_command(install_cmd, cwd=parent, preview=ctx.preview)
--- a/pkgmgr/actions/repository/install/installers/os_packages/rpm_spec.py
+++ b/pkgmgr/actions/repository/install/installers/os_packages/rpm_spec.py
@@ -7,8 +7,10 @@ Installer for RPM-based packages defined in *.spec files.
 This installer:

  1. Installs build dependencies via dnf/yum builddep (where available)
-  2. Uses rpmbuild to build RPMs from the provided .spec file
-  3. Installs the resulting RPMs via `rpm -i`
+  2. Prepares a source tarball in ~/rpmbuild/SOURCES based on the .spec
+  3. Uses rpmbuild to build RPMs from the provided .spec file
+  4. Installs the resulting RPMs via the system package manager (dnf/yum)
+     or rpm as a fallback.

 It targets RPM-based systems (Fedora / RHEL / CentOS / Rocky / Alma, etc.).
 """
@@ -16,8 +18,8 @@ It targets RPM-based systems (Fedora / RHEL / CentOS / Rocky / Alma, etc.).
 import glob
 import os
 import shutil
-
-from typing import List, Optional
+import tarfile
+from typing import List, Optional, Tuple

 from pkgmgr.actions.repository.install.context import RepoContext
 from pkgmgr.actions.repository.install.installers.base import BaseInstaller
@@ -59,6 +61,117 @@ class RpmSpecInstaller(BaseInstaller):
            return None
        return matches[0]

+    # ------------------------------------------------------------------
+    # Helpers for preparing rpmbuild topdir and source tarball
+    # ------------------------------------------------------------------
+    def _rpmbuild_topdir(self) -> str:
+        """
+        Return the rpmbuild topdir that rpmbuild will use by default.
+
+        By default this is:  ~/rpmbuild
+
+        In the self-install tests, $HOME is set to /tmp/pkgmgr-self-install,
+        so this becomes /tmp/pkgmgr-self-install/rpmbuild which matches the
+        paths in the RPM build logs.
+        """
+        home = os.path.expanduser("~")
+        return os.path.join(home, "rpmbuild")
+
+    def _ensure_rpmbuild_tree(self, topdir: str) -> None:
+        """
+        Ensure the standard rpmbuild directory tree exists:
+
+          <topdir>/
+            BUILD/
+            BUILDROOT/
+            RPMS/
+            SOURCES/
+            SPECS/
+            SRPMS/
+        """
+        for sub in ("BUILD", "BUILDROOT", "RPMS", "SOURCES", "SPECS", "SRPMS"):
+            os.makedirs(os.path.join(topdir, sub), exist_ok=True)
+
+    def _parse_name_version(self, spec_path: str) -> Optional[Tuple[str, str]]:
+        """
+        Parse Name and Version from the given .spec file.
+
+        Returns (name, version) or None if either cannot be determined.
+        """
+        name = None
+        version = None
+
+        with open(spec_path, "r", encoding="utf-8") as f:
+            for raw_line in f:
+                line = raw_line.strip()
+                # Ignore comments
+                if not line or line.startswith("#"):
+                    continue
+
+                lower = line.lower()
+                if lower.startswith("name:"):
+                    # e.g. "Name: package-manager"
+                    parts = line.split(":", 1)
+                    if len(parts) == 2:
+                        name = parts[1].strip()
+                elif lower.startswith("version:"):
+                    # e.g. "Version: 0.7.7"
+                    parts = line.split(":", 1)
+                    if len(parts) == 2:
+                        version = parts[1].strip()
+
+                if name and version:
+                    break
+
+        if not name or not version:
+            print(
+                "[Warning] Could not determine Name/Version from spec file "
+                f"'{spec_path}'. Skipping RPM source tarball preparation."
+            )
+            return None
+
+        return name, version
+
+    def _prepare_source_tarball(self, ctx: RepoContext, spec_path: str) -> None:
+        """
+        Prepare a source tarball in <HOME>/rpmbuild/SOURCES that matches
+        the Name/Version in the .spec file.
+        """
+        parsed = self._parse_name_version(spec_path)
+        if parsed is None:
+            return
+
+        name, version = parsed
+        topdir = self._rpmbuild_topdir()
+        self._ensure_rpmbuild_tree(topdir)
+
+        build_dir = os.path.join(topdir, "BUILD")
+        sources_dir = os.path.join(topdir, "SOURCES")
+
+        source_root = os.path.join(build_dir, f"{name}-{version}")
+        tarball_path = os.path.join(sources_dir, f"{name}-{version}.tar.gz")
+
+        # Clean any previous build directory for this name/version.
+        if os.path.exists(source_root):
+            shutil.rmtree(source_root)
+
+        # Copy the repository tree into BUILD/<name>-<version>.
+        shutil.copytree(ctx.repo_dir, source_root)
+
+        # Create the tarball with the top-level directory <name>-<version>.
+        if os.path.exists(tarball_path):
+            os.remove(tarball_path)
+
+        with tarfile.open(tarball_path, "w:gz") as tar:
+            tar.add(source_root, arcname=f"{name}-{version}")
+
+        print(
+            f"[INFO] Prepared RPM source tarball at '{tarball_path}' "
+            f"from '{ctx.repo_dir}'."
+        )
+
+    # ------------------------------------------------------------------
+
    def supports(self, ctx: RepoContext) -> bool:
        """
        This installer is supported if:
@@ -77,26 +190,13 @@ class RpmSpecInstaller(BaseInstaller):
        By default, rpmbuild outputs RPMs into:
          ~/rpmbuild/RPMS/*/*.rpm
        """
-        home = os.path.expanduser("~")
-        pattern = os.path.join(home, "rpmbuild", "RPMS", "**", "*.rpm")
+        topdir = self._rpmbuild_topdir()
+        pattern = os.path.join(topdir, "RPMS", "**", "*.rpm")
        return sorted(glob.glob(pattern, recursive=True))

    def _install_build_dependencies(self, ctx: RepoContext, spec_path: str) -> None:
        """
        Install build dependencies for the given .spec file.
-
-        Strategy (best-effort):
-
-          1. If dnf is available:
-               sudo dnf builddep -y <spec>
-          2. Else if yum-builddep is available:
-               sudo yum-builddep -y <spec>
-          3. Else if yum is available:
-               sudo yum-builddep -y <spec>   # Some systems provide it via yum plugin
-          4. Otherwise: print a warning and skip automatic builddep install.
-
-        Any failure in builddep installation is treated as fatal (SystemExit),
-        consistent with other installer steps.
        """
        spec_basename = os.path.basename(spec_path)

