From 58db1647322b29dd2f182ccf0e93879e2a2fb88f Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <lfleischer@archlinux.org>
Date: Thu, 4 Jun 2015 11:21:04 +0200
Subject: git-update: Prevent from overwriting packages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Make sure we do not overwrite a package belonging to another package
base. We forgot to add this check to git-update when porting the package
submission script to Python in commit 74edb6f (Use Git repositories to
store packages, 2014-06-06).

Reported-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 git-interface/git-update.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'git-interface')

diff --git a/git-interface/git-update.py b/git-interface/git-update.py
index 34633e8..0a4130e 100755
--- a/git-interface/git-update.py
+++ b/git-interface/git-update.py
@@ -252,12 +252,22 @@ srcinfo_pkgbase = srcinfo._pkgbase['pkgname']
 if srcinfo_pkgbase != pkgbase:
     die('invalid pkgbase: %s' % (srcinfo_pkgbase))
 
+pkgbase = srcinfo._pkgbase['pkgname']
+cur.execute("SELECT ID FROM PackageBases WHERE Name = %s", [pkgbase])
+pkgbase_id = cur.fetchone()[0]
+
 for pkgname in srcinfo.GetPackageNames():
     pkginfo = srcinfo.GetMergedPackage(pkgname)
+    pkgname = pkginfo['pkgname']
 
-    if pkginfo['pkgname'] in blacklist:
+    if pkgname in blacklist:
         die('package is blacklisted: %s' % (pkginfo['pkgname']))
 
+    cur.execute("SELECT COUNT(*) FROM Packages WHERE Name = %s AND " +
+                "PackageBaseID <> %s", [pkgname, pkgbase_id])
+    if cur.fetchone()[0] > 0:
+        die('cannot overwrite package: %s' % (pkgname))
+
 save_srcinfo(srcinfo, db, cur, user)
 
 db.close()
-- 
cgit v1.2.3-54-g00ecf