X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=5fce9fa98b9a403e02908ac4c85b2deb0f6af885;hb=35cd0972b5e14dc8727403e13fccd30776f3ae02;hp=db1fee8643af865ce827ce2d7278252e33c184b8;hpb=b07852aa10727e959844a3f3b4d5b8a6bce00dbf;p=dak.git diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py old mode 100644 new mode 100755 index db1fee86..5fce9fa9 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -# Checks Debian packages from Incoming +""" Checks Debian packages from Incoming """ # Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006 James Troup # This program is free software; you can redistribute it and/or modify @@ -28,23 +28,35 @@ ################################################################################ -import commands, errno, fcntl, os, re, shutil, stat, sys, time, tempfile, traceback -import apt_inst, apt_pkg -import daklib.database as database -import daklib.logging as logging -import daklib.queue as queue -import daklib.utils +import commands +import errno +import fcntl +import os +import re +import shutil +import stat +import sys +import time +import traceback +import tarfile +import apt_inst +import apt_pkg +from debian_bundle import deb822 +from daklib.dbconn import DBConn +from daklib.binary import Binary +from daklib import logging +from daklib import queue +from daklib import utils +from daklib.dak_exceptions import * +from daklib.regexes import re_valid_version, re_valid_pkg_name, re_changelog_versions, \ + re_strip_revision, re_strip_srcver, re_spacestrip, \ + re_isanum, re_no_epoch, re_no_revision, re_taint_free, \ + re_isadeb, re_extract_src_version, re_issource, re_default_answer from types import * ################################################################################ -re_valid_version = re.compile(r"^([0-9]+:)?[0-9A-Za-z\.\-\+:~]+$") -re_valid_pkg_name = re.compile(r"^[\dA-Za-z][\dA-Za-z\+\-\.]+$") -re_changelog_versions = re.compile(r"^\w[-+0-9a-z.]+ \([^\(\) \t]+\)") -re_strip_revision = re.compile(r"-([^-]+)$") -re_strip_srcver = re.compile(r"\s+\(\S+\)$") -re_spacestrip = re.compile('(\s)') ################################################################################ @@ -73,16 +85,17 @@ def init(): apt_pkg.init() Cnf = apt_pkg.newConfiguration() - apt_pkg.ReadConfigFileISC(Cnf,daklib.utils.which_conf_file()) + apt_pkg.ReadConfigFileISC(Cnf,utils.which_conf_file()) Arguments = [('a',"automatic","Dinstall::Options::Automatic"), ('h',"help","Dinstall::Options::Help"), ('n',"no-action","Dinstall::Options::No-Action"), ('p',"no-lock", "Dinstall::Options::No-Lock"), - ('s',"no-mail", "Dinstall::Options::No-Mail")] + ('s',"no-mail", "Dinstall::Options::No-Mail"), + ('d',"directory", "Dinstall::Options::Directory", "HasArg")] for i in ["automatic", "help", "no-action", "no-lock", "no-mail", - "override-distribution", "version"]: + "override-distribution", "version", "directory"]: Cnf["Dinstall::Options::%s" % (i)] = "" changes_files = apt_pkg.ParseCommandLine(Cnf,Arguments,sys.argv) @@ -91,6 +104,15 @@ def init(): if Options["Help"]: usage() + # If we have a directory flag, use it to find our files + if Cnf["Dinstall::Options::Directory"] != "": + # Note that we clobber the list of files we were given in this case + # so warn if the user has done both + if len(changes_files) > 0: + utils.warn("Directory provided so ignoring files given on command line") + + changes_files = utils.get_changes_files(Cnf["Dinstall::Options::Directory"]) + Upload = queue.Upload(Cnf) changes = Upload.pkg.changes @@ -167,7 +189,7 @@ def clean_holding(): for f in in_holding.keys(): if os.path.exists(f): if f.find('/') != -1: - daklib.utils.fubar("WTF? clean_holding() got a file ('%s') with / in it!" % (f)) + utils.fubar("WTF? clean_holding() got a file ('%s') with / in it!" % (f)) else: os.unlink(f) in_holding = {} @@ -180,20 +202,23 @@ def check_changes(): # Parse the .changes field into a dictionary try: - changes.update(daklib.utils.parse_changes(filename)) - except daklib.utils.cant_open_exc: + changes.update(utils.parse_changes(filename)) + except CantOpenError: reject("%s: can't read file." % (filename)) return 0 - except daklib.utils.changes_parse_error_exc, line: + except ParseChangesError, line: reject("%s: parse error, can't grok: %s." % (filename, line)) return 0 + except ChangesUnicodeError: + reject("%s: changes file not proper utf-8" % (filename)) + return 0 # Parse the Files field from the .changes into another dictionary try: - files.update(daklib.utils.build_file_list(changes)) - except daklib.utils.changes_parse_error_exc, line: + files.update(utils.build_file_list(changes)) + except ParseChangesError, line: reject("%s: parse error, can't grok: %s." % (filename, line)) - except daklib.utils.nk_format_exc, format: + except UnknownFormatError, format: reject("%s: unknown format '%s'." % (filename, format)) return 0 @@ -225,8 +250,8 @@ def check_changes(): try: (changes["maintainer822"], changes["maintainer2047"], changes["maintainername"], changes["maintaineremail"]) = \ - daklib.utils.fix_maintainer (changes["maintainer"]) - except daklib.utils.ParseMaintError, msg: + utils.fix_maintainer (changes["maintainer"]) + except ParseMaintError, msg: reject("%s: Maintainer field ('%s') failed to parse: %s" \ % (filename, changes["maintainer"], msg)) @@ -234,8 +259,8 @@ def check_changes(): try: (changes["changedby822"], changes["changedby2047"], changes["changedbyname"], changes["changedbyemail"]) = \ - daklib.utils.fix_maintainer (changes.get("changed-by", "")) - except daklib.utils.ParseMaintError, msg: + utils.fix_maintainer (changes.get("changed-by", "")) + except ParseMaintError, msg: (changes["changedby822"], changes["changedby2047"], changes["changedbyname"], changes["changedbyemail"]) = \ ("", "", "", "") @@ -245,13 +270,13 @@ def check_changes(): # Ensure all the values in Closes: are numbers if changes.has_key("closes"): for i in changes["closes"].keys(): - if queue.re_isanum.match (i) == None: + if re_isanum.match (i) == None: reject("%s: `%s' from Closes field isn't a number." % (filename, i)) # chopversion = no epoch; chopversion2 = no epoch and no revision (e.g. for .orig.tar.gz comparison) - changes["chopversion"] = daklib.utils.re_no_epoch.sub('', changes["version"]) - changes["chopversion2"] = daklib.utils.re_no_revision.sub('', changes["chopversion"]) + changes["chopversion"] = re_no_epoch.sub('', changes["version"]) + changes["chopversion2"] = re_no_revision.sub('', changes["chopversion"]) # Check there isn't already a changes file of the same name in one # of the queue directories. @@ -290,7 +315,7 @@ def check_distributions(): (source, dest) = args[1:3] if changes["distribution"].has_key(source): for arch in changes["architecture"].keys(): - if arch not in Cnf.ValueList("Suite::%s::Architectures" % (source)): + if arch not in DBConn().get_suite_architectures(source): reject("Mapping %s to %s for unreleased architecture %s." % (source, dest, arch),"") del changes["distribution"][source] changes["distribution"][dest] = 1 @@ -323,35 +348,10 @@ def check_distributions(): ################################################################################ -def check_deb_ar(filename): - """Sanity check the ar of a .deb, i.e. that there is: - - o debian-binary - o control.tar.gz - o data.tar.gz or data.tar.bz2 - -in that order, and nothing else.""" - cmd = "ar t %s" % (filename) - (result, output) = commands.getstatusoutput(cmd) - if result != 0: - reject("%s: 'ar t' invocation failed." % (filename)) - reject(daklib.utils.prefix_multi_line_string(output, " [ar output:] "), "") - chunks = output.split('\n') - if len(chunks) != 3: - reject("%s: found %d chunks, expected 3." % (filename, len(chunks))) - if chunks[0] != "debian-binary": - reject("%s: first chunk is '%s', expected 'debian-binary'." % (filename, chunks[0])) - if chunks[1] != "control.tar.gz": - reject("%s: second chunk is '%s', expected 'control.tar.gz'." % (filename, chunks[1])) - if chunks[2] not in [ "data.tar.bz2", "data.tar.gz" ]: - reject("%s: third chunk is '%s', expected 'data.tar.gz' or 'data.tar.bz2'." % (filename, chunks[2])) - -################################################################################ - def check_files(): global reprocess - archive = daklib.utils.where_am_i() + archive = utils.where_am_i() file_keys = files.keys() # if reprocess is 2 we've already done this and we're checking @@ -386,13 +386,27 @@ def check_files(): has_binaries = 0 has_source = 0 + cursor = DBConn().cursor() + # Check for packages that have moved from one component to another + # STU: this should probably be changed to not join on architecture, suite tables but instead to used their cached name->id mappings from DBConn + DBConn().prepare("moved_pkg_q", """ + PREPARE moved_pkg_q(text,text,text) AS + SELECT c.name FROM binaries b, bin_associations ba, suite s, location l, + component c, architecture a, files f + WHERE b.package = $1 AND s.suite_name = $2 + AND (a.arch_string = $3 OR a.arch_string = 'all') + AND ba.bin = b.id AND ba.suite = s.id AND b.architecture = a.id + AND f.location = l.id + AND l.component = c.id + AND b.file = f.id""") + for f in file_keys: # Ensure the file does not already exist in one of the accepted directories for d in [ "Accepted", "Byhand", "New", "ProposedUpdates", "OldProposedUpdates", "Embargoed", "Unembargoed" ]: if not Cnf.has_key("Dir::Queue::%s" % (d)): continue if os.path.exists(Cnf["Dir::Queue::%s" % (d) ] + '/' + f): reject("%s file already exists in the %s directory." % (f, d)) - if not daklib.utils.re_taint_free.match(f): + if not re_taint_free.match(f): reject("!!WARNING!! tainted filename: '%s'." % (f)) # Check the file is readable if os.access(f, os.R_OK) == 0: @@ -410,12 +424,12 @@ def check_files(): files[f]["byhand"] = 1 files[f]["type"] = "byhand" # Checks for a binary package... - elif daklib.utils.re_isadeb.match(f): + elif re_isadeb.match(f): has_binaries = 1 files[f]["type"] = "deb" # Extract package control information - deb_file = daklib.utils.open_file(f) + deb_file = utils.open_file(f) try: control = apt_pkg.ParseSection(apt_inst.debExtractControl(deb_file)) except: @@ -423,6 +437,15 @@ def check_files(): deb_file.close() # Can't continue, none of