From patchwork Fri Jul 21 04:13:39 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eli Schwartz <eschwartz@archlinux.org>
X-Patchwork-Id: 215
Return-Path: <aur-dev-bounces@archlinux.org>
Delivered-To: patchwork@archlinux.org
Received: from nymeria.archlinux.org
	by nymeria.archlinux.org with LMTP id mOpBE6J/cVloHQAAtiB/HQ
	for <patchwork@archlinux.org>; Fri, 21 Jul 2017 06:14:26 +0200
Received: from nymeria.archlinux.org (localhost.localdomain [127.0.0.1])
	by nymeria.archlinux.org (Postfix) with ESMTP id 136964049A;
	Fri, 21 Jul 2017 06:14:24 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
	nymeria.archlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.3 required=2.5 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_MED shortcircuit=no
	autolearn=unavailable autolearn_force=no version=3.4.1
Received: from luna.archlinux.org (luna.archlinux.org [5.9.250.164])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by nymeria.archlinux.org (Postfix) with ESMTPS;
	Fri, 21 Jul 2017 06:14:23 +0200 (CEST)
Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1])
	by luna.archlinux.org (Postfix) with ESMTP id BF0A02C636;
	Fri, 21 Jul 2017 04:14:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org;
	s=luna2; t=1500610463;
	bh=eCQyiwKjwk+u0/bCKdQu52BpEE+YkNQlY9scXYykzO0=;
	h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:
	 List-Post:List-Help:List-Subscribe:Reply-To;
	b=exFSGZeFF4tAouPOza2dSP2OgOZ0hMbdgY+1/FhbOvOZ9fg6IAhHjZDLxZBpV2tdm
	 jqDGZMvke2Z1sQ6Vgoluw+P4r2NjVweLlXY/690gLqbipzSvmQOU3/kr9aEyDMuKyK
	 FEc7vl8wuHI4dA+1huqR/PvWroCcs5v1DGzBjmbfiPSn26+tw5PyrZX4egCwLHpA1h
	 1IMzUEk1i1/Yt4leZwzDW5fg9KAtMDlaz8iOGmpHpNzQcRJGXv7GqOmOh9T5EyUD1t
	 Wx2yY4yRh4pV/2yxgeZiyTgv1G94i2SzuAkfGI6GrJV846HsCf+cWGiXXbsxeSyNsv
	 YEyBIasGCuulkNsK8be/EekOPBucJmLWuZ5IcGowSFBdzgpFXXSf3d/fDqBMW8cScA
	 sQcbADyadQTkxYZ0FpA6zrgOrwPhmzIfR715D0R7yDW+256v0Fb8THHOQa5zbiXOY8
	 ydi9cHEy7gXf8jRiHSvAnYaooYRSQKlszSO50f78I/mW6MFv1BEqcJPc4mDcLg8RAA
	 J1HM0qPUAzZG3+fnMjNKWQWiGMEFfVwvwQ/y7WZ0OgrRR3E+Dlq16PTy+2pfxG/pPG
	 QvAgTwtCXsGaY9i1EBTx7NvmUMd9s7Ramxyvnz53ChrxAIdE1u7DddtZIXIcKoKYJ4
	 QF5Ce4BNpX0lDjWoln/K4G/Q=
Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1])
 by luna.archlinux.org (Postfix) with ESMTP id 6CBD92C5FF
 for <aur-dev@lists.archlinux.org>; Fri, 21 Jul 2017 04:14:19 +0000 (UTC)
Received: from nymeria.archlinux.org (nymeria.archlinux.org
 [IPv6:2a00:1828:2000:547::2])
 by luna.archlinux.org (Postfix) with ESMTPS
 for <aur-dev@lists.archlinux.org>; Fri, 21 Jul 2017 04:14:19 +0000 (UTC)
Received: from nymeria.archlinux.org (localhost.localdomain [127.0.0.1])
 by nymeria.archlinux.org (Postfix) with ESMTP id C20BD40289
 for <aur-dev@lists.archlinux.org>; Fri, 21 Jul 2017 06:14:17 +0200 (CEST)
Received: from vostro.gateway.pace.com
 (99-123-52-46.lightspeed.tukrga.sbcglobal.net [99.123.52.46])
 (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits))
 (No client certificate requested) (Authenticated sender: eschwartz)
 by nymeria.archlinux.org (Postfix) with ESMTPSA id CBF034006B
 for <aur-dev@archlinux.org>; Fri, 21 Jul 2017 06:14:16 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=archlinux.org;
 s=nymeria2; t=1500610457;
 bh=eCQyiwKjwk+u0/bCKdQu52BpEE+YkNQlY9scXYykzO0=;
 h=From:To:Subject:Date;
 b=QmC3L0s0vliqFQ3k2Vm0xv9vn1tZRWvmoYyHDmoscpI2P38veaWm6ehyT9MS3B1Gc
 zqgjnl7/GHzwv3w4Xlo39hpc6s73Fb2qaXWv7+t11WSOyaOT2Ow9RKUCt26vewGK3u
 D3SsQWVUpDKVegZYkLo8VsFUBYxNsmSWK0ytKW3frrQzLtik//YqNAhMpS4EtgVa0I
 mMWomPQT5UwoR4jdr2aCt49044CfI66TqsPp+phEVH2jJdpEUz3b8PlPA4Kdjtb0/+
 WhFbur22Q0oaZO8vZXKeEzzw/ar9Rz1nEimQDz+09cF93MJklrCfvzVl0i7rnIG+2a
 lXKQEDUUTN2D5HbUaMgRA8dWQepeZqusCjlR6XIPiBvz+zGBB1N0lbdWaUwJAebKyV
 F4ej8fYgieTntdCGitEjhBxOX1CqvKY2YAZiBr9XRL8i3QBv0ncFXdd9PuMgkDvnul
 FclYYVtKxaOTlABQVC+5iZb/ehrOQuj1wdMPoQCNQIuvuR98BQlxuBh5S/3RxttyOd
 rSqYj9HsRrqeLLyUAtjKCF1mibjUYArfQ5phqHw34axDhoTyoBLqM8XotsLUrAoE8E
 Ku4vj6ZiO3ug7E/dXBI7xRNZbn9tpufDVIwGvtPyh/odbZsBsu5bspb5eER6cO+qTq
 w2wd1Is/rEukg2deAGHWWaoA=
From: Eli Schwartz <eschwartz@archlinux.org>
To: "Arch User Repository (AUR) Development" <aur-dev@archlinux.org>
Date: Fri, 21 Jul 2017 00:13:39 -0400
Message-Id: <20170721041340.29622-1-eschwartz@archlinux.org>
X-Mailer: git-send-email 2.13.3
Subject: [aur-dev] [PATCH 1/2] Emit warning when TUs use their supowerpowers
 to overwrite a pkgbase
X-BeenThere: aur-dev@archlinux.org
X-Mailman-Version: 2.1.24
Precedence: list
List-Id: "Arch User Repository \(AUR\) Development" <aur-dev.archlinux.org>
List-Unsubscribe: <https://lists.archlinux.org/options/aur-dev>,
 <mailto:aur-dev-request@archlinux.org?subject=unsubscribe>
List-Archive: <https://lists.archlinux.org/pipermail/aur-dev/>
List-Post: <mailto:aur-dev@archlinux.org>
List-Help: <mailto:aur-dev-request@archlinux.org?subject=help>
List-Subscribe: <https://lists.archlinux.org/listinfo/aur-dev>,
 <mailto:aur-dev-request@archlinux.org?subject=subscribe>
Reply-To: "Arch User Repository \(AUR\) Development" <aur-dev@archlinux.org>
Errors-To: aur-dev-bounces@archlinux.org
Sender: "aur-dev" <aur-dev-bounces@archlinux.org>
X-UID: 504
Status: 
X-Keywords: 
Content-Length: 1796

