- 22 Apr, 2018 1 commit
-
-
In the process, rename config.proto to config.defaults (because that is what it is now). Also use dict.get('key', default_value) when querying os.environ, rather than an if block, as it is more pythonic/readable/concise, and reduces the number of dict lookups. This change allows aurweb configuration to be done via either: - copying config.defaults to config and modifying values - creating a new config only containing modified values, next to a config.defaults containing unmodified values The motivation for this change is to enable ansible configuration in our flagship deployment by storing only changed values, and deferring to config.defaults otherwise. A side benefit is, it is easier to see what has changed by inspecting only the site configuration file. If a config.defaults file does not exist next to $AUR_CONFIG or in $AUR_CONFIG_DEFAULTS, it is ignored and *all* values are expected to live in the modified config file. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 08 Apr, 2018 1 commit
-
-
Lukas Fleischer authored
When sanitizing rendered comments, keep <hr> tags and <br> tags. The former are generated when using "---" in Markdown comments, the latter are used when putting two spaces at the end of a line. Fixes FS#56649.
-
- 21 Mar, 2018 1 commit
-
-
Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 20 Mar, 2018 1 commit
-
-
Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 14 Mar, 2018 2 commits
-
-
Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 13 Mar, 2018 1 commit
-
-
Signed-off-by:
Johannes Löthberg <johannes@kyriasis.com> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 10 Mar, 2018 2 commits
-
-
Change the defines to config_get and add one cache option and one option to define memcache_servers. Mention the required dependency to get memcached working in the INSTALL file. Signed-off-by:
Jelle van der Waa <jelle@vdwaa.nl> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Signed-off-by:
Jelle van der Waa <jelle@vdwaa.nl> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 24 Feb, 2018 4 commits
-
-
It is now possible to search for packages that depend on a given package, for instance: /rpc/?v=5&type=search&by=depends&arg=ocaml It is similarly possible to match on "makedepends", "checkdepends" and "optdepends". Signed-off-by:
Baptiste Jonglez <git@bitsofnetworks.org> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Implements FS#53832. Signed-off-by:
Mark Weiman <mark.weiman@markzz.com> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
This allows us to prevent users from hammering the API every few seconds to check if any of their packages were updated. Real world users check as often as every 5 or 10 seconds. Signed-off-by:
Florian Pritz <bluewind@xinu.at> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
For some reason, running the SELECT .. WHERE .. OR .. query takes e.g. 58ms on a randomly generated db for some dependency name. Splitting the OR into two dedicated queries and UNIONing the result takes only 0.42ms. On the Arch Linux installation, searching for the providers of e.g. mongodb takes >=110ms when not cached by the query cache. The new query takes <1ms even when not cached. Signed-off-by:
Florian Pritz <bluewind@xinu.at> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 26 Jan, 2018 1 commit
-
-
To people unfamiliar with the code, it is not obvious that the pdo_* PHP extensions must be enabled. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 21 Jan, 2018 1 commit
-
-
git/auth is run as an AutherizedKeysCommand which does not get the environment variables passed to it, so AUR_OVERWRITE always got hard-set to '0' by it. Instead we need to perform the actual privilege check in git/update instead. Signed-off-by:
Johannes Löthberg <johannes@kyriasis.com> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 23 Dec, 2017 1 commit
-
-
In commit 8c98db0b support was added for package co-maintainers to pin comments in addition to maintainers. Due to a typo, the SQL query was reset halfway through and only added the co-maintainer IDs to the list of allowed users. Fixes FS#56783. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 03 Dec, 2017 3 commits
-
-
Lukas Fleischer authored
Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Since commit 4efba18f (Only allow valid HTTP(s) URLs as home page, 2017-11-05), the home page field in the account settings must be a valid URL. However, this new check prevents from leaving the field empty. Keep the check in place but skip it if the home page field is left empty. Fixes FS#56550. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 02 Dec, 2017 1 commit
-
-
Lukas Fleischer authored
Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 28 Nov, 2017 2 commits
-
-
Lukas Fleischer authored
Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