the checks on control would work. continue + + # Check for mandantory "Description:" + deb_file.seek ( 0 ) + try: + apt_pkg.ParseSection(apt_inst.debExtractControl(deb_file))["Description"] + '\n' + except: + reject("%s: Missing Description in binary package" % (f)) + continue + deb_file.close() # Check for mandatory fields @@ -449,7 +472,8 @@ def check_files(): # Ensure the architecture of the .deb is one we know about. default_suite = Cnf.get("Dinstall::DefaultSuite", "Unstable") architecture = control.Find("Architecture") - if architecture not in Cnf.ValueList("Suite::%s::Architectures" % (default_suite)): + upload_suite = changes["distribution"].keys()[0] + if architecture not in DBConn().get_suite_architectures(default_suite) and architecture not in DBConn().get_suite_architectures(upload_suite): reject("Unknown architecture '%s'." % (architecture)) # Ensure the architecture of the .deb is one of the ones @@ -495,7 +519,7 @@ def check_files(): source = files[f]["source"] source_version = "" if source.find("(") != -1: - m = daklib.utils.re_extract_src_version.match(source) + m = re_extract_src_version.match(source) source = m.group(1) source_version = m.group(2) if not source_version: @@ -504,12 +528,12 @@ def check_files(): files[f]["source version"] = source_version # Ensure the filename matches the contents of the .deb - m = daklib.utils.re_isadeb.match(f) + m = re_isadeb.match(f) # package name file_package = m.group(1) if files[f]["package"] != file_package: reject("%s: package part of filename (%s) does not match package name in the %s (%s)." % (f, file_package, files[f]["dbtype"], files[f]["package"])) - epochless_version = daklib.utils.re_no_epoch.sub('', control.Find("Version")) + epochless_version = re_no_epoch.sub('', control.Find("Version")) # version file_version = m.group(2) if epochless_version != file_version: @@ -529,7 +553,7 @@ def check_files(): # Check in the SQL database if not Upload.source_exists(source_package, source_version, changes["distribution"].keys()): # Check in one of the other directories - source_epochless_version = daklib.utils.re_no_epoch.sub('', source_version) + source_epochless_version = re_no_epoch.sub('', source_version) dsc_filename = "%s_%s.dsc" % (source_package, source_epochless_version) if os.path.exists(Cnf["Dir::Queue::Byhand"] + '/' + dsc_filename): files[f]["byhand"] = 1 @@ -547,11 +571,11 @@ def check_files(): # Check the version and for file overwrites reject(Upload.check_binary_against_db(f),"") - check_deb_ar(f) + Binary(f, reject).scan_package() # Checks for a source package... else: - m = daklib.utils.re_issource.match(f) + m = re_issource.match(f) if m: has_source = 1 files[f]["package"] = m.group(1) @@ -576,7 +600,7 @@ def check_files(): # Check the signature of a .dsc file if files[f]["type"] == "dsc": - dsc["fingerprint"] = daklib.utils.check_signature(f, reject) + dsc["fingerprint"] = utils.check_signature(f, reject) files[f]["architecture"] = "source" @@ -607,7 +631,7 @@ def check_files(): # Validate the component component = files[f]["component"] - component_id = database.get_component_id(component) + component_id = DBConn().get_component_id(component) if component_id == -1: reject("file '%s' has unknown component '%s'." % (f, component)) continue @@ -622,14 +646,14 @@ def check_files(): # Determine the location location = Cnf["Dir::Pool"] - location_id = database.get_location_id (location, component, archive) + location_id = DBConn().get_location_id(location, component, archive) if location_id == -1: reject("[INTERNAL ERROR] couldn't determine location (Component: %s, Archive: %s)" % (component, archive)) files[f]["location id"] = location_id # Check the md5sum & size against existing files (if any) - files[f]["pool name"] = daklib.utils.poolify (changes["source"], files[f]["component"]) - files_id = database.get_files_id(files[f]["pool name"] + f, files[f]["size"], files[f]["md5sum"], files[f]["location id"]) + files[f]["pool name"] = utils.poolify (changes["source"], files[f]["component"]) + files_id = DBConn().get_files_id(files[f]["pool name"] + f, files[f]["size"], files[f]["md5sum"], files[f]["location id"]) if files_id == -1: reject("INTERNAL ERROR, get_files_id() returned multiple matches for %s." % (f)) elif files_id == -2: @@ -637,16 +661,9 @@ def check_files(): files[f]["files id"] = files_id # Check for packages that have moved from one component to another - q = Upload.projectB.query(""" -SELECT c.name FROM binaries b, bin_associations ba, suite s, location l, - component c, architecture a, files f - WHERE b.package = '%s' AND s.suite_name = '%s' - AND (a.arch_string = '%s' OR a.arch_string = 'all') - AND ba.bin = b.id AND ba.suite = s.id AND b.architecture = a.id - AND f.location = l.id AND l.component = c.id AND b.file = f.id""" - % (files[f]["package"], suite, - files[f]["architecture"])) - ql = q.getresult() + files[f]['suite'] = suite + cursor.execute("""EXECUTE moved_pkg_q( %(package)s, %(suite)s, %(architecture)s )""", ( files[f] ) ) + ql = cursor.fetchone() if ql: files[f]["othercomponents"] = ql[0][0] @@ -684,22 +701,28 @@ def check_dsc(): # Parse the .dsc file try: - dsc.update(daklib.utils.parse_changes(dsc_filename, signing_rules=1)) - except daklib.utils.cant_open_exc: + dsc.update(utils.parse_changes(dsc_filename, signing_rules=1)) + except CantOpenError: # if not -n copy_to_holding() will have done this for us... if Options["No-Action"]: reject("%s: can't read file." % (dsc_filename)) - except daklib.utils.changes_parse_error_exc, line: + except ParseChangesError, line: reject("%s: parse error, can't grok: %s." % (dsc_filename, line)) - except daklib.utils.invalid_dsc_format_exc, line: + except InvalidDscError, line: reject("%s: syntax error on line %s." % (dsc_filename, line)) + except ChangesUnicodeError: + reject("%s: dsc file not proper utf-8." % (dsc_filename)) + # Build up the file list of files mentioned by the .dsc try: - dsc_files.update(daklib.utils.build_file_list(dsc, is_a_dsc=1)) - except daklib.utils.no_files_exc: + dsc_files.update(utils.build_file_list(dsc, is_a_dsc=1)) + except NoFilesFieldError: reject("%s: no Files: field." % (dsc_filename)) return 0 - except daklib.utils.changes_parse_error_exc, line: + except UnknownFormatError, format: + reject("%s: unknown format '%s'." % (dsc_filename, format)) + return 0 + except ParseChangesError, line: reject("%s: parse error, can't grok: %s." % (dsc_filename, line)) return 0 @@ -722,8 +745,8 @@ def check_dsc(): # Validate the Maintainer field try: - daklib.utils.fix_maintainer (dsc["maintainer"]) - except daklib.utils.ParseMaintError, msg: + utils.fix_maintainer (dsc["maintainer"]) + except ParseMaintError, msg: reject("%s: Maintainer field ('%s') failed to parse: %s" \ % (dsc_filename, dsc["maintainer"], msg)) @@ -743,7 +766,7 @@ def check_dsc(): pass # Ensure the version number in the .dsc matches the version number in the .changes - epochless_dsc_version = daklib.utils.re_no_epoch.sub('', dsc["version"]) + epochless_dsc_version = re_no_epoch.sub('', dsc["version"]) changes_version = files[dsc_filename]["version"] if epochless_dsc_version != files[dsc_filename]["version"]: reject("version ('%s') in .dsc does not match version ('%s') in .changes." % (epochless_dsc_version, changes_version)) @@ -751,7 +774,7 @@ def check_dsc(): # Ensure there is a .tar.gz in the .dsc file has_tar = 0 for f in dsc_files.keys(): - m = daklib.utils.re_issource.match(f) + m = re_issource.match(f) if not m: reject("%s: %s in Files field not recognised as source." % (dsc_filename, f)) continue @@ -773,6 +796,8 @@ def check_dsc(): files[orig_tar_gz] = {} files[orig_tar_gz]["size"] = os.stat(orig_tar_gz)[stat.ST_SIZE] files[orig_tar_gz]["md5sum"] = dsc_files[orig_tar_gz]["md5sum"] + files[orig_tar_gz]["sha1sum"] = dsc_files[orig_tar_gz]["sha1sum"] + files[orig_tar_gz]["sha256sum"] = dsc_files[orig_tar_gz]["sha256sum"] files[orig_tar_gz]["section"] = files[dsc_filename]["section"] files[orig_tar_gz]["priority"] = files[dsc_filename]["priority"] files[orig_tar_gz]["component"] = files[dsc_filename]["component"] @@ -799,7 +824,7 @@ def get_changelog_versions(source_dir): # Create a symlink mirror of the source files in our temporary directory for f in files.keys(): - m = daklib.utils.re_issource.match(f) + m = re_issource.match(f) if m: src = os.path.join(source_dir, f) # If a file is missing for whatever reason, give up. @@ -822,14 +847,14 @@ def get_changelog_versions(source_dir): (result, output) = commands.getstatusoutput(cmd) if (result != 0): reject("'dpkg-source -x' failed for %s [return code: %s]." % (dsc_filename, result)) - reject(daklib.utils.prefix_multi_line_string(output, " [dpkg-source output:] "), "") + reject(utils.prefix_multi_line_string(output, " [dpkg-source output:] "), "") return if not Cnf.Find("Dir::Queue::BTSVersionTrack"): return # Get the upstream version - upstr_version = daklib.utils.re_no_epoch.sub('', dsc["version"]) + upstr_version = re_no_epoch.sub('', dsc["version"]) if re_strip_revision.search(upstr_version): upstr_version = re_strip_revision.sub('', upstr_version) @@ -841,7 +866,7 @@ def get_changelog_versions(source_dir): # Parse the changelog dsc["bts changelog"] = "" - changelog_file = daklib.utils.open_file(changelog_filename) + changelog_file = utils.open_file(changelog_filename) for line in changelog_file.readlines(): m = re_changelog_versions.match(line) if m: @@ -863,13 +888,7 @@ def check_source(): or pkg.orig_tar_gz == -1: return - # Create a temporary directory to extract the source into - if Options["No-Action"]: - tmpdir = tempfile.mkdtemp() - else: - # We're in queue/holding and can create a random directory. - tmpdir = "%s" % (os.getpid()) - os.mkdir(tmpdir) + tmpdir = utils.temp_dirname() # Move into the temporary directory cwd = os.getcwd() @@ -884,7 +903,7 @@ def check_source(): shutil.rmtree(tmpdir) except OSError, e: if errno.errorcode[e.errno] != 'EACCES': - daklib.utils.fubar("%s: couldn't remove tmp dir for source tree." % (dsc["source"])) + utils.fubar("%s: couldn't remove tmp dir for source tree." % (dsc["source"])) reject("%s: source tree could not be cleanly removed." % (dsc["source"])) # We probably have u-r or u-w directories so chmod everything @@ -892,10 +911,10 @@ def check_source(): cmd = "chmod -R u+rwx %s" % (tmpdir) result = os.system(cmd) if result != 0: - daklib.utils.fubar("'%s' failed with result %s." % (cmd, result)) + utils.fubar("'%s' failed with result %s." % (cmd, result)) shutil.rmtree(tmpdir) except: - daklib.utils.fubar("%s: couldn't remove tmp dir for source tree." % (dsc["source"])) + utils.fubar("%s: couldn't remove tmp dir for source tree." % (dsc["source"])) ################################################################################ @@ -905,88 +924,23 @@ def check_urgency (): if changes["architecture"].has_key("source"): if not changes.has_key("urgency"): changes["urgency"] = Cnf["Urgency::Default"] + changes["urgency"] = changes["urgency"].lower() if changes["urgency"] not in Cnf.ValueList("Urgency::Valid"): reject("%s is not a valid urgency; it will be treated as %s by testing." % (changes["urgency"], Cnf["Urgency::Default"]), "Warning: ") changes["urgency"] = Cnf["Urgency::Default"] - changes["urgency"] = changes["urgency"].lower() ################################################################################ def check_hashes (): - # Make sure we recognise the format of the Files: field - format = changes.get("format", "0.0").split(".",1) - if len(format) == 2: - format = int(format[0]), int(format[1]) - else: - format = int(float(format[0])), 0 - - check_hash(".changes", files, "md5sum", apt_pkg.md5sum) - check_hash(".dsc", dsc_files, "md5sum", apt_pkg.md5sum) - - if format >= (1,8): - hashes = [("sha1", apt_pkg.sha1sum), - ("sha256", apt_pkg.sha256sum)] - else: - hashes = [] - - for x in changes: - if x.startswith("checksum-"): - h = x.split("-",1)[1] - if h not in dict(hashes): - reject("Unsupported checksum field in .changes" % (h)) - - for x in dsc: - if x.startswith("checksum-"): - h = x.split("-",1)[1] - if h not in dict(hashes): - reject("Unsupported checksum field in .dsc" % (h)) - - for h,f in hashes: - try: - fs = daklib.utils.build_file_list(changes, 0, "checksums-%s" % h, h) - check_hash(".changes %s" % (h), fs, h, f, files) - except daklib.utils.no_files_exc: - reject("No Checksums-%s: field in .changes" % (h)) - except daklib.utils.changes_parse_error_exc, line: - reject("parse error for Checksums-%s in .changes, can't grok: %s." % (h, line)) - - if "source" not in changes["architecture"]: continue - - try: - fs = daklib.utils.build_file_list(dsc, 1, "checksums-%s" % h, h) - check_hash(".dsc %s" % (h), fs, h, f, dsc_files) - except daklib.utils.no_files_exc: - reject("No Checksums-%s: field in .dsc" % (h)) - except daklib.utils.changes_parse_error_exc, line: - reject("parse error for Checksums-%s in .dsc, can't grok: %s." % (h, line)) - -################################################################################ - -def check_hash (where, lfiles, key, testfn, basedict = None): - if basedict: - for f in basedict.keys(): - if f not in lfiles: - reject("%s: no %s checksum" % (f, key)) - - for f in lfiles.keys(): - if basedict and f not in basedict: - reject("%s: extraneous entry in %s checksums" % (f, key)) - - try: - file_handle = daklib.utils.open_file(f) - except daklib.utils.cant_open_exc: - continue + utils.check_hash(".changes", files, "md5", apt_pkg.md5sum) + utils.check_size(".changes", files) + utils.check_hash(".dsc", dsc_files, "md5", apt_pkg.md5sum) + utils.check_size(".dsc", dsc_files) - # Check hash - if testfn(file_handle) != lfiles[f][key]: - reject("%s: %s check failed." % (f, key)) - file_handle.close() - # Check size - actual_size = os.stat(f)[stat.ST_SIZE] - size = int(lfiles[f]["size"]) - if size != actual_size: - reject("%s: actual file size (%s) does not match size (%s) in %s" - % (f, actual_size, size, where)) + # This is stupid API, but it'll have to do for now until + # we actually have proper abstraction + for m in utils.ensure_hashes(changes, dsc, files, dsc_files): + reject(m) ################################################################################ @@ -1019,7 +973,7 @@ def check_timestamps(): if files[filename]["type"] == "deb": tar.reset() try: - deb_file = daklib.utils.open_file(filename) + deb_file = utils.open_file(filename) apt_inst.debExtract(deb_file,tar.callback,"control.tar.gz") deb_file.seek(0) try: @@ -1055,32 +1009,46 @@ def check_timestamps(): ################################################################################ def lookup_uid_from_fingerprint(fpr): - q = Upload.projectB.query("SELECT u.uid, u.name FROM fingerprint f, uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr)) - qs = q.getresult() - if len(qs) == 0: - return (None, None) + """ + Return the uid,name,isdm for a given gpg fingerprint + + @type fpr: string + @param fpr: a 40 byte GPG fingerprint + + @return: (uid, name, isdm) + """ + cursor = DBConn().cursor() + cursor.execute( "SELECT u.uid, u.name, k.debian_maintainer FROM fingerprint f JOIN keyrings k ON (f.keyring=k.id), uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr)) + qs = cursor.fetchone() + if qs: + return qs else: - return qs[0] + return (None, None, False) def check_signed_by_key(): """Ensure the .changes is signed by an authorized uploader.""" - (uid, uid_name) = lookup_uid_from_fingerprint(changes["fingerprint"]) + (uid, uid_name, is_dm) = lookup_uid_from_fingerprint(changes["fingerprint"]) if uid_name == None: uid_name = "" # match claimed name with actual name: - if uid == None: + if uid is None: + # This is fundamentally broken but need us to refactor how we get + # the UIDs/Fingerprints in order for us to fix it properly uid, uid_email = changes["fingerprint"], uid may_nmu, may_sponsor = 1, 1 # XXX by default new dds don't have a fingerprint/uid in the db atm, # and can't get one in there if we don't allow nmu/sponsorship - elif uid[:3] == "dm:": - uid_email = uid[3:] - may_nmu, may_sponsor = 0, 0 - else: + elif is_dm is False: + # If is_dm is False, we allow full upload rights uid_email = "%s@debian.org" % (uid) may_nmu, may_sponsor = 1, 1 + else: + # Assume limited upload rights unless we've discovered otherwise + uid_email = uid + may_nmu, may_sponsor = 0, 0 + if uid_email in [changes["maintaineremail"], changes["changedbyemail"]]: sponsored = 0 @@ -1090,8 +1058,8 @@ def check_signed_by_key(): else: sponsored = 1 if ("source" in changes["architecture"] and - uid_email and daklib.utils.is_email_alias(uid_email)): - sponsor_addresses = daklib.utils.gpg_get_key_addresses(changes["fingerprint"]) + uid_email and utils.is_email_alias(uid_email)): + sponsor_addresses = utils.gpg_get_key_addresses(changes["fingerprint"]) if (changes["maintaineremail"] not in sponsor_addresses and changes["changedbyemail"] not in sponsor_addresses): changes["sponsoremail"] = uid_email @@ -1099,35 +1067,52 @@ def check_signed_by_key(): if sponsored and not may_sponsor: reject("%s is not authorised to sponsor uploads" % (uid)) + cursor = DBConn().cursor() if not sponsored and not may_nmu: source_ids = [] - check_suites = changes["distribution"].keys() - if "unstable" not in check_suites: check_suites.append("unstable") - for suite in check_suites: - suite_id = database.get_suite_id(suite) - q = Upload.projectB.query("SELECT s.id FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND sa.suite = %d" % (changes["source"], suite_id)) - for si in q.getresult(): - if si[0] not in source_ids: source_ids.append(si[0]) - - print "source_ids: %s" % (",".join([str(x) for x in source_ids])) - - is_nmu = 1 - for si in source_ids: - is_nmu = 1 - q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT maintainer FROM src_uploaders WHERE src_uploaders.source = %s)" % (si)) - for m in q.getresult(): - (rfc822, rfc2047, name, email) = daklib.utils.fix_maintainer(m[0]) + cursor.execute( "SELECT s.id, s.version FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = %(source)s AND s.dm_upload_allowed = 'yes'", changes ) + + highest_sid, highest_version = None, None + + should_reject = True + while True: + si = cursor.fetchone() + if not si: + break + + if highest_version == None or apt_pkg.VersionCompare(si[1], highest_version) == 1: + highest_sid = si[0] + highest_version = si[1] + + if highest_sid == None: + reject("Source package %s does not have 'DM-Upload-Allowed: yes' in its most recent version" % changes["source"]) + else: + + cursor.execute("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT su.maintainer FROM src_uploaders su JOIN source s ON (s.id = su.source) WHERE su.source = %s)" % (highest_sid)) + + while True: + m = cursor.fetchone() + if not m: + break + + (rfc822, rfc2047, name, email) = utils.fix_maintainer(m[0]) if email == uid_email or name == uid_name: - is_nmu=0 + should_reject=False break - if is_nmu: - reject("%s may not upload/NMU source package %s" % (uid, changes["source"])) + + if should_reject == True: + reject("%s is not in Maintainer or Uploaders of source package %s" % (uid, changes["source"])) for b in changes["binary"].keys(): for suite in changes["distribution"].keys(): - suite_id = database.get_suite_id(suite) - q = Upload.projectB.query("SELECT DISTINCT s.source FROM source s JOIN binaries b ON (s.id = b.source) JOIN bin_associations ba On (b.id = ba.bin) WHERE b.package = '%s' AND ba.suite = %s" % (b, suite_id)) - for s in q.getresult(): + suite_id = DBConn().get_suite_id(suite) + + cursor.execute("SELECT DISTINCT s.source FROM source s JOIN binaries b ON (s.id = b.source) JOIN bin_associations ba On (b.id = ba.bin) WHERE b.package = %(package)s AND ba.suite = %(suite)s" , {'package':b, 'suite':suite_id} ) + while True: + s = cursor.fetchone() + if not s: + break + if s[0] != changes["source"]: reject("%s may not hijack %s from source package %s in suite %s" % (uid, b, s, suite)) @@ -1137,42 +1122,6 @@ def check_signed_by_key(): if files[f].has_key("new"): reject("%s may not upload NEW file %s" % (uid, f)) - # The remaining checks only apply to binary-only uploads right now - if changes["architecture"].has_key("source"): - return - - if not Cnf.Exists("Binary-Upload-Restrictions"): - return - - restrictions = Cnf.SubTree("Binary-Upload-Restrictions") - - # If the restrictions only apply to certain components make sure - # that the upload is actual targeted there. - if restrictions.Exists("Components"): - restricted_components = restrictions.SubTree("Components").ValueList() - is_restricted = False - for f in files: - if files[f]["component"] in restricted_components: - is_restricted = True - break - if not is_restricted: - return - - # Assuming binary only upload restrictions are in place we then - # iterate over suite and architecture checking the key is in the - # allowed list. If no allowed list exists for a given suite or - # architecture it's assumed to be open to anyone. - for suite in changes["distribution"].keys(): - if not restrictions.Exists(suite): - continue - for arch in changes["architecture"].keys(): - if not restrictions.SubTree(suite).Exists(arch): - continue - allowed_keys = restrictions.SubTree("%s::%s" % (suite, arch)).ValueList() - if changes["fingerprint"] not in allowed_keys: - base_filename = os.path.basename(pkg.changes_file) - reject("%s: not signed by authorised uploader for %s/%s" - % (base_filename, suite, arch)) ################################################################################ ################################################################################ @@ -1266,8 +1215,8 @@ def action (): answer = 'A' while prompt.find(answer) == -1: - answer = daklib.utils.our_raw_input(prompt) - m = queue.re_default_answer.match(prompt) + answer = utils.our_raw_input(prompt) + m = re_default_answer.match(prompt) if answer == "": answer = m.group(1) answer = answer[:1].upper() @@ -1299,19 +1248,17 @@ def accept (summary, short_summary): ################################################################################ def move_to_dir (dest, perms=0660, changesperms=0664): - daklib.utils.move (pkg.changes_file, dest, perms=changesperms) + utils.move (pkg.changes_file, dest, perms=changesperms) file_keys = files.keys() for f in file_keys: - daklib.utils.move (f, dest, perms=perms) + utils.move (f, dest, perms=perms) ################################################################################ def is_unembargo (): - q = Upload.projectB.query( - "SELECT package FROM disembargo WHERE package = '%s' AND version = '%s'" % - (changes["source"], changes["version"])) - ql = q.getresult() - if ql: + cursor = DBConn().cursor() + cursor.execute( "SELECT package FROM disembargo WHERE package = %(source)s AND version = %(version)s", changes ) + if cursor.fetchone(): return 1 oldcwd = os.getcwd() @@ -1323,9 +1270,9 @@ def is_unembargo (): if changes["architecture"].has_key("source"): if Options["No-Action"]: return 1 - Upload.projectB.query( - "INSERT INTO disembargo (package, version) VALUES ('%s', '%s')" % - (changes["source"], changes["version"])) + cursor.execute( "INSERT INTO disembargo (package, version) VALUES ('%(package)s', '%(version)s')", + changes ) + cursor.execute( "COMMIT" ) return 1 return 0 @@ -1342,6 +1289,14 @@ def queue_unembargo (summary, short_summary): Upload.Subst["__SUMMARY__"] = summary Upload.check_override() + # Send accept mail, announce to lists, close bugs and check for + # override disparities + if not Cnf["Dinstall::Options::No-Mail"]: + Upload.Subst["__SUITE__"] = "" + mail_message = utils.TemplateSubst(Upload.Subst,Cnf["Dir::Templates"]+"/process-unchecked.accepted") + utils.send_mail(mail_message) + Upload.announce(short_summary, 1) + ################################################################################ def is_embargo (): @@ -1360,6 +1315,14 @@ def queue_embargo (summary, short_summary): Upload.Subst["__SUMMARY__"] = summary Upload.check_override() + # Send accept mail, announce to lists, close bugs and check for + # override disparities + if not Cnf["Dinstall::Options::No-Mail"]: + Upload.Subst["__SUITE__"] = "" + mail_message = utils.TemplateSubst(Upload.Subst,Cnf["Dir::Templates"]+"/process-unchecked.accepted") + utils.send_mail(mail_message) + Upload.announce(short_summary, 1) + ################################################################################ def is_stableupdate (): @@ -1367,12 +1330,18 @@ def is_stableupdate (): return 0 if not changes["architecture"].has_key("source"): - pusuite = database.get_suite_id("proposed-updates") - q = Upload.projectB.query( - "SELECT S.source FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.version = '%s' AND sa.suite = %d" % - (changes["source"], changes["version"], pusuite)) - ql = q.getresult() - if ql: + pusuite = DBConn().get_suite_id("proposed-updates") + cursor = DBConn().cursor() + cursor.execute( """SELECT 1 FROM source s + JOIN src_associations sa ON (s.id = sa.source) + WHERE s.source = %(source)s + AND s.version = %(version)s + AND sa.suite = %(suite)s""", + {'source' : changes['source'], + 'version' : changes['version'], + 'suite' : pusuite}) + + if cursor.fetchone(): # source is already in proposed-updates so no need to hold return 0 @@ -1380,14 +1349,14 @@ def is_stableupdate (): def do_stableupdate (summary, short_summary): print "Moving to PROPOSED-UPDATES holding area." - Logger.log(["Moving to proposed-updates", pkg.changes_file]); + Logger.log(["Moving to