X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Fchecks.py;h=2e76e78329c8e6fd57d74e2d0d890d33d64f55ba;hb=b8c51297d7b03115240198383f76a48a519c85df;hp=6a95049f4d93377795cf83d0c9b6c272024c9cc9;hpb=c24fed89b5d1630343cfc29440e8f4d119efe9e3;p=dak.git

diff --git a/daklib/checks.py b/daklib/checks.py
index 6a95049f..2e76e783 100644
--- a/daklib/checks.py
+++ b/daklib/checks.py
@@ -45,6 +45,12 @@ class Reject(Exception):
     """exception raised by failing checks"""
     pass
 
+class RejectStupidMaintainerException(Exception):
+    """exception raised by failing the external hashes check"""
+
+    def __str__(self):
+        return "'%s' has mismatching %s from the external files db ('%s' [current] vs '%s' [external])" % self.args[:4]
+
 class Check(object):
     """base class for checks
 
@@ -162,11 +168,48 @@ class HashesCheck(Check):
         changes = upload.changes
         for f in changes.files.itervalues():
             f.check(upload.directory)
-            source = changes.source
+        source = changes.source
         if source is not None:
             for f in source.files.itervalues():
                 f.check(upload.directory)
 
+class ExternalHashesCheck(Check):
+    """Checks hashes in .changes and .dsc against an external database."""
+    def check_single(self, session, f):
+        q = session.execute("SELECT size, md5sum, sha1sum, sha256sum FROM external_files WHERE filename LIKE '%%/%s'" % f.filename)
+        (ext_size, ext_md5sum, ext_sha1sum, ext_sha256sum) = q.fetchone() or (None, None, None, None)
+
+        if not ext_size:
+            return
+
+        if ext_size != f.size:
+            raise RejectStupidMaintainerException(f.filename, 'size', f.size, ext_size)
+
+        if ext_md5sum != f.md5sum:
+            raise RejectStupidMaintainerException(f.filename, 'md5sum', f.md5sum, ext_md5sum)
+
+        if ext_sha1sum != f.sha1sum:
+            raise RejectStupidMaintainerException(f.filename, 'sha1sum', f.sha1sum, ext_sha1sum)
+
+        if ext_sha256sum != f.sha256sum:
+            raise RejectStupidMaintainerException(f.filename, 'sha256sum', f.sha256sum, ext_sha256sum)
+
+    def check(self, upload):
+        cnf = Config()
+
+        if not cnf.use_extfiles:
+            return
+
+        session = upload.session
+        changes = upload.changes
+
+        for f in changes.files.itervalues():
+            self.check_single(session, f)
+        source = changes.source
+        if source is not None:
+            for f in source.files.itervalues():
+                self.check_single(session, f)
+
 class BinaryCheck(Check):
     """Check binary packages for syntax errors."""
     def check(self, upload):
@@ -595,7 +638,7 @@ class LintianCheck(Check):
         except yaml.YAMLError as msg:
             raise Exception('Could not read lintian tags file {0}, YAML error: {1}'.format(tagfile, msg))
 
-        fd, temp_filename = utils.temp_filename()
+        fd, temp_filename = utils.temp_filename(mode=0o644)
         temptagfile = os.fdopen(fd, 'w')
         for tags in lintiantags.itervalues():
             for tag in tags:
@@ -604,8 +647,10 @@ class LintianCheck(Check):
 
         changespath = os.path.join(upload.directory, changes.filename)
         try:
-            # FIXME: no shell
-            cmd = "lintian --show-overrides --tags-from-file {0} {1}".format(temp_filename, changespath)
+            if cnf.unprivgroup:
+                cmd = "sudo -H -u {0} -- /usr/bin/lintian --show-overrides --tags-from-file {1} {2}".format(cnf.unprivgroup, temp_filename, changespath)
+            else:
+                cmd = "/usr/bin/lintian --show-overrides --tags-from-file {0} {1}".format(temp_filename, changespath)
             result, output = commands.getstatusoutput(cmd)
         finally:
             os.unlink(temp_filename)