import commands, errno, fcntl, os, re, shutil, stat, sys, time, tempfile, traceback
import apt_inst, apt_pkg
-import dak.lib.database, dak.lib.queue, dak.lib.logging, dak.lib.utils
+import daklib.database
+import daklib.logging
+import daklib.queue
+import daklib.utils
from types import *
################################################################################
-re_valid_version = re.compile(r"^([0-9]+:)?[0-9A-Za-z\.\-\+:]+$")
+re_valid_version = re.compile(r"^([0-9]+:)?[0-9A-Za-z\.\-\+:~]+$")
re_valid_pkg_name = re.compile(r"^[\dA-Za-z][\dA-Za-z\+\-\.]+$")
re_changelog_versions = re.compile(r"^\w[-+0-9a-z.]+ \([^\(\) \t]+\)")
re_strip_revision = re.compile(r"-([^-]+)$")
+re_strip_srcver = re.compile(r"\s+\(\S+\)$")
+re_spacestrip = re.compile('(\s)')
################################################################################
apt_pkg.init()
Cnf = apt_pkg.newConfiguration()
- apt_pkg.ReadConfigFileISC(Cnf,dak.lib.utils.which_conf_file())
+ apt_pkg.ReadConfigFileISC(Cnf,daklib.utils.which_conf_file())
Arguments = [('a',"automatic","Dinstall::Options::Automatic"),
('h',"help","Dinstall::Options::Help"),
if Options["Help"]:
usage()
- Upload = dak.lib.queue.Queue(Cnf)
+ Upload = daklib.queue.Upload(Cnf)
changes = Upload.pkg.changes
dsc = Upload.pkg.dsc
for file in in_holding.keys():
if os.path.exists(file):
if file.find('/') != -1:
- dak.lib.utils.fubar("WTF? clean_holding() got a file ('%s') with / in it!" % (file))
+ daklib.utils.fubar("WTF? clean_holding() got a file ('%s') with / in it!" % (file))
else:
os.unlink(file)
in_holding = {}
# Parse the .changes field into a dictionary
try:
- changes.update(dak.lib.utils.parse_changes(filename))
- except dak.lib.utils.cant_open_exc:
+ changes.update(daklib.utils.parse_changes(filename))
+ except daklib.utils.cant_open_exc:
reject("%s: can't read file." % (filename))
return 0
- except dak.lib.utils.changes_parse_error_exc, line:
+ except daklib.utils.changes_parse_error_exc, line:
reject("%s: parse error, can't grok: %s." % (filename, line))
return 0
# Parse the Files field from the .changes into another dictionary
try:
- files.update(dak.lib.utils.build_file_list(changes))
- except dak.lib.utils.changes_parse_error_exc, line:
+ files.update(daklib.utils.build_file_list(changes))
+ except daklib.utils.changes_parse_error_exc, line:
reject("%s: parse error, can't grok: %s." % (filename, line))
- except dak.lib.utils.nk_format_exc, format:
+ except daklib.utils.nk_format_exc, format:
reject("%s: unknown format '%s'." % (filename, format))
return 0
reject("%s: Missing mandatory field `%s'." % (filename, i))
return 0 # Avoid <undef> errors during later tests
+ # Strip a source version in brackets from the source field
+ if re_strip_srcver.search(changes["source"]):
+ changes["source"] = re_strip_srcver.sub('', changes["source"])
+
+ # Ensure the source field is a valid package name.
+ if not re_valid_pkg_name.match(changes["source"]):
+ reject("%s: invalid source name '%s'." % (filename, changes["source"]))
+
# Split multi-value fields into a lower-level dictionary
for i in ("architecture", "distribution", "binary", "closes"):
o = changes.get(i, "")
try:
(changes["maintainer822"], changes["maintainer2047"],
changes["maintainername"], changes["maintaineremail"]) = \
- dak.lib.utils.fix_maintainer (changes["maintainer"])
- except dak.lib.utils.ParseMaintError, msg:
+ daklib.utils.fix_maintainer (changes["maintainer"])
+ except daklib.utils.ParseMaintError, msg:
reject("%s: Maintainer field ('%s') failed to parse: %s" \
% (filename, changes["maintainer"], msg))
try:
(changes["changedby822"], changes["changedby2047"],
changes["changedbyname"], changes["changedbyemail"]) = \
- dak.lib.utils.fix_maintainer (changes.get("changed-by", ""))
- except dak.lib.utils.ParseMaintError, msg:
+ daklib.utils.fix_maintainer (changes.get("changed-by", ""))
+ except daklib.utils.ParseMaintError, msg:
(changes["changedby822"], changes["changedby2047"],
changes["changedbyname"], changes["changedbyemail"]) = \
("", "", "", "")
# Ensure all the values in Closes: are numbers
if changes.has_key("closes"):
for i in changes["closes"].keys():
- if dak.lib.queue.re_isanum.match (i) == None:
+ if daklib.queue.re_isanum.match (i) == None:
reject("%s: `%s' from Closes field isn't a number." % (filename, i))
# chopversion = no epoch; chopversion2 = no epoch and no revision (e.g. for .orig.tar.gz comparison)
- changes["chopversion"] = dak.lib.utils.re_no_epoch.sub('', changes["version"])
- changes["chopversion2"] = dak.lib.utils.re_no_revision.sub('', changes["chopversion"])
+ changes["chopversion"] = daklib.utils.re_no_epoch.sub('', changes["version"])
+ changes["chopversion2"] = daklib.utils.re_no_revision.sub('', changes["chopversion"])
