X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=498eb49f0dd6a21da49cd2d76bb0e052c3efbf26;hb=3bb635cd8b8d524e808d537f469031125dba86fc;hp=7ad64145569872fbb9eec93eda08bb7ebd98347b;hpb=d8206557d80e455be5efdbeed2e084eeec4ace37;p=dak.git diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index 7ad64145..498eb49f 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -30,7 +30,6 @@ import commands, errno, fcntl, os, re, shutil, stat, sys, time, tempfile, traceback import apt_inst, apt_pkg -import syck import daklib.database import daklib.logging import daklib.queue @@ -38,7 +37,6 @@ import daklib.utils from types import * - ################################################################################ re_valid_version = re.compile(r"^([0-9]+:)?[0-9A-Za-z\.\-\+:~]+$") @@ -46,6 +44,7 @@ re_valid_pkg_name = re.compile(r"^[\dA-Za-z][\dA-Za-z\+\-\.]+$") re_changelog_versions = re.compile(r"^\w[-+0-9a-z.]+ \([^\(\) \t]+\)") re_strip_revision = re.compile(r"-([^-]+)$") re_strip_srcver = re.compile(r"\s+\(\S+\)$") +re_spacestrip = re.compile('(\s)') ################################################################################ @@ -463,6 +462,16 @@ def check_files(): if depends == '': reject("%s: Depends field is empty." % (file)) + # Sanity-check the Provides field + provides = re_spacestrip.sub('', control.Find("Provides")) + if provides == '': + reject("%s: Provides field is empty." % (file)) + prov_list = provides.split(",") + for prov in prov_list: + if not re_valid_pkg_name.match(prov): + reject("%s: Invalid Provides field content %s." % (file, prov)) + + # Check the section & priority match those given in the .changes (non-fatal) if control.Find("Section") and files[file]["section"] != "" and files[file]["section"] != control.Find("Section"): reject("%s control file lists section as `%s', but changes file has `%s'." % (file, control.Find("Section", ""), files[file]["section"]), "Warning: ") @@ -901,40 +910,77 @@ def check_urgency (): ################################################################################ -def check_md5sums (): - for file in files.keys(): +def check_hashes (): + # Make sure we recognise the format of the Files: field + format = changes.get("format", "0.0").split(".",1) + if len(format) == 2: + format = int(format[0]), int(format[1]) + else: + format = int(float(format[0])), 0 + + check_hash(".changes", files, "md5sum", apt_pkg.md5sum) + check_hash(".dsc", dsc_files, "md5sum", apt_pkg.md5sum) + + if format >= (1,8): + hashes = [("sha1", apt_pkg.sha1sum), + ("sha256", apt_pkg.sha256sum)] + else: + hashes = [] + + for x in changes: + if x.startswith("checksum-"): + h = x.split("-",1)[1] + if h not in dict(hashes): + reject("Unsupported checksum field in .changes" % (h)) + + for x in dsc: + if x.startswith("checksum-"): + h = x.split("-",1)[1] + if h not in dict(hashes): + reject("Unsupported checksum field in .dsc" % (h)) + + for h,f in hashes: try: - file_handle = daklib.utils.open_file(file) - except daklib.utils.cant_open_exc: - continue + fs = daklib.utils.build_file_list(changes, 0, "checksums-%s" % h, h) + check_hash(".changes %s" % (h), fs, h, f, files) + except daklib.utils.no_files_exc: + reject("No Checksums-%s: field in .changes file" % (h)) - # Check md5sum - if apt_pkg.md5sum(file_handle) != files[file]["md5sum"]: - reject("%s: md5sum check failed." % (file)) - file_handle.close() - # Check size - actual_size = os.stat(file)[stat.ST_SIZE] - size = int(files[file]["size"]) - if size != actual_size: - reject("%s: actual file size (%s) does not match size (%s) in .changes" - % (file, actual_size, size)) + if "source" not in changes["architecture"]: continue + + try: + fs = daklib.utils.build_file_list(dsc, 1, "checksums-%s" % h, h) + check_hash(".dsc %s" % (h), fs, h, f, dsc_files) + except daklib.utils.no_files_exc: + reject("No Checksums-%s: field in .changes file" % (h)) + +################################################################################ + +def check_hash (where, files, key, testfn, basedict = None): + if basedict: + for file in basedict.keys(): + if file not in files: + reject("%s: no %s checksum" % (file, key)) + + for file in files.keys(): + if basedict and file not in basedict: + reject("%s: extraneous entry in %s checksums" % (file, key)) - for file in dsc_files.keys(): try: file_handle = daklib.utils.open_file(file) except daklib.utils.cant_open_exc: continue - # Check md5sum - if apt_pkg.md5sum(file_handle) != dsc_files[file]["md5sum"]: - reject("%s: md5sum check failed." % (file)) + # Check hash + if testfn(file_handle) != files[file][key]: + reject("%s: %s check failed." % (file, key)) file_handle.close() # Check size actual_size = os.stat(file)[stat.ST_SIZE] - size = int(dsc_files[file]["size"]) + size = int(files[file]["size"]) if size != actual_size: - reject("%s: actual file size (%s) does not match size (%s) in .dsc" - % (file, actual_size, size)) + reject("%s: actual file size (%s) does not match size (%s) in %s" + % (file, actual_size, size, where)) ################################################################################ @@ -1000,63 +1046,6 @@ def check_timestamps(): except: reject("%s: deb contents timestamp check failed [%s: %s]" % (filename, sys.exc_type, sys.exc_value)) -################################################################################ -################################################################################ - -# We reject packages if the release team defined a transition for them -def check_transition(sourcepkg): - # No sourceful upload -> no need to do anything else, direct return - if changes["architecture"].has_key("source"): - return - - # Also only check if there is a file defined (and existant) with checks. It's a little bit - # specific to Debian, not much use for others, so return early there. - if not Cnf.has_key("Dinstall::Reject::ReleaseTransitions") or not os.path.exists("%s" % (Cnf["Dinstall::Reject::ReleaseTransitions"])): - return - - # Parse the yaml file - sourcefile = file(Cnf["Dinstall::Reject::ReleaseTransitions"], 'r') - sourcecontent = sourcefile.read() - try: - transitions = syck.load(sourcecontent) - except syck.error, msg: - # This shouldn't happen, there is a wrapper to edit the file which checks it, but we prefer - # to be safe than ending up rejecting everything. - daklib.utils.warn("Not checking transitions, the transitions file is broken: %s." % (msg)) - return - - # Now look through all defined transitions - for trans in transitions: - t = transitions[trans] - source = t["source"] - expected = t["new"] - - # Will be None if nothing is in testing. - current = daklib.database.get_suite_version(source, "testing") - if not current == None: - compare = apt_pkg.VersionCompare(current, expected) - - if current == None or compare < 0: - # This is still valid, the current version in testing is older than - # the new version we wait for, or there is none in testing yet - - # Check if the source we look at is affected by this. - if sourcepkg in t['packages']: - # The source is affected, lets reject it. - reject("""%s: part of the %s transition. - -Your package is part of a testing transition designed to get %s migrated -(it currently is at version %s, we need version %s) - -Transition description: %s - -This transition is managed by the Release Team, and %s -is the Release-Team member responsible for it. -Please contact %s or debian-release@lists.debian.org if you -need further assistance. - """ % (sourcepkg, trans, source, current, expected, t["reason"], t["rm"], t["rm"])) - return 0 - ################################################################################ def lookup_uid_from_fingerprint(fpr): @@ -1094,6 +1083,12 @@ def check_signed_by_key(): if uid_name == "": sponsored = 1 else: sponsored = 1 + if ("source" in changes["architecture"] and + daklib.utils.is_email_alias(uid_email)): + sponsor_addresses = daklib.utils.gpg_get_key_addresses(changes["fingerprint"]) + if (changes["maintaineremail"] not in sponsor_addresses and + changes["changedbyemail"] not in sponsor_addresses): + changes["sponsoremail"] = uid_email if sponsored and not may_sponsor: reject("%s is not authorised to sponsor uploads" % (uid)) @@ -1577,11 +1572,10 @@ def process_it (changes_file): valid_dsc_p = check_dsc() if valid_dsc_p: check_source() - check_md5sums() + check_hashes() check_urgency() check_timestamps() check_signed_by_key() - check_transition(changes["source"]) Upload.update_subst(reject_message) action() except SystemExit: