]> git.decadent.org.uk Git - dak.git/blobdiff - dak/process_unchecked.py
* process_unchecked.py: Add support for automatic BYHAND
[dak.git] / dak / process_unchecked.py
index 9b1b48671177773ddab7bb8606fba61fc9804883..77e5f00af52b5e5d62e5c7fc422f92a67ac3b7fb 100755 (executable)
@@ -39,10 +39,11 @@ from types import *
 
 ################################################################################
 
-re_valid_version = re.compile(r"^([0-9]+:)?[0-9A-Za-z\.\-\+:]+$")
+re_valid_version = re.compile(r"^([0-9]+:)?[0-9A-Za-z\.\-\+:~]+$")
 re_valid_pkg_name = re.compile(r"^[\dA-Za-z][\dA-Za-z\+\-\.]+$")
 re_changelog_versions = re.compile(r"^\w[-+0-9a-z.]+ \([^\(\) \t]+\)")
 re_strip_revision = re.compile(r"-([^-]+)$")
+re_strip_srcver = re.compile(r"\s+\(\S+\)$")
 
 ################################################################################
 
@@ -202,6 +203,14 @@ def check_changes():
             reject("%s: Missing mandatory field `%s'." % (filename, i))
             return 0    # Avoid <undef> errors during later tests
 
+    # Strip a source version in brackets from the source field
+    if re_strip_srcver.search(changes["source"]):
+       changes["source"] = re_strip_srcver.sub('', changes["source"])
+
+    # Ensure the source field is a valid package name.
+    if not re_valid_pkg_name.match(changes["source"]):
+        reject("%s: invalid source name '%s'." % (filename, changes["source"]))
+
     # Split multi-value fields into a lower-level dictionary
     for i in ("architecture", "distribution", "binary", "closes"):
         o = changes.get(i, "")
@@ -246,7 +255,7 @@ def check_changes():
     # Check there isn't already a changes file of the same name in one
     # of the queue directories.
     base_filename = os.path.basename(filename)
-    for dir in [ "Accepted", "Byhand", "Done", "New", "ProposedUpdates" ]:
+    for dir in [ "Accepted", "Byhand", "Done", "New", "ProposedUpdates", "OldProposedUpdates" ]:
         if os.path.exists(Cnf["Dir::Queue::%s" % (dir) ]+'/'+base_filename):
             reject("%s: a file with this name already exists in the %s directory." % (base_filename, dir))
 
@@ -395,7 +404,7 @@ def check_files():
 
     for file in file_keys:
         # Ensure the file does not already exist in one of the accepted directories
-        for dir in [ "Accepted", "Byhand", "New", "ProposedUpdates" ]:
+        for dir in [ "Accepted", "Byhand", "New", "ProposedUpdates", "OldProposedUpdates" ]:
             if os.path.exists(Cnf["Dir::Queue::%s" % (dir) ]+'/'+file):
                 reject("%s file already exists in the %s directory." % (file, dir))
         if not daklib.utils.re_taint_free.match(file):
@@ -531,7 +540,7 @@ def check_files():
                         files[file]["new"] = 1
                     else:
                        dsc_file_exists = 0
-                        for myq in ["Accepted", "Embargoed", "Unembargoed", "ProposedUpdates"]:
+                        for myq in ["Accepted", "Embargoed", "Unembargoed", "ProposedUpdates", "OldProposedUpdates"]:
                            if Cnf.has_key("Dir::Queue::%s" % (myq)):
                                if os.path.exists(Cnf["Dir::Queue::"+myq] + '/' + dsc_filename):
                                    dsc_file_exists = 1
@@ -978,7 +987,7 @@ def check_timestamps():
                     apt_inst.debExtract(deb_file,tar.callback,"data.tar.gz")
                 except SystemError, e:
                     # If we can't find a data.tar.gz, look for data.tar.bz2 instead.
-                    if not re.match(r"Cannot f[ui]nd chunk data.tar.gz$", str(e)):
+                    if not re.search(r"Cannot f[ui]nd chunk data.tar.gz$", str(e)):
                         raise
                     deb_file.seek(0)
                     apt_inst.debExtract(deb_file,tar.callback,"data.tar.bz2")
@@ -1004,6 +1013,48 @@ def check_timestamps():
             except:
                 reject("%s: deb contents timestamp check failed [%s: %s]" % (filename, sys.exc_type, sys.exc_value))
 
