Merge commit 'buxy/bugfixes' into merge

[dak.git] / dak / process_unchecked.py

diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py
index 8f9857f411660ec286c3388e76d8e2d3d98aefb6..5fce9fa98b9a403e02908ac4c85b2deb0f6af885 100755 (executable)
--- a/dak/process_unchecked.py
+++ b/dak/process_unchecked.py
@@ -437,6 +437,15 @@ def check_files():
                 deb_file.close()
                 # Can't continue, none of the checks on control would work.
                 continue
+
+            # Check for mandantory "Description:"
+            deb_file.seek ( 0 )
+            try:
+                apt_pkg.ParseSection(apt_inst.debExtractControl(deb_file))["Description"] + '\n'
+            except:
+                reject("%s: Missing Description in binary package" % (f))
+                continue
+
             deb_file.close()
 
             # Check for mandatory fields
@@ -1003,10 +1012,10 @@ def lookup_uid_from_fingerprint(fpr):
     """
     Return the uid,name,isdm for a given gpg fingerprint
 
-    @ptype fpr: string
+    @type fpr: string
     @param fpr: a 40 byte GPG fingerprint
 
-    @return (uid, name, isdm)
+    @return: (uid, name, isdm)
     """
     cursor = DBConn().cursor()
     cursor.execute( "SELECT u.uid, u.name, k.debian_maintainer FROM fingerprint f JOIN keyrings k ON (f.keyring=k.id), uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr))
@@ -1014,7 +1023,7 @@ def lookup_uid_from_fingerprint(fpr):
     if qs:
         return qs
     else:
-        return (None, None, None)
+        return (None, None, False)
 
 def check_signed_by_key():
     """Ensure the .changes is signed by an authorized uploader."""
@@ -1024,17 +1033,22 @@ def check_signed_by_key():
         uid_name = ""
 
     # match claimed name with actual name:
-    if uid == None:
+    if uid is None:
+        # This is fundamentally broken but need us to refactor how we get
+        # the UIDs/Fingerprints in order for us to fix it properly
         uid, uid_email = changes["fingerprint"], uid
         may_nmu, may_sponsor = 1, 1
         # XXX by default new dds don't have a fingerprint/uid in the db atm,
         #     and can't get one in there if we don't allow nmu/sponsorship
-    elif is_dm is "t":
-        uid_email = uid
-        may_nmu, may_sponsor = 0, 0
-    else:
+    elif is_dm is False:
+        # If is_dm is False, we allow full upload rights
         uid_email = "%s@debian.org" % (uid)
         may_nmu, may_sponsor = 1, 1
+    else:
+        # Assume limited upload rights unless we've discovered otherwise
+        uid_email = uid
+        may_nmu, may_sponsor = 0, 0
+
 
     if uid_email in [changes["maintaineremail"], changes["changedbyemail"]]:
         sponsored = 0
@@ -1053,6 +1067,7 @@ def check_signed_by_key():
     if sponsored and not may_sponsor:
         reject("%s is not authorised to sponsor uploads" % (uid))
 
+    cursor = DBConn().cursor()
     if not sponsored and not may_nmu:
         source_ids = []
         cursor.execute( "SELECT s.id, s.version FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = %(source)s AND s.dm_upload_allowed = 'yes'", changes )
@@ -1477,7 +1492,7 @@ def acknowledge_new (summary, short_summary):
     Logger.log(["Moving to new", pkg.changes_file])
 
     Upload.dump_vars(Cnf["Dir::Queue::New"])
-    move_to_dir(Cnf["Dir::Queue::New"])
+    move_to_dir(Cnf["Dir::Queue::New"], perms=0640, changesperms=0644)
 
     if not Options["No-Mail"]:
         print "Sending new ack."