This partially fixes FS#56472. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 08 Nov, 2017 1 commit
-
-
Lukas Fleischer authored
Automatically detect references to Flyspray bug reports in comments and convert them to links to the Arch Linux bug tracker. Implements FS#52008. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 07 Nov, 2017 1 commit
-
-
Lukas Fleischer authored
A bug introduced in commit 7d7e0793 (Hide the table sorting links on the dashboard, 2017-02-04) resulted in multiple clicks on a table heading in the package search results table no longer having any effect, instead of changing the sorting order. Fix this by removing erroneous spaces from the GET parameters in the search URL. Fixes FS#56261. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 06 Nov, 2017 1 commit
-
-
Lukas Fleischer authored
Implements FS#56255. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 05 Nov, 2017 4 commits
-
-
Lukas Fleischer authored
Replace special characters in the referer GET parameter using htmlspecialchars() before inserting it into the login form fields to prevent from XSS attacks. Fixes FS#55286. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
The home page specified in the account settings is converted to a clickable link on the user's profile. Make sure it is a valid URL which uses the http or https scheme. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Do not allow to render aurweb pages in a frame to protect against clickjacking. Fixes FS#56168. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 25 Aug, 2017 3 commits
-
-
Lukas Fleischer authored
Add a Travis CI configuration file to setup a test environment with all the required dependencies and run the test suite. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Use `/usr/bin/env python3` instead of `/usr/bin/python3` in the shebang of Python scripts. This adds support for non-standard Python interpreter paths such as the paths used in virtualenv environments. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 10 Aug, 2017 1 commit
-
-
Lukas Fleischer authored
Since c5302d3a (Require TUs to explicitly request to overwrite a pkgbase, 2017-07-24), non-fast-forward pushes require setting the AUR_OVERWRITE environment variable. Make sure that git-auth passes this variable to git-serve when it should (and does not pass it if it shouldn't). Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 08 Aug, 2017 2 commits
-
-
Lukas Fleischer authored
Add a missing space to the SQL statement performing the disown operation. Fixes FS#55068. Note that the broken query was not discovered by the test suite since SQLite parses "?AND" inside prepared statements gracefully while MySQL does not. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Since commit c5302d3a (Require TUs to explicitly request to overwrite a pkgbase, 2017-07-24), non-fast-forward pushes are denied even for Trusted Users, unless the AUR_OVERWRITE environment variable is set. Mark the test case performing a non-fast-forward push from a TU account as test_must_fail and add another test case performing the same operation with AUR_OVERWRITE=1. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 01 Aug, 2017 3 commits
-
-
Lukas Fleischer authored
Add installation instructions for python-bleach and python-markdown which are required for the rendercomment script. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
In addition to the packages list and the package base list, also create a list of registered user names. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
When removing an account, remove the user from all last packager fields before deletion to make sure that no package bases are deleted, even if propagation constraints are missing. Fixes FS#53956. Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 25 Jul, 2017 1 commit
-
-
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the block on non-fast-forward commits. While valid in this case, we should not do so by default, since in at least one case a TU did this without realizing there was an existing package. ( https://aur.archlinux.org/packages/rtmidi/ ) Switch to using allow_overwrite to check for destructive actions. Use .ssh/config "SendEnv" on the TU's side and and sshd_config "AcceptEnv" in the AUR server to specifically request overwrite access. TUs should use: `AUR_OVERWRITE=1 git push --force` Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-
- 22 Jul, 2017 1 commit
-
-
This was broken in commit 8914a41d which refactored the argument parsing. Instead of checking for at least the set-keywords command and a pkgbase name, we were checking for *exactly* the command and pkgbase name, leaving no room for keywords... As a result, while we could clear the keywords, we could not set them. Signed-off-by:
Eli Schwartz <eschwartz@archlinux.org> Signed-off-by:
Lukas Fleischer <lfleischer@archlinux.org>
-