-def reject (str, prefix="Rejected: "):
- global reject_message
- if str:
- reject_message += prefix + str + "\n"
-
-################################################################################
-
-def copy_to_holding(filename):
- global in_holding
-
- base_filename = os.path.basename(filename)
-
- dest = Cnf["Dir::Queue::Holding"] + '/' + base_filename
- try:
- fd = os.open(dest, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0640)
- os.close(fd)
- except OSError, e:
- # Shouldn't happen, but will if, for example, someone lists a
- # file twice in the .changes.
- if errno.errorcode[e.errno] == 'EEXIST':
- reject("%s: already exists in holding area; can not overwrite." % (base_filename))
- return
- raise
-
- try:
- shutil.copy(filename, dest)
- except IOError, e:
- # In either case (ENOENT or EACCES) we want to remove the
- # O_CREAT | O_EXCLed ghost file, so add the file to the list
- # of 'in holding' even if it's not the real file.
- if errno.errorcode[e.errno] == 'ENOENT':
- reject("%s: can not copy to holding area: file not found." % (base_filename))
- os.unlink(dest)
- return
- elif errno.errorcode[e.errno] == 'EACCES':
- reject("%s: can not copy to holding area: read permission denied." % (base_filename))
- os.unlink(dest)
- return
- raise
-
- in_holding[base_filename] = ""
-
-################################################################################
-
-def clean_holding():
- global in_holding
-
- cwd = os.getcwd()
- os.chdir(Cnf["Dir::Queue::Holding"])
- for file in in_holding.keys():
- if os.path.exists(file):
- if file.find('/') != -1:
- daklib.utils.fubar("WTF? clean_holding() got a file ('%s') with / in it!" % (file))
- else:
- os.unlink(file)
- in_holding = {}
- os.chdir(cwd)
-
-################################################################################
-
-def check_changes():
- filename = pkg.changes_file
-
- # Parse the .changes field into a dictionary
- try:
- changes.update(daklib.utils.parse_changes(filename))
- except daklib.utils.cant_open_exc:
- reject("%s: can't read file." % (filename))
- return 0
- except daklib.utils.changes_parse_error_exc, line:
- reject("%s: parse error, can't grok: %s." % (filename, line))
- return 0
-
- # Parse the Files field from the .changes into another dictionary
- try:
- files.update(daklib.utils.build_file_list(changes))
- except daklib.utils.changes_parse_error_exc, line:
- reject("%s: parse error, can't grok: %s." % (filename, line))
- except daklib.utils.nk_format_exc, format:
- reject("%s: unknown format '%s'." % (filename, format))
- return 0
-
- # Check for mandatory fields
- for i in ("source", "binary", "architecture", "version", "distribution",
- "maintainer", "files", "changes", "description"):
- if not changes.has_key(i):
- reject("%s: Missing mandatory field `%s'." % (filename, i))
- return 0 # Avoid <undef> errors during later tests
-
- # Strip a source version in brackets from the source field
- if re_strip_srcver.search(changes["source"]):
- changes["source"] = re_strip_srcver.sub('', changes["source"])
-
- # Ensure the source field is a valid package name.
- if not re_valid_pkg_name.match(changes["source"]):
- reject("%s: invalid source name '%s'." % (filename, changes["source"]))
-
- # Split multi-value fields into a lower-level dictionary
- for i in ("architecture", "distribution", "binary", "closes"):
- o = changes.get(i, "")
- if o != "":
- del changes[i]
- changes[i] = {}
- for j in o.split():
- changes[i][j] = 1
-
- # Fix the Maintainer: field to be RFC822/2047 compatible
- try:
- (changes["maintainer822"], changes["maintainer2047"],
- changes["maintainername"], changes["maintaineremail"]) = \
- daklib.utils.fix_maintainer (changes["maintainer"])
- except daklib.utils.ParseMaintError, msg:
- reject("%s: Maintainer field ('%s') failed to parse: %s" \
- % (filename, changes["maintainer"], msg))
-
- # ...likewise for the Changed-By: field if it exists.
