X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=9301497b6ee18e6c2a31c1fa86af91b6dbad19d2;hb=1e1457bde3318c6605b4c97d4299803fdaf8e774;hp=491c5560ec7b7c968b17bbeeb37c4514f778c049;hpb=a4a019fa541fec6ad205f5e36e5f2a2cdf797235;p=dak.git diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index 491c5560..9301497b 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -37,7 +37,6 @@ import shutil import stat import sys import time -import tempfile import traceback import tarfile import apt_inst @@ -145,16 +144,6 @@ def reject (str, prefix="Rejected: "): ################################################################################ -def create_tmpdir(): - """ - Create a temporary directory that can be used for unpacking files into for - checking - """ - tmpdir = tempfile.mkdtemp() - return tmpdir - -################################################################################ - def copy_to_holding(filename): global in_holding @@ -400,7 +389,8 @@ def check_files(): cursor = DBConn().cursor() # Check for packages that have moved from one component to another # STU: this should probably be changed to not join on architecture, suite tables but instead to used their cached name->id mappings from DBConn - cursor.execute("""PREPARE moved_pkg_q AS + DBConn().prepare("moved_pkg_q", """ + PREPARE moved_pkg_q(text,text,text) AS SELECT c.name FROM binaries b, bin_associations ba, suite s, location l, component c, architecture a, files f WHERE b.package = $1 AND s.suite_name = $2 @@ -572,7 +562,7 @@ def check_files(): # Check the version and for file overwrites reject(Upload.check_binary_against_db(f),"") - Binary(f).scan_package() + Binary(f, reject).scan_package() # Checks for a source package... else: @@ -889,7 +879,7 @@ def check_source(): or pkg.orig_tar_gz == -1: return - tmpdir = create_tmpdir() + tmpdir = utils.temp_dirname() # Move into the temporary directory cwd = os.getcwd() @@ -1013,10 +1003,10 @@ def lookup_uid_from_fingerprint(fpr): """ Return the uid,name,isdm for a given gpg fingerprint - @ptype fpr: string + @type fpr: string @param fpr: a 40 byte GPG fingerprint - @return (uid, name, isdm) + @return: (uid, name, isdm) """ cursor = DBConn().cursor() cursor.execute( "SELECT u.uid, u.name, k.debian_maintainer FROM fingerprint f JOIN keyrings k ON (f.keyring=k.id), uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr)) @@ -1024,7 +1014,7 @@ def lookup_uid_from_fingerprint(fpr): if qs: return qs else: - return (None, None, None) + return (None, None, False) def check_signed_by_key(): """Ensure the .changes is signed by an authorized uploader.""" @@ -1034,17 +1024,22 @@ def check_signed_by_key(): uid_name = "" # match claimed name with actual name: - if uid == None: + if uid is None: + # This is fundamentally broken but need us to refactor how we get + # the UIDs/Fingerprints in order for us to fix it properly uid, uid_email = changes["fingerprint"], uid may_nmu, may_sponsor = 1, 1 # XXX by default new dds don't have a fingerprint/uid in the db atm, # and can't get one in there if we don't allow nmu/sponsorship - elif is_dm is "t": - uid_email = uid - may_nmu, may_sponsor = 0, 0 - else: + elif is_dm is False: + # If is_dm is False, we allow full upload rights uid_email = "%s@debian.org" % (uid) may_nmu, may_sponsor = 1, 1 + else: + # Assume limited upload rights unless we've discovered otherwise + uid_email = uid + may_nmu, may_sponsor = 0, 0 + if uid_email in [changes["maintaineremail"], changes["changedbyemail"]]: sponsored = 0 @@ -1063,6 +1058,7 @@ def check_signed_by_key(): if sponsored and not may_sponsor: reject("%s is not authorised to sponsor uploads" % (uid)) + cursor = DBConn().cursor() if not sponsored and not may_nmu: source_ids = [] cursor.execute( "SELECT s.id, s.version FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = %(source)s AND s.dm_upload_allowed = 'yes'", changes ) @@ -1330,11 +1326,11 @@ def is_stableupdate (): cursor.execute( """SELECT 1 FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = %(source)s - AND s.version = '%(version)s' - AND sa.suite = %(suite)d""", + AND s.version = %(version)s + AND sa.suite = %(suite)s""", {'source' : changes['source'], 'version' : changes['version'], - 'suite' : pasuite}) + 'suite' : pusuite}) if cursor.fetchone(): # source is already in proposed-updates so no need to hold @@ -1362,14 +1358,14 @@ def is_oldstableupdate (): if not changes["architecture"].has_key("source"): pusuite = DBConn().get_suite_id("oldstable-proposed-updates") cursor = DBConn().cursor() - cursor.execute( """"SELECT 1 FROM source s - JOIN src_associations sa ON (s.id = sa.source) - WHERE s.source = %(source)s - AND s.version = %(version)s - AND sa.suite = %d""", - {'source' : changes['source'], + cursor.execute( """SELECT 1 FROM source s + JOIN src_associations sa ON (s.id = sa.source) + WHERE s.source = %(source)s + AND s.version = %(version)s + AND sa.suite = %(suite)s""", + {'source' : changes['source'], 'version' : changes['version'], - 'suite' : pasuite}) + 'suite' : pusuite}) if cursor.fetchone(): return 0