AUR_PRIVILEGED allows people with privileged AUR accounts to evade the
block on non-fast-forward commits. While valid in this case, we should
still provide a message saying that this happened, since in at least one
case ( https://aur.archlinux.org/packages/rtmidi/ ) a TU did this
without realizing there was an existing package.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
---

Similar to the warn_or_die function, except that doesn't take
alternative messages and there is no nice universal message here.

I think I prefer something that allows the TU to set whether they really
mean to perform a privileged TU action, since accidentally overwriting
something is kind of bad either way.
The follow-up patch implements this -- instead? alongside? Either patch
stands on its own, though I think I'd like to see both.


 aurweb/git/update.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/aurweb/git/update.py b/aurweb/git/update.py
index c9a98d0..3b9ff97 100755
--- a/aurweb/git/update.py
+++ b/aurweb/git/update.py
@@ -258,11 +258,14 @@ def main():
     conn = aurweb.db.Connection()
 
     # Detect and deny non-fast-forwards.
-    if sha1_old != "0" * 40 and not privileged:
+    if sha1_old != "0" * 40:
         walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL)
         walker.hide(sha1_new)
         if next(walker, None) is not None:
-            die("denying non-fast-forward (you should pull first)")
+            if privileged:
+                warn("non-fast-forward push (are you absolutely sure you mean this?)")
+            else:
+                die("denying non-fast-forward (you should pull first)")
 
     # Prepare the walker that validates new commits.
     walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL)