X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Fchecks.py;h=5646863995eb9baa3480852dc95eae9cf8cefee9;hb=400aca3f47b5b52b58077e30c8c2d0fa9921034e;hp=5be0d966da863d129535a2a5c87aa7f9ecbb1fbc;hpb=78eb71445e77d668a2c71dceee0437a8574ae122;p=dak.git diff --git a/daklib/checks.py b/daklib/checks.py index 5be0d966..56468639 100644 --- a/daklib/checks.py +++ b/daklib/checks.py @@ -30,10 +30,12 @@ from daklib.regexes import * from daklib.textutils import fix_maintainer, ParseMaintError import daklib.lintian as lintian import daklib.utils as utils +from daklib.upload import InvalidHashException import apt_inst import apt_pkg from apt_pkg import version_compare +import errno import os import time import yaml @@ -45,6 +47,21 @@ class Reject(Exception): """exception raised by failing checks""" pass +class RejectStupidMaintainerException(Exception): + """exception raised by failing the external hashes check""" + + def __str__(self): + return "'%s' has mismatching %s from the external files db ('%s' [current] vs '%s' [external])" % self.args[:4] + +class RejectACL(Reject): + """exception raise by failing ACL checks""" + def __init__(self, acl, reason): + self.acl = acl + self.reason = reason + + def __str__(self): + return "ACL {0}: {1}".format(self.acl.name, self.reason) + class Check(object): """base class for checks @@ -159,13 +176,62 @@ class ChangesCheck(Check): class HashesCheck(Check): """Check hashes in .changes and .dsc are valid.""" def check(self, upload): + what = None + try: + changes = upload.changes + what = changes.filename + for f in changes.files.itervalues(): + f.check(upload.directory) + source = changes.source + if source is not None: + what = source.filename + for f in source.files.itervalues(): + f.check(upload.directory) + except IOError as e: + if e.errno == errno.ENOENT: + raise Reject('{0} refers to non-existing file: {1}\n' + 'Perhaps you need to include it in your upload?' + .format(what, os.path.basename(e.filename))) + raise + except InvalidHashException as e: + raise Reject('{0}: {1}'.format(what, unicode(e))) + +class ExternalHashesCheck(Check): + """Checks hashes in .changes and .dsc against an external database.""" + def check_single(self, session, f): + q = session.execute("SELECT size, md5sum, sha1sum, sha256sum FROM external_files WHERE filename LIKE '%%/%s'" % f.filename) + (ext_size, ext_md5sum, ext_sha1sum, ext_sha256sum) = q.fetchone() or (None, None, None, None) + + if not ext_size: + return + + if ext_size != f.size: + raise RejectStupidMaintainerException(f.filename, 'size', f.size, ext_size) + + if ext_md5sum != f.md5sum: + raise RejectStupidMaintainerException(f.filename, 'md5sum', f.md5sum, ext_md5sum) + + if ext_sha1sum != f.sha1sum: + raise RejectStupidMaintainerException(f.filename, 'sha1sum', f.sha1sum, ext_sha1sum) + + if ext_sha256sum != f.sha256sum: + raise RejectStupidMaintainerException(f.filename, 'sha256sum', f.sha256sum, ext_sha256sum) + + def check(self, upload): + cnf = Config() + + if not cnf.use_extfiles: + return + + session = upload.session changes = upload.changes + for f in changes.files.itervalues(): - f.check(upload.directory) - source = changes.source + self.check_single(session, f) + source = changes.source if source is not None: for f in source.files.itervalues(): - f.check(upload.directory) + self.check_single(session, f) class BinaryCheck(Check): """Check binary packages for syntax errors.""" @@ -405,9 +471,13 @@ class ACLCheck(Check): acl_per_source = session.query(ACLPerSource).filter_by(acl=acl, fingerprint=upload.fingerprint, source=source_name).first() if acl.allow_per_source: # XXX: Drop DMUA part here and switch to new implementation. + # XXX: Send warning mail once users can set the new DMUA flag dmua_status, dmua_reason = self._check_dmua(upload) - if not dmua_status: - return False, dmua_reason + if acl_per_source is None: + if not dmua_status: + return False, dmua_reason + else: + upload.warn('DM flag not set, but accepted as DMUA was set.') #if acl_per_source is None: # return False, "not allowed to upload source package '{0}'".format(source_name) if acl.deny_per_source and acl_per_source is not None: @@ -467,12 +537,12 @@ class ACLCheck(Check): raise Reject('No ACL for fingerprint {0}'.format(fingerprint.fingerprint)) result, reason = self._check_acl(session, upload, acl) if not result: - raise Reject(reason) + raise RejectACL(acl, reason) for acl in session.query(ACL).filter_by(is_global=True): result, reason = self._check_acl(session, upload, acl) if result == False: - raise Reject(reason) + raise RejectACL(acl, reason) return True @@ -594,7 +664,7 @@ class LintianCheck(Check): except yaml.YAMLError as msg: raise Exception('Could not read lintian tags file {0}, YAML error: {1}'.format(tagfile, msg)) - fd, temp_filename = utils.temp_filename() + fd, temp_filename = utils.temp_filename(mode=0o644) temptagfile = os.fdopen(fd, 'w') for tags in lintiantags.itervalues(): for tag in tags: @@ -603,8 +673,10 @@ class LintianCheck(Check): changespath = os.path.join(upload.directory, changes.filename) try: - # FIXME: no shell - cmd = "lintian --show-overrides --tags-from-file {0} {1}".format(temp_filename, changespath) + if cnf.unprivgroup: + cmd = "sudo -H -u {0} -- /usr/bin/lintian --show-overrides --tags-from-file {1} {2}".format(cnf.unprivgroup, temp_filename, changespath) + else: + cmd = "/usr/bin/lintian --show-overrides --tags-from-file {0} {1}".format(temp_filename, changespath) result, output = commands.getstatusoutput(cmd) finally: os.unlink(temp_filename)