From 58db1647322b29dd2f182ccf0e93879e2a2fb88f Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Thu, 4 Jun 2015 11:21:04 +0200 Subject: git-update: Prevent from overwriting packages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make sure we do not overwrite a package belonging to another package base. We forgot to add this check to git-update when porting the package submission script to Python in commit 74edb6f (Use Git repositories to store packages, 2014-06-06). Reported-by: Johannes Löthberg Signed-off-by: Lukas Fleischer --- git-interface/git-update.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'git-interface') diff --git a/git-interface/git-update.py b/git-interface/git-update.py index 34633e8..0a4130e 100755 --- a/git-interface/git-update.py +++ b/git-interface/git-update.py @@ -252,12 +252,22 @@ srcinfo_pkgbase = srcinfo._pkgbase['pkgname'] if srcinfo_pkgbase != pkgbase: die('invalid pkgbase: %s' % (srcinfo_pkgbase)) +pkgbase = srcinfo._pkgbase['pkgname'] +cur.execute("SELECT ID FROM PackageBases WHERE Name = %s", [pkgbase]) +pkgbase_id = cur.fetchone()[0] + for pkgname in srcinfo.GetPackageNames(): pkginfo = srcinfo.GetMergedPackage(pkgname) + pkgname = pkginfo['pkgname'] - if pkginfo['pkgname'] in blacklist: + if pkgname in blacklist: die('package is blacklisted: %s' % (pkginfo['pkgname'])) + cur.execute("SELECT COUNT(*) FROM Packages WHERE Name = %s AND " + + "PackageBaseID <> %s", [pkgname, pkgbase_id]) + if cur.fetchone()[0] > 0: + die('cannot overwrite package: %s' % (pkgname)) + save_srcinfo(srcinfo, db, cur, user) db.close() -- cgit v1.2.3-70-g09d2