@@ -105,7 +205,6 @@ class RpmSpecInstaller(BaseInstaller):
        elif shutil.which("yum-builddep") is not None:
            cmd = f"sudo yum-builddep -y {spec_basename}"
        elif shutil.which("yum") is not None:
-            # Some distributions ship yum-builddep as a plugin.
            cmd = f"sudo yum-builddep -y {spec_basename}"
        else:
            print(
@@ -114,33 +213,17 @@ class RpmSpecInstaller(BaseInstaller):
            )
            return

-        # Run builddep in the repository directory so relative spec paths work.
        run_command(cmd, cwd=ctx.repo_dir, preview=ctx.preview)

-    def run(self, ctx: RepoContext) -> None:
+    def _install_built_rpms(self, ctx: RepoContext, rpms: List[str]) -> None:
        """
-        Build and install RPM-based packages.
+        Install or upgrade the built RPMs.

-        Steps:
-          1. dnf/yum builddep <spec> (automatic build dependency installation)
-          2. rpmbuild -ba path/to/spec
-          3. sudo rpm -i ~/rpmbuild/RPMS/*/*.rpm
+        Strategy:
+          - Prefer dnf install -y <rpms> (handles upgrades cleanly)
+          - Else yum install -y <rpms>
+          - Else fallback to rpm -Uvh <rpms> (upgrade/replace existing)
        """
-        spec_path = self._spec_path(ctx)
-        if not spec_path:
-            return
-
-        # 1) Install build dependencies
-        self._install_build_dependencies(ctx, spec_path)
-
-        # 2) Build RPMs
-        # Use the full spec path, but run in the repo directory.
-        spec_basename = os.path.basename(spec_path)
-        build_cmd = f"rpmbuild -ba {spec_basename}"
-        run_command(build_cmd, cwd=ctx.repo_dir, preview=ctx.preview)
-
-        # 3) Find built RPMs
-        rpms = self._find_built_rpms()
        if not rpms:
            print(
                "[Warning] No RPM files found after rpmbuild. "
@@ -148,13 +231,52 @@ class RpmSpecInstaller(BaseInstaller):
            )
            return

-        # 4) Install RPMs
-        if shutil.which("rpm") is None:
+        dnf = shutil.which("dnf")
+        yum = shutil.which("yum")
+        rpm = shutil.which("rpm")
+
+        if dnf is not None:
+            install_cmd = "sudo dnf install -y " + " ".join(rpms)
+        elif yum is not None:
+            install_cmd = "sudo yum install -y " + " ".join(rpms)
+        elif rpm is not None:
+            # Fallback: use rpm in upgrade mode so an existing older
+            # version is replaced instead of causing file conflicts.
+            install_cmd = "sudo rpm -Uvh " + " ".join(rpms)
+        else:
            print(
-                "[Warning] rpm binary not found on PATH. "
+                "[Warning] No suitable RPM installer (dnf/yum/rpm) found. "
                "Cannot install built RPMs."
            )
            return

-        install_cmd = "sudo rpm -i " + " ".join(rpms)
        run_command(install_cmd, cwd=ctx.repo_dir, preview=ctx.preview)
+
+    def run(self, ctx: RepoContext) -> None:
+        """
+        Build and install RPM-based packages.
+
+        Steps:
+          1. Prepare source tarball in ~/rpmbuild/SOURCES matching Name/Version
+          2. dnf/yum builddep <spec> (automatic build dependency installation)
+          3. rpmbuild -ba path/to/spec
+          4. Install built RPMs via dnf/yum (or rpm as fallback)
+        """
+        spec_path = self._spec_path(ctx)
+        if not spec_path:
+            return
+
+        # 1) Prepare source tarball so rpmbuild finds Source0 in SOURCES.
+        self._prepare_source_tarball(ctx, spec_path)
+
+        # 2) Install build dependencies
+        self._install_build_dependencies(ctx, spec_path)
+
+        # 3) Build RPMs
+        spec_basename = os.path.basename(spec_path)
+        build_cmd = f"rpmbuild -ba {spec_basename}"
+        run_command(build_cmd, cwd=ctx.repo_dir, preview=ctx.preview)
+
+        # 4) Find and install built RPMs
+        rpms = self._find_built_rpms()
+        self._install_built_rpms(ctx, rpms)
--- a/pkgmgr/actions/repository/install/installers/python.py
+++ b/pkgmgr/actions/repository/install/installers/python.py
@@ -11,15 +11,28 @@ Strategy:
      3. "pip" from PATH as last resort
  - If pyproject.toml exists: pip install .

-All installation failures are treated as fatal errors (SystemExit).
+All installation failures are treated as fatal errors (SystemExit),
+except when we explicitly skip the installer:
+
+  - If IN_NIX_SHELL is set, we assume Python is managed by Nix and
+    skip this installer entirely.
+  - If PKGMGR_DISABLE_PYTHON_INSTALLER=1 is set, the installer is
+    globally disabled (useful for CI or debugging).
 """

+from __future__ import annotations
+
 import os
 import sys
+from typing import TYPE_CHECKING

 from pkgmgr.actions.repository.install.installers.base import BaseInstaller
 from pkgmgr.core.command.run import run_command

+if TYPE_CHECKING:
+    from pkgmgr.actions.repository.install.context import RepoContext
+    from pkgmgr.actions.repository.install import InstallContext
+

 class PythonInstaller(BaseInstaller):
    """Install Python projects and dependencies via pip."""
@@ -27,19 +40,54 @@ class PythonInstaller(BaseInstaller):
    # Logical layer name, used by capability matchers.
    layer = "python"

-    def supports(self, ctx) -> bool:
+    def _in_nix_shell(self) -> bool:
+        """
+        Return True if we appear to be running inside a Nix dev shell.
+
+        Nix sets IN_NIX_SHELL in `nix develop` environments. In that case
+        the Python environment is already provided by Nix, so we must not
+        attempt an additional pip-based installation.
+        """
+        return bool(os.environ.get("IN_NIX_SHELL"))
+
+    def supports(self, ctx: "RepoContext") -> bool:
        """
        Return True if this installer should handle the given repository.

