"""Check the uploader is allowed to upload the packages in .changes"""
def _does_hijack(self, session, upload, suite):
+ # Try to catch hijacks.
+ # This doesn't work correctly. Uploads to experimental can still
+ # "hijack" binaries from unstable. Also one can hijack packages
+ # via buildds (but people who try this should not be DMs).
for binary_name in upload.changes.binary_names:
binaries = session.query(DBBinary).join(DBBinary.source) \
.filter(DBBinary.suites.contains(suite)) \
uploaded_arches = set(upload.changes.architectures)
uploaded_arches.discard('source')
allowed_arches = set(a.arch_string for a in acl.architectures)
- for a in uploaded_arches:
- if a not in allowed_arches:
- return False, "uploads for architecture {0} are not allowed".format(a)
+ forbidden_arches = uploaded_arches - allowed_arches
+ if len(forbidden_arches) != 0:
+ return False, "uploads for architecture(s) {0} are not allowed".format(", ".join(forbidden_arches))
if not acl.allow_hijack:
for suite in upload.final_suites:
does_hijack, hijacked_binary, hijacked_from = self._does_hijack(session, upload, suite)