X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=07e4592b54aa26c1eaeab774ee242d72ed5d0cf2;hb=fdf3c42445b4f11f4cd71634dd2b57cb7d7a4f36;hp=737472af1c0d646d76b49cecaa4521f1c3ff3b1a;hpb=8342108f94ab7607b1ca0dcc0e2ee14cdc44b0e3;p=dak.git diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index 737472af..07e4592b 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Checks Debian packages from Incoming +""" Checks Debian packages from Incoming """ # Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006 James Troup # This program is free software; you can redistribute it and/or modify @@ -28,24 +28,35 @@ ################################################################################ -import commands, errno, fcntl, os, re, shutil, stat, sys, time, tempfile, traceback +import commands +import errno +import fcntl +import os +import re +import shutil +import stat +import sys +import time +import tempfile +import traceback +import tarfile import apt_inst, apt_pkg -from daklib import database +from debian_bundle import deb822 +from daklib.dbconn import DBConn +from daklib.binary import Binary from daklib import logging from daklib import queue from daklib import utils from daklib.dak_exceptions import * +from daklib.regexes import re_valid_version, re_valid_pkg_name, re_changelog_versions, \ + re_strip_revision, re_strip_srcver, re_spacestrip, \ + re_isanum, re_no_epoch, re_no_revision, re_taint_free, \ + re_isadeb, re_extract_src_version, re_issource, re_default_answer from types import * ################################################################################ -re_valid_version = re.compile(r"^([0-9]+:)?[0-9A-Za-z\.\-\+:~]+$") -re_valid_pkg_name = re.compile(r"^[\dA-Za-z][\dA-Za-z\+\-\.]+$") -re_changelog_versions = re.compile(r"^\w[-+0-9a-z.]+ \([^\(\) \t]+\)") -re_strip_revision = re.compile(r"-([^-]+)$") -re_strip_srcver = re.compile(r"\s+\(\S+\)$") -re_spacestrip = re.compile('(\s)') ################################################################################ @@ -123,6 +134,16 @@ def reject (str, prefix="Rejected: "): ################################################################################ +def create_tmpdir(): + """ + Create a temporary directory that can be used for unpacking files into for + checking + """ + tmpdir = tempfile.mkdtemp() + return tmpdir + +################################################################################ + def copy_to_holding(filename): global in_holding @@ -246,13 +267,13 @@ def check_changes(): # Ensure all the values in Closes: are numbers if changes.has_key("closes"): for i in changes["closes"].keys(): - if queue.re_isanum.match (i) == None: + if re_isanum.match (i) == None: reject("%s: `%s' from Closes field isn't a number." % (filename, i)) # chopversion = no epoch; chopversion2 = no epoch and no revision (e.g. for .orig.tar.gz comparison) - changes["chopversion"] = utils.re_no_epoch.sub('', changes["version"]) - changes["chopversion2"] = utils.re_no_revision.sub('', changes["chopversion"]) + changes["chopversion"] = re_no_epoch.sub('', changes["version"]) + changes["chopversion2"] = re_no_revision.sub('', changes["chopversion"]) # Check there isn't already a changes file of the same name in one # of the queue directories. @@ -291,7 +312,7 @@ def check_distributions(): (source, dest) = args[1:3] if changes["distribution"].has_key(source): for arch in changes["architecture"].keys(): - if arch not in Cnf.ValueList("Suite::%s::Architectures" % (source)): + if arch not in database.get_suite_architectures(source): reject("Mapping %s to %s for unreleased architecture %s." % (source, dest, arch),"") del changes["distribution"][source] changes["distribution"][dest] = 1 @@ -324,31 +345,6 @@ def check_distributions(): ################################################################################ -def check_deb_ar(filename): - """Sanity check the ar of a .deb, i.e. that there is: - - o debian-binary - o control.tar.gz - o data.tar.gz or data.tar.bz2 - -in that order, and nothing else.""" - cmd = "ar