        Only pyproject.toml is supported as the single source of truth
        for Python dependencies and packaging metadata.
+
+        The installer is *disabled* when:
+          - IN_NIX_SHELL is set (Python managed by Nix dev shell), or
+          - PKGMGR_DISABLE_PYTHON_INSTALLER=1 is set.
        """
+        # 1) Skip in Nix dev shells – Python is managed by the flake/devShell.
+        if self._in_nix_shell():
+            print(
+                "[INFO] IN_NIX_SHELL detected; skipping PythonInstaller. "
+                "Python runtime is provided by the Nix dev shell."
+            )
+            return False
+
+        # 2) Optional global kill-switch.
+        if os.environ.get("PKGMGR_DISABLE_PYTHON_INSTALLER") == "1":
+            print(
+                "[INFO] PKGMGR_DISABLE_PYTHON_INSTALLER=1 – "
+                "PythonInstaller is disabled."
+            )
+            return False
+
        repo_dir = ctx.repo_dir
        return os.path.exists(os.path.join(repo_dir, "pyproject.toml"))

    def _pip_cmd(self) -> str:
        """
        Resolve the pip command to use.
+
+        Order:
+          1) PKGMGR_PIP (explicit override)
+          2) sys.executable -m pip
+          3) plain "pip"
        """
        explicit = os.environ.get("PKGMGR_PIP", "").strip()
        if explicit:
@@ -50,12 +98,23 @@ class PythonInstaller(BaseInstaller):

        return "pip"

-    def run(self, ctx) -> None:
+    def run(self, ctx: "InstallContext") -> None:
        """
        Install Python project defined via pyproject.toml.

        Any pip failure is propagated as SystemExit.
        """
+        # Extra guard in case run() is called directly without supports().
+        if self._in_nix_shell():
+            print(
+                "[INFO] IN_NIX_SHELL detected in PythonInstaller.run(); "
+                "skipping pip-based installation."
+            )
+            return
+
+        if not self.supports(ctx):  # type: ignore[arg-type]
+            return
+
        pip_cmd = self._pip_cmd()

        pyproject = os.path.join(ctx.repo_dir, "pyproject.toml")
--- a/pkgmgr/actions/repository/pull.py
+++ b/pkgmgr/actions/repository/pull.py
@@ -1,35 +1,57 @@
 import os
 import subprocess
 import sys
+
 from pkgmgr.core.repository.identifier import get_repo_identifier
 from pkgmgr.core.repository.dir import get_repo_dir
 from pkgmgr.core.repository.verify import verify_repository

+
 def pull_with_verification(
    selected_repos,
    repositories_base_dir,
    all_repos,
    extra_args,
    no_verification,
-    preview:bool):
+    preview: bool,
+) -> None:
    """
-    Executes "git pull" for each repository with verification.
-    
-    Uses the verify_repository function in "pull" mode.
-    If verification fails (and verification info is set) and --no-verification is not enabled,
-    the user is prompted to confirm the pull.
+    Execute `git pull` for each repository with verification.
+
+    - Uses verify_repository() in "pull" mode.
+    - If verification fails (and verification info is set) and
+      --no-verification is not enabled, the user is prompted to confirm
+      the pull.
+    - In preview mode, no interactive prompts are performed and no
+      Git commands are executed; only the would-be command is printed.
    """
    for repo in selected_repos:
        repo_identifier = get_repo_identifier(repo, all_repos)
        repo_dir = get_repo_dir(repositories_base_dir, repo)
+
        if not os.path.exists(repo_dir):
            print(f"Repository directory '{repo_dir}' not found for {repo_identifier}.")
            continue

        verified_info = repo.get("verified")
-        verified_ok, errors, commit_hash, signing_key = verify_repository(repo, repo_dir, mode="pull", no_verification=no_verification)
+        verified_ok, errors, commit_hash, signing_key = verify_repository(
+            repo,
+            repo_dir,
+            mode="pull",
+            no_verification=no_verification,
+        )

-        if not no_verification and verified_info and not verified_ok:
+        # Only prompt the user if:
+        #   - we are NOT in preview mode
+        #   - verification is enabled
+        #   - the repo has verification info configured
+        #   - verification failed
+        if (
+            not preview
+            and not no_verification
+            and verified_info
+            and not verified_ok
+        ):
            print(f"Warning: Verification failed for {repo_identifier}:")
            for err in errors:
                print(f"  - {err}")
@@ -37,12 +59,19 @@ def pull_with_verification(
            if choice != "y":
                continue

-        full_cmd = f"git pull {' '.join(extra_args)}"
+        # Build the git pull command (include extra args if present)
+        args_part = " ".join(extra_args) if extra_args else ""
+        full_cmd = f"git pull{(' ' + args_part) if args_part else ''}"
+
        if preview:
+            # Preview mode: only show the command, do not execute or prompt.
            print(f"[Preview] In '{repo_dir}': {full_cmd}")
        else:
            print(f"Running in '{repo_dir}': {full_cmd}")
            result = subprocess.run(full_cmd, cwd=repo_dir, shell=True)
            if result.returncode != 0:
-                print(f"'git pull' for {repo_identifier} failed with exit code {result.returncode}.")
+                print(
+                    f"'git pull' for {repo_identifier} failed "
+                    f"with exit code {result.returncode}."
+                )
                sys.exit(result.returncode)
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -7,7 +7,7 @@ build-backend = "setuptools.build_meta"

 [project]
 name = "package-manager"
-version = "0.7.3"
+version = "0.7.8"
 description = "Kevin's package-manager tool (pkgmgr)"
 readme = "README.md"
 requires-python = ">=3.11"
--- a/scripts/docker/entry.sh
+++ b/scripts/docker/entry.sh
@@ -2,28 +2,59 @@
 set -euo pipefail

 # ---------------------------------------------------------------------------
-# Ensure Nix has access to a valid CA bundle (TLS trust store)
+# Detect and export a valid CA bundle so Nix, Git, curl and Python tooling
+# can successfully perform HTTPS requests on all distros (Debian, Ubuntu,
+# Fedora, RHEL, CentOS, etc.)
 # ---------------------------------------------------------------------------
-if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then
-  if [[ -f /etc/ssl/certs/ca-certificates.crt ]]; then
-    # Debian/Ubuntu-style path
-    export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
-    echo "[docker] Using CA bundle: ${NIX_SSL_CERT_FILE}"
-  elif [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then
-    # Fedora/RHEL/CentOS-style path
-    export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
-    echo "[docker] Using CA bundle: ${NIX_SSL_CERT_FILE}"
-  else
-    echo "[docker] WARNING: No CA bundle found for Nix (NIX_SSL_CERT_FILE not set)."
-    echo "[docker] HTTPS access for Nix flakes may fail."
-  fi
+detect_ca_bundle() {
+  # Common CA bundle locations across major Linux distributions
+  local candidates=(
+    /etc/ssl/certs/ca-certificates.crt                       # Debian/Ubuntu
+    /etc/ssl/cert.pem                                       # Some distros
+    /etc/pki/tls/certs/ca-bundle.crt                        # Fedora/RHEL/CentOS
+    /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem       # CentOS/RHEL extracted bundle
+    /etc/ssl/ca-bundle.pem                                  # Generic fallback
+  )
+
+  for path in "${candidates[@]}"; do
+    if [[ -f "$path" ]]; then
+      echo "$path"
+      return 0
+    fi
+  done
+
+  return 1
+}
+
+# Use existing NIX_SSL_CERT_FILE if provided, otherwise auto-detect
+CA_BUNDLE="${NIX_SSL_CERT_FILE:-}"
+
+if [[ -z "${CA_BUNDLE}" ]]; then
+  CA_BUNDLE="$(detect_ca_bundle || true)"
+fi
+
+if [[ -n "${CA_BUNDLE}" ]]; then
+  # Export for Nix (critical)
+  export NIX_SSL_CERT_FILE="${CA_BUNDLE}"
+
+  # Export for Git, Python requests, curl, etc.
+  export SSL_CERT_FILE="${CA_BUNDLE}"
+  export REQUESTS_CA_BUNDLE="${CA_BUNDLE}"
+  export GIT_SSL_CAINFO="${CA_BUNDLE}"
+
+  echo "[docker] Using CA bundle: ${CA_BUNDLE}"
+else
+  echo "[docker] WARNING: No CA certificate bundle found."
+  echo "[docker] HTTPS access for Nix flakes and other tools may fail."
 fi

 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

 echo "[docker] Starting package-manager container"

-# Distro info for logging
+# ---------------------------------------------------------------------------
+# Log distribution info
+# ---------------------------------------------------------------------------
 if [[ -f /etc/os-release ]]; then
  # shellcheck disable=SC1091
  . /etc/os-release
@@ -34,9 +65,9 @@ fi
 echo "[docker] Using /src as working directory"
 cd /src

-# ------------------------------------------------------------
-# DEV mode: build/install package-manager from current /src
-# ------------------------------------------------------------
+# ---------------------------------------------------------------------------
+# DEV mode: rebuild package-manager from the mounted /src tree
+# ---------------------------------------------------------------------------
 if [[ "${PKGMGR_DEV:-0}" == "1" ]]; then
  echo "[docker] DEV mode enabled (PKGMGR_DEV=1)"
  echo "[docker] Rebuilding package-manager from /src via scripts/installation/run-package.sh..."
@@ -49,9 +80,9 @@ if [[ "${PKGMGR_DEV:-0}" == "1" ]]; then
  fi
 fi

-# ------------------------------------------------------------
-# Hand-off to pkgmgr / arbitrary command
-# ------------------------------------------------------------
+# ---------------------------------------------------------------------------
+# Hand off to pkgmgr or arbitrary command
+# ---------------------------------------------------------------------------
 if [[ $# -eq 0 ]]; then
  echo "[docker] No arguments provided. Showing pkgmgr help..."
  exec pkgmgr --help
--- a/scripts/init-nix.sh
+++ b/scripts/init-nix.sh
@@ -97,11 +97,32 @@ if [[ "${IN_CONTAINER}" -eq 1 && "${EUID:-0}" -eq 0 ]]; then
    useradd -m -r -g nixbld -s /usr/bin/bash nix
  fi

-  # Create /nix directory and hand it to nix user (prevents installer sudo prompt)
+  # Ensure /nix exists and is writable by the "nix" user.
+  #
+  # In some base images (or previous runs), /nix may already exist and be
+  # owned by root. In that case the Nix single-user installer will abort with:
+  #
+  #   "directory /nix exists, but is not writable by you"
+  #
+  # To keep container runs idempotent and robust, we always enforce
+  # ownership nix:nixbld here.
  if [[ ! -d /nix ]]; then
    echo "[init-nix] Creating /nix with owner nix:nixbld..."
    mkdir -m 0755 /nix
    chown nix:nixbld /nix
+  else
+    current_owner="$(stat -c '%U' /nix 2>/dev/null || echo '?')"
+    current_group="$(stat -c '%G' /nix 2>/dev/null || echo '?')"
+    if [[ "${current_owner}" != "nix" || "${current_group}" != "nixbld" ]]; then
+      echo "[init-nix] /nix already exists with owner ${current_owner}:${current_group} – fixing to nix:nixbld..."
+      chown -R nix:nixbld /nix
+    else
+      echo "[init-nix] /nix already exists with correct owner nix:nixbld."
+    fi
+
+    if [[ ! -w /nix ]]; then
+      echo "[init-nix] WARNING: /nix is still not writable after chown; Nix installer may fail."
+    fi
  fi

  # Run Nix single-user installer as "nix"
--- a/scripts/test/test-e2e.sh
+++ b/scripts/test/test-e2e.sh
@@ -18,6 +18,7 @@ for distro in $DISTROS; do
    $MOUNT_NIX \
    -v "pkgmgr_nix_cache:/root/.cache/nix" \
    -e PKGMGR_DEV=1 \
+    -e TEST_PATTERN="${TEST_PATTERN}" \
    --workdir /src \
    --entrypoint bash \
    "package-manager-test-$distro" \
@@ -51,6 +52,6 @@ for distro in $DISTROS; do
      nix develop .#default --no-write-lock-file -c \
        python3 -m unittest discover \
          -s /src/tests/e2e \
-          -p "test_*.py";
+          -p "$TEST_PATTERN";
    '
 done
--- a/scripts/test/test-integration.sh
+++ b/scripts/test/test-integration.sh
@@ -10,6 +10,7 @@ docker run --rm \
  -v "pkgmgr_nix_cache:/root/.cache/nix" \
  --workdir /src \
  -e PKGMGR_DEV=1 \
+  -e TEST_PATTERN="${TEST_PATTERN}" \
  --entrypoint bash \
  "package-manager-test-arch" \
  -c '
@@ -19,5 +20,5 @@ docker run --rm \
      python -m unittest discover \
        -s tests/integration \
        -t /src \
-        -p "test_*.py";
+        -p "$TEST_PATTERN";
  '
--- a/scripts/test/test-unit.sh
+++ b/scripts/test/test-unit.sh
@@ -10,6 +10,7 @@ docker run --rm \
  -v "pkgmgr_nix_cache:/root/.cache/nix" \
  --workdir /src \
  -e PKGMGR_DEV=1 \
+  -e TEST_PATTERN="${TEST_PATTERN}" \
  --entrypoint bash \
  "package-manager-test-arch" \
  -c '
@@ -19,5 +20,5 @@ docker run --rm \
      python -m unittest discover \
        -s tests/unit \
        -t /src \
-        -p "test_*.py";
+        -p "$TEST_PATTERN";
  '
--- a/tests/e2e/test_install_pkgmgr_shallow.py
+++ b/tests/e2e/test_install_pkgmgr_shallow.py
@@ -35,7 +35,7 @@ def remove_pkgmgr_from_nix_profile() -> None:
    prints a descriptive format without an index column inside the container.

    Instead, we directly try to remove possible names:
-      - 'pkgmgr'        (the actual name shown in `nix profile list`)
+      - 'pkgmgr'          (the actual name shown in `nix profile list`)
      - 'package-manager' (the name mentioned in Nix's own error hints)
    """
    for spec in ("pkgmgr", "package-manager"):
@@ -76,29 +76,47 @@ def pkgmgr_help_debug() -> None:
    print(f"returncode: {proc.returncode}")
    print("--- END ---\n")

-    if proc.returncode != 0:
-        raise AssertionError(f"'pkgmgr --help' failed with exit code {proc.returncode}")
-
-    # Wichtig: Hier KEIN AssertionError mehr – das ist reine Debug-Ausgabe.
-    # Falls du später hart testen willst, kannst du optional:
-    #   if proc.returncode != 0:
-    #       self.fail("...")
-    # aber aktuell nur Sichtprüfung.
+    # Important: this is **debug-only**. Do NOT fail the test here.
+    # If you ever want to hard-assert on this, you can add an explicit
+    # assertion in the test method instead of here.


 class TestIntegrationInstalPKGMGRShallow(unittest.TestCase):
    def test_install_pkgmgr_self_install(self) -> None:
-        # Debug before cleanup
-        nix_profile_list_debug("BEFORE CLEANUP")
+        """
+        End-to-end test that runs "python main.py install pkgmgr ..." inside
+        the test container.

-        # Cleanup: aggressively try to drop any pkgmgr/profile entries
-        remove_pkgmgr_from_nix_profile()
-
-        # Debug after cleanup
-        nix_profile_list_debug("AFTER CLEANUP")
+        We isolate HOME into /tmp/pkgmgr-self-install so that:
+          - ~/.config/pkgmgr points to an isolated test config area
+          - ~/Repositories is owned by the current user inside the container
+            (avoiding Nix's 'repository path is not owned by current user' error)
+        """
+        # Use a dedicated HOME for this test to avoid permission/ownership issues
+        temp_home = "/tmp/pkgmgr-self-install"
+        os.makedirs(temp_home, exist_ok=True)

        original_argv = sys.argv
+        original_environ = os.environ.copy()
+
        try:
+            # Isolate HOME so that ~ expands to /tmp/pkgmgr-self-install
+            os.environ["HOME"] = temp_home
+
+            # Optional: ensure XDG_* also use the temp HOME for extra isolation
+            os.environ.setdefault("XDG_CONFIG_HOME", os.path.join(temp_home, ".config"))
+            os.environ.setdefault("XDG_CACHE_HOME", os.path.join(temp_home, ".cache"))
+            os.environ.setdefault("XDG_DATA_HOME", os.path.join(temp_home, ".local", "share"))
+
+            # Debug before cleanup
+            nix_profile_list_debug("BEFORE CLEANUP")
+
+            # Cleanup: aggressively try to drop any pkgmgr/profile entries
+            remove_pkgmgr_from_nix_profile()
+
+            # Debug after cleanup
+            nix_profile_list_debug("AFTER CLEANUP")
+
            sys.argv = [
                "python",
                "install",
@@ -107,13 +125,18 @@ class TestIntegrationInstalPKGMGRShallow(unittest.TestCase):
                "shallow",
                "--no-verification",
            ]
-            # Führt die Installation via main.py aus
+
+            # Run installation via main.py
            runpy.run_module("main", run_name="__main__")

-            # Nach erfolgreicher Installation: pkgmgr --help anzeigen (Debug)
+            # After successful installation: run `pkgmgr --help` for debug
            pkgmgr_help_debug()
+
        finally:
            sys.argv = original_argv
+            # Restore full environment
+            os.environ.clear()
+            os.environ.update(original_environ)


 if __name__ == "__main__":
--- a/tests/unit/pkgmgr/actions/release/test_files.py
+++ b/tests/unit/pkgmgr/actions/release/test_files.py
@@ -80,6 +80,21 @@ class TestUpdatePyprojectVersion(unittest.TestCase):

        self.assertNotEqual(cm.exception.code, 0)

+    def test_update_pyproject_version_missing_file_is_skipped(self) -> None:
+        """
+        If pyproject.toml does not exist, the function must not raise
+        and must not create the file. It should simply be skipped.
+        """
+        with tempfile.TemporaryDirectory() as tmpdir:
+            path = os.path.join(tmpdir, "pyproject.toml")
+            self.assertFalse(os.path.exists(path))
+
+            # Must not raise an exception
+            update_pyproject_version(path, "1.2.3", preview=False)
+
+            # Still no file created
+            self.assertFalse(os.path.exists(path))
+

 class TestUpdateFlakeVersion(unittest.TestCase):
    def test_update_flake_version_normal(self) -> None:
@@ -352,11 +367,11 @@ class TestUpdateSpecChangelog(unittest.TestCase):
            with open(path, "r", encoding="utf-8") as f:
                content = f.read()

-        # Neue Stanza muss nach %changelog stehen
+        # New stanza must appear after the %changelog marker
        self.assertIn("%changelog", content)
        self.assertIn("Fedora changelog entry", content)
        self.assertIn("Test Maintainer <test@example.com>", content)
-        # Alte Einträge müssen erhalten bleiben
+        # Old entries must still be present
        self.assertIn("Old Maintainer <old@example.com>", content)

    def test_update_spec_changelog_preview_does_not_write(self) -> None:
@@ -396,7 +411,7 @@ class TestUpdateSpecChangelog(unittest.TestCase):
            with open(path, "r", encoding="utf-8") as f:
                content = f.read()

-        # Im Preview-Modus darf nichts verändert werden
+        # In preview mode, the spec file must not change
        self.assertEqual(content, original)


--- a/tests/unit/pkgmgr/actions/repos/test_pull_with_verification.py
+++ b/tests/unit/pkgmgr/actions/repos/test_pull_with_verification.py
@@ -0,0 +1,309 @@
+import io
+import unittest
+from unittest.mock import patch, MagicMock
+
+from pkgmgr.actions.repository.pull import pull_with_verification
+
+
+class TestPullWithVerification(unittest.TestCase):
+    """
+    Comprehensive unit tests for pull_with_verification().
+
+    These tests verify:
+      - Preview mode behaviour
+      - Verification logic (prompting, bypassing, skipping)
+      - subprocess.run invocation
+      - Repository directory existence checks
+      - Handling of extra git pull arguments
+    """
+
+    def _setup_mocks(self, mock_exists, mock_get_repo_id, mock_get_repo_dir,
+                     mock_verify, exists=True, verified_ok=True,
+                     errors=None, verified_info=True):
+        """Helper to configure repetitive mock behavior."""
+        repo = {
+            "name": "pkgmgr",
+            "verified": {"gpg_keys": ["ABCDEF"]} if verified_info else None,
+        }
+        mock_exists.return_value = exists
+        mock_get_repo_id.return_value = "pkgmgr"
+        mock_get_repo_dir.return_value = "/fake/base/pkgmgr"
+        mock_verify.return_value = (
+            verified_ok,
+            errors or [],
+            "deadbeef",    # commit hash
+            "ABCDEF",      # signing key
+        )
+        return repo
+
+    # ---------------------------------------------------------------------
+    @patch("pkgmgr.actions.repository.pull.subprocess.run")
+    @patch("pkgmgr.actions.repository.pull.verify_repository")
+    @patch("pkgmgr.actions.repository.pull.get_repo_dir")
+    @patch("pkgmgr.actions.repository.pull.get_repo_identifier")
+    @patch("pkgmgr.actions.repository.pull.os.path.exists")
+    @patch("builtins.input")
+    def test_preview_mode_non_interactive(
+        self,
+        mock_input,
+        mock_exists,
+        mock_get_repo_id,
+        mock_get_repo_dir,
+        mock_verify,
+        mock_subprocess,
+    ):
+        """
+        Preview mode must NEVER request user input and must NEVER execute git.
+        It must only print the preview command.
+        """
+        repo = self._setup_mocks(
+            mock_exists,
+            mock_get_repo_id,
+            mock_get_repo_dir,
+            mock_verify,
+            exists=True,
+            verified_ok=False,
+            errors=["bad signature"],
+            verified_info=True,
+        )
+
+        buf = io.StringIO()
+        with patch("sys.stdout", new=buf):
+            pull_with_verification(
+                selected_repos=[repo],
+                repositories_base_dir="/fake/base",
+                all_repos=[repo],
+                extra_args=["--ff-only"],
+                no_verification=False,
+                preview=True,
+            )
+
+        output = buf.getvalue()
+        self.assertIn(
+            "[Preview] In '/fake/base/pkgmgr': git pull --ff-only",
+            output,
+        )
+
+        mock_input.assert_not_called()
+        mock_subprocess.assert_not_called()
+
+    # ---------------------------------------------------------------------
+    @patch("pkgmgr.actions.repository.pull.subprocess.run")
+    @patch("pkgmgr.actions.repository.pull.verify_repository")
+    @patch("pkgmgr.actions.repository.pull.get_repo_dir")
+    @patch("pkgmgr.actions.repository.pull.get_repo_identifier")
+    @patch("pkgmgr.actions.repository.pull.os.path.exists")
+    @patch("builtins.input")
+    def test_verification_failure_user_declines(
+        self,
+        mock_input,
+        mock_exists,
+        mock_get_repo_id,
+        mock_get_repo_dir,
+        mock_verify,
+        mock_subprocess,
+    ):
+        """
+        If verification fails and preview=False, the user is prompted.
+        If the user declines ('n'), no git command is executed.
+        """
+        repo = self._setup_mocks(
+            mock_exists,
+            mock_get_repo_id,
+            mock_get_repo_dir,
+            mock_verify,
+            verified_ok=False,
+            errors=["signature invalid"],
+        )
+
+        mock_input.return_value = "n"
+
+        buf = io.StringIO()
+        with patch("sys.stdout", new=buf):
+            pull_with_verification(
+                selected_repos=[repo],
+                repositories_base_dir="/fake/base",
+                all_repos=[repo],
+                extra_args=[],
+                no_verification=False,
+                preview=False,
+            )
+
+        mock_input.assert_called_once()
+        mock_subprocess.assert_not_called()
+
+    # ---------------------------------------------------------------------
+    @patch("pkgmgr.actions.repository.pull.subprocess.run")
+    @patch("pkgmgr.actions.repository.pull.verify_repository")
+    @patch("pkgmgr.actions.repository.pull.get_repo_dir")
+    @patch("pkgmgr.actions.repository.pull.get_repo_identifier")
+    @patch("pkgmgr.actions.repository.pull.os.path.exists")
+    @patch("builtins.input")
+    def test_verification_failure_user_accepts_runs_git(
+        self,
+        mock_input,
+        mock_exists,
+        mock_get_repo_id,
+        mock_get_repo_dir,
+        mock_verify,
+        mock_subprocess,
+    ):
+        """
+        If verification fails and the user accepts ('y'),
+        then the git pull should be executed.
