sebnow / aur2 Goto Github PK
View Code? Open in Web Editor NEWComplete rewrite of the Archlinux User Repository
Home Page: http://aur.archlinux.org
aur2's People
Contributors
Stargazers
Watchers
aur2's Issues
Check uploader's permissions before uploading a package
Currently any user can upload a package and potentially overwrite another user's package. Permission checks should be put into place to restrict access (based on the user's group, and whether the user is a maintainer of that package). Django does not currently support row-level permissions, so this needs to be done via other means.
Missing template file.
Exception Type: TemplateDoesNotExist at /package/bpython-hg/comment/
Exception Value: aur/comment_form.html
# git log -n1
commit ebeb72350fdf52ca66554d5c5f524e6955037dd9
Author: Christopher Brannon <[email protected]>
Date: Sat Nov 28 14:20:00 2009 -0600
Replace insecure PKGBUILD parser
The current parser sources the PKGBUILD in a shell, outputting the variables in a Python-compatible format, which is then evaluated in python. This works extremely well as far as parsing goes, but at the cost of security. Malicious code can be used, or even just a simple infinite loop could hang the server. A secure and restricted parser/interpreter should be implemented to rectify this.
Splitpkg Support
Recently the PKGBUILD specification was modified to support split packages (building multiple binary packages from a single PKGBUILD). This is problematic since the database schema doesn't support "sub packages." There are two ways that I can think of to show this information. Having one package per split package, resulting in quite a bit of duplicate data in the database, however without altering the database schema. The other is to have a single package encapsulating the sub-packages (reflecting the PKGBUILD specification). This would require modification of the database schema, search logic (sub packages would need to be searched) and templates.
The first solution is definitely simpler, but a problem arises when deleting or updating a package. The split packages would appear in the listing, potentially confusing users.
The second solution is more elegant, especially to the end-user, but is an order of magnitude more complex to implement.
API
There is a very primitive and incomplete API implemented. This needs to be expanded to at least rival the current API implementation, and ideally implement all of the new API design.
Using Django Piston has been suggested, and it seems to be a nice library gaining popularity.
`UnboundLocalError` while uploading new PKGBUILD.
Environment:
Request Method: POST
Request URL: http://localhost:8000/submit/
Django Version: 1.1.1
Python Version: 2.6.4
Installed Applications:
['django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.admin',
'django.contrib.sites',
'aur',
'registration',
'aurprofile',
'tagging',
'api']
Installed Middleware:
('django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.middleware.doc.XViewMiddleware')
Traceback:
File "/usr/lib/python2.6/site-packages/django/core/handlers/base.py" in get_response
92. response = callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python2.6/site-packages/django/contrib/auth/decorators.py" in __call__
78. return self.view_func(request, *args, **kwargs)
File "/mnt/sda5/Projekty/virtualenvs/aur2/aur2/archlinux/aur/views.py" in submit
108. form.save(request.user)
File "/usr/lib/python2.6/site-packages/django/db/transaction.py" in _commit_on_success
240. res = func(*args, **kw)
File "/mnt/sda5/Projekty/virtualenvs/aur2/aur2/archlinux/aur/forms.py" in save
234. source_file = os.path.join(tmpdir_sources, package.name, source_filename)
Exception Type: UnboundLocalError at /submit/
Exception Value: local variable 'tmpdir_sources' referenced before assignment
OpenID support
Support OpenID for authentication. This is more of a convenience than required functionality, so it is low priority. In the grand scheme of things it would be nice to have implemented since Archlinux has many different authentication systems (flyspray, punbb, aur, mailing lists, etc). Supporting it in AUR won't help until it's supported in other systems as well, but it's a step in the right direction.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.