Re: [aur-dev] epoch fields for packages are completely ignored

Lukas Fleischer Fri, 24 Jun 2011 08:00:08 -0700

On Fri, Jun 24, 2011 at 08:47:49AM +0300, Slavi Pantaleev wrote:
> From 43edc10872ede698a647805e6b1c798f6a13e8b8 Mon Sep 17 00:00:00 2001
> From: Slavi Pantaleev <s.pantal...@gmail.com>
> Date: Fri, 24 Jun 2011 08:27:55 +0300
> Subject: [PATCH] Honor epoch field in PKGBUILD files.
> 
> The epoch field in PKGBUILD files was completely ignored until now,
> and the final Version field for the package consisted only of
> pkgver and pkgrel (example: 5.0-1)


Yeah, it seems like we sleepwalked through the epoch change... Good
catch.

> This means that various AUR helpers cannot perform updates on packages
> that have epoch > 0, because the local package is from that higher epoch
> and the one in the AUR (as reported by rpc.php) is from epoch 0.

Well, I don't see how the PKGBUILD parser should prevent packages from
being upgraded here, unless AUR helpers are doing something nasty.
Packages should *always* be built by downloading the source tarball and
using makepkg(8) which will result in a correct epoch, regardless of
what the AUR reports.

However, having no epoch support might break upgrades with AUR helpers
that use the parsed version number to check for updates. The commit
message should be fixed to reflect this.

> 
> The epoch field is taken into consideration now, and if not 0,
> will be prepended to the final Version field (example: 1:5.0-1)
> ---
>  web/html/pkgsubmit.php |   18 ++++++++++++------
>  1 files changed, 12 insertions(+), 6 deletions(-)
> 
> diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
> index b5fe3b7..699b64f 100644
> --- a/web/html/pkgsubmit.php
> +++ b/web/html/pkgsubmit.php
> @@ -240,6 +240,8 @@ if ($uid):
>                               }
>                               $new_pkgbuild[$k] = $v;
>                       }
> +
> +                     $new_pkgbuild['epoch'] = (isset($new_pkgbuild['epoch']) 
> ? (int)$new_pkgbuild['epoch'] : 0);

Don't do that here. Sanitizing strings never is a mistake but we should
refactor our code if we want to do that. Just coerce the epoch value
into an integer when doing the "$pkg_version" assignment below.

>               }
>  
>               # Now we've parsed the pkgbuild, let's move it to where it 
> belongs
> @@ -324,11 +326,16 @@ if ($uid):
>                                       db_query($q, $dbh);
>                               }
>  
> +                             if ($new_pkgbuild['epoch'] !== 0) {

See above. Something like "if (isset($new_pkgbuild['epoch']) &&
(int)$new_pkgbuild['epoch'] != 0)" might work. Also, move this out of
the if block. Otherwise, "$pkg_version" will be unset in case someone
does an initial package submission (check the else case).

> +                                     $pkg_version = sprintf('%d:%s-%s', 
> $new_pkgbuild['epoch'], $new_pkgbuild['pkgver'], $new_pkgbuild['pkgrel']);
> +                             } else {
> +                                     $pkg_version = sprintf('%s-%s', 
> $new_pkgbuild['pkgver'], $new_pkgbuild['pkgrel']);
> +                             }
> +
>                               # Update package data
> -                             $q = sprintf("UPDATE Packages SET ModifiedTS = 
> UNIX_TIMESTAMP(), Name = '%s', Version = '%s-%s', License = '%s', Description 
> = '%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = %d WHERE ID = %d",
> +                             $q = sprintf("UPDATE Packages SET ModifiedTS = 
> UNIX_TIMESTAMP(), Name = '%s', Version = '%s', License = '%s', Description = 
> '%s', URL = '%s', OutOfDateTS = NULL, MaintainerUID = %d WHERE ID = %d",
>                                       
> mysql_real_escape_string($new_pkgbuild['pkgname']),
> -                                     
> mysql_real_escape_string($new_pkgbuild['pkgver']),
> -                                     
> mysql_real_escape_string($new_pkgbuild['pkgrel']),
> +                                     mysql_real_escape_string($pkg_version),
>                                       
> mysql_real_escape_string($new_pkgbuild['license']),
>                                       
> mysql_real_escape_string($new_pkgbuild['pkgdesc']),
>                                       
> mysql_real_escape_string($new_pkgbuild['url']),
> @@ -339,11 +346,10 @@ if ($uid):
>  
>                       } else {
>                               # This is a brand new package
> -                             $q = sprintf("INSERT INTO Packages (Name, 
> License, Version, CategoryID, Description, URL, SubmittedTS, ModifiedTS, 
> SubmitterUID, MaintainerUID) VALUES ('%s', '%s', '%s-%s', %d, '%s', '%s', 
> UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), %d, %d)",
> +                             $q = sprintf("INSERT INTO Packages (Name, 
> License, Version, CategoryID, Description, URL, SubmittedTS, ModifiedTS, 
> SubmitterUID, MaintainerUID) VALUES ('%s', '%s', '%s', %d, '%s', '%s', 
> UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), %d, %d)",
>                                       
> mysql_real_escape_string($new_pkgbuild['pkgname']),
>                                       
> mysql_real_escape_string($new_pkgbuild['license']),
> -                                     
> mysql_real_escape_string($new_pkgbuild['pkgver']),
> -                                     
> mysql_real_escape_string($new_pkgbuild['pkgrel']),
> +                                     mysql_real_escape_string($pkg_version),
>                                       
> mysql_real_escape_string($_REQUEST['category']),
>                                       
> mysql_real_escape_string($new_pkgbuild['pkgdesc']),
>                                       
> mysql_real_escape_string($new_pkgbuild['url']),
> -- 
> 1.7.5.2
>

Re: [aur-dev] epoch fields for packages are completely ignored

Reply via email to