# Check there isn't already a changes file of the same name in one
# of the queue directories.
base_filename = os.path.basename(filename)
- for dir in [ "Accepted", "Byhand", "Done", "New" ]:
+ for dir in [ "Accepted", "Byhand", "Done", "New", "ProposedUpdates", "OldProposedUpdates" ]:
if os.path.exists(Cnf["Dir::Queue::%s" % (dir) ]+'/'+base_filename):
reject("%s: a file with this name already exists in the %s directory." % (base_filename, dir))
o control.tar.gz
o data.tar.gz or data.tar.bz2
-in that order, and nothing else. If the third member is a
-data.tar.bz2, an additional check is performed for the required
-Pre-Depends on dpkg (>= 1.10.24)."""
+in that order, and nothing else."""
cmd = "ar t %s" % (filename)
(result, output) = commands.getstatusoutput(cmd)
if result != 0:
reject("%s: 'ar t' invocation failed." % (filename))
- reject(dak.lib.utils.prefix_multi_line_string(output, " [ar output:] "), "")
+ reject(daklib.utils.prefix_multi_line_string(output, " [ar output:] "), "")
chunks = output.split('\n')
if len(chunks) != 3:
reject("%s: found %d chunks, expected 3." % (filename, len(chunks)))
reject("%s: first chunk is '%s', expected 'debian-binary'." % (filename, chunks[0]))
if chunks[1] != "control.tar.gz":
reject("%s: second chunk is '%s', expected 'control.tar.gz'." % (filename, chunks[1]))
- if chunks[2] == "data.tar.bz2":
- # Packages using bzip2 compression must have a Pre-Depends on dpkg >= 1.10.24.
- found_needed_predep = 0
- for parsed_dep in apt_pkg.ParseDepends(control.Find("Pre-Depends", "")):
- for atom in parsed_dep:
- (dep, version, constraint) = atom
- if dep != "dpkg" or (constraint != ">=" and constraint != ">>") or \
- len(parsed_dep) > 1: # or'ed deps don't count
- continue
- if (constraint == ">=" and apt_pkg.VersionCompare(version, "1.10.24") < 0) or \
- (constraint == ">>" and apt_pkg.VersionCompare(version, "1.10.23") < 0):
- continue
- found_needed_predep = 1
- if not found_needed_predep:
- reject("%s: uses bzip2 compression, but doesn't Pre-Depend on dpkg (>= 1.10.24)" % (filename))
- elif chunks[2] != "data.tar.gz":
+ if chunks[2] not in [ "data.tar.bz2", "data.tar.gz" ]:
reject("%s: third chunk is '%s', expected 'data.tar.gz' or 'data.tar.bz2'." % (filename, chunks[2]))
################################################################################
def check_files():
global reprocess
- archive = dak.lib.utils.where_am_i()
+ archive = daklib.utils.where_am_i()
file_keys = files.keys()
# if reprocess is 2 we've already done this and we're checking
for file in file_keys:
# Ensure the file does not already exist in one of the accepted directories
- for dir in [ "Accepted", "Byhand", "New" ]:
+ for dir in [ "Accepted", "Byhand", "New", "ProposedUpdates", "OldProposedUpdates", "Embargoed", "Unembargoed" ]:
+ if not Cnf.has_key("Dir::Queue::%s" % (dir)): continue
if os.path.exists(Cnf["Dir::Queue::%s" % (dir) ]+'/'+file):
reject("%s file already exists in the %s directory." % (file, dir))
- if not dak.lib.utils.re_taint_free.match(file):
+ if not daklib.utils.re_taint_free.match(file):
reject("!!WARNING!! tainted filename: '%s'." % (file))
# Check the file is readable
if os.access(file,os.R_OK) == 0:
files[file]["type"] = "unreadable"
continue
# If it's byhand skip remaining checks
- if files[file]["section"] == "byhand" or files[file]["section"] == "raw-installer":
+ if files[file]["section"] == "byhand" or files[file]["section"][:4] == "raw-":
files[file]["byhand"] = 1
files[file]["type"] = "byhand"
