X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;ds=sidebyside;f=daklib%2Fchecks.py;h=5be0d966da863d129535a2a5c87aa7f9ecbb1fbc;hb=78eb71445e77d668a2c71dceee0437a8574ae122;hp=81bd629e481e171991d1ddf0da8d3b4dce282c12;hpb=707a89a3b86961755a99cb9e1a0a5f23690f9529;p=dak.git

diff --git a/daklib/checks.py b/daklib/checks.py
index 81bd629e..5be0d966 100644
--- a/daklib/checks.py
+++ b/daklib/checks.py
@@ -354,6 +354,10 @@ class ACLCheck(Check):
     """Check the uploader is allowed to upload the packages in .changes"""
 
     def _does_hijack(self, session, upload, suite):
+        # Try to catch hijacks.
+        # This doesn't work correctly. Uploads to experimental can still
+        # "hijack" binaries from unstable. Also one can hijack packages
+        # via buildds (but people who try this should not be DMs).
         for binary_name in upload.changes.binary_names:
             binaries = session.query(DBBinary).join(DBBinary.source) \
                 .filter(DBBinary.suites.contains(suite)) \
@@ -389,9 +393,9 @@ class ACLCheck(Check):
                 uploaded_arches = set(upload.changes.architectures)
                 uploaded_arches.discard('source')
                 allowed_arches = set(a.arch_string for a in acl.architectures)
-                for a in uploaded_arches:
-                    if a not in allowed_arches:
-                        return False, "uploads for architecture {0} are not allowed".format(a)
+                forbidden_arches = uploaded_arches - allowed_arches
+                if len(forbidden_arches) != 0:
+                    return False, "uploads for architecture(s) {0} are not allowed".format(", ".join(forbidden_arches))
         if not acl.allow_hijack:
             for suite in upload.final_suites:
                 does_hijack, hijacked_binary, hijacked_from = self._does_hijack(session, upload, suite)