[aur-dev] [PATCH v2 2/2] Require TUs to explicitly request to overwrite a pkgbase
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the
block on non-fast-forward commits. While valid in this case, we should
not do so by default, since in at least one case a TU did this without
realizing there was an existing package.
( https://aur.archlinux.org/packages/rtmidi/ )
Switch to using allow_overwrite to check for destructive actions.
Use .ssh/config "SendEnv" on the TU's side and and sshd_config
"AcceptEnv" in the AUR server to specifically request overwrite access.
TUs should use: `export AUR_OVERWRITE=1; git push`
Signed-off-by: Eli Schwartz
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the
block on non-fast-forward commits. While valid in this case, we should
not do so by default, since in at least one case a TU did this without
realizing there was an existing package.
( https://aur.archlinux.org/packages/rtmidi/ )
Switch to using allow_overwrite to check for destructive actions.
Use .ssh/config "SendEnv" on the TU's side and and sshd_config
"AcceptEnv" in the AUR server to specifically request overwrite access.
TUs should use: `export AUR_OVERWRITE=1; git push`
Signed-off-by: Eli Schwartz
On Fri, 21 Jul 2017 at 19:39:26, Eli Schwartz wrote:
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the block on non-fast-forward commits. While valid in this case, we should not do so by default, since in at least one case a TU did this without realizing there was an existing package. ( https://aur.archlinux.org/packages/rtmidi/ )
Switch to using allow_overwrite to check for destructive actions. Use .ssh/config "SendEnv" on the TU's side and and sshd_config "AcceptEnv" in the AUR server to specifically request overwrite access. TUs should use: `export AUR_OVERWRITE=1; git push`
This may just be nitpicking, but since this commit message currently is the only documentation for this feature, can we suggest something that does not preserve AUR_OVERWRITE for future operations instead? I think you also forgot to specify the --force option. Maybe `AUR_OVERWRITE=1 git push --force`? Actually, I would prefer a variable name that makes the request even more explicit. How about AUR_FORCE_PUSH? Oh, and talking about documentation, it might be a good idea to add a sentence on AUR_OVERWRITE/AUR_FORCE_PUSH to the git-serve section in doc/git-interface.txt as well...
[...] @@ -262,7 +263,7 @@ def main(): walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL) walker.hide(sha1_new) if next(walker, None) is not None: - if privileged: + if allow_overwrite: warn("non-fast-forward push (are you absolutely sure you mean this?)") [...]
I know I said earlier that the warning is a good idea. However, thinking about it again, it seems fairly awkward to ask "are you absolutely sure you mean this?" after the TU said "I really want to force push!" by repeating "force" twice in `AUR_FORCE_PUSH=1 git push --force`. So could you please resend this as a separate patch, based on master instead 1/2 in this series? Thanks! Regards, Lukas
On 07/21/2017 04:57 PM, Lukas Fleischer wrote:
Oh, and talking about documentation, it might be a good idea to add a sentence on AUR_OVERWRITE/AUR_FORCE_PUSH to the git-serve section in doc/git-interface.txt as well...
Will do
I know I said earlier that the warning is a good idea. However, thinking about it again, it seems fairly awkward to ask "are you absolutely sure you mean this?" after the TU said "I really want to force push!" by repeating "force" twice in `AUR_FORCE_PUSH=1 git push --force`. So could you please resend this as a separate patch, based on master instead 1/2 in this series?
Sure, that and a better commit message. To be honest, I wrote patch #1 several weeks ago and then figured out how to implement #2 yesterday, while reading more of the aurweb module. So it was basically tacked on, and I wasn't even sure whether you would want it etc. So I will redo it keeping all your feedback in mind, probably on Sunday. Thanks for going over this! -- Eli Schwartz
participants (2)
-
Eli Schwartz
-
Lukas Fleischer