t %s" % (filename) - (result, output) = commands.getstatusoutput(cmd) - if result != 0: - reject("%s: 'ar t' invocation failed." % (filename)) - reject(utils.prefix_multi_line_string(output, " [ar output:] "), "") - chunks = output.split('\n') - if len(chunks) != 3: - reject("%s: found %d chunks, expected 3." % (filename, len(chunks))) - if chunks[0] != "debian-binary": - reject("%s: first chunk is '%s', expected 'debian-binary'." % (filename, chunks[0])) - if chunks[1] != "control.tar.gz": - reject("%s: second chunk is '%s', expected 'control.tar.gz'." % (filename, chunks[1])) - if chunks[2] not in [ "data.tar.bz2", "data.tar.gz" ]: - reject("%s: third chunk is '%s', expected 'data.tar.gz' or 'data.tar.bz2'." % (filename, chunks[2])) - -################################################################################ - def check_files(): global reprocess @@ -387,13 +383,26 @@ def check_files(): has_binaries = 0 has_source = 0 + cursor = DBConn().cursor() + # Check for packages that have moved from one component to another + # STU: this should probably be changed to not join on architecture, suite tables but instead to used their cached name->id mappings from DBConn + cursor.execute("""PREPARE moved_pkg_q AS + SELECT c.name FROM binaries b, bin_associations ba, suite s, location l, + component c, architecture a, files f + WHERE b.package = $1 AND s.suite_name = $2 + AND (a.arch_string = $3 OR a.arch_string = 'all') + AND ba.bin = b.id AND ba.suite = s.id AND b.architecture = a.id + AND f.location = l.id + AND l.component = c.id + AND b.file = f.id""") + for f in file_keys: # Ensure the file does not already exist in one of the accepted directories for d in [ "Accepted", "Byhand", "New", "ProposedUpdates", "OldProposedUpdates", "Embargoed", "Unembargoed" ]: if not Cnf.has_key("Dir::Queue::%s" % (d)): continue if os.path.exists(Cnf["Dir::Queue::%s" % (d) ] + '/' + f): reject("%s file already exists in the %s directory." % (f, d)) - if not utils.re_taint_free.match(f): + if not re_taint_free.match(f): reject("!!WARNING!! tainted filename: '%s'." % (f)) # Check the file is readable if os.access(f, os.R_OK) == 0: @@ -411,7 +420,7 @@ def check_files(): files[f]["byhand"] = 1 files[f]["type"] = "byhand" # Checks for a binary package... - elif utils.re_isadeb.match(f): + elif re_isadeb.match(f): has_binaries = 1 files[f]["type"] = "deb" @@ -451,7 +460,7 @@ def check_files(): default_suite = Cnf.get("Dinstall::DefaultSuite", "Unstable") architecture = control.Find("Architecture") upload_suite = changes["distribution"].keys()[0] - if architecture not in Cnf.ValueList("Suite::%s::Architectures" % (default_suite)) and architecture not in Cnf.ValueList("Suite::%s::Architectures" % (upload_suite)): + if architecture not in database.get_suite_architectures(default_suite) and architecture not in database.get_suite_architectures(upload_suite): reject("Unknown architecture '%s'." % (architecture)) # Ensure the architecture of the .deb is one of the ones @@ -497,7 +506,7 @@ def check_files(): source = files[f]["source"] source_version = "" if source.find("(") != -1: - m = utils.re_extract_src_version.match(source) + m = re_extract_src_version.match(source) source = m.group(1) source_version = m.group(2) if not source_version: @@ -506,12 +515,12 @@ def check_files(): files[f]["source version"] = source_version # Ensure the filename matches the contents of the .deb - m = utils.re_isadeb.match(f) + m = re_isadeb.match(f) # package name file_package = m.group(1) if files[f]["package"] != file_package: reject("%s: package part of filename (%s) does not match package name in the %s (%s)." % (f, file_package, files[f]["dbtype"], files[f]["package"])) - epochless_version = utils.re_no_epoch.sub('', control.Find("Version")) + epochless_version = re_no_epoch.sub('', control.Find("Version")) # version file_version = m.group(2) if epochless_version != file_version: @@ -531,7 +540,7 @@ def check_files(): # Check in the SQL database if not