X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=ab8993a1a4d5305f58237f7434b22754426b1fd2;hb=b46b317a6c609971564f0a7dc70db85a47743756;hp=aac33d234662ac6831bc89219169740490467d67;hpb=493989aa71acc36dd9b141d1949cdb4d63b04261;p=dak.git diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index aac33d23..ab8993a1 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -36,6 +36,8 @@ import daklib.queue import daklib.utils from types import * +from syck import * + ################################################################################ @@ -255,7 +257,7 @@ def check_changes(): # Check there isn't already a changes file of the same name in one # of the queue directories. base_filename = os.path.basename(filename) - for dir in [ "Accepted", "Byhand", "Done", "New", "ProposedUpdates" ]: + for dir in [ "Accepted", "Byhand", "Done", "New", "ProposedUpdates", "OldProposedUpdates" ]: if os.path.exists(Cnf["Dir::Queue::%s" % (dir) ]+'/'+base_filename): reject("%s: a file with this name already exists in the %s directory." % (base_filename, dir)) @@ -329,9 +331,7 @@ def check_deb_ar(filename, control): o control.tar.gz o data.tar.gz or data.tar.bz2 -in that order, and nothing else. If the third member is a -data.tar.bz2, an additional check is performed for the required -Pre-Depends on dpkg (>= 1.10.24).""" +in that order, and nothing else.""" cmd = "ar t %s" % (filename) (result, output) = commands.getstatusoutput(cmd) if result != 0: @@ -344,22 +344,7 @@ Pre-Depends on dpkg (>= 1.10.24).""" reject("%s: first chunk is '%s', expected 'debian-binary'." % (filename, chunks[0])) if chunks[1] != "control.tar.gz": reject("%s: second chunk is '%s', expected 'control.tar.gz'." % (filename, chunks[1])) - if chunks[2] == "data.tar.bz2": - # Packages using bzip2 compression must have a Pre-Depends on dpkg >= 1.10.24. - found_needed_predep = 0 - for parsed_dep in apt_pkg.ParseDepends(control.Find("Pre-Depends", "")): - for atom in parsed_dep: - (dep, version, constraint) = atom - if dep != "dpkg" or (constraint != ">=" and constraint != ">>") or \ - len(parsed_dep) > 1: # or'ed deps don't count - continue - if (constraint == ">=" and apt_pkg.VersionCompare(version, "1.10.24") < 0) or \ - (constraint == ">>" and apt_pkg.VersionCompare(version, "1.10.23") < 0): - continue - found_needed_predep = 1 - if not found_needed_predep: - reject("%s: uses bzip2 compression, but doesn't Pre-Depend on dpkg (>= 1.10.24)" % (filename)) - elif chunks[2] != "data.tar.gz": + if chunks[2] not in [ "data.tar.bz2", "data.tar.gz" ]: reject("%s: third chunk is '%s', expected 'data.tar.gz' or 'data.tar.bz2'." % (filename, chunks[2])) ################################################################################ @@ -404,7 +389,8 @@ def check_files(): for file in file_keys: # Ensure the file does not already exist in one of the accepted directories - for dir in [ "Accepted", "Byhand", "New", "ProposedUpdates" ]: + for dir in [ "Accepted", "Byhand", "New", "ProposedUpdates", "OldProposedUpdates", "Embargoed", "Unembargoed" ]: + if not Cnf.has_key("Dir::Queue::%s" % (dir)): continue if os.path.exists(Cnf["Dir::Queue::%s" % (dir) ]+'/'+file): reject("%s file already exists in the %s directory." % (file, dir)) if not daklib.utils.re_taint_free.match(file): @@ -421,7 +407,7 @@ def check_files(): files[file]["type"] = "unreadable" continue # If it's byhand skip remaining checks - if files[file]["section"] == "byhand" or files[file]["section"] == "raw-installer": + if files[file]["section"] == "byhand" or files[file]["section"][:4] == "raw-": files[file]["byhand"] = 1 files[file]["type"] = "byhand" # Checks for a binary package... @@ -540,7 +526,7 @@ def check_files(): files[file]["new"] = 1 else: dsc_file_exists = 0 - for myq in ["Accepted", "Embargoed", "Unembargoed", "ProposedUpdates"]: + for myq in ["Accepted", "Embargoed", "Unembargoed", "ProposedUpdates", "OldProposedUpdates"]: if Cnf.has_key("Dir::Queue::%s" % (myq)): if os.path.exists(Cnf["Dir::Queue::"+myq] + '/' + dsc_filename): dsc_file_exists = 1 @@ -757,6 +743,7 @@ def check_dsc(): m = daklib.utils.re_issource.match(f) if not m: reject("%s: %s in Files field not recognised as source." % (dsc_filename, f)) + continue type = m.group(3) if type == "orig.tar.gz" or type == "tar.gz": has_tar = 1 @@ -1015,10 +1002,84 @@ def check_timestamps(): ################################################################################ +def lookup_uid_from_fingerprint(fpr): + q = Upload.projectB.query("SELECT u.uid, u.name FROM fingerprint f, uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr)) + qs = q.getresult() + if len(qs) == 0: + return (None, None) + else: + return qs[0] + def check_signed_by_key(): """Ensure the .changes is signed by an authorized uploader.""" - # We only check binary-only uploads right now + (uid, uid_name) = lookup_uid_from_fingerprint(changes["fingerprint"]) + if uid_name == None: + uid_name = "" + + # match claimed name with actual name: + if uid == None: + uid, uid_email = changes["fingerprint"], uid + may_nmu, may_sponsor = 1, 1 + # XXX by default new dds don't have a fingerprint/uid in the db atm, + # and can't get one in there if we don't allow nmu/sponsorship + elif uid[:3] == "dm:": + uid_email = uid[3:] + may_nmu, may_sponsor = 0, 0 + else: + uid_email = "%s@debian.org" % (uid) + may_nmu, may_sponsor = 1, 1 + + if uid_email in [changes["maintaineremail"], changes["changedbyemail"]]: + sponsored = 0 + elif uid_name in [changes["maintainername"], changes["changedbyname"]]: + sponsored = 0 + if uid_name == "": sponsored = 1 + else: + sponsored = 1 + + if sponsored and not may_sponsor: + reject("%s is not authorised to sponsor uploads" % (uid)) + + if not sponsored and not may_nmu: + source_ids = [] + check_suites = changes["distribution"].keys() + if "unstable" not in check_suites: check_suites.append("unstable") + for suite in check_suites: + suite_id = daklib.database.get_suite_id(suite) + q = Upload.projectB.query("SELECT s.id FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND sa.suite = %d" % (changes["source"], suite_id)) + for si in q.getresult(): + if si[0] not in source_ids: source_ids.append(si[0]) + + print "source_ids: %s" % (",".join([str(x) for x in source_ids])) + + is_nmu = 1 + for si in source_ids: + is_nmu = 1 + q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT maintainer FROM src_uploaders WHERE src_uploaders.source = %s)" % (si)) + for m in q.getresult(): + (rfc822, rfc2047, name, email) = daklib.utils.fix_maintainer(m[0]) + if email == uid_email or name == uid_name: + is_nmu=0 + break + if is_nmu: + reject("%s may not upload/NMU source package %s" % (uid, changes["source"])) + + for b in changes["binary"].keys(): + for suite in changes["distribution"].keys(): + suite_id = daklib.database.get_suite_id(suite) + q = Upload.projectB.query("SELECT DISTINCT s.source FROM source s JOIN binaries b ON (s.id = b.source) JOIN bin_associations ba On (b.id = ba.bin) WHERE b.package = '%s' AND ba.suite = %s" % (b, suite_id)) + for s in q.getresult(): + if s[0] != changes["source"]: + reject("%s may not hijack %s from source package %s in suite %s" % (uid, b, s, suite)) + + for file in files.keys(): + if files[file].has_key("byhand"): + reject("%s may not upload BYHAND file %s" % (uid, file)) + if files[file].has_key("new"): + reject("%s may not upload NEW file %s" % (uid, file)) + + # The remaining checks only apply to binary-only uploads right now if changes["architecture"].has_key("source"): return @@ -1080,6 +1141,79 @@ def upload_too_new(): os.chdir(cwd) return too_new +################################################################################ +################################################################################ + +# We reject packages if the release team defined a transition for them +def check_transition(): + to_dump = 0 + + # Only check if there is a file defined with checks. It's a little bit + # specific to Debian, not much use for others, so return early there. + if not Cnf.has_key("Dinstall::Reject::ReleaseTransitions"): + return + + # No need to do anything if this upload has no source included + if not changes["architecture"].has_key("source"): + return + + # We first load the current set of transitions, if any + if not os.path.exists("%s" % (Cnf["Dinstall::Reject::ReleaseTransitions"])): + # Nothing to do, no file exists + return + # Parse the yaml file + sourcefile = file(Cnf["Dinstall::Reject::ReleaseTransitions"], 'r') + transitions = load(sourcefile) + + # Now look through all defined transitions + for trans in transition: + t = transition[trans] + # We check if the transition is still valid + # If not we remove the whole setting from the dictionary and later dump it, + # so we don't process it again. + source = t["source"] + new_vers = t["new"] + q = Upload.projectB.query(""" + SELECT s.version FROM source s, suite su, src_associations sa + WHERE sa.source=s.id + AND sa.suite=su.id + AND su.suite_name='testing' + AND s.source='%s'""" + % (source)) + ql = q.getresult() + if ql: + current_vers = ql[0][0] + if apt_pkg.VersionCompare(new_vers, current_vers) == 1: + # This is still valid, the current version in database is older than + # the new version we wait for + + # Check if the source we look at is affected by this. + if changes["source"] in t['packages']: + # The source is affected, lets reject it. + reject("""%s: part of the %s transition. + + Your package is part of a testing transition to get %s migrated. + + Transition reason: %s + + This transition will finish when %s, version %s, reaches testing. + This transition is managed by the Release Team and %s + is the Release-Team member responsible for it. + Please contact them or debian-release@lists.debian.org if you + need further assistance. + """ + % (changes["source"], trans, source, t["reason"], source, new_vers, t["rm"])) + return 0 + else: + # We either have the wanted or a newer version in testing, or the package got + # removed completly. In that case we don't need to keep the transition blocker + del transition[trans] + to_dump = 1 + + if to_dump: + destfile = file(Cnf["Dinstall::Reject::ReleaseTransitions"], 'w') + dump(transition, destfile) + ################################################################################ def action (): @@ -1093,16 +1227,19 @@ def action (): # q-unapproved hax0ring queue_info = { "New": { "is": is_new, "process": acknowledge_new }, + "Autobyhand" : { "is" : is_autobyhand, "process": do_autobyhand }, "Byhand" : { "is": is_byhand, "process": do_byhand }, + "OldStableUpdate" : { "is": is_oldstableupdate, + "process": do_oldstableupdate }, "StableUpdate" : { "is": is_stableupdate, "process": do_stableupdate }, "Unembargo" : { "is": is_unembargo, "process": queue_unembargo }, "Embargo" : { "is": is_embargo, "process": queue_embargo }, } - queues = [ "New", "Byhand" ] + queues = [ "New", "Autobyhand", "Byhand" ] if Cnf.FindB("Dinstall::SecurityQueueHandling"): queues += [ "Unembargo", "Embargo" ] else: - queues += [ "StableUpdate" ] + queues += [ "OldStableUpdate", "StableUpdate" ] (prompt, answer) = ("", "XXX") if Options["No-Action"] or Options["Automatic"]: @@ -1157,7 +1294,7 @@ def action (): accept(summary, short_summary) remove_from_unchecked() elif answer == queuekey: - queue_info[queue]["process"](summary) + queue_info[queue]["process"](summary, short_summary) remove_from_unchecked() elif answer == 'Q': sys.exit(0) @@ -1208,7 +1345,7 @@ def is_unembargo (): return 0 -def queue_unembargo (summary): +def queue_unembargo (summary, short_summary): print "Moving to UNEMBARGOED holding area." Logger.log(["Moving to unembargoed", pkg.changes_file]) @@ -1223,9 +1360,10 @@ def queue_unembargo (summary): ################################################################################ def is_embargo (): - return 0 + # if embargoed queues are enabled always embargo + return 1 -def queue_embargo (summary): +def queue_embargo (summary, short_summary): print "Moving to EMBARGOED holding area." Logger.log(["Moving to embargoed", pkg.changes_file]) @@ -1250,12 +1388,12 @@ def is_stableupdate (): (changes["source"], changes["version"], pusuite)) ql = q.getresult() if ql: - # source is already in proposed-updates + # source is already in proposed-updates so no need to hold return 0 return 1 -def do_stableupdate (summary): +def do_stableupdate (summary, short_summary): print "Moving to PROPOSED-UPDATES holding area." Logger.log(["Moving to proposed-updates", pkg.changes_file]); @@ -1268,13 +1406,109 @@ def do_stableupdate (summary): ################################################################################ +def is_oldstableupdate (): + if not changes["distribution"].has_key("oldstable-proposed-updates"): + return 0 + + if not changes["architecture"].has_key("source"): + pusuite = daklib.database.get_suite_id("oldstable-proposed-updates") + q = Upload.projectB.query( + "SELECT S.source FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.version = '%s' AND sa.suite = %d" % + (changes["source"], changes["version"], pusuite)) + ql = q.getresult() + if ql: + # source is already in oldstable-proposed-updates so no need to hold + return 0 + + return 1 + +def do_oldstableupdate (summary, short_summary): + print "Moving to OLDSTABLE-PROPOSED-UPDATES holding area." + Logger.log(["Moving to oldstable-proposed-updates", pkg.changes_file]); + + Upload.dump_vars(Cnf["Dir::Queue::OldProposedUpdates"]); + move_to_dir(Cnf["Dir::Queue::OldProposedUpdates"]) + + # Check for override disparities + Upload.Subst["__SUMMARY__"] = summary; + Upload.check_override(); + +################################################################################ + +def is_autobyhand (): + all_auto = 1 + any_auto = 0 + for file in files.keys(): + if files[file].has_key("byhand"): + any_auto = 1 + + # filename is of form "PKG_VER_ARCH.EXT" where PKG, VER and ARCH + # don't contain underscores, and ARCH doesn't contain dots. + # further VER matches the .changes Version:, and ARCH should be in + # the .changes Architecture: list. + if file.count("_") < 2: + all_auto = 0 + continue + + (pkg, ver, archext) = file.split("_", 2) + if archext.count(".") < 1 or changes["version"] != ver: + all_auto = 0 + continue + + ABH = Cnf.SubTree("AutomaticByHandPackages") + if not ABH.has_key(pkg) or \ + ABH["%s::Source" % (pkg)] != changes["source"]: + print "not match %s %s" % (pkg, changes["source"]) + all_auto = 0 + continue + + (arch, ext) = archext.split(".", 1) + if arch not in changes["architecture"]: + all_auto = 0 + continue + + files[file]["byhand-arch"] = arch + files[file]["byhand-script"] = ABH["%s::Script" % (pkg)] + + return any_auto and all_auto + +def do_autobyhand (summary, short_summary): + print "Attempting AUTOBYHAND." + byhandleft = 0 + for file in files.keys(): + byhandfile = file + if not files[file].has_key("byhand"): + continue + if not files[file].has_key("byhand-script"): + byhandleft = 1 + continue + + os.system("ls -l %s" % byhandfile) + result = os.system("%s %s %s %s %s" % ( + files[file]["byhand-script"], byhandfile, + changes["version"], files[file]["byhand-arch"], + os.path.abspath(pkg.changes_file))) + if result == 0: + os.unlink(byhandfile) + del files[file] + else: + print "Error processing %s, left as byhand." % (file) + byhandleft = 1 + + if byhandleft: + do_byhand(summary, short_summary) + else: + accept(summary, short_summary) + +################################################################################ + def is_byhand (): for file in files.keys(): if files[file].has_key("byhand"): return 1 return 0 -def do_byhand (summary): +def do_byhand (summary, short_summary): print "Moving to BYHAND holding area." Logger.log(["Moving to byhand", pkg.changes_file]) @@ -1293,7 +1527,7 @@ def is_new (): return 1 return 0 -def acknowledge_new (summary): +def acknowledge_new (summary, short_summary): Subst = Upload.Subst print "Moving to NEW holding area." @@ -1363,6 +1597,7 @@ def process_it (changes_file): check_urgency() check_timestamps() check_signed_by_key() + check_transition() Upload.update_subst(reject_message) action() except SystemExit: