import daklib.utils
from types import *
-from syck import *
-
################################################################################
################################################################################
-def check_md5sums ():
- for file in files.keys():
+def check_hashes ():
+ # Make sure we recognise the format of the Files: field
+ format = changes.get("format", "0.0").split(".",1)
+ if len(format) == 2:
+ format = int(format[0]), int(format[1])
+ else:
+ format = int(float(format[0])), 0
+
+ check_hash(".changes", files, "md5sum", apt_pkg.md5sum)
+ check_hash(".dsc", dsc_files, "md5sum", apt_pkg.md5sum)
+
+ if format >= (1,8):
+ hashes = [("sha1", apt_pkg.sha1sum),
+ ("sha256", apt_pkg.sha256sum)]
+ else:
+ hashes = []
+
+ for x in changes:
+ if x.startswith("checksum-"):
+ h = x.split("-",1)[1]
+ if h not in dict(hashes):
+ reject("Unsupported checksum field in .changes" % (h))
+
+ for x in dsc:
+ if x.startswith("checksum-"):
+ h = x.split("-",1)[1]
+ if h not in dict(hashes):
+ reject("Unsupported checksum field in .dsc" % (h))
+
+ for h,f in hashes:
try:
- file_handle = daklib.utils.open_file(file)
- except daklib.utils.cant_open_exc:
- continue
+ fs = daklib.utils.build_file_list(changes, 0, "checksums-%s" % h, h)
+ check_hash(".changes %s" % (h), fs, h, f, files)
+ except daklib.utils.no_files_exc:
+ reject("No Checksums-%s: field in .changes file" % (h))
- # Check md5sum
- if apt_pkg.md5sum(file_handle) != files[file]["md5sum"]:
- reject("%s: md5sum check failed." % (file))
- file_handle.close()
- # Check size
- actual_size = os.stat(file)[stat.ST_SIZE]
- size = int(files[file]["size"])
- if size != actual_size:
- reject("%s: actual file size (%s) does not match size (%s) in .changes"
- % (file, actual_size, size))
+ if "source" not in changes["architecture"]: continue
+
+ try:
+ fs = daklib.utils.build_file_list(dsc, 1, "checksums-%s" % h, h)
+ check_hash(".dsc %s" % (h), fs, h, f, dsc_files)
+ except daklib.utils.no_files_exc:
+ reject("No Checksums-%s: field in .changes file" % (h))
+
+################################################################################
+
+def check_hash (where, files, key, testfn, basedict = None):
+ if basedict:
+ for file in basedict.keys():
+ if file not in files:
+ reject("%s: no %s checksum" % (file, key))
+
+ for file in files.keys():
+ if basedict and file not in basedict:
+ reject("%s: extraneous entry in %s checksums" % (file, key))
- for file in dsc_files.keys():
try:
file_handle = daklib.utils.open_file(file)
except daklib.utils.cant_open_exc:
continue
- # Check md5sum
- if apt_pkg.md5sum(file_handle) != dsc_files[file]["md5sum"]:
- reject("%s: md5sum check failed." % (file))
+ # Check hash
+ if testfn(file_handle) != files[file][key]:
+ reject("%s: %s check failed." % (file, key))
file_handle.close()
# Check size
actual_size = os.stat(file)[stat.ST_SIZE]
- size = int(dsc_files[file]["size"])
+ size = int(files[file]["size"])
if size != actual_size:
- reject("%s: actual file size (%s) does not match size (%s) in .dsc"
- % (file, actual_size, size))
+ reject("%s: actual file size (%s) does not match size (%s) in %s"
+ % (file, actual_size, size, where))
################################################################################
except:
reject("%s: deb contents timestamp check failed [%s: %s]" % (filename, sys.exc_type, sys.exc_value))
-################################################################################
-################################################################################
-
-# We reject packages if the release team defined a transition for them
-def check_transition(sourcepkg):
-
- # Only check if there is a file defined (and existant) with checks. It's a little bit
- # specific to Debian, not much use for others, so return early there.
- if not Cnf.has_key("Dinstall::Reject::ReleaseTransitions") or not os.path.exists("%s" % (Cnf["Dinstall::Reject::ReleaseTransitions"])):
- return
-
- # Parse the yaml file
- sourcefile = file(Cnf["Dinstall::Reject::ReleaseTransitions"], 'r')
- sourcecontent = sourcefile.read()
- try:
- transitions = load(sourcecontent)
- except error, msg:
- # This shouldn't happen, the release team has a wrapper to check the file, but better
- # safe then sorry
- daklib.utils.warn("Not checking transitions, the transitions file is broken: %s." % (msg))
- return
-
- # Now look through all defined transitions
- for trans in transitions:
- t = transitions[trans]
- source = t["source"]
- new_vers = t["new"]
-
- # Will be None if nothing is in testing.
- curvers = daklib.database.get_testing_version(source)
- if not curvers == None:
- compare = apt_pkg.VersionCompare(curvers, new_vers)
-
- if curvers == None or compare < 0:
- # This is still valid, the current version in testing is older than
- # the new version we wait for, or there is none in testing yet
-
- # Check if the source we look at is affected by this.
- if sourcepkg in t['packages']:
- # The source is affected, lets reject it.
- reject("""%s: part of the %s transition.
-
- Your package is part of a testing transition to get %s migrated.
-
- Transition description: %s
-
- This transition will finish when %s, version %s, reaches testing (it currently
- has version %s).
- This transition is managed by the Release Team and %s
- is the Release-Team member responsible for it.
- Please contact them or debian-release@lists.debian.org if you
- need further assistance.
- """
- % (sourcepkg, trans, source, t["reason"], source, new_vers, curvers, t["rm"]))
- return 0
-
################################################################################
def lookup_uid_from_fingerprint(fpr):
valid_dsc_p = check_dsc()
if valid_dsc_p:
check_source()
- check_md5sums()
+ check_hashes()
check_urgency()
check_timestamps()
check_signed_by_key()
- if changes["architecture"].has_key("source"):
- check_transition(changes["source"])
Upload.update_subst(reject_message)
action()
except SystemExit: