#!/usr/bin/python3
from copy import copy, deepcopy
import configparser
import mysql.connector
import os
import pygit2
import re
import sys
import aurinfo
config = configparser.RawConfigParser()
config.read(os.path.dirname(os.path.realpath(__file__)) + "/../conf/config")
aur_db_host = config.get('database', 'host')
aur_db_name = config.get('database', 'name')
aur_db_user = config.get('database', 'user')
aur_db_pass = config.get('database', 'password')
aur_db_socket = config.get('database', 'socket')
repo_path = config.get('serve', 'repo-path')
repo_regex = config.get('serve', 'repo-regex')
def extract_arch_fields(pkginfo, field):
values = []
if field in pkginfo:
for val in pkginfo[field]:
values.append({"value": val, "arch": None})
for arch in ['i686', 'x86_64']:
if field + '_' + arch in pkginfo:
for val in pkginfo[field + '_' + arch]:
values.append({"value": val, "arch": arch})
return values
def parse_dep(depstring):
dep, _, desc = depstring.partition(': ')
depname = re.sub(r'(<|=|>).*', '', dep)
depcond = dep[len(depname):]
if (desc):
return (depname + ': ' + desc, depcond)
else:
return (depname, depcond)
def save_srcinfo(srcinfo, db, cur, user):
# Obtain package base ID and previous maintainer.
pkgbase = srcinfo._pkgbase['pkgname']
cur.execute("SELECT ID, MaintainerUID FROM PackageBases "
"WHERE Name = %s", [pkgbase])
(pkgbase_id, maintainer_uid) = cur.fetchone()
was_orphan = not maintainer_uid
# Obtain the user ID of the new maintainer.
cur.execute("SELECT ID FROM Users WHERE Username = %s", [user])
user_id = int(cur.fetchone()[0])
# Update package base details and delete current packages.
cur.execute("UPDATE PackageBases SET ModifiedTS = UNIX_TIMESTAMP(), " +
"PackagerUID = %s, OutOfDateTS = NULL WHERE ID = %s",
[user_id, pkgbase_id])
cur.execute("UPDATE PackageBases SET MaintainerUID = %s " +
"WHERE ID = %s AND MaintainerUID IS NULL",
[user_id, pkgbase_id])
cur.execute("DELETE FROM Packages WHERE PackageBaseID = %s",
[pkgbase_id])
for pkgname in srcinfo.GetPackageNames():
pkginfo = srcinfo.GetMergedPackage(pkgname)
if 'epoch' in pkginfo and int(pkginfo['epoch']) > 0:
ver = '{:d}:{:s}-{:s}'.format(int(pkginfo['epoch']), pkginfo['pkgver'],
pkginfo['pkgrel'])
else:
ver = '{:s}-{:s}'.format(pkginfo['pkgver'], pkginfo['pkgrel'])
for field in ('pkgdesc', 'url'):
if not field in pkginfo:
pkginfo[field] = None
# Create a new package.
cur.execute("INSERT INTO Packages (PackageBaseID, Name, " +
"Version, Description, URL) " +
"VALUES (%s, %s, %s, %s, %s)",
[pkgbase_id, pkginfo['pkgname'], ver,
pkginfo['pkgdesc'], pkginfo['url']])
db.commit()
pkgid = cur.lastrowid
# Add package sources.
for source_info in extract_arch_fields(pkginfo, 'source'):
cur.execute("INSERT INTO PackageSources (PackageID, Source, " +
"SourceArch) VALUES (%s, %s, %s)",
[pkgid, source_info['value'], source_info['arch']])
# Add package dependencies.
for deptype in ('depends', 'makedepends',
'checkdepends', 'optdepends'):
cur.execute("SELECT ID FROM DependencyTypes WHERE Name = %s",
[deptype])
deptypeid = cur.fetchone()[0]
for dep_info in extract_arch_fields(pkginfo, deptype):
depname, depcond = parse_dep(dep_info['value'])
deparch = dep_info['arch']
cur.execute("INSERT INTO PackageDepends (PackageID, " +
"DepTypeID, DepName, DepCondition, DepArch) " +
"VALUES (%s, %s, %s, %s, %s)",
[pkgid, deptypeid, depname, depcond, deparch])
