summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2015-06-04 11:21:04 +0200
committerLukas Fleischer <lfleischer@archlinux.org>2015-06-04 11:35:46 +0200
commit58db1647322b29dd2f182ccf0e93879e2a2fb88f (patch)
treecfe64e0422c1d84165c97955d23635df50f4c3ec
parentc4870a95fc54e7ca12c495fd63932a35418b9c83 (diff)
downloadaur-58db1647322b29dd2f182ccf0e93879e2a2fb88f.tar.gz
aur-58db1647322b29dd2f182ccf0e93879e2a2fb88f.tar.xz
git-update: Prevent from overwriting packages
Make sure we do not overwrite a package belonging to another package base. We forgot to add this check to git-update when porting the package submission script to Python in commit 74edb6f (Use Git repositories to store packages, 2014-06-06). Reported-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rwxr-xr-xgit-interface/git-update.py12
1 files changed, 11 insertions, 1 deletions
diff --git a/git-interface/git-update.py b/git-interface/git-update.py
index 34633e89..0a4130e0 100755
--- a/git-interface/git-update.py
+++ b/git-interface/git-update.py
@@ -252,12 +252,22 @@ srcinfo_pkgbase = srcinfo._pkgbase['pkgname']
if srcinfo_pkgbase != pkgbase:
die('invalid pkgbase: %s' % (srcinfo_pkgbase))
+pkgbase = srcinfo._pkgbase['pkgname']
+cur.execute("SELECT ID FROM PackageBases WHERE Name = %s", [pkgbase])
+pkgbase_id = cur.fetchone()[0]
+
for pkgname in srcinfo.GetPackageNames():
pkginfo = srcinfo.GetMergedPackage(pkgname)
+ pkgname = pkginfo['pkgname']
- if pkginfo['pkgname'] in blacklist:
+ if pkgname in blacklist:
die('package is blacklisted: %s' % (pkginfo['pkgname']))
+ cur.execute("SELECT COUNT(*) FROM Packages WHERE Name = %s AND " +
+ "PackageBaseID <> %s", [pkgname, pkgbase_id])
+ if cur.fetchone()[0] > 0:
+ die('cannot overwrite package: %s' % (pkgname))
+
save_srcinfo(srcinfo, db, cur, user)
db.close()