# Checks for a binary package...
- elif dak.lib.utils.re_isadeb.match(file):
+ elif daklib.utils.re_isadeb.match(file):
has_binaries = 1
files[file]["type"] = "deb"
# Extract package control information
- deb_file = dak.lib.utils.open_file(file)
+ deb_file = daklib.utils.open_file(file)
try:
control = apt_pkg.ParseSection(apt_inst.debExtractControl(deb_file))
except:
if depends == '':
reject("%s: Depends field is empty." % (file))
+ # Sanity-check the Provides field
+ provides = re_spacestrip.sub('', control.Find("Provides"))
+ if provides == '':
+ reject("%s: Provides field is empty." % (file))
+ prov_list = provides.split(",")
+ for prov in prov_list:
+ if not re_valid_pkg_name.match(prov):
+ reject("%s: Invalid Provides field content %s." % (file, prov))
+
+
# Check the section & priority match those given in the .changes (non-fatal)
if control.Find("Section") and files[file]["section"] != "" and files[file]["section"] != control.Find("Section"):
reject("%s control file lists section as `%s', but changes file has `%s'." % (file, control.Find("Section", ""), files[file]["section"]), "Warning: ")
source = files[file]["source"]
source_version = ""
if source.find("(") != -1:
- m = dak.lib.utils.re_extract_src_version.match(source)
+ m = daklib.utils.re_extract_src_version.match(source)
source = m.group(1)
source_version = m.group(2)
if not source_version:
files[file]["source version"] = source_version
# Ensure the filename matches the contents of the .deb
- m = dak.lib.utils.re_isadeb.match(file)
+ m = daklib.utils.re_isadeb.match(file)
# package name
file_package = m.group(1)
if files[file]["package"] != file_package:
reject("%s: package part of filename (%s) does not match package name in the %s (%s)." % (file, file_package, files[file]["dbtype"], files[file]["package"]))
- epochless_version = dak.lib.utils.re_no_epoch.sub('', control.Find("Version"))
+ epochless_version = daklib.utils.re_no_epoch.sub('', control.Find("Version"))
# version
file_version = m.group(2)
if epochless_version != file_version:
# Check in the SQL database
if not Upload.source_exists(source_package, source_version, changes["distribution"].keys()):
# Check in one of the other directories
- source_epochless_version = dak.lib.utils.re_no_epoch.sub('', source_version)
+ source_epochless_version = daklib.utils.re_no_epoch.sub('', source_version)
dsc_filename = "%s_%s.dsc" % (source_package, source_epochless_version)
if os.path.exists(Cnf["Dir::Queue::Byhand"] + '/' + dsc_filename):
files[file]["byhand"] = 1
elif os.path.exists(Cnf["Dir::Queue::New"] + '/' + dsc_filename):
files[file]["new"] = 1
- elif not os.path.exists(Cnf["Dir::Queue::Accepted"] + '/' + dsc_filename):
- reject("no source found for %s %s (%s)." % (source_package, source_version, file))
+ else:
+ dsc_file_exists = 0
+ for myq in ["Accepted", "Embargoed", "Unembargoed", "ProposedUpdates", "OldProposedUpdates"]:
+ if Cnf.has_key("Dir::Queue::%s" % (myq)):
+ if os.path.exists(Cnf["Dir::Queue::"+myq] + '/' + dsc_filename):
+ dsc_file_exists = 1
+ break
+ if not dsc_file_exists:
+ reject("no source found for %s %s (%s)." % (source_package, source_version, file))
# Check the version and for file overwrites
reject(Upload.check_binary_against_db(file),"")
# Checks for a source package...
else:
- m = dak.lib.utils.re_issource.match(file)
+ m = daklib.utils.re_issource.match(file)
if m:
has_source = 1
files[file]["package"] = m.group(1)
# Check the signature of a .dsc file
if files[file]["type"] == "dsc":
- dsc["fingerprint"] = dak.lib.utils.check_signature(file, reject)
+ dsc["fingerprint"] = daklib.utils.check_signature(file, reject)
files[file]["architecture"] = "source"
# Validate the component
component = files[file]["component"]
- component_id = dak.lib.database.get_component_id(component)
+ component_id = daklib.database.get_component_id(component)
if component_id == -1:
reject("file '%s' has unknown component '%s'." % (file, component))
continue
# Determine the location
location = Cnf["Dir::Pool"]
- location_id = dak.lib.database.get_location_id (location, component, archive)
+ location_id = daklib.database.get_location_id (location, component, archive)
if location_id == -1:
reject("[INTERNAL ERROR] couldn't determine location (Component: %s, Archive: %s)" % (component, archive))
files[file]["location id"] = location_id
# Check the md5sum & size against existing files (if any)
- files[file]["pool name"] = dak.lib.utils.poolify (changes["source"], files[file]["component"])
- files_id = dak.lib.database.get_files_id(files[file]["pool name"] + file, files[file]["size"], files[file]["md5sum"], files[file]["location id"])
+ files[file]["pool name"] = daklib.utils.poolify (changes["source"], files[file]["component"])
+ files_id = daklib.database.get_files_id(files[file]["pool name"] + file, files[file]["size"], files[file]["md5sum"], files[file]["location id"])
if files_id == -1:
reject("INTERNAL ERROR, get_files_id() returned multiple matches for %s." % (file))
elif files_id == -2:
# Parse the .dsc file
try:
- dsc.update(dak.lib.utils.parse_changes(dsc_filename, signing_rules=1))
- except dak.lib.utils.cant_open_exc:
+ dsc.update(daklib.utils.parse_changes(dsc_filename, signing_rules=1))
+ except daklib.utils.cant_open_exc:
