X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fprocess_unchecked.py;h=fd0afc4e0f3d2aa2cec57679157d9364f158a37c;hb=203e76d0f6eddac1ad270d68df5e96357d0d0011;hp=1d63a024a4a2e2b35cc45109c40f63294d79ea64;hpb=553d3871ae6811f2b2040c309ee15ef34ec7fb0a;p=dak.git diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index 1d63a024..fd0afc4e 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -997,7 +997,7 @@ def check_timestamps(): ################################################################################ def lookup_uid_from_fingerprint(fpr): - q = Upload.projectB.query("SELECT u.uid, u.name FROM fingerprint f, uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr)) + q = Upload.projectB.query("SELECT u.uid, u.name, k.debian_maintainer FROM fingerprint f JOIN keyrings k ON (f.keyring=k.id), uid u WHERE f.uid = u.id AND f.fingerprint = '%s'" % (fpr)) qs = q.getresult() if len(qs) == 0: return (None, None) @@ -1007,7 +1007,7 @@ def lookup_uid_from_fingerprint(fpr): def check_signed_by_key(): """Ensure the .changes is signed by an authorized uploader.""" - (uid, uid_name) = lookup_uid_from_fingerprint(changes["fingerprint"]) + (uid, uid_name, is_dm) = lookup_uid_from_fingerprint(changes["fingerprint"]) if uid_name == None: uid_name = "" @@ -1017,8 +1017,8 @@ def check_signed_by_key(): may_nmu, may_sponsor = 1, 1 # XXX by default new dds don't have a fingerprint/uid in the db atm, # and can't get one in there if we don't allow nmu/sponsorship - elif uid[:3] == "dm:": - uid_email = uid[3:] + elif is_dm is "t": + uid_email = uid may_nmu, may_sponsor = 0, 0 else: uid_email = "%s@debian.org" % (uid) @@ -1043,25 +1043,28 @@ def check_signed_by_key(): if not sponsored and not may_nmu: source_ids = [] - check_suites = changes["distribution"].keys() - if "unstable" not in check_suites: check_suites.append("unstable") - if "experimental" not in check_suites: check_suites.append("experimental") - for suite in check_suites: - suite_id = database.get_suite_id(suite) - q = Upload.projectB.query("SELECT s.id FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND sa.suite = %d" % (changes["source"], suite_id)) - for si in q.getresult(): - if si[0] not in source_ids: source_ids.append(si[0]) - - is_nmu = 1 - for si in source_ids: - q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT su.maintainer FROM src_uploaders su JOIN source s ON (s.id = su.source) WHERE su.source = %s AND s.dm_upload_allowed = 'yes')" % (si)) + q = Upload.projectB.query("SELECT s.id, s.version FROM source s JOIN src_associations sa ON (s.id = sa.source) WHERE s.source = '%s' AND s.dm_upload_allowed = 'yes'" % (changes["source"])) + + highest_sid, highest_version = None, None + + should_reject = True + for si in q.getresult(): + if highest_version == None or apt_pkg.VersionCompare(si[1], highest_version) == 1: + highest_sid = si[0] + highest_version = si[1] + + if highest_sid == None: + reject("Source package %s does not have 'DM-Upload-Allowed: yes' in its most recent version" % changes["source"]) + else: + q = Upload.projectB.query("SELECT m.name FROM maintainer m WHERE m.id IN (SELECT su.maintainer FROM src_uploaders su JOIN source s ON (s.id = su.source) WHERE su.source = %s)" % (highest_sid)) for m in q.getresult(): (rfc822, rfc2047, name, email) = utils.fix_maintainer(m[0]) if email == uid_email or name == uid_name: - is_nmu=0 + should_reject=True break - if is_nmu: - reject("%s may not upload/NMU source package %s" % (uid, changes["source"])) + + if should_reject == True: + reject("%s is not in Maintainer or Uploaders of source package %s" % (uid, changes["source"])) for b in changes["binary"].keys(): for suite in changes["distribution"].keys():