search

makedeb / mprweb

Hosting platform for the makedeb Package Repository (MPR)
https://mpr.makedeb.org
GNU General Public License v2.0
15 stars 3 forks source link

Warnings when pushing to MPR #83

Open d-513 opened 2 years ago

d-513 commented 2 years ago

Hello, when pushing polymc packages to mpr I get this error:

Enumerating objects: 7, done.
Counting objects: 100% (7/7), done.
Delta compression using up to 20 threads
Compressing objects: 100% (4/4), done.
Writing objects: 100% (4/4), 432 bytes | 432.00 KiB/s, done.
Total 4 (delta 2), reused 0 (delta 0), pack-reused 0
remote: /aurweb/aurweb/git/update.py:101: SAWarning: DELETE statement on table 'PackageDepends' expected to delete 16 row(s); 17 were matched.  Please set confirm_deleted_rows=False within the mapper configuration to prevent this warning.
remote:   with db.begin():
remote: /aurweb/aurweb/git/update.py:168: SAWarning: Identity map already had an identity for (<class 'aurweb.models.package_dependency.PackageDependency'>, (2033, 4, 'java-runtime'), None), replacing it with newly flushed object.   Are there load operations occurring inside of an event handler within the flush?
remote:   with db.begin():
To ssh://mpr.makedeb.org/polymc-git.git
   0da2f2f..0dfcc20  master -> master

it seems to not affect anything, versions get pushed successfully, but there's something werid going on in there. Perhaps mprweb can't understand virtual packages like java-runtime?

hwittenborn commented 2 years ago

That was added after merging https://github.com/makedeb/mprweb/pull/80 - I haven't figured out why yet, and in all honestly I've kind of put it on the side since it isn't causing any kind of issues where you just straight-up can't push.

Though the fact that they're being displayed in the first place is a bit of an issue, both in there being warnings and the fact that info could potentially be leaked. I'll try to look into the underlying cause of that and get in a fix soon.

hwittenborn commented 2 years ago

Perhaps mprweb can't understand virtual packages like java-runtime?

Regarding that, I think it's happening due to something in a database cache I'm using somewhere. It seems to be happening when any kind of dependency is used from what I've seen.

pirate486743186 commented 2 years ago

I saw it mention python 3.10 . That's indeed a leek.... Also, have you tried downgrading the python version? You are too bleeding edge with 3.10 . Maybe stick to older versions of the back end?

hwittenborn commented 2 years ago

I saw it mention python 3.10 . That's indeed a leek.... Also, have you tried downgrading the python version? You are too bleeding edge with 3.10 . Maybe stick to older versions of the back end?

It's definitely leaking information to the user that shouldn't be there, it definitely needs to be handled so it isn't shown at the minimum.

We're using whatever Python version is in the Arch repos atm, that's how aurweb did it and I haven't gotten to changing it yet.

Regarding the leeks, I also just need to get that fixed, but as stated in a previous comment it's not actually beaking anything so I haven't gotten around to fixing it, as I've been busy working on other things in the makedeb ecosystem, mainly Mist and a Rust APT library so that I can start adding installation functionality and all that to such.