# if not -n copy_to_holding() will have done this for us...
if Options["No-Action"]:
reject("%s: can't read file." % (dsc_filename))
- except dak.lib.utils.changes_parse_error_exc, line:
+ except daklib.utils.changes_parse_error_exc, line:
reject("%s: parse error, can't grok: %s." % (dsc_filename, line))
- except dak.lib.utils.invalid_dsc_format_exc, line:
+ except daklib.utils.invalid_dsc_format_exc, line:
reject("%s: syntax error on line %s." % (dsc_filename, line))
# Build up the file list of files mentioned by the .dsc
try:
- dsc_files.update(dak.lib.utils.build_file_list(dsc, is_a_dsc=1))
- except dak.lib.utils.no_files_exc:
+ dsc_files.update(daklib.utils.build_file_list(dsc, is_a_dsc=1))
+ except daklib.utils.no_files_exc:
reject("%s: no Files: field." % (dsc_filename))
return 0
- except dak.lib.utils.changes_parse_error_exc, line:
+ except daklib.utils.changes_parse_error_exc, line:
reject("%s: parse error, can't grok: %s." % (dsc_filename, line))
return 0
# Validate the Maintainer field
try:
- dak.lib.utils.fix_maintainer (dsc["maintainer"])
- except dak.lib.utils.ParseMaintError, msg:
+ daklib.utils.fix_maintainer (dsc["maintainer"])
+ except daklib.utils.ParseMaintError, msg:
reject("%s: Maintainer field ('%s') failed to parse: %s" \
% (dsc_filename, dsc["maintainer"], msg))
pass
# Ensure the version number in the .dsc matches the version number in the .changes
- epochless_dsc_version = dak.lib.utils.re_no_epoch.sub('', dsc["version"])
+ epochless_dsc_version = daklib.utils.re_no_epoch.sub('', dsc["version"])
changes_version = files[dsc_filename]["version"]
if epochless_dsc_version != files[dsc_filename]["version"]:
reject("version ('%s') in .dsc does not match version ('%s') in .changes." % (epochless_dsc_version, changes_version))
# Ensure there is a .tar.gz in the .dsc file
has_tar = 0
for f in dsc_files.keys():
- m = dak.lib.utils.re_issource.match(f)
+ m = daklib.utils.re_issource.match(f)
if not m:
reject("%s: %s in Files field not recognised as source." % (dsc_filename, f))
+ continue
type = m.group(3)
if type == "orig.tar.gz" or type == "tar.gz":
has_tar = 1
# Create a symlink mirror of the source files in our temporary directory
for f in files.keys():
- m = dak.lib.utils.re_issource.match(f)
+ m = daklib.utils.re_issource.match(f)
if m:
src = os.path.join(source_dir, f)
# If a file is missing for whatever reason, give up.
(result, output) = commands.getstatusoutput(cmd)
if (result != 0):
reject("'dpkg-source -x' failed for %s [return code: %s]." % (dsc_filename, result))
- reject(dak.lib.utils.prefix_multi_line_string(output, " [dpkg-source output:] "), "")
+ reject(daklib.utils.prefix_multi_line_string(output, " [dpkg-source output:] "), "")
return
if not Cnf.Find("Dir::Queue::BTSVersionTrack"):
return
# Get the upstream version
- upstr_version = dak.lib.utils.re_no_epoch.sub('', dsc["version"])
+ upstr_version = daklib.utils.re_no_epoch.sub('', dsc["version"])
if re_strip_revision.search(upstr_version):
upstr_version = re_strip_revision.sub('', upstr_version)
# Parse the changelog
dsc["bts changelog"] = ""
- changelog_file = dak.lib.utils.open_file(changelog_filename)
+ changelog_file = daklib.utils.open_file(changelog_filename)
for line in changelog_file.readlines():
m = re_changelog_versions.match(line)
if m:
shutil.rmtree(tmpdir)
except OSError, e:
if errno.errorcode[e.errno] != 'EACCES':
- dak.lib.utils.fubar("%s: couldn't remove tmp dir for source tree." % (dsc["source"]))
+ daklib.utils.fubar("%s: couldn't remove tmp dir for source tree." % (dsc["source"]))
reject("%s: source tree could not be cleanly removed." % (dsc["source"]))
# We probably have u-r or u-w directories so chmod everything
cmd = "chmod -R u+rwx %s" % (tmpdir)
result = os.system(cmd)
if result != 0:
- dak.lib.utils.fubar("'%s' failed with result %s." % (cmd, result))
+ daklib.utils.fubar("'%s' failed with result %s." % (cmd, result))
shutil.rmtree(tmpdir)
except:
- dak.lib.utils.fubar("%s: couldn't remove tmp dir for source tree." % (dsc["source"]))
+ daklib.utils.fubar("%s: couldn't remove tmp dir for source tree." % (dsc["source"]))
################################################################################
################################################################################
