[aur-dev] [PATCH 2/2] git-update: Prevent from overwriting packages
Lukas Fleischer
lfleischer at archlinux.org
Thu Jun 4 09:25:35 UTC 2015
Make sure we do not overwrite a package belonging to another package
base. We forgot to add this check to git-update when porting the package
submission script to Python in commit 74edb6f (Use Git repositories to
store packages, 2014-06-06).
Reported-by: Johannes Löthberg <johannes at kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer at archlinux.org>
---
git-interface/git-update.py | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/git-interface/git-update.py b/git-interface/git-update.py
index 34633e8..047ac9b 100755
--- a/git-interface/git-update.py
+++ b/git-interface/git-update.py
@@ -252,12 +252,22 @@ srcinfo_pkgbase = srcinfo._pkgbase['pkgname']
if srcinfo_pkgbase != pkgbase:
die('invalid pkgbase: %s' % (srcinfo_pkgbase))
+pkgbase = srcinfo._pkgbase['pkgname']
+cur.execute("SELECT ID FROM PackageBases WHERE Name = %s", [pkgbase])
+(pkgbase_id) = cur.fetchone()
+
for pkgname in srcinfo.GetPackageNames():
pkginfo = srcinfo.GetMergedPackage(pkgname)
+ pkgname = pkginfo['pkgname']
- if pkginfo['pkgname'] in blacklist:
+ if pkgname in blacklist:
die('package is blacklisted: %s' % (pkginfo['pkgname']))
+ cur.execute("SELECT COUNT(*) FROM Packages WHERE Name = %s AND " +
+ "PackageBaseID <> %s", pkgname, pkgbase_id)
+ if cur.rowcount != 0:
+ die('cannot overwrite package: %s' % (pkgname))
+
save_srcinfo(srcinfo, db, cur, user)
db.close()
--
2.4.2
More information about the aur-dev
mailing list