################################################################################
def lookup_uid_from_fingerprint(fpr):
- q = Upload.projectB.query("SELECT u.uid, u.name FROM fingerprint f, uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr))
+ q = Upload.projectB.query("SELECT u.uid, u.name, k.debian_maintainer FROM fingerprint f JOIN keyrings k ON (f.keyring=k.id), uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr))
qs = q.getresult()
if len(qs) == 0:
return (None, None)
def check_signed_by_key():
"""Ensure the .changes is signed by an authorized uploader."""
- (uid, uid_name) = lookup_uid_from_fingerprint(changes["fingerprint"])
+ (uid, uid_name, is_dm) = lookup_uid_from_fingerprint(changes["fingerprint"])
if uid_name == None:
uid_name = ""
may_nmu, may_sponsor = 1, 1
# XXX by default new dds don't have a fingerprint/uid in the db atm,
# and can't get one in there if we don't allow nmu/sponsorship
- elif uid[:3] == "dm:":
- uid_email = uid[3:]
+ elif is_dm is "t":
+ uid_email = uid
may_nmu, may_sponsor = 0, 0
else:
uid_email = "%s@debian.org" % (uid)
if not sponsored and not may_nmu:
source_ids = []
- check_suites = changes["distribution"].keys()
- if "unstable" not in check_suites: check_suites.append("unstable")
- for suite in check_suites:
- suite_id = database.get_suite_id(suite)
- q = Upload.projectB.query("SELECT s.id FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND sa.suite = %d" % (changes["source"], suite_id))
- for si in q.getresult():
- if si[0] not in source_ids: source_ids.append(si[0])
-
- is_nmu = 1
- for si in source_ids:
- is_nmu = 1
- q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT maintainer FROM src_uploaders WHERE src_uploaders.source = %s)" % (si))
+ q = Upload.projectB.query("SELECT s.id, s.version FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.dm_upload_allowed = 'yes'" % (changes["source"]))
+
+ highest_sid, highest_version = None, None
+
+ should_reject = True
+ for si in q.getresult():
+ if highest_version == None or apt_pkg.VersionCompare(si[1], highest_version) == 1:
+ highest_sid = si[0]
+ highest_version = si[1]
+
+ if highest_sid == None:
+ reject("Source package %s does not have 'DM-Upload-Allowed: yes' in its most recent version" % changes["source"])
+ else:
+ q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT su.maintainer FROM src_uploaders su JOIN source s ON (s.id = su.source) WHERE su.source = %s)" % (highest_sid))
for m in q.getresult():
(rfc822, rfc2047, name, email) = utils.fix_maintainer(m[0])
if email == uid_email or name == uid_name:
- is_nmu=0
+ should_reject=False
break
- if is_nmu:
- reject("%s may not upload/NMU source package %s" % (uid, changes["source"]))
+
+ if should_reject == True:
+ reject("%s is not in Maintainer or Uploaders of source package %s" % (uid, changes["source"]))
for b in changes["binary"].keys():
for suite in changes["distribution"].keys():