X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=b2097def91f3982734df160c78815f6956587829;hb=fada67dd146cdbd3f3ce50d80c58c75538354819;hp=8a49f009e5ffdff7931442c28e0182e31eb8db12;hpb=dade1d4e91245074ff31a9c8e79fb2ea5b942c51;p=dak.git diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index 8a49f009..b2097def 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -389,7 +389,8 @@ def check_files(): cursor = DBConn().cursor() # Check for packages that have moved from one component to another # STU: this should probably be changed to not join on architecture, suite tables but instead to used their cached name->id mappings from DBConn - cursor.execute("""PREPARE moved_pkg_q(text,text,text) AS + DBConn().prepare("moved_pkg_q", """ + PREPARE moved_pkg_q(text,text,text) AS SELECT c.name FROM binaries b, bin_associations ba, suite s, location l, component c, architecture a, files f WHERE b.package = $1 AND s.suite_name = $2 @@ -561,7 +562,7 @@ def check_files(): # Check the version and for file overwrites reject(Upload.check_binary_against_db(f),"") - Binary(f, reject).scan_package( ) + Binary(f, reject).scan_package() # Checks for a source package... else: @@ -1013,7 +1014,7 @@ def lookup_uid_from_fingerprint(fpr): if qs: return qs else: - return (None, None, None) + return (None, None, False) def check_signed_by_key(): """Ensure the .changes is signed by an authorized uploader.""" @@ -1023,17 +1024,22 @@ def check_signed_by_key(): uid_name = "" # match claimed name with actual name: - if uid == None: + if uid is None: + # This is fundamentally broken but need us to refactor how we get + # the UIDs/Fingerprints in order for us to fix it properly uid, uid_email = changes["fingerprint"], uid may_nmu, may_sponsor = 1, 1 # XXX by default new dds don't have a fingerprint/uid in the db atm, # and can't get one in there if we don't allow nmu/sponsorship - elif is_dm is "t": - uid_email = uid - may_nmu, may_sponsor = 0, 0 - else: + elif is_dm is False: + # If is_dm is False, we allow full upload rights uid_email = "%s@debian.org" % (uid) may_nmu, may_sponsor = 1, 1 + else: + # Assume limited upload rights unless we've discovered otherwise + uid_email = uid + may_nmu, may_sponsor = 0, 0 + if uid_email in [changes["maintaineremail"], changes["changedbyemail"]]: sponsored = 0 @@ -1052,6 +1058,7 @@ def check_signed_by_key(): if sponsored and not may_sponsor: reject("%s is not authorised to sponsor uploads" % (uid)) + cursor = DBConn().cursor() if not sponsored and not may_nmu: source_ids = [] cursor.execute( "SELECT s.id, s.version FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = %(source)s AND s.dm_upload_allowed = 'yes'", changes ) @@ -1319,8 +1326,8 @@ def is_stableupdate (): cursor.execute( """SELECT 1 FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = %(source)s - AND s.version = '%(version)s' - AND sa.suite = %(suite)d""", + AND s.version = %(version)s + AND sa.suite = %(suite)s""", {'source' : changes['source'], 'version' : changes['version'], 'suite' : pusuite}) @@ -1351,14 +1358,14 @@ def is_oldstableupdate (): if not changes["architecture"].has_key("source"): pusuite = DBConn().get_suite_id("oldstable-proposed-updates") cursor = DBConn().cursor() - cursor.execute( """"SELECT 1 FROM source s - JOIN src_associations sa ON (s.id = sa.source) - WHERE s.source = %(source)s - AND s.version = %(version)s - AND sa.suite = %d""", - {'source' : changes['source'], + cursor.execute( """SELECT 1 FROM source s + JOIN src_associations sa ON (s.id = sa.source) + WHERE s.source = %(source)s + AND s.version = %(version)s + AND sa.suite = %(suite)s""", + {'source' : changes['source'], 'version' : changes['version'], - 'suite' : pusuite}) + 'suite' : pusuite}) if cursor.fetchone(): return 0