# Ensure the architecture of the .deb is one we know about.
default_suite = Cnf.get("Dinstall::DefaultSuite", "Unstable")
architecture = control.Find("Architecture")
- if architecture not in Cnf.ValueList("Suite::%s::Architectures" % (default_suite)):
+ upload_suite = changes["distribution"].keys()[0]
+ if architecture not in Cnf.ValueList("Suite::%s::Architectures" % (default_suite)) and architecture not in Cnf.ValueList("Suite::%s::Architectures" % (upload_suite)):
reject("Unknown architecture '%s'." % (architecture))
# Ensure the architecture of the .deb is one of the ones
################################################################################
def check_hashes ():
- utils.check_hash(".changes", files, "md5sum", apt_pkg.md5sum)
- utils.check_hash(".dsc", dsc_files, "md5sum", apt_pkg.md5sum)
+ utils.check_hash(".changes", files, "md5", apt_pkg.md5sum)
+ utils.check_size(".changes", files)
+ utils.check_hash(".dsc", dsc_files, "md5", apt_pkg.md5sum)
+ utils.check_size(".dsc", dsc_files)
# This is stupid API, but it'll have to do for now until
# we actually have proper abstraction
for si in q.getresult():
if si[0] not in source_ids: source_ids.append(si[0])
- print "source_ids: %s" % (",".join([str(x) for x in source_ids]))
-
is_nmu = 1
for si in source_ids:
is_nmu = 1
if files[f].has_key("new"):
reject("%s may not upload NEW file %s" % (uid, f))
- # The remaining checks only apply to binary-only uploads right now
- if changes["architecture"].has_key("source"):
- return
-
- if not Cnf.Exists("Binary-Upload-Restrictions"):
- return
-
- restrictions = Cnf.SubTree("Binary-Upload-Restrictions")
-
- # If the restrictions only apply to certain components make sure
- # that the upload is actual targeted there.
- if restrictions.Exists("Components"):
- restricted_components = restrictions.SubTree("Components").ValueList()
- is_restricted = False
- for f in files:
- if files[f]["component"] in restricted_components:
- is_restricted = True
- break
- if not is_restricted:
- return
-
- # Assuming binary only upload restrictions are in place we then
- # iterate over suite and architecture checking the key is in the
- # allowed list. If no allowed list exists for a given suite or
- # architecture it's assumed to be open to anyone.
- for suite in changes["distribution"].keys():
- if not restrictions.Exists(suite):
- continue
- for arch in changes["architecture"].keys():
- if not restrictions.SubTree(suite).Exists(arch):
- continue
- allowed_keys = restrictions.SubTree("%s::%s" % (suite, arch)).ValueList()
- if changes["fingerprint"] not in allowed_keys:
- base_filename = os.path.basename(pkg.changes_file)
- reject("%s: not signed by authorised uploader for %s/%s"
- % (base_filename, suite, arch))
################################################################################
################################################################################