mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
Removed code for tarball extraction.
Automatic tarball extraction was vulnerable in different ways. Users should also only use source tarballs to build packages, so this has been removed completely. From now on, only the PKGBUILD is extracted in a secure manner. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer
parent
233f67b87e
commit
ec0dfc27de
3 changed files with 38 additions and 50 deletions
23
UPGRADING
23
UPGRADING
|
|
@ -3,9 +3,32 @@ Upgrading
|
|||
|
||||
From 1.7.0 to 1.8.0
|
||||
-------------------
|
||||
|
||||
1. Run the following MySQL statements:
|
||||
|
||||
----
|
||||
ALTER TABLE Packages ADD OutOfDateTS BIGINT UNSIGNED NULL DEFAULT NULL;
|
||||
UPDATE Packages SET OutOfDateTS = UNIX_TIMESTAMP() WHERE OutOfDate = 1;
|
||||
ALTER TABLE Packages DROP OutOfDate;
|
||||
----
|
||||
|
||||
2. You will need to update all packages which are stored in the incoming dir as
|
||||
in 1.8.0, source tarballs are no longer extracted automatically and PKGBUILDs
|
||||
are from now on located in the same subdirectories as the tarballs themselves.
|
||||
The following script will do the conversion automatically when being run inside
|
||||
"$INCOMING_DIR":
|
||||
|
||||
----
|
||||
#!/bin/bash
|
||||
|
||||
for pkg in *; do
|
||||
if [ -d "${pkg}" -a ! -f "${pkg}/PKGBUILD" ]; then
|
||||
pkgbuild_file=$(find -P "${pkg}" -name PKGBUILD)
|
||||
[ -n "${pkgbuild_file}" ] && \
|
||||
cp "${pkgbuild_file}" "${pkg}/PKGBUILD"
|
||||
fi
|
||||
done
|
||||
----
|
||||
|
||||
From 1.6.0 to 1.7.0
|
||||
-------------------
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue