Skip to content

harden aur_pre_build (#2228) #4294

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

harden aur_pre_build (#2228) #4294

wants to merge 3 commits into from

Conversation

Misaka13514
Copy link
Member

@Misaka13514 Misaka13514 commented May 14, 2025
edited
Loading

Fix #2228

用脚本批量了添加现有 AUR Maintainer 和 CoMaintainers

Todo:

  • AUR 上没有 Maintainer 的包:

    建议维护者在 AUR adopt 后改为 update_aur_repo 的模式

  • 因 AUR RPC 限制,未能获取到 Last Packager,若其与 Maintainer 和 CoMaintainers 不同,lilac 会拒绝

    待测试(预计今晚前完成) 已添加

grep -rl "aur_pre_build" archlinuxcn alarmcn | while read -r file; do
  if grep "aur_pre_build" "$file" |\
     grep -v "maintainers=" |\
     grep -v "^#" |\
     grep -vq "from lilaclib import aur_pre_build"
  then
    echo "$file"
  fi
done
result

可忽略

archlinuxcn/apparmor.d-git/lilac.py.bak

需修改

archlinuxcn/cataclysm-dda-ncurses/lilac.py
archlinuxcn/hpoj/lilac.py
archlinuxcn/hpoj/lilac.yaml
archlinuxcn/httpry/lilac.yaml
archlinuxcn/python-pdm-pep517/lilac.yaml

@lilacbot
Copy link
Contributor

Some maintainers (perhaps outside contributors) cannot be assigned: @yan12125, @Universebenzene, @xiaohuirong, @ykelvis, @tttturtle-russ

@xiaohuirong xiaohuirong requested review from xiaohuirong and removed request for xiaohuirong May 17, 2025 06:30
xiaohuirong added a commit that referenced this pull request May 25, 2025
@xiaohuirong
harden my packages
ca991bf 
#4294
@Misaka13514 Misaka13514 force-pushed the patch branch 2 times, most recently from 7ecac21 to fad49c1 Compare May 30, 2025 04:23
@Misaka13514
Copy link
Member Author

重新获取了所有 maintainers,仅有一处 maintainers 改变

diff --git a/archlinuxcn/python311/lilac.py b/archlinuxcn/python311/lilac.py
index 3ab137e1a04..7c4d5ccc308 100644
--- a/archlinuxcn/python311/lilac.py
+++ b/archlinuxcn/python311/lilac.py
@@ -5,7 +5,7 @@ from lilaclib import edit_file
 
 
 def pre_build():
-    aur_pre_build(maintainers=['soh'])
+    aur_pre_build(maintainers=['Heptazhou'])
     for line in edit_file("PKGBUILD"):
         if line.startswith("provides="):
             continue

@lilydjwg
Copy link
Member

那可以准备合并了吗?

@Misaka13514
Copy link
Member Author

还有4个AUR包没有maintainer,我应该在PR中取消aur_pre_build还是等维护者稍后在AUR adopt后自行修改?

@lilydjwg
Copy link
Member

可以写最后打包者。

@Misaka13514 Misaka13514 marked this pull request as ready for review May 30, 2025 06:34
@Misaka13514
Copy link
Member Author

由于最近 AUR 恶意投毒事件再次发生,我重新 rebase 了我的 commit 并重新检查了我的修改。

更新如下:

  • 新增 harden way-secure

当前的PR更改如下:

  • 对 aur_pre_build 中没有设置 maintainer 的 lilac 配置用脚本通过 AUR RPC 批量了添加现有 AUR Maintainer 和 CoMaintainers
  • 使用 requests 抓取 AUR 网页,确认 Last Packager 在 Maintainer 和 CoMaintainers 中,如果不在,就也将 Last Packager 添加到 lilac 配置中,有以下包添加了 Last Packager
    • abcde
    • cd-discid
  • 对于没有没有 Maintainer 的包,使用 Last Packager 作为 Maintainer,有以下包仅使用了 Last Packager
    • cataclysm-dda-ncurses
    • hpoj
    • httpry
    • python-pdm-pep517

https://t.me/archlinuxcn_group/3505867
这个方案不太好啊,真的能合并吗?只是获取当前 aur 维护者勉强亡羊补牢,应该还要检测最近是否更换过维护者?

从 5 月以来没有换过维护者。

那可以准备合并了吗?

@lilydjwg 如果不需要维护者检查的话,可以准备合并。如果需要检查,我可以创建对每个维护者应该检查的包的列表。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@lilydjwg lilydjwg

@felixonmars felixonmars

@renyuneyun renyuneyun

@petronny petronny

@BruceZhang1993 BruceZhang1993

@qwIvan qwIvan

@Sasasu Sasasu

@MarvelousBlack MarvelousBlack

@KenOokamiHoro KenOokamiHoro

@roaldclark roaldclark

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

harden aur_pre_build