-def check_md5sums ():
- for file in files.keys():
+def check_hashes ():
+ # Make sure we recognise the format of the Files: field
+ format = changes.get("format", "0.0").split(".",1)
+ if len(format) == 2:
+ format = int(format[0]), int(format[1])
+ else:
+ format = int(float(format[0])), 0
+
+ check_hash(".changes", files, "md5sum", apt_pkg.md5sum)
+ check_hash(".dsc", dsc_files, "md5sum", apt_pkg.md5sum)
+
+ if format >= (1,8):
+ hashes = [("sha1", apt_pkg.sha1sum),
+ ("sha256", apt_pkg.sha256sum)]
+ else:
+ hashes = []
+
+ for x in changes:
+ if x.startswith("checksum-"):
+ h = x.split("-",1)[1]
+ if h not in dict(hashes):
+ reject("Unsupported checksum field in .changes" % (h))
+
+ for x in dsc:
+ if x.startswith("checksum-"):
+ h = x.split("-",1)[1]
+ if h not in dict(hashes):
+ reject("Unsupported checksum field in .dsc" % (h))
+
+ for h,f in hashes:
try:
- file_handle = dak.lib.utils.open_file(file)
- except dak.lib.utils.cant_open_exc:
- continue
+ fs = daklib.utils.build_file_list(changes, 0, "checksums-%s" % h, h)
+ check_hash(".changes %s" % (h), fs, h, f, files)
+ except daklib.utils.no_files_exc:
+ reject("No Checksums-%s: field in .changes file" % (h))
- # Check md5sum
- if apt_pkg.md5sum(file_handle) != files[file]["md5sum"]:
- reject("%s: md5sum check failed." % (file))
- file_handle.close()
- # Check size
- actual_size = os.stat(file)[stat.ST_SIZE]
- size = int(files[file]["size"])
- if size != actual_size:
- reject("%s: actual file size (%s) does not match size (%s) in .changes"
- % (file, actual_size, size))
+ if "source" not in changes["architecture"]: continue
+
+ try:
+ fs = daklib.utils.build_file_list(dsc, 1, "checksums-%s" % h, h)
+ check_hash(".dsc %s" % (h), fs, h, f, dsc_files)
+ except daklib.utils.no_files_exc:
+ reject("No Checksums-%s: field in .changes file" % (h))
+
+################################################################################
+
+def check_hash (where, files, key, testfn, basedict = None):
+ if basedict:
+ for file in basedict.keys():
+ if file not in files:
+ reject("%s: no %s checksum" % (file, key))
+
+ for file in files.keys():
+ if basedict and file not in basedict:
+ reject("%s: extraneous entry in %s checksums" % (file, key))
- for file in dsc_files.keys():
try:
- file_handle = dak.lib.utils.open_file(file)
- except dak.lib.utils.cant_open_exc:
+ file_handle = daklib.utils.open_file(file)
+ except daklib.utils.cant_open_exc:
continue
- # Check md5sum
- if apt_pkg.md5sum(file_handle) != dsc_files[file]["md5sum"]:
- reject("%s: md5sum check failed." % (file))
+ # Check hash
+ if testfn(file_handle) != files[file][key]:
+ reject("%s: %s check failed." % (file, key))
file_handle.close()
# Check size
actual_size = os.stat(file)[stat.ST_SIZE]
- size = int(dsc_files[file]["size"])
+ size = int(files[file]["size"])
if size != actual_size:
- reject("%s: actual file size (%s) does not match size (%s) in .dsc"
- % (file, actual_size, size))
+ reject("%s: actual file size (%s) does not match size (%s) in %s"
+ % (file, actual_size, size, where))
################################################################################
if files[filename]["type"] == "deb":
tar.reset()
try:
- deb_file = dak.lib.utils.open_file(filename)
+ deb_file = daklib.utils.open_file(filename)
apt_inst.debExtract(deb_file,tar.callback,"control.tar.gz")
deb_file.seek(0)
try:
apt_inst.debExtract(deb_file,tar.callback,"data.tar.gz")
except SystemError, e:
# If we can't find a data.tar.gz, look for data.tar.bz2 instead.
- if not re.match(r"Cannot f[ui]nd chunk data.tar.gz$", str(e)):
+ if not re.search(r"Cannot f[ui]nd chunk data.tar.gz$", str(e)):
raise
deb_file.seek(0)
apt_inst.debExtract(deb_file,tar.callback,"data.tar.bz2")
except:
reject("%s: deb contents timestamp check failed [%s: %s]" % (filename, sys.exc_type, sys.exc_value))
+################################################################################
+
+def lookup_uid_from_fingerprint(fpr):
+ q = Upload.projectB.query("SELECT u.uid, u.name FROM fingerprint f, uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr))
+ qs = q.getresult()
+ if len(qs) == 0:
+ return (None, None)
+ else:
+ return qs[0]
+
+def check_signed_by_key():
+ """Ensure the .changes is signed by an authorized uploader."""
