Require TUs to explicitly request to overwrite a pkgbase

AUR_PRIVILEGED allows people with privileged AUR accounts to evade the
block on non-fast-forward commits. While valid in this case, we should
not do so by default, since in at least one case a TU did this without
realizing there was an existing package.
( https://aur.archlinux.org/packages/rtmidi/ )

Switch to using allow_overwrite to check for destructive actions.
Use .ssh/config "SendEnv" on the TU's side and and sshd_config
"AcceptEnv" in the AUR server to specifically request overwrite access.
TUs should use: `AUR_OVERWRITE=1 git push --force`

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

1 files changed, 2 insertions, 0 deletions

diff --git a/aurweb/git/auth.py b/aurweb/git/auth.py
index 022b0fff..d02390da 100755
--- a/aurweb/git/auth.py
+++ b/aurweb/git/auth.py
@@ -1,5 +1,6 @@
 #!/usr/bin/python3
 
+import os
 import shlex
 import re
 import sys
@@ -52,6 +53,7 @@ def main():
     env_vars = {
         'AUR_USER': user,
         'AUR_PRIVILEGED': '1' if account_type > 1 else '0',
+        'AUR_OVERWRITE' : os.environ.get('AUR_OVERWRITE', '0') if account_type > 1 else '0',
     }
     key = keytype + ' ' + keytext