external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

git-update: Prevent from overwriting packages

Browse source 
Make sure we do not overwrite a package belonging to another package
base. We forgot to add this check to git-update when porting the package
submission script to Python in commit 74edb6f (Use Git repositories to
store packages, 2014-06-06).

Reported-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Lukas Fleischer 2015-06-04 11:21:04 +02:00
parent c4870a95fc
commit 58db164732
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
git-interface/git-update.py
View file

@ -252,12 +252,22 @@ srcinfo_pkgbase = srcinfo._pkgbase['pkgname']
if srcinfo_pkgbase != pkgbase: if srcinfo_pkgbase != pkgbase:
die('invalid pkgbase: %s' % (srcinfo_pkgbase)) die('invalid pkgbase: %s' % (srcinfo_pkgbase))
pkgbase = srcinfo._pkgbase['pkgname']
cur.execute("SELECT ID FROM PackageBases WHERE Name = %s", [pkgbase])
pkgbase_id = cur.fetchone()[0]
for pkgname in srcinfo.GetPackageNames(): for pkgname in srcinfo.GetPackageNames():
pkginfo = srcinfo.GetMergedPackage(pkgname) pkginfo = srcinfo.GetMergedPackage(pkgname)
pkgname = pkginfo['pkgname']
if pkginfo['pkgname'] in blacklist: if pkgname in blacklist:
die('package is blacklisted: %s' % (pkginfo['pkgname'])) die('package is blacklisted: %s' % (pkginfo['pkgname']))
cur.execute("SELECT COUNT(*) FROM Packages WHERE Name = %s AND " +
"PackageBaseID <> %s", [pkgname, pkgbase_id])
if cur.fetchone()[0] > 0:
die('cannot overwrite package: %s' % (pkgname))
save_srcinfo(srcinfo, db, cur, user) save_srcinfo(srcinfo, db, cur, user)
db.close() db.close()