X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=167fd63a8cb910cd39d1e3fac60754a50250b80e;hb=60fe2e4c0d8a13833058830e5f88db3256082fdf;hp=9b8d4de5ca3b12e86b54acd789a0af1daa4972d3;hpb=bfb720086beb02662539b11bb2f77216d73a948d;p=dak.git

diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py
index 9b8d4de5..167fd63a 100755
--- a/dak/process_unchecked.py
+++ b/dak/process_unchecked.py
@@ -450,7 +450,8 @@ def check_files():
             # Ensure the architecture of the .deb is one we know about.
             default_suite = Cnf.get("Dinstall::DefaultSuite", "Unstable")
             architecture = control.Find("Architecture")
-            if architecture not in Cnf.ValueList("Suite::%s::Architectures" % (default_suite)):
+            upload_suite = changes["distribution"].keys()[0]
+            if architecture not in Cnf.ValueList("Suite::%s::Architectures" % (default_suite)) and architecture not in Cnf.ValueList("Suite::%s::Architectures" % (upload_suite)):
                 reject("Unknown architecture '%s'." % (architecture))
 
             # Ensure the architecture of the .deb is one of the ones
@@ -700,6 +701,9 @@ def check_dsc():
     except NoFilesFieldError:
         reject("%s: no Files: field." % (dsc_filename))
         return 0
+    except UnknownFormatError, format:
+        reject("%s: unknown format '%s'." % (dsc_filename, format))
+        return 0
     except ParseChangesError, line:
         reject("%s: parse error, can't grok: %s." % (dsc_filename, line))
         return 0
@@ -774,6 +778,8 @@ def check_dsc():
         files[orig_tar_gz] = {}
         files[orig_tar_gz]["size"] = os.stat(orig_tar_gz)[stat.ST_SIZE]
         files[orig_tar_gz]["md5sum"] = dsc_files[orig_tar_gz]["md5sum"]
+        files[orig_tar_gz]["sha1sum"] = dsc_files[orig_tar_gz]["sha1sum"]
+        files[orig_tar_gz]["sha256sum"] = dsc_files[orig_tar_gz]["sha256sum"]
         files[orig_tar_gz]["section"] = files[dsc_filename]["section"]
         files[orig_tar_gz]["priority"] = files[dsc_filename]["priority"]
         files[orig_tar_gz]["component"] = files[dsc_filename]["component"]
@@ -914,80 +920,15 @@ def check_urgency ():
 ################################################################################
 
 def check_hashes ():
-    # Make sure we recognise the format of the Files: field
-    format = changes.get("format", "0.0").split(".",1)
-    if len(format) == 2:
-        format = int(format[0]), int(format[1])
-    else:
-        format = int(float(format[0])), 0
+    utils.check_hash(".changes", files, "md5", apt_pkg.md5sum)
+    utils.check_size(".changes", files)
+    utils.check_hash(".dsc", dsc_files, "md5", apt_pkg.md5sum)
+    utils.check_size(".dsc", dsc_files)
 
