X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fdakdb%2Fupdate16.py;h=eca9b48ea03c460def0f192d05ae6d4589b7cef6;hb=7f4d35fbb32109cc31edc50b054035e133e4bb52;hp=c52ceee3e261acb65894fc6a8f2466a56856c6d6;hpb=ba03c9a5fdcf98f01fe35c8c0916b9c1d02cae59;p=dak.git

diff --git a/dak/dakdb/update16.py b/dak/dakdb/update16.py
index c52ceee3..eca9b48e 100755
--- a/dak/dakdb/update16.py
+++ b/dak/dakdb/update16.py
@@ -58,9 +58,9 @@ def do_update(self):
         """)
 
         ## Can upload all packages
-        c.execute("INSERT INTO source_acl (id, access_level) VALUES (1, 'full')")
+        c.execute("INSERT INTO source_acl (access_level) VALUES ('full')")
         ## Can upload only packages marked as DM upload allowed
-        c.execute("INSERT INTO source_acl (id, access_level) VALUES (2, 'dm')")
+        c.execute("INSERT INTO source_acl (access_level) VALUES ('dm')")
 
         c.execute("GRANT SELECT ON source_acl TO public")
         c.execute("GRANT ALL ON source_acl TO ftpmaster")
@@ -76,9 +76,9 @@ def do_update(self):
         """)
 
         ## Can upload any architectures of binary packages
-        c.execute("INSERT INTO binary_acl (id, access_level) VALUES (1, 'full')")
+        c.execute("INSERT INTO binary_acl (access_level) VALUES ('full')")
         ## Can upload debs where architectures are based on the map table binary_acl_map
-        c.execute("INSERT INTO binary_acl (id, access_level) VALUES (2, 'map')")
+        c.execute("INSERT INTO binary_acl (access_level) VALUES ('map')")
 
         c.execute("GRANT SELECT ON binary_acl TO public")
         c.execute("GRANT ALL ON binary_acl TO ftpmaster")
@@ -105,6 +105,11 @@ def do_update(self):
         ## NULL means no binary upload access
         c.execute("ALTER TABLE fingerprint ADD COLUMN binary_acl_id INT4 REFERENCES binary_acl(id) DEFAULT NULL")
 
+        ## TRUE here means that if the person doesn't have binary upload permissions for
+        ## an architecture, we'll reject the .changes.  FALSE means that we'll simply
+        ## dispose of those particular binaries
+        c.execute("ALTER TABLE fingerprint ADD COLUMN binary_reject BOOLEAN NOT NULL DEFAULT TRUE")
+
         # Blockage table (replaces the hard coded stuff we used to have in extensions)
         print "Adding blockage table"
         c.execute("""
@@ -123,6 +128,47 @@ def do_update(self):
         c.execute("GRANT ALL ON upload_blocks TO ftpmaster")
         c.execute("GRANT USAGE ON upload_blocks_id_seq TO ftpmaster")
 
+        c.execute("ALTER TABLE keyrings ADD COLUMN default_source_acl_id INT4 REFERENCES source_acl (id) DEFAULT NULL")
+        c.execute("ALTER TABLE keyrings ADD COLUMN default_binary_acl_id INT4 REFERENCES binary_acl (id) DEFAULT NULL")
+        c.execute("ALTER TABLE keyrings ADD COLUMN default_binary_reject BOOLEAN NOT NULL DEFAULT TRUE")
+        # Set up keyring priorities
+        c.execute("ALTER TABLE keyrings ADD COLUMN priority INT4 NOT NULL DEFAULT 100")
+        # And then we don't need the DM stuff any more
+        c.execute("ALTER TABLE keyrings DROP COLUMN debian_maintainer")
+
+        # Default ACLs for keyrings
+        c.execute("""
+        CREATE TABLE keyring_acl_map (
+              id SERIAL PRIMARY KEY,
+              keyring_id      INT4 REFERENCES keyrings (id) NOT NULL,
+              architecture_id INT4 REFERENCES architecture (id) NOT NULL,
+
+              UNIQUE (keyring_id, architecture_id)
+        )""")
+
+        c.execute("GRANT SELECT ON keyring_acl_map TO public")
+        c.execute("GRANT ALL ON keyring_acl_map TO ftpmaster")
+        c.execute("GRANT USAGE ON keyring_acl_map_id_seq TO ftpmaster")
+
+        # Set up some default stuff; default to old behaviour
+        print "Setting up some defaults"
+
+        c.execute("""UPDATE keyrings SET default_source_acl_id = (SELECT id FROM source_acl WHERE access_level = 'full'),
+                                         default_binary_acl_id = (SELECT id FROM binary_acl WHERE access_level = 'full')""")
+
+        c.execute("""UPDATE keyrings SET default_source_acl_id = (SELECT id FROM source_acl WHERE access_level = 'dm'),
+                                         default_binary_acl_id = (SELECT id FROM binary_acl WHERE access_level = 'full')
+                                     WHERE name = 'debian-maintainers.gpg'""")
+
+        c.execute("""UPDATE keyrings SET priority = 90 WHERE name = 'debian-maintainers.gpg'""")
+
+        # Initialize the existing keys
+        c.execute("""UPDATE fingerprint SET binary_acl_id = (SELECT default_binary_acl_id FROM keyrings
+                                                              WHERE keyrings.id = fingerprint.keyring)""")
+
+        c.execute("""UPDATE fingerprint SET source_acl_id = (SELECT default_source_acl_id FROM keyrings
+                                                              WHERE keyrings.id = fingerprint.keyring)""")
+
         print "Updating config version"
         c.execute("UPDATE config SET value = '16' WHERE name = 'db_revision'")
         self.db.commit()