FS#46279 - [AUR4] several pkgbases without a package

Attached to Project: AUR web interface
Opened by A. Bosch (progandy) - Saturday, 12 September 2015, 20:35 GMT
Last edited by Lukas Fleischer (lfleischer) - Saturday, 03 October 2015, 08:00 GMT
Task Type Bug Report
Category Backend
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version 4.0.0
Due in Version 4.1.0
Due Date Undecided
Percent Complete 100%
Votes 4
Private No

Details

Problem:

There are several threads about permission errors when uploading packages. Upon investigation, it is often revealed that a pkgbase has been claimed by a user without uploading any content. The webinterface doesn't show anything, it is only possible to detect that and view the owner by manually opening the page for the package base in a browser:
> https://aur.archlinux.org/pkgbase/${pkgname}/

Here are some examples:
* https://bbs.archlinux.org/viewtopic.php?id=202365
* https://bbs.archlinux.org/viewtopic.php?id=201989
* https://bbs.archlinux.org/viewtopic.php?id=201613 (pkgbase has been removed since)


Proposal:

If it is intentional to allow such reservations, then implement at least one the following things:

* Make these claimed, but empty pkgbase entries easily accessible from the AUR interface.
* Let these empty entries expire after 24 hours into orphan status or outright delete them.

A quick and dirty solution would be to check the time in the git authentication hook without any visual indicators. If there is an empty pkgbase that is older than 24 hours, orphan it and allow full access to the current user. If it is more recent, mention in the error message that another user has claimed the package and you should wait 24 hours before trying again.
This task depends upon

Closed by  Lukas Fleischer (lfleischer)
Saturday, 03 October 2015, 08:00 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in 4.1.0.
Comment by Nicolas Glassey (Weby) - Saturday, 12 September 2015, 21:01 GMT
For consistency :
> https://bbs.archlinux.org/viewtopic.php?id=202365 has been orphaned.
Comment by Charles Bos (Chazza) - Saturday, 12 September 2015, 21:09 GMT
And now updated.
Comment by Lukas Fleischer (lfleischer) - Saturday, 19 September 2015, 14:08 GMT
Historically, the creation of empty package bases was needed because it was actually the only way to add new packages (create an empty package base first, then upload stuff via Git). Nowadays, setup-repo is not really needed anymore because you can simply push to nonexistent repositories. While I do not see any need to remove that feature, I agree that it might be a good idea to automatically purge such empty package bases after some time.
Comment by Xavier Corredor Llano (epsilom) - Saturday, 26 September 2015, 18:05 GMT
I support the idea to expire the packages reserved but never submitted.

Loading...