# Add package relations (conflicts, provides, replaces).
for reltype in ('conflicts', 'provides', 'replaces'):
cur.execute("SELECT ID FROM RelationTypes WHERE Name = %s",
[reltype])
reltypeid = cur.fetchone()[0]
for rel_info in extract_arch_fields(pkginfo, reltype):
relname, relcond = parse_dep(rel_info['value'])
relarch = rel_info['arch']
cur.execute("INSERT INTO PackageRelations (PackageID, " +
"RelTypeID, RelName, RelCondition, RelArch) " +
"VALUES (%s, %s, %s, %s, %s)",
[pkgid, reltypeid, relname, relcond, relarch])
# Add package licenses.
if 'license' in pkginfo:
for license in pkginfo['license']:
cur.execute("SELECT ID FROM Licenses WHERE Name = %s",
[license])
if cur.rowcount == 1:
licenseid = cur.fetchone()[0]
else:
cur.execute("INSERT INTO Licenses (Name) VALUES (%s)",
[license])
db.commit()
licenseid = cur.lastrowid
cur.execute("INSERT INTO PackageLicenses (PackageID, " +
"LicenseID) VALUES (%s, %s)",
[pkgid, licenseid])
# Add package groups.
if 'groups' in pkginfo:
for group in pkginfo['groups']:
cur.execute("SELECT ID FROM Groups WHERE Name = %s",
[group])
if cur.rowcount == 1:
groupid = cur.fetchone()[0]
else:
cur.execute("INSERT INTO Groups (Name) VALUES (%s)",
[group])
db.commit()
groupid = cur.lastrowid
cur.execute("INSERT INTO PackageGroups (PackageID, "
"GroupID) VALUES (%s, %s)", [pkgid, groupid])
# Add user to notification list on adoption.
if was_orphan:
cur.execute("SELECT COUNT(*) FROM CommentNotify WHERE " +
"PackageBaseID = %s AND UserID = %s",
[pkgbase_id, user_id])
if cur.fetchone()[0] == 0:
cur.execute("INSERT INTO CommentNotify (PackageBaseID, UserID) " +
"VALUES (%s, %s)", [pkgbase_id, user_id])
db.commit()
def die(msg):
sys.stderr.write("error: {:s}\n".format(msg))
exit(1)
def die_commit(msg, commit):
sys.stderr.write("error: The following error " +
"occurred when parsing commit\n")
sys.stderr.write("error: {:s}:\n".format(commit))
sys.stderr.write("error: {:s}\n".format(msg))
exit(1)
repo = pygit2.Repository(repo_path)
user = os.environ.get("AUR_USER")
pkgbase = os.environ.get("AUR_PKGBASE")
privileged = (os.environ.get("AUR_PRIVILEGED", '0') == '1')
if len(sys.argv) == 2 and sys.argv[1] == "restore":
if 'refs/heads/' + pkgbase not in repo.listall_references():
die('{:s}: repository not found: {:s}'.format(sys.argv[1], pkgbase))
refname = "refs/heads/master"
sha1_old = sha1_new = repo.lookup_reference('refs/heads/' + pkgbase).target
elif len(sys.argv) == 4:
refname, sha1_old, sha1_new = sys.argv[1:4]
else:
die("invalid arguments")
if refname != "refs/heads/master":
die("pushing to a branch other than master is restricted")
db = mysql.connector.connect(host=aur_db_host, user=aur_db_user,
passwd=aur_db_pass, db=aur_db_name,
unix_socket=aur_db_socket, buffered=True)
cur = db.cursor()
# Detect and deny non-fast-forwards.
if sha1_old != "0000000000000000000000000000000000000000":
walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL)
walker.hide(sha1_new)
if next(walker, None) != None:
cur.execute("SELECT AccountTypeID FROM Users WHERE UserName = %s ",
[user])
if cur.fetchone()[0] == 1:
die("denying non-fast-forward (you should pull first)")
# Prepare the walker that validates new commits.
walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL)
if sha1_old != "0000000000000000000000000000000000000000":
walker.hide(sha1_old)
