summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPierre Schmitz <pierre@archlinux.de>2010-08-13 08:20:27 +0200
committerPierre Schmitz <pierre@archlinux.de>2010-08-13 08:20:27 +0200
commite2c005b490df6762e23da3223944151c17d1de80 (patch)
treebb9619cb292a76a09eb0d6604d9871e35ebbb8ba
parentaf4f86808e8cd45cc171f55a1ec15bf30d858a0d (diff)
downloaddbscripts-e2c005b490df6762e23da3223944151c17d1de80.tar.gz
dbscripts-e2c005b490df6762e23da3223944151c17d1de80.tar.xz
Check permission before any action
Added a function to check if user has permission to alter the repos and db files.
-rw-r--r--db-functions29
-rwxr-xr-xdb-move5
-rwxr-xr-xdb-remove5
-rwxr-xr-xdb-update10
-rw-r--r--test/lib/common.inc49
5 files changed, 72 insertions, 26 deletions
diff --git a/db-functions b/db-functions
index c4fc8f3..f22567b 100644
--- a/db-functions
+++ b/db-functions
@@ -73,7 +73,7 @@ die() {
cleanup 1
}
-trap abort INT QUIT TERM
+trap abort INT QUIT TERM HUP
trap cleanup EXIT
@@ -274,3 +274,30 @@ pkgver_from_src() {
tmp=${tmp%-any}
echo $tmp | sed 's|.*-\(.*-.*\)$|\1|g'
}
+
+check_repo_permission() {
+ local repo=$1
+
+ local repos="$(get_repos_for_host)"
+ local found=false
+ local r
+ for r in $repos; do
+ if [ "$r" = "$repo" ]; then
+ found=true
+ fi
+ done
+ [ $found ] || return 1
+
+ [ -w "$FTP_BASE/$(get_pkgpool_for_host)" ] || return 1
+
+ local arch
+ for arch in ${ARCHES} any; do
+ local w
+ local ws=("${FTP_BASE}/${repo}/os/${arch}/"{,${repo}${DBEXT}})
+ for w in ws; do
+ [ -w ] || return 1
+ done
+ done
+
+ return 0
+}
diff --git a/db-move b/db-move
index d18a4fa..41b360d 100755
--- a/db-move
+++ b/db-move
@@ -23,6 +23,11 @@ ftppath_to="$FTP_BASE/$repoto/os/"
svnrepo_from="$repofrom-$arch"
svnrepo_to="$repoto-$arch"
+if ! check_repo_permission $repoto || ! check_repo_permission $repofrom; then
+ echo "Error: You don't have permission to move packages from ${repofrom} to ${repoto}"
+ exit 1
+fi
+
repo_lock $repoto $arch || exit 1
repo_lock $repofrom $arch || exit 1
diff --git a/db-remove b/db-remove
index 5a55849..1492d18 100755
--- a/db-remove
+++ b/db-remove
@@ -15,6 +15,11 @@ arch="$3"
ftppath="$FTP_BASE/$reponame/os"
svnrepo="$reponame-$arch"
+if ! check_repo_permission $reponame; then
+ echo "Error: You don't have permission to remove packages from ${reponam}"
+ exit 1
+fi
+
repo_lock $reponame $arch || exit 1
echo -n "Removing $packagebase from $reponame..."
diff --git a/db-update b/db-update
index 46becac..c049714 100755
--- a/db-update
+++ b/db-update
@@ -11,15 +11,7 @@ fi
reponame="$1"
current_arch=""
-# ensure we should be playing with this DB on this server
-repos="$(get_repos_for_host)"
-found=0
-for r in $repos; do
- if [ "$r" = "$reponame" ]; then
- found=1
- fi
-done
-if [ $found -ne 1 ]; then
+if ! check_repo_permission "$reponame"; then
echo "error: you shouldn't be updating $reponame on this server!"
exit 1
fi
diff --git a/test/lib/common.inc b/test/lib/common.inc
index 89155c7..795d01a 100644
--- a/test/lib/common.inc
+++ b/test/lib/common.inc
@@ -1,3 +1,5 @@
+set -E
+
. "${curdir}/../db-functions"
oneTimeSetUp() {
@@ -8,7 +10,9 @@ oneTimeSetUp() {
for p in "${pkgdir}"/*; do
pushd $p >/dev/null
linux32 makepkg -cf --config ${curdir}/lib/makepkg-i686.conf >/dev/null 2>&1 || die 'makepkg failed'
- [ -f *-any.pkg.tar.* ] || linux64 makepkg -cf --config ${curdir}/lib/makepkg-x86_64.conf >/dev/null 2>&1 || die 'makepkg failed'
+ [ -f *-any.pkg.tar.* ] \
+ || linux64 makepkg -cf --config ${curdir}/lib/makepkg-x86_64.conf >/dev/null 2>&1 \
+ || die 'makepkg failed'
popd >/dev/null
done
echo 'done'
@@ -23,7 +27,7 @@ setUp() {
local p
local pkg
- [ -f "${curdir}/../config.local" ] && die "${curdir}/../config.local exists"
+ #[ -f "${curdir}/../config.local" ] && die "${curdir}/../config.local exists"
TMP="$(mktemp -d /dev/shm/$(basename $0).XXXXXXXXXX)"
#echo "Using ${TMP}"
@@ -82,17 +86,20 @@ checkAnyPackage() {
local pkg=$2
local arch
- [ -f "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "$(get_pkgpool_for_host)/${pkg} not found"
+ [ -r "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "$(get_pkgpool_for_host)/${pkg} not found"
for arch in i686 x86_64; do
[ -L "${FTP_BASE}/${repo}/os/${arch}/${pkg}" ] || fail "${repo}/os/${arch}/${pkg} not a symlink"
- [ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}")" == "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "${repo}/os/${arch}/${pkg} does not link to $(get_pkgpool_for_host)/${pkg}"
+ [ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}")" == "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] \
+ || fail "${repo}/os/${arch}/${pkg} does not link to $(get_pkgpool_for_host)/${pkg}"
done
- [ -f "${STAGING}"/${repo}/${pkg} ] && fail "${repo}/${pkg} found in staging dir"
+ [ -r "${STAGING}"/${repo}/${pkg} ] && fail "${repo}/${pkg} found in staging dir"
- bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkg} || fail "${pkg} not in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}"
+ ( [ -r "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" ] \
+ && bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkg}) \
+ || fail "${pkg} not in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}"
- [ -f "${FTP_BASE}/${repo}/os/any/${pkg}" ] && fail "${repo}/os/any/${pkg} should not exist"
+ [ -r "${FTP_BASE}/${repo}/os/any/${pkg}" ] && fail "${repo}/os/any/${pkg} should not exist"
}
checkPackage() {
@@ -100,17 +107,21 @@ checkPackage() {
local pkg=$2
local arch=$3
- [ -f "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "$(get_pkgpool_for_host)/${pkg} not found"
+ [ -r "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "$(get_pkgpool_for_host)/${pkg} not found"
[ -L "${FTP_BASE}/${repo}/os/${arch}/${pkg}" ] || fail "${repo}/os/${arch}/${pkg} not a symlink"
- [ -f "${STAGING}"/${repo}/${pkg} ] && fail "${repo}/${pkg} found in staging dir"
+ [ -r "${STAGING}"/${repo}/${pkg} ] && fail "${repo}/${pkg} found in staging dir"
- [ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}")" == "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] || fail "${repo}/os/${arch}/${pkg} does not link to $(get_pkgpool_for_host)/${pkg}"
+ [ "$(readlink -e "${FTP_BASE}/${repo}/os/${arch}/${pkg}")" == "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}" ] \
+ || fail "${repo}/os/${arch}/${pkg} does not link to $(get_pkgpool_for_host)/${pkg}"
- bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkg} || fail "${pkg} not in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}"
+ ( [ -r "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" ] \
+ && bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkg}) \
+ || fail "${pkg} not in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}"
local pkgbase=$(getpkgbase "${FTP_BASE}/$(get_pkgpool_for_host)/${pkg}")
svn up -q "${TMP}/svn-packages-copy/${pkgbase}"
- [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-${arch}" ] || fail "svn-packages-copy/${pkgbase}/repos/${repo}-${arch} does not exist"
+ [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-${arch}" ] \
+ || fail "svn-packages-copy/${pkgbase}/repos/${repo}-${arch} does not exist"
}
checkRemovedPackage() {
@@ -118,10 +129,13 @@ checkRemovedPackage() {
local pkgbase=$2
local arch=$3
- bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkgbase} && fail "${pkgbase} should not be in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}"
+ ( [ -r "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" ] \
+ && bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkgbase}) \
+ && fail "${pkgbase} should not be in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}"
svn up -q "${TMP}/svn-packages-copy/${pkgbase}"
- [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-${arch}" ] && fail "svn-packages-copy/${pkgbase}/repos/${repo}-${arch} should not exist"
+ [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-${arch}" ] \
+ && fail "svn-packages-copy/${pkgbase}/repos/${repo}-${arch} should not exist"
}
checkRemovedAnyPackage() {
@@ -130,9 +144,12 @@ checkRemovedAnyPackage() {
local arch
for arch in i686 x86_64; do
- bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkgbase} && fail "${pkgbase} should not be in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}"
+ ( [ -r "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" ] \
+ && bsdtar -xf "${FTP_BASE}/${repo}/os/${arch}/${repo}${DBEXT%.tar.*}" -O | grep -q ${pkgbase}) \
+ && fail "${pkgbase} should not be in ${repo}/os/${arch}/${repo}${DBEXT%.tar.*}"
done
svn up -q "${TMP}/svn-packages-copy/${pkgbase}"
- [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-any" ] && fail "svn-packages-copy/${pkgbase}/repos/${repo}-any should not exist"
+ [ -d "${TMP}/svn-packages-copy/${pkgbase}/repos/${repo}-any" ] \
+ && fail "svn-packages-copy/${pkgbase}/repos/${repo}-any should not exist"
} \ No newline at end of file