Require TUs to explicitly request to overwrite a pkgbase

AUR_PRIVILEGED allows people with privileged AUR accounts to evade the block on non-fast-forward commits. While valid in this case, we should not do so by default, since in at least one case a TU did this without realizing there was an existing package. ( https://aur.archlinux.org/packages/rtmidi/ ) Switch to using allow_overwrite to check for destructive actions. Use .ssh/config "SendEnv" on the TU's side and and sshd_config "AcceptEnv" in the AUR server to specifically request overwrite access. TUs should use: `AUR_OVERWRITE=1 git push --force` Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2025-02-03 10:43:03 +01:00 · 2017-07-24 23:31:19 -04:00 · 2017-07-24 23:31:19 -04:00 · c5302d3a33
commit c5302d3a33
parent 243fb92273
4 changed files with 11 additions and 1 deletions
--- a/aurweb/git/update.py
+++ b/aurweb/git/update.py
@ -238,6 +238,7 @@ def main():
    user = os.environ.get("AUR_USER")
    pkgbase = os.environ.get("AUR_PKGBASE")
    privileged = (os.environ.get("AUR_PRIVILEGED", '0') == '1')
+    allow_overwrite = (os.environ.get("AUR_OVERWRITE", '0') == '1')
    warn_or_die = warn if privileged else die

    if len(sys.argv) == 2 and sys.argv[1] == "restore":
@ -258,7 +259,7 @@ def main():
    conn = aurweb.db.Connection()

    # Detect and deny non-fast-forwards.
-    if sha1_old != "0" * 40 and not privileged:
+    if sha1_old != "0" * 40 and not allow_overwrite:
        walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL)
        walker.hide(sha1_new)
        if next(walker, None) is not None: