X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=2a479ced62e457ff29a897b08901dcf0270cba32;hb=d36e2e1219a6c9ad9110bbdb779ca61dfb444c2c;hp=34d1739f7665a025f26581a4a24c19a2d838a44e;hpb=c9e12bb14c839b31d48db95406b4497bb4cdffde;p=dak.git diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index 34d1739f..2a479ced 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -450,7 +450,8 @@ def check_files(): # Ensure the architecture of the .deb is one we know about. default_suite = Cnf.get("Dinstall::DefaultSuite", "Unstable") architecture = control.Find("Architecture") - if architecture not in Cnf.ValueList("Suite::%s::Architectures" % (default_suite)): + upload_suite = changes["distribution"].keys()[0] + if architecture not in Cnf.ValueList("Suite::%s::Architectures" % (default_suite)) and architecture not in Cnf.ValueList("Suite::%s::Architectures" % (upload_suite)): reject("Unknown architecture '%s'." % (architecture)) # Ensure the architecture of the .deb is one of the ones @@ -700,6 +701,9 @@ def check_dsc(): except NoFilesFieldError: reject("%s: no Files: field." % (dsc_filename)) return 0 + except UnknownFormatError, format: + reject("%s: unknown format '%s'." % (dsc_filename, format)) + return 0 except ParseChangesError, line: reject("%s: parse error, can't grok: %s." % (dsc_filename, line)) return 0 @@ -774,6 +778,8 @@ def check_dsc(): files[orig_tar_gz] = {} files[orig_tar_gz]["size"] = os.stat(orig_tar_gz)[stat.ST_SIZE] files[orig_tar_gz]["md5sum"] = dsc_files[orig_tar_gz]["md5sum"] + files[orig_tar_gz]["sha1sum"] = dsc_files[orig_tar_gz]["sha1sum"] + files[orig_tar_gz]["sha256sum"] = dsc_files[orig_tar_gz]["sha256sum"] files[orig_tar_gz]["section"] = files[dsc_filename]["section"] files[orig_tar_gz]["priority"] = files[dsc_filename]["priority"] files[orig_tar_gz]["component"] = files[dsc_filename]["component"] @@ -906,88 +912,23 @@ def check_urgency (): if changes["architecture"].has_key("source"): if not changes.has_key("urgency"): changes["urgency"] = Cnf["Urgency::Default"] + changes["urgency"] = changes["urgency"].lower() if changes["urgency"] not in Cnf.ValueList("Urgency::Valid"): reject("%s is not a valid urgency; it will be treated as %s by testing." % (changes["urgency"], Cnf["Urgency::Default"]), "Warning: ") changes["urgency"] = Cnf["Urgency::Default"] - changes["urgency"] = changes["urgency"].lower() ################################################################################ def check_hashes (): - # Make sure we recognise the format of the Files: field - format = changes.get("format", "0.0").split(".",1) - if len(format) == 2: - format = int(format[0]), int(format[1]) - else: - format = int(float(format[0])), 0 + utils.check_hash(".changes", files, "md5", apt_pkg.md5sum) + utils.check_size(".changes", files) + utils.check_hash(".dsc", dsc_files, "md5", apt_pkg.md5sum) + utils.check_size(".dsc", dsc_files) - check_hash(".changes", files, "md5sum", apt_pkg.md5sum) - check_hash(".dsc", dsc_files, "md5sum", apt_pkg.md5sum) - - if format >= (1,8): - hashes = [("sha1", apt_pkg.sha1sum), - ("sha256", apt_pkg.sha256sum)] - else: - hashes = [] - - for x in changes: - if x.startswith("checksum-"): - h = x.split("-",1)[1] - if h not in dict(hashes): - reject("Unsupported checksum field in .changes" % (h)) - - for x in dsc: - if x.startswith("checksum-"): - h = x.split("-",1)[1] - if h not in dict(hashes): - reject("Unsupported checksum field in .dsc" % (h)) - - for h,f in hashes: - try: - fs = utils.build_file_list(changes, 0, "checksums-%s" % h, h) - check_hash(".changes %s" % (h), fs, h, f, files) - except NoFilesFieldError: - reject("No Checksums-%s: field in .changes" % (h)) - except ParseChangesError, line: - reject("parse error for Checksums-%s in .changes, can't grok: %s." % (h, line)) - - if "source" not in changes["architecture"]: continue - - try: - fs = utils.build_file_list(dsc, 1, "checksums-%s" % h, h) - check_hash(".dsc %s" % (h), fs, h, f, dsc_files) - except NoFilesFieldError: - reject("No Checksums-%s: field in .dsc" % (h)) - except ParseChangesError, line: - reject("parse error for Checksums-%s in .dsc, can't grok: %s." % (h, line)) - -################################################################################ - -def check_hash (where, lfiles, key, testfn, basedict = None): - if basedict: - for f in basedict.keys(): - if f not in lfiles: - reject("%s: no %s checksum" % (f, key)) - - for f in lfiles.keys(): - if basedict and f not in basedict: - reject("%s: extraneous entry in %s checksums" % (f, key)) - - try: - file_handle = utils.open_file(f) - except CantOpenError: - continue - - # Check hash - if testfn(file_handle) != lfiles[f][key]: - reject("%s: %s check failed." % (f, key)) - file_handle.close() - # Check