# Validate all new commits.
for commit in walker:
for fname in ('.SRCINFO', 'PKGBUILD'):
if not fname in commit.tree:
die_commit("missing {:s}".format(fname), str(commit.id))
for treeobj in commit.tree:
blob = repo[treeobj.id]
if isinstance(blob, pygit2.Tree):
die_commit("the repository must not contain subdirectories",
str(commit.id))
if not isinstance(blob, pygit2.Blob):
die_commit("not a blob object: {:s}".format(treeobj), str(commit.id))
if blob.size > 250000:
die_commit("maximum blob size (250kB) exceeded", str(commit.id))
srcinfo_raw = repo[commit.tree['.SRCINFO'].id].data.decode()
srcinfo_raw = srcinfo_raw.split('\n')
ecatcher = aurinfo.CollectionECatcher()
srcinfo = aurinfo.ParseAurinfoFromIterable(srcinfo_raw, ecatcher)
errors = ecatcher.Errors()
if errors:
sys.stderr.write("error: The following errors occurred "
"when parsing .SRCINFO in commit\n")
sys.stderr.write("error: {:s}:\n".format(str(commit.id)))
for error in errors:
sys.stderr.write("error: line {:d}: {:s}\n".format(*error))
exit(1)
srcinfo_pkgbase = srcinfo._pkgbase['pkgname']
if not re.match(repo_regex, srcinfo_pkgbase):
die_commit('invalid pkgbase: {:s}'.format(srcinfo_pkgbase), str(commit.id))
for pkgname in srcinfo.GetPackageNames():
pkginfo = srcinfo.GetMergedPackage(pkgname)
for field in ('pkgver', 'pkgrel', 'pkgname'):
if not field in pkginfo:
die_commit('missing mandatory field: {:s}'.format(field), str(commit.id))
if 'epoch' in pkginfo and not pkginfo['epoch'].isdigit():
die_commit('invalid epoch: {:s}'.format(pkginfo['epoch']), str(commit.id))
if not re.match(r'[a-z0-9][a-z0-9\.+_-]*$', pkginfo['pkgname']):
die_commit('invalid package name: {:s}'.format(pkginfo['pkgname']),
str(commit.id))
for field in ('pkgname', 'pkgdesc', 'url'):
if field in pkginfo and len(pkginfo[field]) > 255:
die_commit('{:s} field too long: {:s}'.format(field, pkginfo[field]),
str(commit.id))
for field in ('install', 'changelog'):
if field in pkginfo and not pkginfo[field] in commit.tree:
die_commit('missing {:s} file: {:s}'.format(field, pkginfo[field]),
str(commit.id))
for field in extract_arch_fields(pkginfo, 'source'):
fname = field['value']
if "://" in fname or "lp:" in fname:
continue
if not fname in commit.tree:
die_commit('missing source file: {:s}'.format(fname), str(commit.id))
# Read .SRCINFO from the HEAD commit.
srcinfo_raw = repo[repo[sha1_new].tree['.SRCINFO'].id].data.decode()
srcinfo_raw = srcinfo_raw.split('\n')
srcinfo = aurinfo.ParseAurinfoFromIterable(srcinfo_raw)
# Ensure that the package base name matches the repository name.
srcinfo_pkgbase = srcinfo._pkgbase['pkgname']
if srcinfo_pkgbase != pkgbase:
die('invalid pkgbase: {:s}, expected {:s}'.format(srcinfo_pkgbase, pkgbase))
# Ensure that packages are neither blacklisted nor overwritten.
cur.execute("SELECT ID FROM PackageBases WHERE Name = %s", [pkgbase])
pkgbase_id = cur.fetchone()[0] if cur.rowcount == 1 else 0
cur.execute("SELECT Name FROM PackageBlacklist")
blacklist = [row[0] for row in cur.fetchall()]
for pkgname in srcinfo.GetPackageNames():
pkginfo = srcinfo.GetMergedPackage(pkgname)
pkgname = pkginfo['pkgname']
if pkgname in blacklist and not privileged:
die('package is blacklisted: {:s}'.format(pkginfo['pkgname']))
cur.execute("SELECT COUNT(*) FROM Packages WHERE Name = %s AND " +
"PackageBaseID <> %s", [pkgname, pkgbase_id])
if cur.fetchone()[0] > 0:
die('cannot overwrite package: {:s}'.format(pkgname))
# Store package base details in the database.
save_srcinfo(srcinfo, db, cur, user)
db.close()
# Create (or update) a branch with the name of the package base for better
# accessibility.
repo.create_reference('refs/heads/' + pkgbase, sha1_new, True)
# Work around a Git bug: The HEAD ref is not updated when using gitnamespaces.
# This can be removed once the bug fix is included in Git mainline. See
# http://git.661346.n2.nabble.com/PATCH-receive-pack-Create-a-HEAD-ref-for-ref-namespace-td7632149.html
# for details.
repo.create_reference('refs/namespaces/' + pkgbase + '/HEAD', sha1_new, True)