]> git.decadent.org.uk Git - dak.git/blobdiff - daklib/archive.py
daklib/archive.py: change permissions for copied .changes and byhand files
[dak.git] / daklib / archive.py
index fdd7cd7d1f9419056d4f63b8266573ab6b5a6079..0f3a316e79f4f9a0c41959098cd6bccd422959ab 100644 (file)
@@ -623,11 +623,12 @@ class ArchiveUpload(object):
         cnf = Config()
         session = self.transaction.session
 
-        self.directory = tempfile.mkdtemp(dir=cnf.get('Dir::TempPath'))
+        self.directory = utils.temp_dirname(parent=cnf.get('Dir::TempPath'),
+                                            mode=0o2750, group=cnf.unprivgroup)
         with FilesystemTransaction() as fs:
             src = os.path.join(self.original_directory, self.original_changes.filename)
             dst = os.path.join(self.directory, self.original_changes.filename)
-            fs.copy(src, dst)
+            fs.copy(src, dst, mode=0o640)
 
             self.changes = upload.Changes(self.directory, self.original_changes.filename, self.keyrings)
 
@@ -636,7 +637,7 @@ class ArchiveUpload(object):
                 dst = os.path.join(self.directory, f.filename)
                 if not os.path.exists(src):
                     continue
-                fs.copy(src, dst)
+                fs.copy(src, dst, mode=0o640)
 
             source = self.changes.source
             if source is not None:
@@ -860,6 +861,7 @@ class ArchiveUpload(object):
                     checks.SignatureCheck,
                     checks.ChangesCheck,
                     checks.HashesCheck,
+                    checks.ExternalHashesCheck,
                     checks.SourceCheck,
                     checks.BinaryCheck,
                     checks.BinaryTimestampCheck,
@@ -876,7 +878,6 @@ class ArchiveUpload(object):
 
             for chk in (
                     checks.TransitionCheck,
-                    checks.UploadBlockCheck,
                     checks.ACLCheck,
                     checks.NoSourceOnlyCheck,
                     checks.LintianCheck,
@@ -884,6 +885,7 @@ class ArchiveUpload(object):
                 chk().check(self)
 
             for chk in (
+                    checks.ACLCheck,
                     checks.SourceFormatCheck,
                     checks.SuiteArchitectureCheck,
                     checks.VersionCheck,
@@ -948,7 +950,7 @@ class ArchiveUpload(object):
         if suite.copychanges:
             src = os.path.join(self.directory, self.changes.filename)
             dst = os.path.join(suite.archive.path, 'dists', suite.suite_name, self.changes.filename)
-            self.transaction.fs.copy(src, dst)
+            self.transaction.fs.copy(src, dst, mode=suite.archive.mode)
 
         return (db_source, db_binaries)
 
@@ -996,7 +998,7 @@ class ArchiveUpload(object):
         self.transaction.session.flush()
 
         dst = os.path.join(policy_queue.path, self.changes.filename)
-        self.transaction.fs.copy(self.changes.path, dst)
+        self.transaction.fs.copy(self.changes.path, dst, mode=policy_queue.change_perms)
 
         return u
 
@@ -1073,7 +1075,7 @@ class ArchiveUpload(object):
 
         src = os.path.join(self.directory, hashed_file.filename)
         dst = os.path.join(policy_queue.path, hashed_file.filename)
-        fs.copy(src, dst)
+        fs.copy(src, dst, mode=policy_queue.change_perms)
 
         return byhand_file
 
@@ -1103,7 +1105,7 @@ class ArchiveUpload(object):
         for binary in self.changes.binaries:
             control = binary.control
             source_package, source_version = binary.source
-            line = " ".join([control['Package'], control['Version'], source_package, source_version])
+            line = " ".join([control['Package'], control['Version'], control['Architecture'], source_package, source_version])
             print >>debinfo, line
         debinfo.close()
 
@@ -1173,16 +1175,22 @@ class ArchiveUpload(object):
         binaries = self.changes.binaries
         byhand = self.changes.byhand_files
 
-        new_queue = self.transaction.session.query(PolicyQueue).filter_by(queue_name='new').one()
-        if len(byhand) > 0:
-            new_queue = self.transaction.session.query(PolicyQueue).filter_by(queue_name='byhand').one()
-        new_suite = new_queue.suite
-
         # we need a suite to guess components
         suites = list(self.final_suites)
         assert len(suites) == 1, "NEW uploads must be to a single suite"
         suite = suites[0]
 
+        # decide which NEW queue to use
+        if suite.new_queue is None:
+            new_queue = self.transaction.session.query(PolicyQueue).filter_by(queue_name='new').one()
+        else:
+            new_queue = suite.new_queue
+        if len(byhand) > 0:
+            # There is only one global BYHAND queue
+            new_queue = self.transaction.session.query(PolicyQueue).filter_by(queue_name='byhand').one()
+        new_suite = new_queue.suite
+
+
         def binary_component_func(binary):
             return self._binary_component(suite, binary, only_overrides=False)