Upload.source_exists(source_package, source_version, changes["distribution"].keys()): # Check in one of the other directories - source_epochless_version = utils.re_no_epoch.sub('', source_version) + source_epochless_version = re_no_epoch.sub('', source_version) dsc_filename = "%s_%s.dsc" % (source_package, source_epochless_version) if os.path.exists(Cnf["Dir::Queue::Byhand"] + '/' + dsc_filename): files[f]["byhand"] = 1 @@ -549,11 +558,11 @@ def check_files(): # Check the version and for file overwrites reject(Upload.check_binary_against_db(f),"") - check_deb_ar(f) + Binary(f).scan_package() # Checks for a source package... else: - m = utils.re_issource.match(f) + m = re_issource.match(f) if m: has_source = 1 files[f]["package"] = m.group(1) @@ -609,7 +618,7 @@ def check_files(): # Validate the component component = files[f]["component"] - component_id = database.get_component_id(component) + component_id = DBConn().get_component_id(component) if component_id == -1: reject("file '%s' has unknown component '%s'." % (f, component)) continue @@ -624,14 +633,14 @@ def check_files(): # Determine the location location = Cnf["Dir::Pool"] - location_id = database.get_location_id (location, component, archive) + location_id = DBConn().get_location_id(location, component, archive) if location_id == -1: reject("[INTERNAL ERROR] couldn't determine location (Component: %s, Archive: %s)" % (component, archive)) files[f]["location id"] = location_id # Check the md5sum & size against existing files (if any) files[f]["pool name"] = utils.poolify (changes["source"], files[f]["component"]) - files_id = database.get_files_id(files[f]["pool name"] + f, files[f]["size"], files[f]["md5sum"], files[f]["location id"]) + files_id = DBConn().get_files_id(files[f]["pool name"] + f, files[f]["size"], files[f]["md5sum"], files[f]["location id"]) if files_id == -1: reject("INTERNAL ERROR, get_files_id() returned multiple matches for %s." % (f)) elif files_id == -2: @@ -639,16 +648,9 @@ def check_files(): files[f]["files id"] = files_id # Check for packages that have moved from one component to another - q = Upload.projectB.query(""" -SELECT c.name FROM binaries b, bin_associations ba, suite s, location l, - component c, architecture a, files f - WHERE b.package = '%s' AND s.suite_name = '%s' - AND (a.arch_string = '%s' OR a.arch_string = 'all') - AND ba.bin = b.id AND ba.suite = s.id AND b.architecture = a.id - AND f.location = l.id AND l.component = c.id AND b.file = f.id""" - % (files[f]["package"], suite, - files[f]["architecture"])) - ql = q.getresult() + files[f]['suite'] = suite + cursor.execute("""EXECUTE moved_pkg_q( %(package)s, %(suite)s, %(architecture)s )""", ( files[f] ) ) + ql = cursor.fetchone() if ql: files[f]["othercomponents"] = ql[0][0] @@ -748,7 +750,7 @@ def check_dsc(): pass # Ensure the version number in the .dsc matches the version number in the .changes - epochless_dsc_version = utils.re_no_epoch.sub('', dsc["version"]) + epochless_dsc_version = re_no_epoch.sub('', dsc["version"]) changes_version = files[dsc_filename]["version"] if epochless_dsc_version != files[dsc_filename]["version"]: reject("version ('%s') in .dsc does not match version ('%s') in .changes." % (epochless_dsc_version, changes_version)) @@ -756,7 +758,7 @@ def check_dsc(): # Ensure there is a .tar.gz in the .dsc file has_tar = 0 for f in dsc_files.keys(): - m = utils.re_issource.match(f) + m = re_issource.match(f) if not m: reject("%s: %s in Files field not recognised as source." % (dsc_filename, f)) continue @@ -806,7 +808,7 @@ def get_changelog_versions(source_dir): # Create a symlink mirror of the source files in our temporary directory for f in files.keys(): - m = utils.re_issource.match(f) + m = re_issource.match(f) if m: src = os.path.join(source_dir, f) # If a file is missing for whatever reason, give up. @@ -836,7 +838,7 @@ def get_changelog_versions(source_dir): return # Get the upstream version - upstr_version = utils.re_no_epoch.sub('', dsc["version"]) + upstr_version = re_no_epoch.sub('', dsc["version"]) if