On Fri, 21 Jul 2017 at 19:39:26, Eli Schwartz wrote:
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the block on non-fast-forward commits. While valid in this case, we should not do so by default, since in at least one case a TU did this without realizing there was an existing package. ( https://aur.archlinux.org/packages/rtmidi/ )
Switch to using allow_overwrite to check for destructive actions. Use .ssh/config "SendEnv" on the TU's side and and sshd_config "AcceptEnv" in the AUR server to specifically request overwrite access. TUs should use: `export AUR_OVERWRITE=1; git push`
This may just be nitpicking, but since this commit message currently is the only documentation for this feature, can we suggest something that does not preserve AUR_OVERWRITE for future operations instead? I think you also forgot to specify the --force option. Maybe `AUR_OVERWRITE=1 git push --force`? Actually, I would prefer a variable name that makes the request even more explicit. How about AUR_FORCE_PUSH? Oh, and talking about documentation, it might be a good idea to add a sentence on AUR_OVERWRITE/AUR_FORCE_PUSH to the git-serve section in doc/git-interface.txt as well...
[...] @@ -262,7 +263,7 @@ def main(): walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL) walker.hide(sha1_new) if next(walker, None) is not None: - if privileged: + if allow_overwrite: warn("non-fast-forward push (are you absolutely sure you mean this?)") [...]
I know I said earlier that the warning is a good idea. However, thinking about it again, it seems fairly awkward to ask "are you absolutely sure you mean this?" after the TU said "I really want to force push!" by repeating "force" twice in `AUR_FORCE_PUSH=1 git push --force`. So could you please resend this as a separate patch, based on master instead 1/2 in this series? Thanks! Regards, Lukas