[aur-dev] [PATCH 2/2] git-update: Prevent from overwriting packages

4 Jun 2015

Make sure we do not overwrite a package belonging to another package
base. We forgot to add this check to git-update when porting the package
submission script to Python in commit 74edb6f (Use Git repositories to
store packages, 2014-06-06).

Reported-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 git-interface/git-update.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/git-interface/git-update.py b/git-interface/git-update.py
index 34633e8..047ac9b 100755
--- a/git-interface/git-update.py
+++ b/git-interface/git-update.py
@@ -252,12 +252,22 @@ srcinfo_pkgbase = srcinfo._pkgbase['pkgname']
 if srcinfo_pkgbase != pkgbase:
     die('invalid pkgbase: %s' % (srcinfo_pkgbase))
 
+pkgbase = srcinfo._pkgbase['pkgname']
+cur.execute("SELECT ID FROM PackageBases WHERE Name = %s", [pkgbase])
+(pkgbase_id) = cur.fetchone()
+
 for pkgname in srcinfo.GetPackageNames():
     pkginfo = srcinfo.GetMergedPackage(pkgname)
+    pkgname = pkginfo['pkgname']
 
-    if pkginfo['pkgname'] in blacklist:
+    if pkgname in blacklist:
         die('package is blacklisted: %s' % (pkginfo['pkgname']))
 
+    cur.execute("SELECT COUNT(*) FROM Packages WHERE Name = %s AND " +
+                "PackageBaseID <> %s", pkgname, pkgbase_id)
+    if cur.rowcount != 0:
+        die('cannot overwrite package: %s' % (pkgname))
+
 save_srcinfo(srcinfo, db, cur, user)
 
 db.close()
-- 
2.4.2

    