X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fdakdb%2Fupdate16.py;fp=dak%2Fdakdb%2Fupdate16.py;h=0000000000000000000000000000000000000000;hb=e6c38ef348d128d72673c3fc5ff9ac9be63493d1;hp=6cd6dc4b1b7af19566cc26901e77588f6402a288;hpb=595c6c300a32bdc231f78725ba0c093c5f4c9c6b;p=dak.git diff --git a/dak/dakdb/update16.py b/dak/dakdb/update16.py deleted file mode 100644 index 6cd6dc4b..00000000 --- a/dak/dakdb/update16.py +++ /dev/null @@ -1,178 +0,0 @@ -#!/usr/bin/env python -# coding=utf8 - -""" -Adding tables for key-based ACLs and blocks - -@contact: Debian FTP Master -@copyright: 2009 Mark Hymers -@license: GNU General Public License version 2 or later -""" - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -################################################################################ - - -################################################################################ - -import psycopg2 -import time -from daklib.dak_exceptions import DBUpdateError - -################################################################################ - -def do_update(self): - print "Adding tables for handling key-based ACLs and upload blocks" - - try: - c = self.db.cursor() - - # Fix up some older table permissions - c.execute("GRANT SELECT ON src_format TO public") - c.execute("GRANT ALL ON src_format TO ftpmaster") - c.execute("GRANT USAGE ON src_format_id_seq TO ftpmaster") - - c.execute("GRANT SELECT ON suite_src_formats TO public") - c.execute("GRANT ALL ON suite_src_formats TO ftpmaster") - - # Source ACLs table - print "Source ACLs table" - c.execute(""" - CREATE TABLE source_acl ( - id SERIAL PRIMARY KEY, - access_level TEXT UNIQUE NOT NULL - ) - """) - - ## Can upload all packages - c.execute("INSERT INTO source_acl (access_level) VALUES ('full')") - ## Can upload only packages marked as DM upload allowed - c.execute("INSERT INTO source_acl (access_level) VALUES ('dm')") - - c.execute("GRANT SELECT ON source_acl TO public") - c.execute("GRANT ALL ON source_acl TO ftpmaster") - c.execute("GRANT USAGE ON source_acl_id_seq TO ftpmaster") - - # Binary ACLs table - print "Binary ACLs table" - c.execute(""" - CREATE TABLE binary_acl ( - id SERIAL PRIMARY KEY, - access_level TEXT UNIQUE NOT NULL - ) - """) - - ## Can upload any architectures of binary packages - c.execute("INSERT INTO binary_acl (access_level) VALUES ('full')") - ## Can upload debs where architectures are based on the map table binary_acl_map - c.execute("INSERT INTO binary_acl (access_level) VALUES ('map')") - - c.execute("GRANT SELECT ON binary_acl TO public") - c.execute("GRANT ALL ON binary_acl TO ftpmaster") - c.execute("GRANT USAGE ON binary_acl_id_seq TO ftpmaster") - - # This is only used if binary_acl is 2 for the fingerprint concerned - c.execute(""" - CREATE TABLE binary_acl_map ( - id SERIAL PRIMARY KEY, - fingerprint_id INT4 REFERENCES fingerprint (id) NOT NULL, - architecture_id INT4 REFERENCES architecture (id) NOT NULL, - - UNIQUE (fingerprint_id, architecture_id) - )""") - - c.execute("GRANT SELECT ON binary_acl_map TO public") - c.execute("GRANT ALL ON binary_acl_map TO ftpmaster") - c.execute("GRANT USAGE ON binary_acl_map_id_seq TO ftpmaster") - - ## NULL means no source upload access (i.e. any upload containing source - ## will be rejected) - c.execute("ALTER TABLE fingerprint ADD COLUMN source_acl_id INT4 