X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Fchecks.py;h=d148d15bdd9f7d0959cae33e7163ac620e84e6ec;hb=ba179a1f739af0852cad9b30c5fefae190f96383;hp=0a22dde88a2d46bd9dfe8d5d1c4503578e5c326f;hpb=979890d13851a1633b9d47869f7a782cef206d32;p=dak.git

diff --git a/daklib/checks.py b/daklib/checks.py
index 0a22dde8..d148d15b 100644
--- a/daklib/checks.py
+++ b/daklib/checks.py
@@ -24,6 +24,7 @@ Please read the documentation for the L{Check} class for the interface.
 """
 
 from daklib.config import Config
+import daklib.daksubprocess
 from daklib.dbconn import *
 import daklib.dbconn as dbconn
 from daklib.regexes import *
@@ -37,11 +38,18 @@ import apt_pkg
 from apt_pkg import version_compare
 import errno
 import os
+import subprocess
 import time
 import yaml
 
-# TODO: replace by subprocess
-import commands
+def check_fields_for_valid_utf8(filename, control):
+    """Check all fields of a control file for valid UTF-8"""
+    for field in control.keys():
+        try:
+            field.decode('utf-8')
+            control[field].decode('utf-8')
+        except UnicodeDecodeError:
+            raise Reject('{0}: The {1} field is not valid UTF-8'.format(filename, field))
 
 class Reject(Exception):
     """exception raised by failing checks"""
@@ -160,6 +168,8 @@ class ChangesCheck(Check):
             if field not in control:
                 raise Reject('{0}: misses mandatory field {1}'.format(fn, field))
 
+        check_fields_for_valid_utf8(fn, control)
+
         source_match = re_field_source.match(control['Source'])
         if not source_match:
             raise Reject('{0}: Invalid Source field'.format(fn))
@@ -264,6 +274,8 @@ class BinaryCheck(Check):
             if field not in control:
                 raise Reject('{0}: Missing mandatory field {0}.'.format(fn, field))
 
+        check_fields_for_valid_utf8(fn, control)
+
         # check fields
 
         package = control['Package']
@@ -393,6 +405,8 @@ class SourceCheck(Check):
         control = source.dsc
         dsc_fn = source._dsc_file.filename
 
+        check_fields_for_valid_utf8(dsc_fn, control)
+
         # check fields
         if not re_field_package.match(control['Source']):
             raise Reject('{0}: Invalid Source field'.format(dsc_fn))
@@ -587,7 +601,7 @@ transition is done.""".format(source, currentlymsg, expected,t["rm"])))
 
         contents = file(path, 'r').read()
         try:
-            transitions = yaml.load(contents)
+            transitions = yaml.safe_load(contents)
             return transitions
         except yaml.YAMLError as msg:
             utils.warn('Not checking transitions, the transitions file is broken: {0}'.format(msg))
@@ -628,7 +642,7 @@ class LintianCheck(Check):
         with open(tagfile, 'r') as sourcefile:
             sourcecontent = sourcefile.read()
         try:
-            lintiantags = yaml.load(sourcecontent)['lintian']
+            lintiantags = yaml.safe_load(sourcecontent)['lintian']
         except yaml.YAMLError as msg:
             raise Exception('Could not read lintian tags file {0}, YAML error: {1}'.format(tagfile, msg))
 
@@ -642,13 +656,17 @@ class LintianCheck(Check):
         changespath = os.path.join(upload.directory, changes.filename)
         try:
             cmd = []
+            result = 0
 
             user = cnf.get('Dinstall::UnprivUser') or None
             if user is not None:
                 cmd.extend(['sudo', '-H', '-u', user])
 
-            cmd.extend(['LINTIAN_COLL_UNPACKED_SKIP_SIG=1', '/usr/bin/lintian', '--show-overrides', '--tags-from-file', temp_filename, changespath])
-            result, output = commands.getstatusoutput(" ".join(cmd))
+            cmd.extend(['/usr/bin/lintian', '--show-overrides', '--tags-from-file', temp_filename, changespath])
+            output = daklib.daksubprocess.check_output(cmd, stderr=subprocess.STDOUT)
+        except subprocess.CalledProcessError as e:
+            result = e.returncode
+            output = e.output
         finally:
             os.unlink(temp_filename)
 
@@ -719,7 +737,7 @@ class VersionCheck(Check):
             if v is not None and not op(version_compare(source_version, v)):
                 raise Reject("Version check failed:\n"
                              "Your upload included the source package {0}, version {1},\n"
-                             "however {3} already has the {4} version {2}.\n"
+                             "however {3} already has version {2}.\n"
                              "Uploads to {5} must have a {4} version than present in {3}."
                              .format(source_name, source_version, v, other_suite.suite_name, op_name, suite.suite_name))
 
@@ -731,7 +749,7 @@ class VersionCheck(Check):
             if v is not None and not op(version_compare(binary_version, v)):
                 raise Reject("Version check failed:\n"
                              "Your upload included the binary package {0}, version {1}, for {2},\n"
-                             "however {4} already has the {5} version {3}.\n"
+                             "however {4} already has version {3}.\n"
                              "Uploads to {6} must have a {5} version than present in {4}."
                              .format(binary_name, binary_version, architecture, v, other_suite.suite_name, op_name, suite.suite_name))