+
+ (uid, uid_name) = lookup_uid_from_fingerprint(changes["fingerprint"])
+ if uid_name == None:
+ uid_name = ""
+
+ # match claimed name with actual name:
+ if uid == None:
+ uid, uid_email = changes["fingerprint"], uid
+ may_nmu, may_sponsor = 1, 1
+ # XXX by default new dds don't have a fingerprint/uid in the db atm,
+ # and can't get one in there if we don't allow nmu/sponsorship
+ elif uid[:3] == "dm:":
+ uid_email = uid[3:]
+ may_nmu, may_sponsor = 0, 0
+ else:
+ uid_email = "%s@debian.org" % (uid)
+ may_nmu, may_sponsor = 1, 1
+
+ if uid_email in [changes["maintaineremail"], changes["changedbyemail"]]:
+ sponsored = 0
+ elif uid_name in [changes["maintainername"], changes["changedbyname"]]:
+ sponsored = 0
+ if uid_name == "": sponsored = 1
+ else:
+ sponsored = 1
+ if ("source" in changes["architecture"] and
+ daklib.utils.is_email_alias(uid_email)):
+ sponsor_addresses = daklib.utils.gpg_get_key_addresses(changes["fingerprint"])
+ if (changes["maintaineremail"] not in sponsor_addresses and
+ changes["changedbyemail"] not in sponsor_addresses):
+ changes["sponsoremail"] = uid_email
+
+ if sponsored and not may_sponsor:
+ reject("%s is not authorised to sponsor uploads" % (uid))
+
+ if not sponsored and not may_nmu:
+ source_ids = []
+ check_suites = changes["distribution"].keys()
+ if "unstable" not in check_suites: check_suites.append("unstable")
+ for suite in check_suites:
+ suite_id = daklib.database.get_suite_id(suite)
+ q = Upload.projectB.query("SELECT s.id FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND sa.suite = %d" % (changes["source"], suite_id))
+ for si in q.getresult():
+ if si[0] not in source_ids: source_ids.append(si[0])
+
+ print "source_ids: %s" % (",".join([str(x) for x in source_ids]))
+
+ is_nmu = 1
+ for si in source_ids:
+ is_nmu = 1
+ q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT maintainer FROM src_uploaders WHERE src_uploaders.source = %s)" % (si))
+ for m in q.getresult():
+ (rfc822, rfc2047, name, email) = daklib.utils.fix_maintainer(m[0])
+ if email == uid_email or name == uid_name:
+ is_nmu=0
+ break
+ if is_nmu:
+ reject("%s may not upload/NMU source package %s" % (uid, changes["source"]))
+
+ for b in changes["binary"].keys():
+ for suite in changes["distribution"].keys():
+ suite_id = daklib.database.get_suite_id(suite)
+ q = Upload.projectB.query("SELECT DISTINCT s.source FROM source s JOIN binaries b ON (s.id = b.source) JOIN bin_associations ba On (b.id = ba.bin) WHERE b.package = '%s' AND ba.suite = %s" % (b, suite_id))
+ for s in q.getresult():
+ if s[0] != changes["source"]:
+ reject("%s may not hijack %s from source package %s in suite %s" % (uid, b, s, suite))
+
+ for file in files.keys():
+ if files[file].has_key("byhand"):
+ reject("%s may not upload BYHAND file %s" % (uid, file))
+ if files[file].has_key("new"):
+ reject("%s may not upload NEW file %s" % (uid, file))
+
+ # The remaining checks only apply to binary-only uploads right now
+ if changes["architecture"].has_key("source"):
+ return
+
+ if not Cnf.Exists("Binary-Upload-Restrictions"):
+ return
+
+ restrictions = Cnf.SubTree("Binary-Upload-Restrictions")
+
+ # If the restrictions only apply to certain components make sure
+ # that the upload is actual targeted there.
+ if restrictions.Exists("Components"):
+ restricted_components = restrictions.SubTree("Components").ValueList()
+ is_restricted = False
+ for file in files:
+ if files[file]["component"] in restricted_components:
+ is_restricted = True
+ break
+ if not is_restricted:
+ return
+
+ # Assuming binary only upload restrictions are in place we then
+ # iterate over suite and architecture checking the key is in the
+ # allowed list. If no allowed list exists for a given suite or
+ # architecture it's assumed to be open to anyone.
+ for suite in changes["distribution"].keys():
+ if not restrictions.Exists(suite):
+ continue
+ for arch in changes["architecture"].keys():
+ if not restrictions.SubTree(suite).Exists(arch):
+ continue
+ allowed_keys = restrictions.SubTree("%s::%s" % (suite, arch)).ValueList()
+ if changes["fingerprint"] not in allowed_keys:
+ base_filename = os.path.basename(pkg.changes_file)
+ reject("%s: not signed by authorised uploader for %s/%s"
+ % (base_filename, suite, arch))
+
################################################################################
################################################################################
# q-unapproved hax0ring
queue_info = {
"New": { "is": is_new, "process": acknowledge_new },
+ "Autobyhand" : { "is" : is_autobyhand, "process": do_autobyhand },
"Byhand" : { "is": is_byhand, "process": do_byhand },
+ "OldStableUpdate" : { "is": is_oldstableupdate,
+ "process": do_oldstableupdate },
+ "StableUpdate" : { "is": is_stableupdate, "process": do_stableupdate },
"Unembargo" : { "is": is_unembargo, "process": queue_unembargo },
"Embargo" : { "is": is_embargo, "process": queue_embargo },
}
- queues = [ "New", "Byhand" ]
+ queues = [ "New", "Autobyhand", "Byhand" ]
if Cnf.FindB("Dinstall::SecurityQueueHandling"):
queues += [ "Unembargo", "Embargo" ]
+ else:
+ queues += [ "OldStableUpdate", "StableUpdate" ]
(prompt, answer) = ("", "XXX")
if Options["No-Action"] or Options["Automatic"]:
answer = 'A'
while prompt.find(answer) == -1:
- answer = dak.lib.utils.our_raw_input(prompt)
- m = dak.lib.queue.re_default_answer.match(prompt)
+ answer = daklib.utils.our_raw_input(prompt)
+ m = daklib.queue.re_default_answer.match(prompt)
if answer == "":
answer = m.group(1)
answer = answer[:1].upper()
accept(summary, short_summary)
remove_from_unchecked()
elif answer == queuekey:
- queue_info[queue]["process"](summary)
+ queue_info[queue]["process"](summary, short_summary)
remove_from_unchecked()
elif answer == 'Q':
sys.exit(0)
################################################################################
def move_to_dir (dest, perms=0660, changesperms=0664):
- dak.lib.utils.move (pkg.changes_file, dest, perms=changesperms)
+ daklib.utils.move (pkg.changes_file, dest, perms=changesperms)
file_keys = files.keys()
for file in file_keys:
- dak.lib.utils.move (file, dest, perms=perms)
+ daklib.utils.move (file, dest, perms=perms)
################################################################################
if ql:
return 1
- if pkg.directory == Cnf["Dir::Queue::Disembargo"].rstrip("/"):
+ oldcwd = os.getcwd()
+ os.chdir(Cnf["Dir::Queue::Disembargo"])
+ disdir = os.getcwd()
+ os.chdir(oldcwd)
+
+ if pkg.directory == disdir:
if changes["architecture"].has_key("source"):
if Options["No-Action"]: return 1
return 0
-def queue_unembargo (summary):
+def queue_unembargo (summary, short_summary):
print "Moving to UNEMBARGOED holding area."
