X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=9301497b6ee18e6c2a31c1fa86af91b6dbad19d2;hb=ec44bcc3b4bbeb7a389dda77f39ff54436d1b181;hp=aa38a0032c5de584e63ff9a56b22236ca295b35e;hpb=0de0852e9dce3a4ac0f9d18f2479ab899a2060a9;p=dak.git diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index aa38a003..9301497b 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -562,7 +562,7 @@ def check_files(): # Check the version and for file overwrites reject(Upload.check_binary_against_db(f),"") - Binary(f, reject).scan_package( ) + Binary(f, reject).scan_package() # Checks for a source package... else: @@ -1003,10 +1003,10 @@ def lookup_uid_from_fingerprint(fpr): """ Return the uid,name,isdm for a given gpg fingerprint - @ptype fpr: string + @type fpr: string @param fpr: a 40 byte GPG fingerprint - @return (uid, name, isdm) + @return: (uid, name, isdm) """ cursor = DBConn().cursor() cursor.execute( "SELECT u.uid, u.name, k.debian_maintainer FROM fingerprint f JOIN keyrings k ON (f.keyring=k.id), uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr)) @@ -1014,7 +1014,7 @@ def lookup_uid_from_fingerprint(fpr): if qs: return qs else: - return (None, None, None) + return (None, None, False) def check_signed_by_key(): """Ensure the .changes is signed by an authorized uploader.""" @@ -1024,17 +1024,22 @@ def check_signed_by_key(): uid_name = "" # match claimed name with actual name: - if uid == None: + if uid is None: + # This is fundamentally broken but need us to refactor how we get + # the UIDs/Fingerprints in order for us to fix it properly uid, uid_email = changes["fingerprint"], uid may_nmu, may_sponsor = 1, 1 # XXX by default new dds don't have a fingerprint/uid in the db atm, # and can't get one in there if we don't allow nmu/sponsorship - elif is_dm is "t": - uid_email = uid - may_nmu, may_sponsor = 0, 0 - else: + elif is_dm is False: + # If is_dm is False, we allow full upload rights uid_email = "%s@debian.org" % (uid) may_nmu, may_sponsor = 1, 1 + else: + # Assume limited upload rights unless we've discovered otherwise + uid_email = uid + may_nmu, may_sponsor = 0, 0 + if uid_email in [changes["maintaineremail"], changes["changedbyemail"]]: sponsored = 0 @@ -1053,6 +1058,7 @@ def check_signed_by_key(): if sponsored and not may_sponsor: reject("%s is not authorised to sponsor uploads" % (uid)) + cursor = DBConn().cursor() if not sponsored and not may_nmu: source_ids = [] cursor.execute( "SELECT s.id, s.version FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = %(source)s AND s.dm_upload_allowed = 'yes'", changes ) @@ -1320,8 +1326,8 @@ def is_stableupdate (): cursor.execute( """SELECT 1 FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = %(source)s - AND s.version = '%(version)s' - AND sa.suite = %(suite)d""", + AND s.version = %(version)s + AND sa.suite = %(suite)s""", {'source' : changes['source'], 'version' : changes['version'], 'suite' : pusuite}) @@ -1352,14 +1358,14 @@ def is_oldstableupdate (): if not changes["architecture"].has_key("source"): pusuite = DBConn().get_suite_id("oldstable-proposed-updates") cursor = DBConn().cursor() - cursor.execute( """"SELECT 1 FROM source s - JOIN src_associations sa ON (s.id = sa.source) - WHERE s.source = %(source)s - AND s.version = %(version)s - AND sa.suite = %d""", - {'source' : changes['source'], + cursor.execute( """SELECT 1 FROM source s + JOIN src_associations sa ON (s.id = sa.source) + WHERE s.source = %(source)s + AND s.version = %(version)s + AND sa.suite = %(suite)s""", + {'source' : changes['source'], 'version' : changes['version'], - 'suite' : pusuite}) + 'suite' : pusuite}) if cursor.fetchone(): return 0