X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=5cb9124cc63d79772eeb8cc7a286297d2d654b7a;hb=dca650055f023509bf797c760c11e01f03d894bb;hp=d7eb6e41af738ee1334df72e086a941e3f41dcb1;hpb=f9d94e9465179b9a7f83559c846d25fcd4df131f;p=dak.git

diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py
index d7eb6e41..5cb9124c 100755
--- a/dak/process_unchecked.py
+++ b/dak/process_unchecked.py
@@ -421,7 +421,7 @@ def check_files():
             files[file]["type"] = "unreadable"
             continue
         # If it's byhand skip remaining checks
-        if files[file]["section"] == "byhand" or files[file]["section"] == "raw-installer":
+        if files[file]["section"] == "byhand" or files[file]["section"][4:] == "raw-":
             files[file]["byhand"] = 1
             files[file]["type"] = "byhand"
         # Checks for a binary package...
@@ -757,6 +757,7 @@ def check_dsc():
         m = daklib.utils.re_issource.match(f)
         if not m:
             reject("%s: %s in Files field not recognised as source." % (dsc_filename, f))
+	    continue
         type = m.group(3)
         if type == "orig.tar.gz" or type == "tar.gz":
             has_tar = 1
@@ -1015,10 +1016,84 @@ def check_timestamps():
 
 ################################################################################
 
+def lookup_uid_from_fingerprint(fpr):
+    q = Upload.projectB.query("SELECT u.uid, u.name FROM fingerprint f, uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr))
+    qs = q.getresult()
+    if len(qs) == 0:
+        return (None, None)
+    else:
+        return qs[0]
+
 def check_signed_by_key():
     """Ensure the .changes is signed by an authorized uploader."""
 
-    # We only check binary-only uploads right now
+    (uid, uid_name) = lookup_uid_from_fingerprint(changes["fingerprint"])
+    if uid_name == None:
+        uid_name = ""
+
+    # match claimed name with actual name:
+    if uid == None:
+        uid, uid_email = changes["fingerprint"], uid
+        may_nmu, may_sponsor = 1, 1
+	# XXX by default new dds don't have a fingerprint/uid in the db atm,
+	#     and can't get one in there if we don't allow nmu/sponsorship
+    elif uid[:3] == "dm:":
+        uid_email = uid[3:]
+        may_nmu, may_sponsor = 0, 0
+    else:
+        uid_email = "%s@debian.org" % (uid)
+        may_nmu, may_sponsor = 1, 1
+
+    if uid_email in [changes["maintaineremail"], changes["changedbyemail"]]:
+        sponsored = 0
+    elif uid_name in [changes["maintainername"], changes["changedbyname"]]:
+        sponsored = 0
+        if uid_name == "": sponsored = 1
+    else:
+        sponsored = 1
+
+    if sponsored and not may_sponsor: 
+        reject("%s is not authorised to sponsor uploads" % (uid))
+
+    if not sponsored and not may_nmu:
+        source_ids = []
+	check_suites = changes["distribution"].keys()
+	if "unstable" not in check_suites: check_suites.append("unstable")
+        for suite in check_suites:
+            suite_id = daklib.database.get_suite_id(suite)
+            q = Upload.projectB.query("SELECT s.id FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND sa.suite = %d" % (changes["source"], suite_id))
+            for si in q.getresult():
+                if si[0] not in source_ids: source_ids.append(si[0])
+
+        print "source_ids: %s" % (",".join([str(x) for x in source_ids]))
+
+        is_nmu = 1
+        for si in source_ids:
+            is_nmu = 1
+            q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT maintainer FROM src_uploaders WHERE src_uploaders.source = %s)" % (si))
+            for m in q.getresult():
+                (rfc822, rfc2047, name, email) = daklib.utils.fix_maintainer(m[0])
+                if email == uid_email or name == uid_name:
+                    is_nmu=0
+                    break
+        if is_nmu:
+            reject("%s may not upload/NMU source package %s" % (uid, changes["source"]))
+
+        for b in changes["binary"].keys():
+            for suite in changes["distribution"].keys():
+                suite_id = daklib.database.get_suite_id(suite)
+	        q = Upload.projectB.query("SELECT DISTINCT s.source FROM source s JOIN binaries b ON (s.id = b.source) JOIN bin_associations ba On (b.id = ba.bin) WHERE b.package = '%s' AND ba.suite = %s" % (b, suite_id))
+		for s in q.getresult():
+                    if s[0] != changes["source"]:
+                        reject("%s may not hijack %s from source package %s in suite %s" % (uid, b, s, suite))
+
+        for file in files.keys():
+            if files[file].has_key("byhand"): 
+                reject("%s may not upload BYHAND file %s" % (uid, file))
+            if files[file].has_key("new"):
+                reject("%s may not upload NEW file %s" % (uid, file))
+
+    # The remaining checks only apply to binary-only uploads right now
     if changes["architecture"].has_key("source"):
         return
 
