X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Fchecks.py;h=70e1f5e398dd3b17e4e5d1f9127f15e4dfb84abb;hb=03a86547e5d9b209016cc0b23f825d3baea92f8c;hp=c7c4a16f23f03c8b482df3f1ee07792f74008764;hpb=0fe78641fc8c73a0fd40b83dba90a12d3ae1f0b5;p=dak.git diff --git a/daklib/checks.py b/daklib/checks.py index c7c4a16f..70e1f5e3 100644 --- a/daklib/checks.py +++ b/daklib/checks.py @@ -36,6 +36,7 @@ import daklib.upload import apt_inst import apt_pkg from apt_pkg import version_compare +import datetime import errno import os import subprocess @@ -56,7 +57,7 @@ class Reject(Exception): """exception raised by failing checks""" pass -class RejectStupidMaintainerException(Exception): +class RejectExternalFilesMismatch(Reject): """exception raised by failing the external hashes check""" def __str__(self): @@ -167,6 +168,25 @@ class SignatureAndHashesCheck(Check): except daklib.upload.UploadException as e: raise Reject('{0}: {1}'.format(filename, unicode(e))) +class SignatureTimestampCheck(Check): + """Check timestamp of .changes signature""" + def check(self, upload): + changes = upload.changes + + now = datetime.datetime.utcnow() + timestamp = changes.signature_timestamp + age = now - timestamp + + age_max = datetime.timedelta(days=365) + age_min = datetime.timedelta(days=-7) + + if age > age_max: + raise Reject('{0}: Signature from {1} is too old (maximum age is {2} days)'.format(changes.filename, timestamp, age_max.days)) + if age < age_min: + raise Reject('{0}: Signature from {1} is too far in the future (tolerance is {2} days)'.format(changes.filename, timestamp, abs(age_min.days))) + + return True + class ChangesCheck(Check): """Check changes file for syntax errors.""" def check(self, upload): @@ -236,16 +256,16 @@ class ExternalHashesCheck(Check): return if ext_size != f.size: - raise RejectStupidMaintainerException(f.filename, 'size', f.size, ext_size) + raise RejectExternalFilesMismatch(f.filename, 'size', f.size, ext_size) if ext_md5sum != f.md5sum: - raise RejectStupidMaintainerException(f.filename, 'md5sum', f.md5sum, ext_md5sum) + raise RejectExternalFilesMismatch(f.filename, 'md5sum', f.md5sum, ext_md5sum) if ext_sha1sum != f.sha1sum: - raise RejectStupidMaintainerException(f.filename, 'sha1sum', f.sha1sum, ext_sha1sum) + raise RejectExternalFilesMismatch(f.filename, 'sha1sum', f.sha1sum, ext_sha1sum) if ext_sha256sum != f.sha256sum: - raise RejectStupidMaintainerException(f.filename, 'sha256sum', f.sha256sum, ext_sha256sum) + raise RejectExternalFilesMismatch(f.filename, 'sha256sum', f.sha256sum, ext_sha256sum) def check(self, upload): cnf = Config() @@ -280,7 +300,7 @@ class BinaryCheck(Check): fn = binary.hashed_file.filename control = binary.control - for field in ('Package', 'Architecture', 'Version', 'Description'): + for field in ('Package', 'Architecture', 'Version', 'Description', 'Section'): if field not in control: raise Reject('{0}: Missing mandatory field {0}.'.format(fn, field)) @@ -341,6 +361,11 @@ class BinaryCheck(Check): except: raise Reject('{0}: APT could not parse {1} field'.format(fn, field)) + # "Multi-Arch: no" breaks wanna-build, #768353 + multi_arch = control.get("Multi-Arch") + if multi_arch == 'no': + raise Reject('{0}: Multi-Arch: no support in Debian is broken (#768353)'.format(fn)) + class BinaryTimestampCheck(Check): """check timestamps of files in binary packages @@ -664,6 +689,7 @@ class NoSourceOnlyCheck(Check): if not allow_no_arch_indep_uploads \ and 'all' not in changes.architectures \ + and 'experimental' not in changes.distributions \ and changes.source.package_list.has_arch_indep_packages(): raise Reject('Uploads not including architecture-independent packages are not allowed.')