- try:
- (changes["changedby822"], changes["changedby2047"],
- changes["changedbyname"], changes["changedbyemail"]) = \
- daklib.utils.fix_maintainer (changes.get("changed-by", ""))
- except daklib.utils.ParseMaintError, msg:
- (changes["changedby822"], changes["changedby2047"],
- changes["changedbyname"], changes["changedbyemail"]) = \
- ("", "", "", "")
- reject("%s: Changed-By field ('%s') failed to parse: %s" \
- % (filename, changes["changed-by"], msg))
-
- # Ensure all the values in Closes: are numbers
- if changes.has_key("closes"):
- for i in changes["closes"].keys():
- if daklib.queue.re_isanum.match (i) == None:
- reject("%s: `%s' from Closes field isn't a number." % (filename, i))
-
-
- # chopversion = no epoch; chopversion2 = no epoch and no revision (e.g. for .orig.tar.gz comparison)
- changes["chopversion"] = daklib.utils.re_no_epoch.sub('', changes["version"])
- changes["chopversion2"] = daklib.utils.re_no_revision.sub('', changes["chopversion"])
-
- # Check there isn't already a changes file of the same name in one
- # of the queue directories.
- base_filename = os.path.basename(filename)
- for dir in [ "Accepted", "Byhand", "Done", "New", "ProposedUpdates", "OldProposedUpdates" ]:
- if os.path.exists(Cnf["Dir::Queue::%s" % (dir) ]+'/'+base_filename):
- reject("%s: a file with this name already exists in the %s directory." % (base_filename, dir))
-
- # Check the .changes is non-empty
- if not files:
- reject("%s: nothing to do (Files field is empty)." % (base_filename))
- return 0
-
- return 1
-
-################################################################################
-
-def check_distributions():
- "Check and map the Distribution field of a .changes file."
-
- # Handle suite mappings
- for map in Cnf.ValueList("SuiteMappings"):
- args = map.split()
- type = args[0]
- if type == "map" or type == "silent-map":
- (source, dest) = args[1:3]
- if changes["distribution"].has_key(source):
- del changes["distribution"][source]
- changes["distribution"][dest] = 1
- if type != "silent-map":
- reject("Mapping %s to %s." % (source, dest),"")
- if changes.has_key("distribution-version"):
- if changes["distribution-version"].has_key(source):
- changes["distribution-version"][source]=dest
- elif type == "map-unreleased":
- (source, dest) = args[1:3]
- if changes["distribution"].has_key(source):
- for arch in changes["architecture"].keys():
- if arch not in Cnf.ValueList("Suite::%s::Architectures" % (source)):
- reject("Mapping %s to %s for unreleased architecture %s." % (source, dest, arch),"")
- del changes["distribution"][source]
- changes["distribution"][dest] = 1
- break
- elif type == "ignore":
- suite = args[1]
- if changes["distribution"].has_key(suite):
- del changes["distribution"][suite]
- reject("Ignoring %s as a target suite." % (suite), "Warning: ")
- elif type == "reject":
- suite = args[1]
- if changes["distribution"].has_key(suite):
- reject("Uploads to %s are not accepted." % (suite))
- elif type == "propup-version":
- # give these as "uploaded-to(non-mapped) suites-to-add-when-upload-obsoletes"
- #
- # changes["distribution-version"] looks like: {'testing': 'testing-proposed-updates'}
- if changes["distribution"].has_key(args[1]):
- changes.setdefault("distribution-version", {})
- for suite in args[2:]: changes["distribution-version"][suite]=suite
-
- # Ensure there is (still) a target distribution
- if changes["distribution"].keys() == []:
- reject("no valid distribution.")
-
- # Ensure target distributions exist
- for suite in changes["distribution"].keys():
- if not Cnf.has_key("Suite::%s" % (suite)):
- reject("Unknown distribution `%s'." % (suite))
-
-################################################################################
-
-def check_deb_ar(filename, control):
- """Sanity check the ar of a .deb, i.e. that there is:
-
- o debian-binary
- o control.tar.gz
- o data.tar.gz or data.tar.bz2
-
-in that order, and nothing else. If the third member is a
-data.tar.bz2, an additional check is performed for the required
-Pre-Depends on dpkg (>= 1.10.24)."""
