From a7df847465760b1117cc4e96c40c866890bcda35 Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Thu, 17 Jul 2025 23:03:59 +0100
Subject: [PATCH] Fail rebuild for config files containing compromised github
 organisation

See https://meta.discourse.org/t/plugin-repository-hijacked/374703/6
---
 launcher | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/launcher b/launcher
index 0111edb46..c5bdafaaa 100755
--- a/launcher
+++ b/launcher
@@ -48,6 +48,10 @@ BUNDLED_PLUGINS=(
   "discourse-calendar"
 )
 
+COMPROMISED_ORGANIZATIONS=(
+  "github.com/discoursehosting"
+)
+
 # for potential re-exec later
 SAVED_ARGV=("$@")
 
@@ -358,6 +362,18 @@ set_template_info() {
     arrTemplates=(${templates// / })
     config_data=$(cat $config_file)
 
+    # if config data includes any compromised organizations, error out and print a message
+    for org in "${COMPROMISED_ORGANIZATIONS[@]}"; do
+      if [[ $config_data =~ $org ]]; then
+        echo "---"
+        echo "ERROR: The configuration file $config_file contains references to a compromised github organization: $org"
+        echo "Please remove any references to this organization from your configuration file."
+        echo "For more information, see https://meta.discourse.org/t/374703/6"
+        echo "---"
+        exit 1
+      fi
+    done
+
     input="hack: true"
 
     for template in "${arrTemplates[@]}"