REFERENCES source_acl(id) DEFAULT NULL") - - ## NULL means no binary upload access - c.execute("ALTER TABLE fingerprint ADD COLUMN binary_acl_id INT4 REFERENCES binary_acl(id) DEFAULT NULL") - - ## TRUE here means that if the person doesn't have binary upload permissions for - ## an architecture, we'll reject the .changes. FALSE means that we'll simply - ## dispose of those particular binaries - c.execute("ALTER TABLE fingerprint ADD COLUMN binary_reject BOOLEAN NOT NULL DEFAULT TRUE") - - # Blockage table (replaces the hard coded stuff we used to have in extensions) - print "Adding blockage table" - c.execute(""" - CREATE TABLE upload_blocks ( - id SERIAL PRIMARY KEY, - source TEXT NOT NULL, - version TEXT DEFAULT NULL, - fingerprint_id INT4 REFERENCES fingerprint (id), - uid_id INT4 REFERENCES uid (id), - reason TEXT NOT NULL, - - CHECK (fingerprint_id IS NOT NULL OR uid_id IS NOT NULL) - )""") - - c.execute("GRANT SELECT ON upload_blocks TO public") - c.execute("GRANT ALL ON upload_blocks TO ftpmaster") - c.execute("GRANT USAGE ON upload_blocks_id_seq TO ftpmaster") - - c.execute("ALTER TABLE keyrings ADD COLUMN default_source_acl_id INT4 REFERENCES source_acl (id) DEFAULT NULL") - c.execute("ALTER TABLE keyrings ADD COLUMN default_binary_acl_id INT4 REFERENCES binary_acl (id) DEFAULT NULL") - c.execute("ALTER TABLE keyrings ADD COLUMN default_binary_reject BOOLEAN NOT NULL DEFAULT TRUE") - # Set up keyring priorities - c.execute("ALTER TABLE keyrings ADD COLUMN priority INT4 NOT NULL DEFAULT 100") - # And then we don't need the DM stuff any more - c.execute("ALTER TABLE keyrings DROP COLUMN debian_maintainer") - - # Default ACLs for keyrings - c.execute(""" - CREATE TABLE keyring_acl_map ( - id SERIAL PRIMARY KEY, - keyring_id INT4 REFERENCES keyrings (id) NOT NULL, - architecture_id INT4 REFERENCES architecture (id) NOT NULL, - - UNIQUE (keyring_id, architecture_id) - )""") - - c.execute("GRANT SELECT ON keyring_acl_map TO public") - c.execute("GRANT ALL ON keyring_acl_map TO ftpmaster") - c.execute("GRANT USAGE ON keyring_acl_map_id_seq TO ftpmaster") - - # Set up some default stuff; default to old behaviour - print "Setting up some defaults" - - c.execute("""UPDATE keyrings SET default_source_acl_id = (SELECT id FROM source_acl WHERE access_level = 'full'), - default_binary_acl_id = (SELECT id FROM binary_acl WHERE access_level = 'full')""") - - c.execute("""UPDATE keyrings SET default_source_acl_id = (SELECT id FROM source_acl WHERE access_level = 'dm'), - default_binary_acl_id = (SELECT id FROM binary_acl WHERE access_level = 'full') - WHERE name = 'debian-maintainers.gpg'""") - - c.execute("""UPDATE keyrings SET priority = 90 WHERE name = 'debian-maintainers.gpg'""") - - # Initialize the existing keys - c.execute("""UPDATE fingerprint SET binary_acl_id = (SELECT default_binary_acl_id FROM keyrings - WHERE keyrings.id = fingerprint.keyring)""") - - c.execute("""UPDATE fingerprint SET source_acl_id = (SELECT default_source_acl_id FROM keyrings - WHERE keyrings.id = fingerprint.keyring)""") - - print "Updating config version" - c.execute("UPDATE config SET value = '16' WHERE name = 'db_revision'") - self.db.commit() - - except psycopg2.ProgrammingError as msg: - self.db.rollback() - raise DBUpdateError("Unable to apply ACLs update (16), rollback issued. Error message : %s" % (str(msg)))