- cmd = "ar t %s" % (filename)
- (result, output) = commands.getstatusoutput(cmd)
- if result != 0:
- reject("%s: 'ar t' invocation failed." % (filename))
- reject(daklib.utils.prefix_multi_line_string(output, " [ar output:] "), "")
- chunks = output.split('\n')
- if len(chunks) != 3:
- reject("%s: found %d chunks, expected 3." % (filename, len(chunks)))
- if chunks[0] != "debian-binary":
- reject("%s: first chunk is '%s', expected 'debian-binary'." % (filename, chunks[0]))
- if chunks[1] != "control.tar.gz":
- reject("%s: second chunk is '%s', expected 'control.tar.gz'." % (filename, chunks[1]))
- if chunks[2] == "data.tar.bz2":
- # Packages using bzip2 compression must have a Pre-Depends on dpkg >= 1.10.24.
- found_needed_predep = 0
- for parsed_dep in apt_pkg.ParseDepends(control.Find("Pre-Depends", "")):
- for atom in parsed_dep:
- (dep, version, constraint) = atom
- if dep != "dpkg" or (constraint != ">=" and constraint != ">>") or \
- len(parsed_dep) > 1: # or'ed deps don't count
- continue
- if (constraint == ">=" and apt_pkg.VersionCompare(version, "1.10.24") < 0) or \
- (constraint == ">>" and apt_pkg.VersionCompare(version, "1.10.23") < 0):
- continue
- found_needed_predep = 1
- if not found_needed_predep:
- reject("%s: uses bzip2 compression, but doesn't Pre-Depend on dpkg (>= 1.10.24)" % (filename))
- elif chunks[2] != "data.tar.gz":
- reject("%s: third chunk is '%s', expected 'data.tar.gz' or 'data.tar.bz2'." % (filename, chunks[2]))
-
-################################################################################
-
-def check_files():
- global reprocess
-
- archive = daklib.utils.where_am_i()
- file_keys = files.keys()
-
- # if reprocess is 2 we've already done this and we're checking
- # things again for the new .orig.tar.gz.
- # [Yes, I'm fully aware of how disgusting this is]
- if not Options["No-Action"] and reprocess < 2:
- cwd = os.getcwd()
- os.chdir(pkg.directory)
- for file in file_keys:
- copy_to_holding(file)
- os.chdir(cwd)
-
- # Check there isn't already a .changes or .dak file of the same name in
- # the proposed-updates "CopyChanges" or "CopyDotDak" storage directories.
- # [NB: this check must be done post-suite mapping]
- base_filename = os.path.basename(pkg.changes_file)
- dot_dak_filename = base_filename[:-8]+".dak"
- for suite in changes["distribution"].keys():
- copychanges = "Suite::%s::CopyChanges" % (suite)
- if Cnf.has_key(copychanges) and \
- os.path.exists(Cnf[copychanges]+"/"+base_filename):
- reject("%s: a file with this name already exists in %s" \
- % (base_filename, Cnf[copychanges]))
-
- copy_dot_dak = "Suite::%s::CopyDotDak" % (suite)
- if Cnf.has_key(copy_dot_dak) and \
- os.path.exists(Cnf[copy_dot_dak]+"/"+dot_dak_filename):
- reject("%s: a file with this name already exists in %s" \
- % (dot_dak_filename, Cnf[copy_dot_dak]))
-
- reprocess = 0
- has_binaries = 0
- has_source = 0
-
- for file in file_keys:
- # Ensure the file does not already exist in one of the accepted directories
- for dir in [ "Accepted", "Byhand", "New", "ProposedUpdates", "OldProposedUpdates" ]:
- if os.path.exists(Cnf["Dir::Queue::%s" % (dir) ]+'/'+file):
- reject("%s file already exists in the %s directory." % (file, dir))
- if not daklib.utils.re_taint_free.match(file):
- reject("!!WARNING!! tainted filename: '%s'." % (file))
- # Check the file is readable
- if os.access(file,os.R_OK) == 0:
- # When running in -n, copy_to_holding() won't have
- # generated the reject_message, so we need to.
