X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Fchecks.py;h=f210d186e43318be8859e2f39658055d52506d12;hb=18e3eff1f8f9d04cecaf2a28031a2953d50adfd8;hp=3c22f390aa0ba393a67ba5089cd22223d2405d71;hpb=0476947fa4da88744730e9918c4e2be9a38c142a;p=dak.git

diff --git a/daklib/checks.py b/daklib/checks.py
index 3c22f390..f210d186 100644
--- a/daklib/checks.py
+++ b/daklib/checks.py
@@ -99,7 +99,7 @@ class Check(object):
         """
         return False
 
-class SignatureCheck(Check):
+class SignatureAndHashesCheck(Check):
     """Check signature of changes and dsc file (if included in upload)
 
     Make sure the signature is valid and done by a known user.
@@ -108,14 +108,47 @@ class SignatureCheck(Check):
         changes = upload.changes
         if not changes.valid_signature:
             raise Reject("Signature for .changes not valid.")
-        if changes.source is not None:
-            if not changes.source.valid_signature:
+        self._check_hashes(upload, changes.filename, changes.files.itervalues())
+
+        source = None
+        try:
+            source = changes.source
+        except Exception as e:
+            raise Reject("Invalid dsc file: {0}".format(e))
+        if source is not None:
+            if not source.valid_signature:
                 raise Reject("Signature for .dsc not valid.")
-            if changes.source.primary_fingerprint != changes.primary_fingerprint:
+            if source.primary_fingerprint != changes.primary_fingerprint:
                 raise Reject(".changes and .dsc not signed by the same key.")
+            self._check_hashes(upload, source.filename, source.files.itervalues())
+
         if upload.fingerprint is None or upload.fingerprint.uid is None:
             raise Reject(".changes signed by unknown key.")
 
+    """Make sure hashes match existing files
+
+    @type  upload: L{daklib.archive.ArchiveUpload}
+    @param upload: upload we are processing
+
+    @type  filename: str
+    @param filename: name of the file the expected hash values are taken from
+
+    @type  files: sequence of L{daklib.upload.HashedFile}
+    @param files: files to check the hashes for
+    """
+    def _check_hashes(self, upload, filename, files):
+        try:
+            for f in files:
+                f.check(upload.directory)
+        except IOError as e:
+            if e.errno == errno.ENOENT:
+                raise Reject('{0} refers to non-existing file: {1}\n'
+                             'Perhaps you need to include it in your upload?'
+                             .format(filename, os.path.basename(e.filename)))
+            raise
+        except InvalidHashException as e:
+            raise Reject('{0}: {1}'.format(filename, unicode(e)))
+
 class ChangesCheck(Check):
     """Check changes file for syntax errors."""
     def check(self, upload):
@@ -173,29 +206,6 @@ class ChangesCheck(Check):
 
         return True
 
-class HashesCheck(Check):
-    """Check hashes in .changes and .dsc are valid."""
-    def check(self, upload):
-        what = None
-        try:
-            changes = upload.changes
-            what = changes.filename
-            for f in changes.files.itervalues():
-                f.check(upload.directory)
-            source = changes.source
-            if source is not None:
-                what = source.filename
-                for f in source.files.itervalues():
-                    f.check(upload.directory)
-        except IOError as e:
-            if e.errno == errno.ENOENT:
-                raise Reject('{0} refers to non-existing file: {1}\n'
-                             'Perhaps you need to include it in your upload?'
-                             .format(what, os.path.basename(e.filename)))
-            raise
-        except InvalidHashException as e:
-            raise Reject('{0}: {1}'.format(what, unicode(e)))
-
 class ExternalHashesCheck(Check):
     """Checks hashes in .changes and .dsc against an external database."""
     def check_single(self, session, f):
@@ -365,7 +375,10 @@ class SourceCheck(Check):
 
         version = control['Version']
         if is_orig:
-            version = re_field_version_upstream.match(version).group('upstream')
+            upstream_match = re_field_version_upstream.match(version)
+            if not upstream_match:
+                raise Reject('{0}: Source package includes upstream tarball, but {0} has no Debian revision.'.format(filename, version))
+            version = upstream_match.group('upstream')
         version_match =  re_field_version.match(version)
         version_without_epoch = version_match.group('without_epoch')
         if match.group('version') != version_without_epoch:
@@ -628,11 +641,14 @@ class LintianCheck(Check):
 
         changespath = os.path.join(upload.directory, changes.filename)
         try:
-            if cnf.unprivgroup:
-                cmd = "sudo -H -u {0} -- /usr/bin/lintian --show-overrides --tags-from-file {1} {2}".format(cnf.unprivgroup, temp_filename, changespath)
-            else:
-                cmd = "/usr/bin/lintian --show-overrides --tags-from-file {0} {1}".format(temp_filename, changespath)
-            result, output = commands.getstatusoutput(cmd)
+            cmd = []
+
+            user = cnf.get('Dinstall::UnprivUser') or None
+            if user is not None:
+                cmd.extend(['sudo', '-H', '-u', user])
+
+            cmd.extend(['LINTIAN_COLL_UNPACKED_SKIP_SIG=1', '/usr/bin/lintian', '--show-overrides', '--tags-from-file', temp_filename, changespath])
+            result, output = commands.getstatusoutput(" ".join(cmd))
         finally:
             os.unlink(temp_filename)