Add a package name blacklist.

Can be used to blacklist package names for normal users. TUs and developers are not affected. This is especially useful if used together with a cron job that updates the blacklist periodically, e.g. to reject packages which are available in the binary repos (FS#12902). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2025-02-03 10:43:03 +01:00 · 2011-02-02 18:03:09 +01:00 · 2011-02-02 18:03:09 +01:00 · b69f548065
commit b69f548065
parent 881bfcced4
4 changed files with 47 additions and 0 deletions
--- a/6
+++ b/6
@ -27,6 +27,12 @@ ALTER TABLE PackageSources
 	MODIFY Source VARCHAR(255) NOT NULL DEFAULT "/dev/null";
 ALTER TABLE TU_VoteInfo
 	MODIFY User VARCHAR(32) collate latin1_general_ci NOT NULL;
+CREATE TABLE PackageBlacklist (
+	ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
+	Name CHAR(64) NOT NULL,
+	PRIMARY KEY (ID),
+	UNIQUE (Name)
+);
 ----

 2. Drop all fulltext indexes from the "Packages" table:
--- a/support/schema/aur-schema.sql
+++ b/support/schema/aur-schema.sql
@ -177,6 +177,15 @@ CREATE TABLE CommentNotify (
 );
 CREATE UNIQUE INDEX NotifyUserIDPkgID ON CommentNotify (UserID, PkgID);

+-- Package name blacklist
+--
+CREATE TABLE PackageBlacklist (
+	ID INTEGER UNSIGNED NOT NULL AUTO_INCREMENT,
+	Name CHAR(64) NOT NULL,
+	PRIMARY KEY (ID),
+	UNIQUE (Name)
+);
+
 -- Vote information
 --
 CREATE TABLE IF NOT EXISTS TU_VoteInfo (
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@ -215,6 +215,15 @@ if ($_COOKIE["AURSID"]):
 			$incoming_pkgdir = INCOMING_DIR . $pkg_name;
 		}

+		if (!$error) {
+			# Check if package name is blacklisted.
+			if (pkgname_is_blacklisted($pkg_name)) {
+				if (!canSubmitBlacklisted(account_from_sid($_COOKIE["AURSID"]))) {
+					$error = __( "%s is on the package blacklist, please check if it's available in the official repos.", $pkg_name);
+				}
+			}
+		}
+
 		if (!$error) {
 			# First, see if this package already exists, and if it can be overwritten
 			$pkg_exists = package_exists($pkg_name);
--- a/web/lib/pkgfuncs.inc
+++ b/web/lib/pkgfuncs.inc
@ -64,6 +64,18 @@ function canManagePackage($uid=0,$AURMUID=0, $MUID=0, $SUID=0, $managed=0) {
 	return 0;
 }

+# Check if the current user can submit blacklisted packages.
+#
+function canSubmitBlacklisted($atype = "") {
+	if ($atype == "Trusted User" || $atype == "Developer") {
+		# Only TUs/Devs can submit blacklisted packages.
+		return TRUE;
+	}
+	else {
+		return FALSE;
+	}
+}
+
 # grab the current list of PackageCategories
 #
 function pkgCategories() {
@ -286,6 +298,17 @@ function pkgname_from_id($id="") {
 	return $id;
 }

+# Check if a package name is blacklisted.
+#
+function pkgname_is_blacklisted($name) {
+	$dbh = db_connect();
+	$q = "SELECT COUNT(*) FROM PackageBlacklist WHERE Name = '" . mysql_real_escape_string($name) . "'";
+	$result = db_query($q, $dbh);
+
+	if (!$result) return false;
+	return (mysql_result($result, 0) > 0);
+}
+
 # display package details
 #
 function package_details($id=0, $SID="") {