diff options
author | Eli Schwartz <eschwartz@archlinux.org> | 2017-07-25 05:31:19 +0200 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2017-07-25 20:12:11 +0200 |
commit | c5302d3a33028f483cc2e01225226d4ae047dd4a (patch) | |
tree | 9bc9895223019903b52124bca4b7c8c608f246cf /aurweb/git/update.py | |
parent | 243fb92273de1c8bf5c938a62cb06bd198c97c4c (diff) | |
download | aur-c5302d3a33028f483cc2e01225226d4ae047dd4a.tar.gz aur-c5302d3a33028f483cc2e01225226d4ae047dd4a.tar.xz |
Require TUs to explicitly request to overwrite a pkgbase
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the
block on non-fast-forward commits. While valid in this case, we should
not do so by default, since in at least one case a TU did this without
realizing there was an existing package.
( https://aur.archlinux.org/packages/rtmidi/ )
Switch to using allow_overwrite to check for destructive actions.
Use .ssh/config "SendEnv" on the TU's side and and sshd_config
"AcceptEnv" in the AUR server to specifically request overwrite access.
TUs should use: `AUR_OVERWRITE=1 git push --force`
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'aurweb/git/update.py')
-rwxr-xr-x | aurweb/git/update.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/aurweb/git/update.py b/aurweb/git/update.py index c9a98d07..16fa2b07 100755 --- a/aurweb/git/update.py +++ b/aurweb/git/update.py @@ -238,6 +238,7 @@ def main(): user = os.environ.get("AUR_USER") pkgbase = os.environ.get("AUR_PKGBASE") privileged = (os.environ.get("AUR_PRIVILEGED", '0') == '1') + allow_overwrite = (os.environ.get("AUR_OVERWRITE", '0') == '1') warn_or_die = warn if privileged else die if len(sys.argv) == 2 and sys.argv[1] == "restore": @@ -258,7 +259,7 @@ def main(): conn = aurweb.db.Connection() # Detect and deny non-fast-forwards. - if sha1_old != "0" * 40 and not privileged: + if sha1_old != "0" * 40 and not allow_overwrite: walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL) walker.hide(sha1_new) if next(walker, None) is not None: |