+        """
+        repo = self._setup_mocks(
+            mock_exists,
+            mock_get_repo_id,
+            mock_get_repo_dir,
+            mock_verify,
+            verified_ok=False,
+            errors=["invalid"],
+        )
+
+        mock_input.return_value = "y"
+        mock_subprocess.return_value = MagicMock(returncode=0)
+
+        pull_with_verification(
+            selected_repos=[repo],
+            repositories_base_dir="/fake/base",
+            all_repos=[repo],
+            extra_args=[],
+            no_verification=False,
+            preview=False,
+        )
+
+        mock_subprocess.assert_called_once()
+        mock_input.assert_called_once()
+
+    # ---------------------------------------------------------------------
+    @patch("pkgmgr.actions.repository.pull.subprocess.run")
+    @patch("pkgmgr.actions.repository.pull.verify_repository")
+    @patch("pkgmgr.actions.repository.pull.get_repo_dir")
+    @patch("pkgmgr.actions.repository.pull.get_repo_identifier")
+    @patch("pkgmgr.actions.repository.pull.os.path.exists")
+    @patch("builtins.input")
+    def test_verification_success_no_prompt(
+        self,
+        mock_input,
+        mock_exists,
+        mock_get_repo_id,
+        mock_get_repo_dir,
+        mock_verify,
+        mock_subprocess,
+    ):
+        """
+        If verification is successful, the user should NOT be prompted,
+        and git pull should run immediately.
+        """
+        repo = self._setup_mocks(
+            mock_exists,
+            mock_get_repo_id,
+            mock_get_repo_dir,
+            mock_verify,
+            verified_ok=True,
+        )
+
+        mock_subprocess.return_value = MagicMock(returncode=0)
+
+        pull_with_verification(
+            selected_repos=[repo],
+            repositories_base_dir="/fake/base",
+            all_repos=[repo],
+            extra_args=["--rebase"],
+            no_verification=False,
+            preview=False,
+        )
+
+        mock_input.assert_not_called()
+        mock_subprocess.assert_called_once()
+        cmd = mock_subprocess.call_args[0][0]
+        self.assertIn("git pull --rebase", cmd)
+
+    # ---------------------------------------------------------------------
+    @patch("pkgmgr.actions.repository.pull.subprocess.run")
+    @patch("pkgmgr.actions.repository.pull.verify_repository")
+    @patch("pkgmgr.actions.repository.pull.get_repo_dir")
+    @patch("pkgmgr.actions.repository.pull.get_repo_identifier")
+    @patch("pkgmgr.actions.repository.pull.os.path.exists")
+    @patch("builtins.input")
+    def test_directory_missing_skips_repo(
+        self,
+        mock_input,
+        mock_exists,
+        mock_get_repo_id,
+        mock_get_repo_dir,
+        mock_verify,
+        mock_subprocess,
+    ):
+        """
+        If the repository directory does not exist, the repo must be skipped
+        silently and no git command executed.
+        """
+        repo = self._setup_mocks(
+            mock_exists,
+            mock_get_repo_id,
+            mock_get_repo_dir,
+            mock_verify,
+            exists=False,
+        )
+
+        buf = io.StringIO()
+        with patch("sys.stdout", new=buf):
+            pull_with_verification(
+                selected_repos=[repo],
+                repositories_base_dir="/fake/base",
+                all_repos=[repo],
+                extra_args=[],
+                no_verification=False,
+                preview=False,
+            )
+
+        output = buf.getvalue()
+        self.assertIn("not found", output)
+
+        mock_input.assert_not_called()
+        mock_subprocess.assert_not_called()
+
+    # ---------------------------------------------------------------------
+    @patch("pkgmgr.actions.repository.pull.subprocess.run")
+    @patch("pkgmgr.actions.repository.pull.verify_repository")
+    @patch("pkgmgr.actions.repository.pull.get_repo_dir")
+    @patch("pkgmgr.actions.repository.pull.get_repo_identifier")
+    @patch("pkgmgr.actions.repository.pull.os.path.exists")
+    @patch("builtins.input")
+    def test_no_verification_flag_skips_prompt(
+        self,
+        mock_input,
+        mock_exists,
+        mock_get_repo_id,
+        mock_get_repo_dir,
+        mock_verify,
+        mock_subprocess,
+    ):
+        """
+        If no_verification=True, verification failures must NOT prompt.
+        Git pull should run directly.
+        """
+        repo = self._setup_mocks(
+            mock_exists,
+            mock_get_repo_id,
+            mock_get_repo_dir,
+            mock_verify,
+            verified_ok=False,
+            errors=["invalid"],
+        )
+
+        mock_subprocess.return_value = MagicMock(returncode=0)
+
+        pull_with_verification(
+            selected_repos=[repo],
+            repositories_base_dir="/fake/base",
+            all_repos=[repo],
+            extra_args=[],
+            no_verification=True,
+            preview=False,
+        )
+
+        mock_input.assert_not_called()
+        mock_subprocess.assert_called_once()
Author	SHA1	Message	Date
Kevin Veen-Birkenbach	6a838ee84f	Release version 0.7.8	2025-12-09 21:03:24 +01:00
Kevin Veen-Birkenbach	4285bf4a54	Fix: release now skips missing pyproject.toml without failing - Updated update_pyproject_version() to gracefully skip missing or unreadable pyproject.toml - Added corresponding unit test ensuring missing file triggers no exception and no file creation - Updated test wording for spec changelog section - Ref: adjustments discussed in ChatGPT conversation (2025-12-09) - https://chatgpt.com/share/69388024-93e4-800f-a09f-bf78a6b9a53f	2025-12-09 21:02:01 +01:00