-    check_hash(".changes", files, "md5sum", apt_pkg.md5sum)
-    check_hash(".dsc", dsc_files, "md5sum", apt_pkg.md5sum)
-
-    if format >= (1,8):
-        hashes = [("sha1", apt_pkg.sha1sum),
-                  ("sha256", apt_pkg.sha256sum)]
-    else:
-        hashes = []
-
-    for x in changes:
-        if x.startswith("checksum-"):
-            h = x.split("-",1)[1]
-            if h not in dict(hashes):
-                reject("Unsupported checksum field in .changes" % (h))
-
-    for x in dsc:
-        if x.startswith("checksum-"):
-            h = x.split("-",1)[1]
-            if h not in dict(hashes):
-                reject("Unsupported checksum field in .dsc" % (h))
-
-    for h,f in hashes:
-        try:
-            fs = utils.build_file_list(changes, 0, "checksums-%s" % h, h)
-            check_hash(".changes %s" % (h), fs, h, f, files)
-        except NoFilesFieldError:
-            reject("No Checksums-%s: field in .changes" % (h))
-        except ParseChangesError, line:
-            reject("parse error for Checksums-%s in .changes, can't grok: %s." % (h, line))
-
-        if "source" not in changes["architecture"]: continue
-
-        try:
-            fs = utils.build_file_list(dsc, 1, "checksums-%s" % h, h)
-            check_hash(".dsc %s" % (h), fs, h, f, dsc_files)
-        except NoFilesFieldError:
-            reject("No Checksums-%s: field in .dsc" % (h))
-        except ParseChangesError, line:
-            reject("parse error for Checksums-%s in .dsc, can't grok: %s." % (h, line))
-
-################################################################################
-
-def check_hash (where, lfiles, key, testfn, basedict = None):
-    if basedict:
-        for f in basedict.keys():
-            if f not in lfiles:
-                reject("%s: no %s checksum" % (f, key))
-
-    for f in lfiles.keys():
-        if basedict and f not in basedict:
-            reject("%s: extraneous entry in %s checksums" % (f, key))
-
-        try:
-            file_handle = utils.open_file(f)
-        except CantOpenError:
-            continue
-
-        # Check hash
-        if testfn(file_handle) != lfiles[f][key]:
-            reject("%s: %s check failed." % (f, key))
-        file_handle.close()
-        # Check size
-        actual_size = os.stat(f)[stat.ST_SIZE]
-        size = int(lfiles[f]["size"])
-        if size != actual_size:
-            reject("%s: actual file size (%s) does not match size (%s) in %s"
-                   % (f, actual_size, size, where))
+    # This is stupid API, but it'll have to do for now until
+    # we actually have proper abstraction
+    for m in utils.ensure_hashes(changes, dsc, files, dsc_files):
+        reject(m)
 
 ################################################################################
 
@@ -1110,8 +1051,6 @@ def check_signed_by_key():
             for si in q.getresult():
                 if si[0] not in source_ids: source_ids.append(si[0])
 
-        print "source_ids: %s" % (",".join([str(x) for x in source_ids]))
-
         is_nmu = 1
         for si in source_ids:
             is_nmu = 1
@@ -1138,42 +1077,6 @@ def check_signed_by_key():
             if files[f].has_key("new"):
                 reject("%s may not upload NEW file %s" % (uid, f))
 
-    # The remaining checks only apply to binary-only uploads right now
-    if changes["architecture"].has_key("source"):
-        return
-
-    if not Cnf.Exists("Binary-Upload-Restrictions"):
-        return
-
-    restrictions = Cnf.SubTree("Binary-Upload-Restrictions")
-
-    # If the restrictions only apply to certain components make sure
-    # that the upload is actual targeted there.
-    if restrictions.Exists("Components"):
-        restricted_components = restrictions.SubTree("Components").ValueList()
-        is_restricted = False
-        for f in files:
-            if files[f]["component"] in restricted_components:
-                is_restricted = True
-                break
-        if not is_restricted:
-            return
-
-    # Assuming binary only upload restrictions are in place we then
-    # iterate over suite and architecture checking the key is in the
-    # allowed list.  If no allowed list exists for a given suite or
-    # architecture it's assumed to be open to anyone.
-    for suite in changes["distribution"].keys():
-        if not restrictions.Exists(suite):
-            continue
-        for arch in changes["architecture"].keys():
-            if not restrictions.SubTree(suite).Exists(arch):
-                continue
-            allowed_keys = restrictions.SubTree("%s::%s" % (suite, arch)).ValueList()
-            if changes["fingerprint"] not in allowed_keys:
-                base_filename = os.path.basename(pkg.changes_file)
-                reject("%s: not signed by authorised uploader for %s/%s"
-                       % (base_filename, suite, arch))
 
 ################################################################################
 ################################################################################