diff options
author | Lukas Fleischer <lfleischer@archlinux.org> | 2015-06-04 11:21:04 +0200 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2015-06-04 11:35:46 +0200 |
commit | 58db1647322b29dd2f182ccf0e93879e2a2fb88f (patch) | |
tree | cfe64e0422c1d84165c97955d23635df50f4c3ec | |
parent | c4870a95fc54e7ca12c495fd63932a35418b9c83 (diff) | |
download | aurweb-58db1647322b29dd2f182ccf0e93879e2a2fb88f.tar.xz |
git-update: Prevent from overwriting packages
Make sure we do not overwrite a package belonging to another package
base. We forgot to add this check to git-update when porting the package
submission script to Python in commit 74edb6f (Use Git repositories to
store packages, 2014-06-06).
Reported-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rwxr-xr-x | git-interface/git-update.py | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/git-interface/git-update.py b/git-interface/git-update.py index 34633e8..0a4130e 100755 --- a/git-interface/git-update.py +++ b/git-interface/git-update.py @@ -252,12 +252,22 @@ srcinfo_pkgbase = srcinfo._pkgbase['pkgname'] if srcinfo_pkgbase != pkgbase: die('invalid pkgbase: %s' % (srcinfo_pkgbase)) +pkgbase = srcinfo._pkgbase['pkgname'] +cur.execute("SELECT ID FROM PackageBases WHERE Name = %s", [pkgbase]) +pkgbase_id = cur.fetchone()[0] + for pkgname in srcinfo.GetPackageNames(): pkginfo = srcinfo.GetMergedPackage(pkgname) + pkgname = pkginfo['pkgname'] - if pkginfo['pkgname'] in blacklist: + if pkgname in blacklist: die('package is blacklisted: %s' % (pkginfo['pkgname'])) + cur.execute("SELECT COUNT(*) FROM Packages WHERE Name = %s AND " + + "PackageBaseID <> %s", [pkgname, pkgbase_id]) + if cur.fetchone()[0] > 0: + die('cannot overwrite package: %s' % (pkgname)) + save_srcinfo(srcinfo, db, cur, user) db.close() |