re_strip_revision.search(upstr_version): upstr_version = re_strip_revision.sub('', upstr_version) @@ -870,13 +872,7 @@ def check_source(): or pkg.orig_tar_gz == -1: return - # Create a temporary directory to extract the source into - if Options["No-Action"]: - tmpdir = tempfile.mkdtemp() - else: - # We're in queue/holding and can create a random directory. - tmpdir = "%s" % (os.getpid()) - os.mkdir(tmpdir) + tmpdir = create_tmpdir() # Move into the temporary directory cwd = os.getcwd() @@ -997,12 +993,21 @@ def check_timestamps(): ################################################################################ def lookup_uid_from_fingerprint(fpr): - q = Upload.projectB.query("SELECT u.uid, u.name, k.debian_maintainer FROM fingerprint f JOIN keyrings k ON (f.keyring=k.id), uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr)) - qs = q.getresult() - if len(qs) == 0: - return (None, None, None) + """ + Return the uid,name,isdm for a given gpg fingerprint + + @ptype fpr: string + @param fpr: a 40 byte GPG fingerprint + + @return (uid, name, isdm) + """ + cursor = DBConn().cursor() + cursor.execute( "SELECT u.uid, u.name, k.debian_maintainer FROM fingerprint f JOIN keyrings k ON (f.keyring=k.id), uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr)) + qs = cursor.fetchone() + if qs: + return qs else: - return qs[0] + return (None, None, None) def check_signed_by_key(): """Ensure the .changes is signed by an authorized uploader.""" @@ -1043,12 +1048,16 @@ def check_signed_by_key(): if not sponsored and not may_nmu: source_ids = [] - q = Upload.projectB.query("SELECT s.id, s.version FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.dm_upload_allowed = 'yes'" % (changes["source"])) + cursor.execute( "SELECT s.id, s.version FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = %(source)s AND s.dm_upload_allowed = 'yes'", changes ) highest_sid, highest_version = None, None should_reject = True - for si in q.getresult(): + while True: + si = cursor.fetchone() + if not si: + break + if highest_version == None or apt_pkg.VersionCompare(si[1], highest_version) == 1: highest_sid = si[0] highest_version = si[1] @@ -1056,8 +1065,14 @@ def check_signed_by_key(): if highest_sid == None: reject("Source package %s does not have 'DM-Upload-Allowed: yes' in its most recent version" % changes["source"]) else: - q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT su.maintainer FROM src_uploaders su JOIN source s ON (s.id = su.source) WHERE su.source = %s)" % (highest_sid)) - for m in q.getresult(): + + cursor.execute("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT su.maintainer FROM src_uploaders su JOIN source s ON (s.id = su.source) WHERE su.source = %s)" % (highest_sid)) + + while True: + m = cursor.fetchone() + if not m: + break + (rfc822, rfc2047, name, email) = utils.fix_maintainer(m[0]) if email == uid_email or name == uid_name: should_reject=False @@ -1068,9 +1083,14 @@ def check_signed_by_key(): for b in changes["binary"].keys(): for suite in changes["distribution"].keys(): - suite_id = database.get_suite_id(suite) - q = Upload.projectB.query("SELECT DISTINCT s.source FROM source s JOIN binaries b ON (s.id = b.source) JOIN bin_associations ba On (b.id = ba.bin) WHERE b.package = '%s' AND ba.suite = %s" % (b, suite_id)) - for s in q.getresult(): + suite_id = DBConn().get_suite_id(suite) + + cursor.execute("SELECT DISTINCT s.source FROM source s JOIN binaries b ON (s.id = b.source) JOIN bin_associations ba On (b.id = ba.bin) WHERE b.package = %(package)s AND ba.suite = %(suite)s" , {'package':b, 'suite':suite_id} ) + while True: + s = cursor.fetchone() + if not s: + break + if s[0] != changes["source"]: reject("%s may not hijack %s from source package %s in suite %s" % (uid, b, s, suite)) @@ -1174,7 +1194,7 @@ def action (): while prompt.find(answer) == -1: answer = utils.our_raw_input(prompt) - m = queue.re_default_answer.match(prompt) + m = re_default_answer.match(prompt) if answer == "": answer = m.group(1) answer = answer[:1].upper() @@ -1214,11 +1234,9 @@ def move_to_dir (dest, perms=0660, changesperms=0664): ################################################################################ def is_unembargo (): - q = Upload.projectB.query( - "SELECT package FROM disembargo WHERE package = '%s' AND version = '%s'" % - (changes["source"], changes["version"])) - ql = q.getresult() - if ql: + cursor = DBConn().cursor() + cursor.execute( "SELECT package FROM disembargo WHERE package = %(source)s AND version = %(version)s", changes ) + if cursor.fetchone(): return 1 oldcwd = os.getcwd() @@ -1230,9 +1248,9 @@ def is_unembargo (): if changes["architecture"].has_key("source"): if Options["No-Action"]: return 1 - Upload.projectB.query( - "INSERT INTO disembargo (package, version) VALUES ('%s', '%s')" % - (changes["source"], changes["version"])) + cursor.execute( "INSERT INTO disembargo (package, version) VALUES ('%(package)s', '%(version)s')", + changes ) + cursor.execute( "COMMIT" ) return 1 return 0 @@ -1290,12 +1308,18 @@ def is_stableupdate (): return 0 if not changes["architecture"].has_key("source"): - pusuite = database.get_suite_id("proposed-updates") - q = Upload.projectB.query( - "SELECT S.source FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.version = '%s' AND sa.suite = %d" % - (changes["source"], changes["version"], pusuite)) - ql = q.getresult() - if ql: + pusuite = DBConn().get_suite_id("proposed-updates") + cursor = DBConn().cursor() + cursor.execute( """SELECT 1 FROM source s + JOIN src_associations sa ON (s.id = sa.source) + WHERE s.source = %(source)s + AND s.version = '%(version)s' + AND sa.suite = %(suite)d""", + {'source' : changes['source'], + 'version' : changes['version'], + 'suite' : pasuite}) + + if cursor.fetchone(): # source is already in proposed-updates so no need to hold return 0 @@ -1303,14 +1327,14 @@ def is_stableupdate (): def do_stableupdate (summary, short_summary): print "Moving to PROPOSED-UPDATES holding area." - Logger.log(["Moving to proposed-updates", pkg.changes_file]); + Logger.log(["Moving to proposed-updates", pkg.changes_file]) - Upload.dump_vars(Cnf["Dir::Queue::ProposedUpdates"]); + Upload.dump_vars(Cnf["Dir::Queue::ProposedUpdates"]) move_to_dir(Cnf["Dir::Queue::ProposedUpdates"], perms=0664) # Check for override disparities - Upload.Subst["__SUMMARY__"] = summary; - Upload.check_override(); + Upload.Subst["__SUMMARY__"] = summary + Upload.check_override() ################################################################################ @@ -1319,27 +1343,31 @@ def is_oldstableupdate (): return 0 if not changes["architecture"].has_key("source"): - pusuite = database.get_suite_id("oldstable-proposed-updates") - q = Upload.projectB.query( - "SELECT S.source FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.version = '%s' AND sa.suite = %d" % - (changes["source"], changes["version"], pusuite)) - ql = q.getresult() - if ql: - # source is already in oldstable-proposed-updates so no need to hold + pusuite = DBConn().get_suite_id("oldstable-proposed-updates") + cursor = DBConn().cursor() + cursor.execute( """"SELECT 1 FROM source s + JOIN src_associations sa ON (s.id = sa.source) + WHERE s.source = %(source)s + AND s.version = %(version)s + AND sa.suite = %d""", + {'source' : changes['source'], + 'version' : changes['version'], + 'suite' : pasuite}) + if cursor.fetchone(): return 0 return 1 def do_oldstableupdate (summary, short_summary): print "Moving to OLDSTABLE-PROPOSED-UPDATES holding area." - Logger.log(["Moving to oldstable-proposed-updates", pkg.changes_file]); + Logger.log(["Moving to oldstable-proposed-updates", pkg.changes_file]) - Upload.dump_vars(Cnf["Dir::Queue::OldProposedUpdates"]); + Upload.dump_vars(Cnf["Dir::Queue::OldProposedUpdates"]) move_to_dir(Cnf["Dir::Queue::OldProposedUpdates"], perms=0664) # Check for override disparities - Upload.Subst["__SUMMARY__"] = summary; - Upload.check_override(); + Upload.Subst["__SUMMARY__"] = summary + Upload.check_override() ################################################################################