Test the authentication script with an invalid key type and with a key
that does not exist in the database.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Explicitly remove all package sources, dependencies, relations, licenses
and groups before inserting new ones.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In addition to MySQL, add support for SQLite to the database abstraction
layer. Also, add a new configuration option to select the DBMS.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Avoid using UNIX_TIMESTAMP which is not part of the SQL standard.
Retrieve the current UNIX time in Python and substitute it into the SQL
queries instead.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Avoid using Cursor.rowcount to obtain the number of rows returned by a
SELECT statement as this is not guaranteed to be supported by every
database engine.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Introduce a new environment variable that can be used to specify the
path to an aurweb configuration file. If the environment variable is
unset, the default search path is used.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a new module that automatically locates the configuration file and
provides methods to obtain the values of configuration options.
Use the new module instead of ConfigParser everywhere.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a new class that connects to the database specified in the
configuration file and provides an interface to execute SQL queries.
Prepared statements with qmark ("?") placeholders are supported.
Replace all direct database accesses with calls to the new abstraction
layer.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of looking up the account type of the current user again, use
the AUR_PRIVILEGED environment variable to check whether the user is
allowed to perform non-fast-forward ref updates.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Since 02dd9c5 (git-serve.py: Automatically create repositories,
2015-01-06), one can create new package bases by running `git push`. It
is no longer necessary to run setup-repo manually.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Show a warning when a Trusted User or a developer creates a package that
is blacklisted or already provided by an official package.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Read all environment variables at the beginning of the script and
immediately pre-process their values.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of automatically adding packages from the official binary
repositories to the package blacklist, use the official provider list to
prevent users from uploading duplicates.
This does not only result in reduced disk usage but also has a nice
visible side effect. The error messages printed by the update hook now
look like
error: package already provided by [community]: powerline-fonts
instead of
error: package is blacklisted: powerline-fonts
which was confusing to most end users.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of `config <pkgbase> keywords <keyword1> <keyword2>...`, the new
syntax is `set-keywords <pkgbase> <keyword1> <keyword2>...`.
The `config` keyword was rather general and it was not obvious that it
could be used to change package base settings. Instead of replacing it
with an even more verbose expression, remove that unnecessary level of
indirection. Since we do not (and probably never will) support keywords
anywhere else, the chance of name conflicts is small.
Suggested-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Introduce a new notification option to receive notifications when a new
commit is pushed to a package repository.
Implements FS#30109.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
As a preparatory step to adding support for package notifications on
events other than comments, rename the database table accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
python-srcinfo is a more transparent and simpler library for parsing
SRCINFO files.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Fixes a regression introduced in 8c87b1d (git-serve: Add support for
setting keywords, 2015-10-22).
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This allows for setting keywords using the SSH interface. The syntax is
`config <pkgbase> keywords <keyword1> <keyword2>...`.
Implements FS#45627.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Since 612300b (Show a warning if .SRCINFO is unchanged, 2015-09-29), the
git-update script displays a warning when a ref update does not affect
the content of the package base meta data. We also invoke git-update to
rebuild the package base details in the aurweb database when a package
base is restored via the SSH interface. In that case, fake information
is passed to the update hook: Both the old and the new object IDs refer
to the current HEAD. Check for such "Everything up-to-date" updates and
not display the ".SRCINFO unchanged" in these cases.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Warn users when a remote ref update does not change the content of
.SRCINFO such that users are reminded of updating package meta data.
Implements FS#46130.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Fixes a regression introduced in 4112e57 (Add a restore command to the
SSH interface, 2015-08-14).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Implement a new command that can be used to restore deleted package
bases without having to push a new commit.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The pkgbase variable already contains the package base name at this
point, no need to reassign it.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Since c4870a9 (git-update: Only check HEAD for blacklisted packages,
2015-06-04), only the HEAD commit package name is looked up in the
blacklist. This means that we no longer need to read the blacklist
before running the commit walker. Moving the blacklist reading code
further down makes the code easier to read.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit fixes a bug introduced by ae2907a (git: Use .format
everywhere instead of %, 2015-06-27) where passing the error tuple to
.format wasn't prefixed with an asterisk.
Fixes FS#45545.
Reported-by: Marty <vadmium+al@gmail.com>
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When the package base does not match the repository name, we currently
show an error message that only mentions the package base name:
error: invalid pkgbase: yate-qt4
To the end user this sounds like the package base name is malformed
itself (and we show exactly the same error message when it contains
invalid characters, indeed). Clarify that there is a name mismatch by
also printing the expected value:
error: invalid pkgbase: yate-qt4, expected: yate4-qt
Inspired by FS#45483.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Attaching more than one SSH public key to the same account is useful,
e.g. if one uses different machines to access the AUR SSH interface.
Multiple keys can now be specified by adding multiple lines to the text
area on the account edit form.
Implements FS#45469.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Acked-by: Leonidas Spyropoulos <artafinde@gmail.com>
Also add an utility function for formatting the ForceCommand, using
shlex.quote to quote the value.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
% formatting is deprecated, and .format should be used instead.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The url and pkgdesc PKGBUILD variables are optional, so they should be
in the AUR as well.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The regex check that a URL is either http or ftp doesn't really have any
use, and it forces you to leave proper URLs for eg projects hosted on
gopher empty.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
If a .SRCINFO line doesn't start with a tab, check if the key is pkgname
before adding it as a package.
Fixes a bug where if you have accidentally gotten a line indented with
spaces, from that line forward it will think it is a split package,
instead of erroring out.
Reported-by: Raansu <Gero3977@gmail.com>
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit adds support for cloning repositories over SSH without a
leading slash or with a trailing .git
Fixes FS#45260
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Although we theoretically never want to lose history, there may be rare
occasions when a forced push is required (e.g. if illegal data is
pushed). Allow Trusted Users and Developers to perform non-fast-forward
pushes.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
To make sure we never lose any history, non-fast-forwards are forbidden.
Instead of relying on receive.denyNonFastForwards, add a simple check to
the update hook. This has the added benefit of more flexibility.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