+################################################################################
+
+def check_signed_by_key():
+    """Ensure the .changes is signed by an authorized uploader."""
+
+    # We only check binary-only uploads right now
+    if changes["architecture"].has_key("source"):
+        return
+
+    if not Cnf.Exists("Binary-Upload-Restrictions"):
+        return
+
+    restrictions = Cnf.SubTree("Binary-Upload-Restrictions")
+
+    # If the restrictions only apply to certain components make sure
+    # that the upload is actual targeted there.
+    if restrictions.Exists("Components"):
+        restricted_components = restrictions.SubTree("Components").ValueList()
+        is_restricted = False
+        for file in files:
+            if files[file]["component"] in restricted_components:
+                is_restricted = True
+                break
+        if not is_restricted:
+            return
+
+    # Assuming binary only upload restrictions are in place we then
+    # iterate over suite and architecture checking the key is in the
+    # allowed list.  If no allowed list exists for a given suite or
+    # architecture it's assumed to be open to anyone.
+    for suite in changes["distribution"].keys():
+        if not restrictions.Exists(suite):
+            continue
+        for arch in changes["architecture"].keys():
+            if not restrictions.SubTree(suite).Exists(arch):
+                continue
+            allowed_keys = restrictions.SubTree("%s::%s" % (suite, arch)).ValueList()
+            if changes["fingerprint"] not in allowed_keys:
+                base_filename = os.path.basename(pkg.changes_file)
+                reject("%s: not signed by authorised uploader for %s/%s"
+                       % (base_filename, suite, arch))
+
 ################################################################################
 ################################################################################
 
@@ -1042,16 +1093,19 @@ def action ():
     # q-unapproved hax0ring
     queue_info = {
          "New": { "is": is_new, "process": acknowledge_new },
+        "Autobyhand" : { "is" : is_autobyhand, "process": do_autobyhand },
          "Byhand" : { "is": is_byhand, "process": do_byhand },
+         "OldStableUpdate" : { "is": is_oldstableupdate, 
+                               "process": do_oldstableupdate },
          "StableUpdate" : { "is": is_stableupdate, "process": do_stableupdate },
          "Unembargo" : { "is": is_unembargo, "process": queue_unembargo },
          "Embargo" : { "is": is_embargo, "process": queue_embargo },
     }
-    queues = [ "New", "Byhand" ]
+    queues = [ "New", "Autobyhand", "Byhand" ]
     if Cnf.FindB("Dinstall::SecurityQueueHandling"):
         queues += [ "Unembargo", "Embargo" ]
     else:
-        queues += [ "StableUpdate" ]
+        queues += [ "OldStableUpdate", "StableUpdate" ]
 
     (prompt, answer) = ("", "XXX")
     if Options["No-Action"] or Options["Automatic"]:
@@ -1106,7 +1160,7 @@ def action ():
         accept(summary, short_summary)
         remove_from_unchecked()
     elif answer == queuekey:
-        queue_info[queue]["process"](summary)
+        queue_info[queue]["process"](summary, short_summary)
         remove_from_unchecked()
     elif answer == 'Q':
         sys.exit(0)
@@ -1157,7 +1211,7 @@ def is_unembargo ():
 
     return 0
 
-def queue_unembargo (summary):
+def queue_unembargo (summary, short_summary):
     print "Moving to UNEMBARGOED holding area."
     Logger.log(["Moving to unembargoed", pkg.changes_file])
 
@@ -1174,7 +1228,7 @@ def queue_unembargo (summary):
 def is_embargo ():
     return 0
 
-def queue_embargo (summary):
+def queue_embargo (summary, short_summary):
     print "Moving to EMBARGOED holding area."
     Logger.log(["Moving to embargoed", pkg.changes_file])
 
@@ -1189,11 +1243,22 @@ def queue_embargo (summary):
 ################################################################################
 
 def is_stableupdate ():
-    if changes["distribution"].has_key("proposed-updates"):
-       return 1
-    return 0
+    if not changes["distribution"].has_key("proposed-updates"):
+       return 0
+
+    if not changes["architecture"].has_key("source"):
+        pusuite = daklib.database.get_suite_id("proposed-updates")
+        q = Upload.projectB.query(
+          "SELECT S.source FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.version = '%s' AND sa.suite = %d" % 
+          (changes["source"], changes["version"], pusuite))
+        ql = q.getresult()
+        if ql:
+            # source is already in proposed-updates so no need to hold
+            return 0
 