@@ -1093,6 +1168,7 @@ def action ():
     # q-unapproved hax0ring
     queue_info = {
          "New": { "is": is_new, "process": acknowledge_new },
+	 "Autobyhand" : { "is" : is_autobyhand, "process": do_autobyhand },
          "Byhand" : { "is": is_byhand, "process": do_byhand },
          "OldStableUpdate" : { "is": is_oldstableupdate, 
 	 			"process": do_oldstableupdate },
@@ -1100,7 +1176,7 @@ def action ():
          "Unembargo" : { "is": is_unembargo, "process": queue_unembargo },
          "Embargo" : { "is": is_embargo, "process": queue_embargo },
     }
-    queues = [ "New", "Byhand" ]
+    queues = [ "New", "Autobyhand", "Byhand" ]
     if Cnf.FindB("Dinstall::SecurityQueueHandling"):
         queues += [ "Unembargo", "Embargo" ]
     else:
@@ -1159,7 +1235,7 @@ def action ():
         accept(summary, short_summary)
         remove_from_unchecked()
     elif answer == queuekey:
-        queue_info[queue]["process"](summary)
+        queue_info[queue]["process"](summary, short_summary)
         remove_from_unchecked()
     elif answer == 'Q':
         sys.exit(0)
@@ -1210,7 +1286,7 @@ def is_unembargo ():
 
     return 0
 
-def queue_unembargo (summary):
+def queue_unembargo (summary, short_summary):
     print "Moving to UNEMBARGOED holding area."
     Logger.log(["Moving to unembargoed", pkg.changes_file])
 
@@ -1227,7 +1303,7 @@ def queue_unembargo (summary):
 def is_embargo ():
     return 0
 
-def queue_embargo (summary):
+def queue_embargo (summary, short_summary):
     print "Moving to EMBARGOED holding area."
     Logger.log(["Moving to embargoed", pkg.changes_file])
 
@@ -1257,7 +1333,7 @@ def is_stableupdate ():
 
     return 1
 
-def do_stableupdate (summary):
+def do_stableupdate (summary, short_summary):
     print "Moving to PROPOSED-UPDATES holding area."
     Logger.log(["Moving to proposed-updates", pkg.changes_file]);
 
@@ -1286,7 +1362,7 @@ def is_oldstableupdate ():
 
     return 1
 
-def do_oldstableupdate (summary):
+def do_oldstableupdate (summary, short_summary):
     print "Moving to OLDSTABLE-PROPOSED-UPDATES holding area."
     Logger.log(["Moving to oldstable-proposed-updates", pkg.changes_file]);
 
@@ -1299,13 +1375,80 @@ def do_oldstableupdate (summary):
 
 ################################################################################
 
+def is_autobyhand ():
+    all_auto = 1
+    any_auto = 0
+    for file in files.keys():
+        if files[file].has_key("byhand"):
+	    any_auto = 1
+
+	    # filename is of form "PKG_VER_ARCH.EXT" where PKG, VER and ARCH
+	    # don't contain underscores, and ARCH doesn't contain dots.
+	    # further VER matches the .changes Version:, and ARCH should be in
+	    # the .changes Architecture: list.
+	    if file.count("_") < 2:
+	    	all_auto = 0
+		continue
+	
+	    (pkg, ver, archext) = file.split("_", 2)
+	    if archext.count(".") < 1 or changes["version"] != ver:
+	    	all_auto = 0
+		continue
+
+	    ABH = Cnf.SubTree("AutomaticByHandPackages")
+	    if not ABH.has_key(pkg) or \
+	      ABH["%s::Source" % (pkg)] != changes["source"]:
+	        print "not match %s %s" % (pkg, changes["source"])
+	        all_auto = 0
+		continue
+
+	    (arch, ext) = archext.split(".", 1)
+	    if arch not in changes["architecture"]:
+	        all_auto = 0
+		continue
+
+	    files[file]["byhand-arch"] = arch
+	    files[file]["byhand-script"] = ABH["%s::Script" % (pkg)]
+
+    return any_auto and all_auto
+
+def do_autobyhand (summary, short_summary):
+    print "Attempting AUTOBYHAND."
+    byhandleft = 0
+    for file in files.keys():
+        byhandfile = file
+        if not files[file].has_key("byhand"):
+            continue
+        if not files[file].has_key("byhand-script"):
+            byhandleft = 1
+            continue
+
+        os.system("ls -l %s" % byhandfile)
+        result = os.system("%s %s %s %s %s" % (
+                files[file]["byhand-script"], byhandfile, 
+                changes["version"], files[file]["byhand-arch"],
+                os.path.abspath(pkg.changes_file)))
+        if result == 0:
+            os.unlink(byhandfile)
+            del files[file]
+        else:
+            print "Error processing %s, left as byhand." % (file)
+            byhandleft = 1
+
+    if byhandleft:
+        do_byhand(summary, short_summary)
+    else:
+        accept(summary, short_summary)
+
+################################################################################
+
 def is_byhand ():
     for file in files.keys():
         if files[file].has_key("byhand"):
             return 1
     return 0
 
-def do_byhand (summary):
+def do_byhand (summary, short_summary):
     print "Moving to BYHAND holding area."
     Logger.log(["Moving to byhand", pkg.changes_file])
 
@@ -1324,7 +1467,7 @@ def is_new ():
             return 1
     return 0
 
-def acknowledge_new (summary):
+def acknowledge_new (summary, short_summary):
     Subst = Upload.Subst
 
     print "Moving to NEW holding area."