Kevin Veen-Birkenbach	640b1042c2	git commit -m "Harden installers for Nix, OS packages and Docker CA handling - NixFlakeInstaller: - Skip when running inside a Nix dev shell (IN_NIX_SHELL). - Add PKGMGR_DISABLE_NIX_FLAKE_INSTALLER kill-switch for CI/debugging. - Ensure run() respects supports() and handles preview/allow_failure cleanly. - DebianControlInstaller: - Introduce _privileged_prefix() to handle sudo vs. root vs. no elevation. - Avoid hard-coded sudo usage and degrade gracefully when neither sudo nor root is available. - Improve messaging around build-dep and .deb installation. - RpmSpecInstaller: - Prepare rpmbuild tree and source tarball in ~/rpmbuild/SOURCES based on Name/Version from the spec file. - Reuse a helper to resolve the rpmbuild topdir. - Install built RPMs via dnf/yum when available, falling back to rpm -Uvh to avoid file conflicts during upgrades. - PythonInstaller: - Skip pip-based installation inside Nix dev shells (IN_NIX_SHELL). - Add PKGMGR_DISABLE_PYTHON_INSTALLER kill-switch. - Make pip command resolution explicit and overridable via PKGMGR_PIP. - Type-hint supports() and run() with RepoContext/InstallContext. - Docker entrypoint: - Add robust CA bundle detection for Nix, Git, Python requests and curl. - Export NIX_SSL_CERT_FILE, SSL_CERT_FILE, REQUESTS_CA_BUNDLE and GIT_SSL_CAINFO from a single detected CA path. - Improve logging and section comments in the entrypoint script." https://chatgpt.com/share/69387df8-bda0-800f-a053-aa9e2999dc84	2025-12-09 20:52:07 +01:00
Kevin Veen-Birkenbach	9357c4632e	Release version 0.7.7	2025-12-09 17:54:41 +01:00
Kevin Veen-Birkenbach	ca5d0d22f3	feat(test): make unittest pattern configurable and pass TEST_PATTERN into containers This update introduces a configurable TEST_PATTERN variable in the Makefile, allowing selective execution of unit, integration, and E2E tests without modifying scripts. Key changes: - Add TEST_PATTERN (default: test_*.py) to Makefile and export it. - Inject TEST_PATTERN into all test containers via `-e TEST_PATTERN=...`. - Update test-unit.sh, test-integration.sh, and test-e2e.sh to use `-p "$TEST_PATTERN"` instead of a hardcoded pattern. - Ensure flexible test selection via: make test-e2e TEST_PATTERN=test_install_pkgmgr_shallow.py This enables fast debugging, selective test runs, and better developer experience while keeping full compatibility with CI defaults. https://chatgpt.com/share/69385400-2f14-800f-b093-bb03c8ef9c7f	2025-12-09 17:53:10 +01:00
Kevin Veen-Birkenbach	3875338fb7	Release version 0.7.6	2025-12-09 17:14:22 +01:00
Kevin Veen-Birkenbach	196f55c58e	feat(repository/pull): improve verification logic and add full unit test suite This commit enhances the behaviour of pull_with_verification() and adds a comprehensive unit test suite covering all control flows. Changes: - Added `preview` parameter to fully disable interaction and execution. - Improved verification logic: * Prompt only when not in preview, verification is enabled, verification info exists, and verification failed. * Skip prompts entirely when --no-verification is set. - More explicit construction of `git pull` command with optional extra args. - Improved messaging and formatting for clarity. - Ensured directory existence is checked before any verification logic. - Added detailed comments explaining logic and conditions. Tests: - New file tests/unit/pkgmgr/actions/repos/test_pull_with_verification.py - Covers: * Preview mode (no input, no subprocess) * Verification failure – user rejects * Verification failure – user accepts * Verification success – immediate git call * Missing repository directory – skip silently * --no-verification flag bypasses prompts * Command formatting with extra args - Uses systematic mocking for identifier, repo-dir, verify_repository(), subprocess.run(), and user input. This significantly strengthens correctness, UX, and test coverage of the repository pull workflow. https://chatgpt.com/share/69384aaa-0c80-800f-b4b4-64e6fbdebd3b	2025-12-09 17:12:23 +01:00
Kevin Veen-Birkenbach	9a149715f6	Release version 0.7.5	2025-12-09 16:45:45 +01:00
Kevin Veen-Birkenbach	bf40533469	fix(init-nix): ensure /nix is always owned by nix:nixbld in container root mode In GitHub's Fedora-based CI containers the directory /nix may already exist (e.g. from the base image or a previous build layer) and is often owned by root:root. In this situation the Nix single-user installer aborts with: "directory /nix exists, but is not writable by you" This caused the container build to fail during `init-nix.sh`, leaving no working `nix` binary on PATH. As a result, the runtime wrapper (pkmgr-wrapper.sh) reported: "[pkgmgr-wrapper] ERROR: 'nix' binary not found on PATH." Local runs did not show the issue because a previous installation had already created /nix with correct ownership. This commit makes container-mode Nix initialization fully idempotent: • If /nix does not exist → create it with owner nix:nixbld (existing logic). • If /nix exists but has wrong owner/group → forcibly chown -R nix:nixbld. • A warning is emitted if /nix remains non-writable after correction. This guarantees that the Nix installer always has writable access to /nix and prevents the installer from aborting in CI. As a result, `pkgmgr --help` works again inside Fedora CI containers. https://chatgpt.com/share/69384149-9dc8-800f-8148-55817ece8e21	2025-12-09 16:33:22 +01:00
Kevin Veen-Birkenbach	7bc7259988	Release version 0.7.4	2025-12-09 16:22:03 +01:00
Kevin Veen-Birkenbach	66b96ac3a5	Refactor CI workflows and Makefile to unify container builds and simplify test execution This commit updates all GitHub Actions workflows and the Makefile to ensure consistent behavior across unit, integration, end-to-end, and OS-container tests. Changes include: CI Workflows: - Rename workflows for clearer, more professional naming: * "Test Distribution Containers" → "Test OS Containers" * "Test package-manager (e2e)" → "Test End-To-End" * "Test package-manager (unit)" → "Test Units" * "Test package-manager (integration)" → "Test Code Integration" - Remove explicit build steps from workflows; container creation is now delegated to the Makefile via build-missing. - Restrict test jobs to only build the Arch test container by setting: DISTROS="arch" Makefile: - Add build-missing as a dependency to all test targets: test-unit, test-integration, test-e2e, test-container - Remove redundant build-missing call from the combined 'test' target, since Make now ensures build-missing runs exactly once per invocation. - Preserve existing target structure while ensuring container images are built automatically on demand. This makes the CI pipeline faster, more predictable, and removes duplicated container build logic. All tests now use the same unified mechanism for building missing images.	2025-12-09 16:18:15 +01:00