-def do_stableupdate (summary):
+    return 1
+
+def do_stableupdate (summary, short_summary):
     print "Moving to PROPOSED-UPDATES holding area."
     Logger.log(["Moving to proposed-updates", pkg.changes_file]);
 
@@ -1206,13 +1271,100 @@ def do_stableupdate (summary):
 
 ################################################################################
 
+def is_oldstableupdate ():
+    if not changes["distribution"].has_key("oldstable-proposed-updates"):
+       return 0
+
+    if not changes["architecture"].has_key("source"):
+        pusuite = daklib.database.get_suite_id("oldstable-proposed-updates")
+        q = Upload.projectB.query(
+          "SELECT S.source FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.version = '%s' AND sa.suite = %d" % 
+          (changes["source"], changes["version"], pusuite))
+        ql = q.getresult()
+        if ql:
+            # source is already in oldstable-proposed-updates so no need to hold
+            return 0
+
+    return 1
+
+def do_oldstableupdate (summary, short_summary):
+    print "Moving to OLDSTABLE-PROPOSED-UPDATES holding area."
+    Logger.log(["Moving to oldstable-proposed-updates", pkg.changes_file]);
+
+    Upload.dump_vars(Cnf["Dir::Queue::OldProposedUpdates"]);
+    move_to_dir(Cnf["Dir::Queue::OldProposedUpdates"])
+
+    # Check for override disparities
+    Upload.Subst["__SUMMARY__"] = summary;
+    Upload.check_override();
+
+################################################################################
+
+def is_autobyhand ():
+    all_auto = 1
+    any_auto = 0
+    for file in files.keys():
+        if files[file].has_key("byhand"):
+           any_auto = 1
+
+           # filename is of form "PKG_VER_ARCH.EXT" where PKG, VER and ARCH
+           # don't contain underscores, and ARCH doesn't contain dots.
+           # further VER matches the .changes Version:, and ARCH should be in
+           # the .changes Architecture: list.
+           if file.count("_") < 2:
+               all_auto = 0
+               continue
+       
+           (pkg, ver, archext) = file.split("_", 2)
+           if archext.count(".") < 1 or changes["version"] != ver:
+               all_auto = 0
+               continue
+
+           ABH = Cnf.SubTree("AutomaticByHandPackages")
+           if not ABH.has_key(pkg) or \
+             ABH["%s::Source" % (pkg)] != changes["source"]:
+               print "not match %s %s" % (pkg, changes["source"])
+               all_auto = 0
+               continue
+
+           (arch, ext) = archext.split(".", 1)
+           if arch not in changes["architecture"]:
+               all_auto = 0
+               continue
+
+           files[file]["byhand-arch"] = arch
+           files[file]["byhand-script"] = ABH["%s::Script" % (pkg)]
+
+    return any_auto and all_auto
+
+def do_autobyhand (summary, short_summary):
+    print "Accepting AUTOBYHAND."
+    for file in files.keys():
+       byhandfile = file
+        if not files[file].has_key("byhand-script"):
+           # problem!
+           pass
+       else:
+           os.system("ls -l %s" % byhandfile)
+            result = os.system("%s %s %s %s" % (
+               files[file]["byhand-script"], byhandfile, 
+               changes["version"], files[file]["byhand-arch"]))
+           if result != 0:
+               print "error?"
+       os.unlink(byhandfile)
+       del files[file]
+
+    accept(summary, short_summary)
+
+################################################################################
+
 def is_byhand ():
     for file in files.keys():
         if files[file].has_key("byhand"):
             return 1
     return 0
 
-def do_byhand (summary):
+def do_byhand (summary, short_summary):
     print "Moving to BYHAND holding area."
     Logger.log(["Moving to byhand", pkg.changes_file])
 
@@ -1231,7 +1383,7 @@ def is_new ():
             return 1
     return 0
 
-def acknowledge_new (summary):
+def acknowledge_new (summary, short_summary):
     Subst = Upload.Subst
 
     print "Moving to NEW holding area."
@@ -1300,6 +1452,7 @@ def process_it (changes_file):
                 check_md5sums()
                 check_urgency()
                 check_timestamps()
+                check_signed_by_key()
         Upload.update_subst(reject_message)
         action()
     except SystemExit: