[aur-dev] [PATCH v3 2/2] Require TUs to explicitly request to overwrite a pkgbase

Lukas Fleischer lfleischer at archlinux.org
Fri Jul 21 20:57:52 UTC 2017

On Fri, 21 Jul 2017 at 19:39:26, Eli Schwartz wrote:
> AUR_PRIVILEGED allows people with privileged AUR accounts to evade the
> block on non-fast-forward commits. While valid in this case, we should
> not do so by default, since in at least one case a TU did this without
> realizing there was an existing package.
> ( https://aur.archlinux.org/packages/rtmidi/ )
> Switch to using allow_overwrite to check for destructive actions.
> Use .ssh/config "SendEnv" on the TU's side and and sshd_config
> "AcceptEnv" in the AUR server to specifically request overwrite access.
> TUs should use: `export AUR_OVERWRITE=1; git push`

This may just be nitpicking, but since this commit message currently is
the only documentation for this feature, can we suggest something that
does not preserve AUR_OVERWRITE for future operations instead? I think
you also forgot to specify the --force option.

Maybe `AUR_OVERWRITE=1 git push --force`?

Actually, I would prefer a variable name that makes the request even
more explicit. How about AUR_FORCE_PUSH?

Oh, and talking about documentation, it might be a good idea to add a
sentence on AUR_OVERWRITE/AUR_FORCE_PUSH to the git-serve section in
doc/git-interface.txt as well...

> [...]
> @@ -262,7 +263,7 @@ def main():
>          walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL)
>          walker.hide(sha1_new)
>          if next(walker, None) is not None:
> -            if privileged:
> +            if allow_overwrite:
>                  warn("non-fast-forward push (are you absolutely sure you mean this?)")
> [...]

I know I said earlier that the warning is a good idea. However, thinking
about it again, it seems fairly awkward to ask "are you absolutely sure
you mean this?" after the TU said "I really want to force push!" by
repeating "force" twice in `AUR_FORCE_PUSH=1 git push --force`. So could
you please resend this as a separate patch, based on master instead 1/2
in this series?



More information about the aur-dev mailing list