- if Options["No-Action"]:
- if os.path.exists(file):
- reject("Can't read `%s'. [permission denied]" % (file))
- else:
- reject("Can't read `%s'. [file not found]" % (file))
- files[file]["type"] = "unreadable"
- continue
- # If it's byhand skip remaining checks
- if files[file]["section"] == "byhand" or files[file]["section"][4:] == "raw-":
- files[file]["byhand"] = 1
- files[file]["type"] = "byhand"
- # Checks for a binary package...
- elif daklib.utils.re_isadeb.match(file):
- has_binaries = 1
- files[file]["type"] = "deb"
-
- # Extract package control information
- deb_file = daklib.utils.open_file(file)
- try:
- control = apt_pkg.ParseSection(apt_inst.debExtractControl(deb_file))
- except:
- reject("%s: debExtractControl() raised %s." % (file, sys.exc_type))
- deb_file.close()
- # Can't continue, none of the checks on control would work.
- continue
- deb_file.close()
-
- # Check for mandatory fields
- for field in [ "Package", "Architecture", "Version" ]:
- if control.Find(field) == None:
- reject("%s: No %s field in control." % (file, field))
- # Can't continue
- continue
-
- # Ensure the package name matches the one give in the .changes
- if not changes["binary"].has_key(control.Find("Package", "")):
- reject("%s: control file lists name as `%s', which isn't in changes file." % (file, control.Find("Package", "")))
-
- # Validate the package field
- package = control.Find("Package")
- if not re_valid_pkg_name.match(package):
- reject("%s: invalid package name '%s'." % (file, package))
-
- # Validate the version field
- version = control.Find("Version")
- if not re_valid_version.match(version):
- reject("%s: invalid version number '%s'." % (file, version))
-
- # Ensure the architecture of the .deb is one we know about.
- default_suite = Cnf.get("Dinstall::DefaultSuite", "Unstable")
- architecture = control.Find("Architecture")
- if architecture not in Cnf.ValueList("Suite::%s::Architectures" % (default_suite)):
- reject("Unknown architecture '%s'." % (architecture))
-
- # Ensure the architecture of the .deb is one of the ones
- # listed in the .changes.
- if not changes["architecture"].has_key(architecture):
- reject("%s: control file lists arch as `%s', which isn't in changes file." % (file, architecture))
-
- # Sanity-check the Depends field
- depends = control.Find("Depends")
- if depends == '':
- reject("%s: Depends field is empty." % (file))
-
- # Check the section & priority match those given in the .changes (non-fatal)
- if control.Find("Section") and files[file]["section"] != "" and files[file]["section"] != control.Find("Section"):
- reject("%s control file lists section as `%s', but changes file has `%s'." % (file, control.Find("Section", ""), files[file]["section"]), "Warning: ")
- if control.Find("Priority") and files[file]["priority"] != "" and files[file]["priority"] != control.Find("Priority"):
- reject("%s control file lists priority as `%s', but changes file has `%s'." % (file, control.Find("Priority", ""), files[file]["priority"]),"Warning: ")
-
- files[file]["package"] = package
- files[file]["architecture"] = architecture
- files[file]["version"] = version
- files[file]["maintainer"] = control.Find("Maintainer", "")
- if file.endswith(".udeb"):
- files[file]["dbtype"] = "udeb"
- elif file.endswith(".deb"):
- files[file]["dbtype"] = "deb"
- else:
- reject("%s is neither a .deb or a .udeb." % (file))
- files[file]["source"] = control.Find("Source", files[file]["package"])
- # Get the source version
- source = files[file]["source"]
- source_version = ""
- if source.find("(") != -1:
- m = daklib.utils.re_extract_src_version.match(source)
- source = m.group(1)
- source_version = m.group(2)
- if not source_version:
- source_version = files[file]["version"]
- files[file]["source package"] = source
