sebnow / aur2 Goto Github PK
View Code? Open in Web Editor NEWComplete rewrite of the Archlinux User Repository
Home Page: http://aur.archlinux.org
Complete rewrite of the Archlinux User Repository
Home Page: http://aur.archlinux.org
Currently any user can upload a package and potentially overwrite another user's package. Permission checks should be put into place to restrict access (based on the user's group, and whether the user is a maintainer of that package). Django does not currently support row-level permissions, so this needs to be done via other means.
Exception Type: TemplateDoesNotExist at /package/bpython-hg/comment/
Exception Value: aur/comment_form.html
# git log -n1
commit ebeb72350fdf52ca66554d5c5f524e6955037dd9
Author: Christopher Brannon <[email protected]>
Date: Sat Nov 28 14:20:00 2009 -0600
The current parser sources the PKGBUILD in a shell, outputting the variables in a Python-compatible format, which is then evaluated in python. This works extremely well as far as parsing goes, but at the cost of security. Malicious code can be used, or even just a simple infinite loop could hang the server. A secure and restricted parser/interpreter should be implemented to rectify this.
Recently the PKGBUILD specification was modified to support split packages (building multiple binary packages from a single PKGBUILD). This is problematic since the database schema doesn't support "sub packages." There are two ways that I can think of to show this information. Having one package per split package, resulting in quite a bit of duplicate data in the database, however without altering the database schema. The other is to have a single package encapsulating the sub-packages (reflecting the PKGBUILD specification). This would require modification of the database schema, search logic (sub packages would need to be searched) and templates.
The first solution is definitely simpler, but a problem arises when deleting or updating a package. The split packages would appear in the listing, potentially confusing users.
The second solution is more elegant, especially to the end-user, but is an order of magnitude more complex to implement.
There is a very primitive and incomplete API implemented. This needs to be expanded to at least rival the current API implementation, and ideally implement all of the new API design.
Using Django Piston has been suggested, and it seems to be a nice library gaining popularity.
Environment:
Request Method: POST
Request URL: http://localhost:8000/submit/
Django Version: 1.1.1
Python Version: 2.6.4
Installed Applications:
['django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.admin',
'django.contrib.sites',
'aur',
'registration',
'aurprofile',
'tagging',
'api']
Installed Middleware:
('django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.middleware.doc.XViewMiddleware')
Traceback:
File "/usr/lib/python2.6/site-packages/django/core/handlers/base.py" in get_response
92. response = callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python2.6/site-packages/django/contrib/auth/decorators.py" in __call__
78. return self.view_func(request, *args, **kwargs)
File "/mnt/sda5/Projekty/virtualenvs/aur2/aur2/archlinux/aur/views.py" in submit
108. form.save(request.user)
File "/usr/lib/python2.6/site-packages/django/db/transaction.py" in _commit_on_success
240. res = func(*args, **kw)
File "/mnt/sda5/Projekty/virtualenvs/aur2/aur2/archlinux/aur/forms.py" in save
234. source_file = os.path.join(tmpdir_sources, package.name, source_filename)
Exception Type: UnboundLocalError at /submit/
Exception Value: local variable 'tmpdir_sources' referenced before assignment
Support OpenID for authentication. This is more of a convenience than required functionality, so it is low priority. In the grand scheme of things it would be nice to have implemented since Archlinux has many different authentication systems (flyspray, punbb, aur, mailing lists, etc). Supporting it in AUR won't help until it's supported in other systems as well, but it's a step in the right direction.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.