Logger.log(["Moving to unembargoed", pkg.changes_file])
################################################################################
def is_embargo ():
- return 0
+ # if embargoed queues are enabled always embargo
+ return 1
-def queue_embargo (summary):
+def queue_embargo (summary, short_summary):
print "Moving to EMBARGOED holding area."
Logger.log(["Moving to embargoed", pkg.changes_file])
################################################################################
+def is_stableupdate ():
+ if not changes["distribution"].has_key("proposed-updates"):
+ return 0
+
+ if not changes["architecture"].has_key("source"):
+ pusuite = daklib.database.get_suite_id("proposed-updates")
+ q = Upload.projectB.query(
+ "SELECT S.source FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.version = '%s' AND sa.suite = %d" %
+ (changes["source"], changes["version"], pusuite))
+ ql = q.getresult()
+ if ql:
+ # source is already in proposed-updates so no need to hold
+ return 0
+
+ return 1
+
+def do_stableupdate (summary, short_summary):
+ print "Moving to PROPOSED-UPDATES holding area."
+ Logger.log(["Moving to proposed-updates", pkg.changes_file]);
+
+ Upload.dump_vars(Cnf["Dir::Queue::ProposedUpdates"]);
+ move_to_dir(Cnf["Dir::Queue::ProposedUpdates"])
+
+ # Check for override disparities
+ Upload.Subst["__SUMMARY__"] = summary;
+ Upload.check_override();
+
+################################################################################
+
+def is_oldstableupdate ():
+ if not changes["distribution"].has_key("oldstable-proposed-updates"):
+ return 0
+
+ if not changes["architecture"].has_key("source"):
+ pusuite = daklib.database.get_suite_id("oldstable-proposed-updates")
+ q = Upload.projectB.query(
+ "SELECT S.source FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.version = '%s' AND sa.suite = %d" %
+ (changes["source"], changes["version"], pusuite))
+ ql = q.getresult()
+ if ql:
+ # source is already in oldstable-proposed-updates so no need to hold
+ return 0
+
+ return 1
+
+def do_oldstableupdate (summary, short_summary):
+ print "Moving to OLDSTABLE-PROPOSED-UPDATES holding area."
+ Logger.log(["Moving to oldstable-proposed-updates", pkg.changes_file]);
+
+ Upload.dump_vars(Cnf["Dir::Queue::OldProposedUpdates"]);
+ move_to_dir(Cnf["Dir::Queue::OldProposedUpdates"])
+
+ # Check for override disparities
+ Upload.Subst["__SUMMARY__"] = summary;
+ Upload.check_override();
+
+################################################################################
+
+def is_autobyhand ():
+ all_auto = 1
+ any_auto = 0
+ for file in files.keys():
+ if files[file].has_key("byhand"):
+ any_auto = 1
+
+ # filename is of form "PKG_VER_ARCH.EXT" where PKG, VER and ARCH
+ # don't contain underscores, and ARCH doesn't contain dots.
+ # further VER matches the .changes Version:, and ARCH should be in
+ # the .changes Architecture: list.
+ if file.count("_") < 2:
+ all_auto = 0
+ continue
+
+ (pkg, ver, archext) = file.split("_", 2)
+ if archext.count(".") < 1 or changes["version"] != ver:
+ all_auto = 0
+ continue
+
+ ABH = Cnf.SubTree("AutomaticByHandPackages")
+ if not ABH.has_key(pkg) or \
+ ABH["%s::Source" % (pkg)] != changes["source"]:
+ print "not match %s %s" % (pkg, changes["source"])
+ all_auto = 0
+ continue
+
+ (arch, ext) = archext.split(".", 1)
+ if arch not in changes["architecture"]:
+ all_auto = 0
+ continue
+
+ files[file]["byhand-arch"] = arch
+ files[file]["byhand-script"] = ABH["%s::Script" % (pkg)]
+
+ return any_auto and all_auto
+
+def do_autobyhand (summary, short_summary):
+ print "Attempting AUTOBYHAND."