- files[file]["source version"] = source_version
-
- # Ensure the filename matches the contents of the .deb
- m = daklib.utils.re_isadeb.match(file)
- # package name
- file_package = m.group(1)
- if files[file]["package"] != file_package:
- reject("%s: package part of filename (%s) does not match package name in the %s (%s)." % (file, file_package, files[file]["dbtype"], files[file]["package"]))
- epochless_version = daklib.utils.re_no_epoch.sub('', control.Find("Version"))
- # version
- file_version = m.group(2)
- if epochless_version != file_version:
- reject("%s: version part of filename (%s) does not match package version in the %s (%s)." % (file, file_version, files[file]["dbtype"], epochless_version))
- # architecture
- file_architecture = m.group(3)
- if files[file]["architecture"] != file_architecture:
- reject("%s: architecture part of filename (%s) does not match package architecture in the %s (%s)." % (file, file_architecture, files[file]["dbtype"], files[file]["architecture"]))
-
- # Check for existent source
- source_version = files[file]["source version"]
- source_package = files[file]["source package"]
- if changes["architecture"].has_key("source"):
- if source_version != changes["version"]:
- reject("source version (%s) for %s doesn't match changes version %s." % (source_version, file, changes["version"]))
- else:
- # Check in the SQL database
- if not Upload.source_exists(source_package, source_version, changes["distribution"].keys()):
- # Check in one of the other directories
- source_epochless_version = daklib.utils.re_no_epoch.sub('', source_version)
- dsc_filename = "%s_%s.dsc" % (source_package, source_epochless_version)
- if os.path.exists(Cnf["Dir::Queue::Byhand"] + '/' + dsc_filename):
- files[file]["byhand"] = 1
- elif os.path.exists(Cnf["Dir::Queue::New"] + '/' + dsc_filename):
- files[file]["new"] = 1
- else:
- dsc_file_exists = 0
- for myq in ["Accepted", "Embargoed", "Unembargoed", "ProposedUpdates", "OldProposedUpdates"]:
- if Cnf.has_key("Dir::Queue::%s" % (myq)):
- if os.path.exists(Cnf["Dir::Queue::"+myq] + '/' + dsc_filename):
- dsc_file_exists = 1
- break
- if not dsc_file_exists:
- reject("no source found for %s %s (%s)." % (source_package, source_version, file))
- # Check the version and for file overwrites
- reject(Upload.check_binary_against_db(file),"")
-
- check_deb_ar(file, control)
-
- # Checks for a source package...
- else:
- m = daklib.utils.re_issource.match(file)
- if m:
- has_source = 1
- files[file]["package"] = m.group(1)
- files[file]["version"] = m.group(2)
- files[file]["type"] = m.group(3)
-
- # Ensure the source package name matches the Source filed in the .changes
- if changes["source"] != files[file]["package"]:
- reject("%s: changes file doesn't say %s for Source" % (file, files[file]["package"]))
-
- # Ensure the source version matches the version in the .changes file
- if files[file]["type"] == "orig.tar.gz":
- changes_version = changes["chopversion2"]
- else:
- changes_version = changes["chopversion"]
- if changes_version != files[file]["version"]:
- reject("%s: should be %s according to changes file." % (file, changes_version))
-
- # Ensure the .changes lists source in the Architecture field
- if not changes["architecture"].has_key("source"):
- reject("%s: changes file doesn't list `source' in Architecture field." % (file))
-
- # Check the signature of a .dsc file
- if files[file]["type"] == "dsc":
- dsc["fingerprint"] = daklib.utils.check_signature(file, reject)
-
- files[file]["architecture"] = "source"
-
- # Not a binary or source package? Assume byhand...
- else:
- files[file]["byhand"] = 1
- files[file]["type"] = "byhand"
-
- # Per-suite file checks
- files[file]["oldfiles"] = {}
- for suite in changes["distribution"].keys():
- # Skip byhand
- if files[file].has_key("byhand"):
- continue