From ec0dfc27deb246ee7d7f19fd5290e499805869d2 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Thu, 4 Nov 2010 18:10:56 +0100
Subject: Removed code for tarball extraction.

Automatic tarball extraction was vulnerable in different ways. Users
should also only use source tarballs to build packages, so this has been
removed completely. From now on, only the PKGBUILD is extracted in a
secure manner.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 UPGRADING | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'UPGRADING')

diff --git a/UPGRADING b/UPGRADING
index bbf60f0..468e995 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -3,9 +3,32 @@ Upgrading
 
 From 1.7.0 to 1.8.0
 -------------------
+
+1. Run the following MySQL statements:
+
+----
 ALTER TABLE Packages ADD OutOfDateTS BIGINT UNSIGNED NULL DEFAULT NULL;
 UPDATE Packages SET OutOfDateTS = UNIX_TIMESTAMP() WHERE OutOfDate = 1;
 ALTER TABLE Packages DROP OutOfDate;
+----
+
+2. You will need to update all packages which are stored in the incoming dir as
+in 1.8.0, source tarballs are no longer extracted automatically and PKGBUILDs
+are from now on located in the same subdirectories as the tarballs themselves.
+The following script will do the conversion automatically when being run inside
+"$INCOMING_DIR":
+
+----
+#!/bin/bash
+
+for pkg in *; do
+	if [ -d "${pkg}" -a ! -f "${pkg}/PKGBUILD" ]; then
+		pkgbuild_file=$(find -P "${pkg}" -name PKGBUILD)
+		[ -n "${pkgbuild_file}" ] && \
+			cp "${pkgbuild_file}" "${pkg}/PKGBUILD"
+	fi
+done
+----
 
 From 1.6.0 to 1.7.0
 -------------------
-- 
cgit v1.2.3-54-g00ecf