+ byhandleft = 0
+ for file in files.keys():
+ byhandfile = file
+ if not files[file].has_key("byhand"):
+ continue
+ if not files[file].has_key("byhand-script"):
+ byhandleft = 1
+ continue
+
+ os.system("ls -l %s" % byhandfile)
+ result = os.system("%s %s %s %s %s" % (
+ files[file]["byhand-script"], byhandfile,
+ changes["version"], files[file]["byhand-arch"],
+ os.path.abspath(pkg.changes_file)))
+ if result == 0:
+ os.unlink(byhandfile)
+ del files[file]
+ else:
+ print "Error processing %s, left as byhand." % (file)
+ byhandleft = 1
+
+ if byhandleft:
+ do_byhand(summary, short_summary)
+ else:
+ accept(summary, short_summary)
+
+################################################################################
+
def is_byhand ():
for file in files.keys():
if files[file].has_key("byhand"):
return 1
return 0
-def do_byhand (summary):
+def do_byhand (summary, short_summary):
print "Moving to BYHAND holding area."
Logger.log(["Moving to byhand", pkg.changes_file])
return 1
return 0
-def acknowledge_new (summary):
+def acknowledge_new (summary, short_summary):
Subst = Upload.Subst
print "Moving to NEW holding area."
if not Options["No-Mail"]:
print "Sending new ack."
Subst["__SUMMARY__"] = summary
- new_ack_message = dak.lib.utils.TemplateSubst(Subst,Cnf["Dir::Templates"]+"/process-unchecked.new")
- dak.lib.utils.send_mail(new_ack_message)
+ new_ack_message = daklib.utils.TemplateSubst(Subst,Cnf["Dir::Templates"]+"/process-unchecked.new")
+ daklib.utils.send_mail(new_ack_message)
################################################################################
# Relativize the filename so we use the copy in holding
# rather than the original...
pkg.changes_file = os.path.basename(pkg.changes_file)
- changes["fingerprint"] = dak.lib.utils.check_signature(pkg.changes_file, reject)
+ changes["fingerprint"] = daklib.utils.check_signature(pkg.changes_file, reject)
if changes["fingerprint"]:
valid_changes_p = check_changes()
else:
valid_dsc_p = check_dsc()
if valid_dsc_p:
check_source()
- check_md5sums()
+ check_hashes()
check_urgency()
check_timestamps()
+ check_signed_by_key()
Upload.update_subst(reject_message)
action()
except SystemExit:
# Ensure all the arguments we were given are .changes files
for file in changes_files:
if not file.endswith(".changes"):
- dak.lib.utils.warn("Ignoring '%s' because it's not a .changes file." % (file))
+ daklib.utils.warn("Ignoring '%s' because it's not a .changes file." % (file))
changes_files.remove(file)
if changes_files == []:
- dak.lib.utils.fubar("Need at least one .changes file as an argument.")
+ daklib.utils.fubar("Need at least one .changes file as an argument.")
# Check that we aren't going to clash with the daily cron job
if not Options["No-Action"] and os.path.exists("%s/daily.lock" % (Cnf["Dir::Lock"])) and not Options["No-Lock"]:
- dak.lib.utils.fubar("Archive maintenance in progress. Try again later.")
+ daklib.utils.fubar("Archive maintenance in progress. Try again later.")
# Obtain lock if not in no-action mode and initialize the log
fcntl.lockf(lock_fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
except IOError, e:
if errno.errorcode[e.errno] == 'EACCES' or errno.errorcode[e.errno] == 'EAGAIN':
- dak.lib.utils.fubar("Couldn't obtain lock; assuming another 'dak process-unchecked' is already running.")
+ daklib.utils.fubar("Couldn't obtain lock; assuming another 'dak process-unchecked' is already running.")
else:
raise
- Logger = Upload.Logger = dak.lib.logging.Logger(Cnf, "process-unchecked")
+ Logger = Upload.Logger = daklib.logging.Logger(Cnf, "process-unchecked")
# debian-{devel-,}-changes@lists.debian.org toggles writes access based on this header
- bcc = "X-DAK: dak process-unchecked\nX-Katie: this header is obsolete"
+ bcc = "X-DAK: dak process-unchecked\nX-Katie: $Revision: 1.65 $"
if Cnf.has_key("Dinstall::Bcc"):
Upload.Subst["__BCC__"] = bcc + "\nBcc: %s" % (Cnf["Dinstall::Bcc"])
else:
# Sort the .changes files so that we process sourceful ones first
- changes_files.sort(dak.lib.utils.changes_compare)
+ changes_files.sort(daklib.utils.changes_compare)
# Process the changes files
for changes_file in changes_files:
sets = "set"
if accept_count > 1:
sets = "sets"
- print "Accepted %d package %s, %s." % (accept_count, sets, dak.lib.utils.size_type(int(accept_bytes)))
+ print "Accepted %d package %s, %s." % (accept_count, sets, daklib.utils.size_type(int(accept_bytes)))
Logger.log(["total",accept_count,accept_bytes])
if not Options["No-Action"]:
projects / dak.git / blobdiff