X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fdakdb%2Fupdate16.py;h=6cd6dc4b1b7af19566cc26901e77588f6402a288;hb=e2c4fd7f21c3b33cd7192bded5d6373e0ee90374;hp=7c94568274d0979f36c2be28e405e9e939c4e2f7;hpb=db5f28a6fd09d4b395e6fbb9fd9de899d1829680;p=dak.git

diff --git a/dak/dakdb/update16.py b/dak/dakdb/update16.py
index 7c945682..6cd6dc4b 100755
--- a/dak/dakdb/update16.py
+++ b/dak/dakdb/update16.py
@@ -58,9 +58,9 @@ def do_update(self):
         """)
 
         ## Can upload all packages
-        c.execute("INSERT INTO source_acl (id, access_level) VALUES (1, 'full')")
+        c.execute("INSERT INTO source_acl (access_level) VALUES ('full')")
         ## Can upload only packages marked as DM upload allowed
-        c.execute("INSERT INTO source_acl (id, access_level) VALUES (2, 'dm')")
+        c.execute("INSERT INTO source_acl (access_level) VALUES ('dm')")
 
         c.execute("GRANT SELECT ON source_acl TO public")
         c.execute("GRANT ALL ON source_acl TO ftpmaster")
@@ -76,9 +76,9 @@ def do_update(self):
         """)
 
         ## Can upload any architectures of binary packages
-        c.execute("INSERT INTO binary_acl (id, access_level) VALUES (1, 'full')")
+        c.execute("INSERT INTO binary_acl (access_level) VALUES ('full')")
         ## Can upload debs where architectures are based on the map table binary_acl_map
-        c.execute("INSERT INTO binary_acl (id, access_level) VALUES (2, 'map')")
+        c.execute("INSERT INTO binary_acl (access_level) VALUES ('map')")
 
         c.execute("GRANT SELECT ON binary_acl TO public")
         c.execute("GRANT ALL ON binary_acl TO ftpmaster")
@@ -100,10 +100,15 @@ def do_update(self):
 
         ## NULL means no source upload access (i.e. any upload containing source
         ## will be rejected)
-        c.execute("ALTER TABLE fingerprint ADD COLUMN source_acl INT4 REFERENCES source_acl(id) DEFAULT NULL")
+        c.execute("ALTER TABLE fingerprint ADD COLUMN source_acl_id INT4 REFERENCES source_acl(id) DEFAULT NULL")
 
         ## NULL means no binary upload access
-        c.execute("ALTER TABLE fingerprint ADD COLUMN binary_acl INT4 REFERENCES binary_acl(id) DEFAULT NULL")
+        c.execute("ALTER TABLE fingerprint ADD COLUMN binary_acl_id INT4 REFERENCES binary_acl(id) DEFAULT NULL")
+
+        ## TRUE here means that if the person doesn't have binary upload permissions for
+        ## an architecture, we'll reject the .changes.  FALSE means that we'll simply
+        ## dispose of those particular binaries
+        c.execute("ALTER TABLE fingerprint ADD COLUMN binary_reject BOOLEAN NOT NULL DEFAULT TRUE")
 
         # Blockage table (replaces the hard coded stuff we used to have in extensions)
         print "Adding blockage table"
@@ -123,10 +128,51 @@ def do_update(self):
         c.execute("GRANT ALL ON upload_blocks TO ftpmaster")
         c.execute("GRANT USAGE ON upload_blocks_id_seq TO ftpmaster")
 
+        c.execute("ALTER TABLE keyrings ADD COLUMN default_source_acl_id INT4 REFERENCES source_acl (id) DEFAULT NULL")
+        c.execute("ALTER TABLE keyrings ADD COLUMN default_binary_acl_id INT4 REFERENCES binary_acl (id) DEFAULT NULL")
+        c.execute("ALTER TABLE keyrings ADD COLUMN default_binary_reject BOOLEAN NOT NULL DEFAULT TRUE")
+        # Set up keyring priorities
+        c.execute("ALTER TABLE keyrings ADD COLUMN priority INT4 NOT NULL DEFAULT 100")
+        # And then we don't need the DM stuff any more
+        c.execute("ALTER TABLE keyrings DROP COLUMN debian_maintainer")
+
+        # Default ACLs for keyrings
+        c.execute("""
+        CREATE TABLE keyring_acl_map (
+              id SERIAL PRIMARY KEY,
+              keyring_id      INT4 REFERENCES keyrings (id) NOT NULL,
+              architecture_id INT4 REFERENCES architecture (id) NOT NULL,
+
+              UNIQUE (keyring_id, architecture_id)
+        )""")
+
+        c.execute("GRANT SELECT ON keyring_acl_map TO public")
+        c.execute("GRANT ALL ON keyring_acl_map TO ftpmaster")
+        c.execute("GRANT USAGE ON keyring_acl_map_id_seq TO ftpmaster")
+
+        # Set up some default stuff; default to old behaviour
+        print "Setting up some defaults"
+
+        c.execute("""UPDATE keyrings SET default_source_acl_id = (SELECT id FROM source_acl WHERE access_level = 'full'),
+                                         default_binary_acl_id = (SELECT id FROM binary_acl WHERE access_level = 'full')""")
+
+        c.execute("""UPDATE keyrings SET default_source_acl_id = (SELECT id FROM source_acl WHERE access_level = 'dm'),
+                                         default_binary_acl_id = (SELECT id FROM binary_acl WHERE access_level = 'full')
+                                     WHERE name = 'debian-maintainers.gpg'""")
+
+        c.execute("""UPDATE keyrings SET priority = 90 WHERE name = 'debian-maintainers.gpg'""")
+
+        # Initialize the existing keys
+        c.execute("""UPDATE fingerprint SET binary_acl_id = (SELECT default_binary_acl_id FROM keyrings
+                                                              WHERE keyrings.id = fingerprint.keyring)""")
+
+        c.execute("""UPDATE fingerprint SET source_acl_id = (SELECT default_source_acl_id FROM keyrings
+                                                              WHERE keyrings.id = fingerprint.keyring)""")
+
         print "Updating config version"
         c.execute("UPDATE config SET value = '16' WHERE name = 'db_revision'")
         self.db.commit()
 
-    except psycopg2.ProgrammingError, msg:
+    except psycopg2.ProgrammingError as msg:
         self.db.rollback()
-        raise DBUpdateError, "Unable to apply ACLs update (16), rollback issued. Error message : %s" % (str(msg))
+        raise DBUpdateError("Unable to apply ACLs update (16), rollback issued. Error message : %s" % (str(msg)))