size - actual_size = os.stat(f)[stat.ST_SIZE] - size = int(lfiles[f]["size"]) - if size != actual_size: - reject("%s: actual file size (%s) does not match size (%s) in %s" - % (f, actual_size, size, where)) + # This is stupid API, but it'll have to do for now until + # we actually have proper abstraction + for m in utils.ensure_hashes(changes, dsc, files, dsc_files): + reject(m) ################################################################################ @@ -1110,12 +1051,10 @@ def check_signed_by_key(): for si in q.getresult(): if si[0] not in source_ids: source_ids.append(si[0]) - print "source_ids: %s" % (",".join([str(x) for x in source_ids])) - is_nmu = 1 for si in source_ids: is_nmu = 1 - q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT maintainer FROM src_uploaders WHERE src_uploaders.source = %s)" % (si)) + q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT su.maintainer FROM src_uploaders su JOIN source s ON (s.id = su.source) WHERE su.source = %s AND s.dm_upload_allowed = 'yes')" % (si)) for m in q.getresult(): (rfc822, rfc2047, name, email) = utils.fix_maintainer(m[0]) if email == uid_email or name == uid_name: @@ -1138,42 +1077,6 @@ def check_signed_by_key(): if files[f].has_key("new"): reject("%s may not upload NEW file %s" % (uid, f)) - # The remaining checks only apply to binary-only uploads right now - if changes["architecture"].has_key("source"): - return - - if not Cnf.Exists("Binary-Upload-Restrictions"): - return - - restrictions = Cnf.SubTree("Binary-Upload-Restrictions") - - # If the restrictions only apply to certain components make sure - # that the upload is actual targeted there. - if restrictions.Exists("Components"): - restricted_components = restrictions.SubTree("Components").ValueList() - is_restricted = False - for f in files: - if files[f]["component"] in restricted_components: - is_restricted = True - break - if not is_restricted: - return - - # Assuming binary only upload restrictions are in place we then - # iterate over suite and architecture checking the key is in the - # allowed list. If no allowed list exists for a given suite or - # architecture it's assumed to be open to anyone. - for suite in changes["distribution"].keys(): - if not restrictions.Exists(suite): - continue - for arch in changes["architecture"].keys(): - if not restrictions.SubTree(suite).Exists(arch): - continue - allowed_keys = restrictions.SubTree("%s::%s" % (suite, arch)).ValueList() - if changes["fingerprint"] not in allowed_keys: - base_filename = os.path.basename(pkg.changes_file) - reject("%s: not signed by authorised uploader for %s/%s" - % (base_filename, suite, arch)) ################################################################################ ################################################################################ @@ -1343,6 +1246,14 @@ def queue_unembargo (summary, short_summary): Upload.Subst["__SUMMARY__"] = summary Upload.check_override() + # Send accept mail, announce to lists, close bugs and check for + # override disparities + if not Cnf["Dinstall::Options::No-Mail"]: + Upload.Subst["__SUITE__"] = "" + mail_message = utils.TemplateSubst(Upload.Subst,Cnf["Dir::Templates"]+"/process-unchecked.accepted") + utils.send_mail(mail_message) + Upload.announce(short_summary, 1) + ################################################################################ def is_embargo (): @@ -1361,6 +1272,14 @@ def queue_embargo (summary, short_summary): Upload.Subst["__SUMMARY__"] = summary Upload.check_override() + # Send accept mail, announce to lists, close bugs and check for + # override disparities + if not Cnf["Dinstall::Options::No-Mail"]: + Upload.Subst["__SUITE__"] = "" + mail_message = utils.TemplateSubst(Upload.Subst,Cnf["Dir::Templates"]+"/process-unchecked.accepted") + utils.send_mail(mail_message) + Upload.announce(short_summary, 1) + ################################################################################ def is_stableupdate (): @@ -1384,7 +1303,7 @@ def do_stableupdate (summary, short_summary): Logger.log(["Moving to proposed-updates", pkg.changes_file]); Upload.dump_vars(Cnf["Dir::Queue::ProposedUpdates"]); - move_to_dir(Cnf["Dir::Queue::ProposedUpdates"]) + move_to_dir(Cnf["Dir::Queue::ProposedUpdates"], perms=0664) # Check for override disparities Upload.Subst["__SUMMARY__"] = summary; @@ -1413,7 +1332,7 @@ def do_oldstableupdate (summary, short_summary): Logger.log(["Moving to oldstable-proposed-updates", pkg.changes_file]); Upload.dump_vars(Cnf["Dir::Queue::OldProposedUpdates"]); - move_to_dir(Cnf["Dir::Queue::OldProposedUpdates"]) + move_to_dir(Cnf["Dir::Queue::OldProposedUpdates"], perms=0664) # Check for override disparities Upload.Subst["__SUMMARY__"] = summary;