proposed-updates", pkg.changes_file]) - Upload.dump_vars(Cnf["Dir::Queue::ProposedUpdates"]); - move_to_dir(Cnf["Dir::Queue::ProposedUpdates"]) + Upload.dump_vars(Cnf["Dir::Queue::ProposedUpdates"]) + move_to_dir(Cnf["Dir::Queue::ProposedUpdates"], perms=0664) # Check for override disparities - Upload.Subst["__SUMMARY__"] = summary; - Upload.check_override(); + Upload.Subst["__SUMMARY__"] = summary + Upload.check_override() ################################################################################ @@ -1396,27 +1365,31 @@ def is_oldstableupdate (): return 0 if not changes["architecture"].has_key("source"): - pusuite = database.get_suite_id("oldstable-proposed-updates") - q = Upload.projectB.query( - "SELECT S.source FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.version = '%s' AND sa.suite = %d" % - (changes["source"], changes["version"], pusuite)) - ql = q.getresult() - if ql: - # source is already in oldstable-proposed-updates so no need to hold + pusuite = DBConn().get_suite_id("oldstable-proposed-updates") + cursor = DBConn().cursor() + cursor.execute( """SELECT 1 FROM source s + JOIN src_associations sa ON (s.id = sa.source) + WHERE s.source = %(source)s + AND s.version = %(version)s + AND sa.suite = %(suite)s""", + {'source' : changes['source'], + 'version' : changes['version'], + 'suite' : pusuite}) + if cursor.fetchone(): return 0 return 1 def do_oldstableupdate (summary, short_summary): print "Moving to OLDSTABLE-PROPOSED-UPDATES holding area." - Logger.log(["Moving to oldstable-proposed-updates", pkg.changes_file]); + Logger.log(["Moving to oldstable-proposed-updates", pkg.changes_file]) - Upload.dump_vars(Cnf["Dir::Queue::OldProposedUpdates"]); - move_to_dir(Cnf["Dir::Queue::OldProposedUpdates"]) + Upload.dump_vars(Cnf["Dir::Queue::OldProposedUpdates"]) + move_to_dir(Cnf["Dir::Queue::OldProposedUpdates"], perms=0664) # Check for override disparities - Upload.Subst["__SUMMARY__"] = summary; - Upload.check_override(); + Upload.Subst["__SUMMARY__"] = summary + Upload.check_override() ################################################################################ @@ -1519,13 +1492,13 @@ def acknowledge_new (summary, short_summary): Logger.log(["Moving to new", pkg.changes_file]) Upload.dump_vars(Cnf["Dir::Queue::New"]) - move_to_dir(Cnf["Dir::Queue::New"]) + move_to_dir(Cnf["Dir::Queue::New"], perms=0640, changesperms=0644) if not Options["No-Mail"]: print "Sending new ack." Subst["__SUMMARY__"] = summary - new_ack_message = daklib.utils.TemplateSubst(Subst,Cnf["Dir::Templates"]+"/process-unchecked.new") - daklib.utils.send_mail(new_ack_message) + new_ack_message = utils.TemplateSubst(Subst,Cnf["Dir::Templates"]+"/process-unchecked.new") + utils.send_mail(new_ack_message) ################################################################################ @@ -1566,7 +1539,7 @@ def process_it (changes_file): # Relativize the filename so we use the copy in holding # rather than the original... pkg.changes_file = os.path.basename(pkg.changes_file) - changes["fingerprint"] = daklib.utils.check_signature(pkg.changes_file, reject) + changes["fingerprint"] = utils.check_signature(pkg.changes_file, reject) if changes["fingerprint"]: valid_changes_p = check_changes() else: @@ -1608,16 +1581,16 @@ def main(): # Ensure all the arguments we were given are .changes files for f in changes_files: if not f.endswith(".changes"): - daklib.utils.warn("Ignoring '%s' because it's not a .changes file." % (f)) + utils.warn("Ignoring '%s' because it's not a .changes file." % (f)) changes_files.remove(f) if changes_files == []: - daklib.utils.fubar("Need at least one .changes file as an argument.") + utils.fubar("Need at least one .changes file as an argument.") # Check that we aren't going to clash with the daily cron job if not Options["No-Action"] and os.path.exists("%s/daily.lock" % (Cnf["Dir::Lock"])) and not Options["No-Lock"]: - daklib.utils.fubar("Archive maintenance in progress. Try again later.") + utils.fubar("Archive maintenance in progress. Try again later.") # Obtain lock if not in no-action mode and initialize the log @@ -1627,7 +1600,7 @@ def main(): fcntl.lockf(lock_fd, fcntl.LOCK_EX | fcntl.LOCK_NB) except IOError, e: if errno.errorcode[e.errno] == 'EACCES' or errno.errorcode[e.errno] == 'EAGAIN': - daklib.utils.fubar("Couldn't obtain lock; assuming another 'dak process-unchecked' is already running.") + utils.fubar("Couldn't obtain lock; assuming another 'dak process-unchecked' is already running.") else: raise Logger = Upload.Logger = logging.Logger(Cnf, "process-unchecked") @@ -1641,7 +1614,7 @@ def main(): # Sort the .changes files so that we process sourceful ones first - changes_files.sort(daklib.utils.changes_compare) + changes_files.sort(utils.changes_compare) # Process the changes files for changes_file in changes_files: @@ -1658,7 +1631,7 @@ def main(): sets = "set" if accept_count > 1: sets = "sets" - print "Accepted %d package %s, %s." % (accept_count, sets, daklib.utils.size_type(int(accept_bytes))) + print "Accepted %d package %s, %s." % (accept_count, sets, utils.size_type(int(accept_bytes))) Logger.log(["total",accept_count,accept_bytes]) if not Options["No-Action"]: