summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
6a6d627)
As dak/examine_package.py is also used by process-new we cannot run
lintian unconditionally as the unprivileged user. Therefore move the
Unpriv{User,Group} setting from the database to a (group-specific)
dak.conf.
+ dak "/srv/ftp-master.debian.org/dak/config/debian/dak.conf-dak";
ftpteam "";
backports "/srv/ftp-master.debian.org/dak/config/debian/dak.conf-backports";
};
ftpteam "";
backports "/srv/ftp-master.debian.org/dak/config/debian/dak.conf-backports";
};
--- /dev/null
+Dinstall {
+ UnprivUser "dak-unpriv";
+ UnprivGroup "dak-unpriv";
+};
import threading
from daklib import utils
import threading
from daklib import utils
+from daklib.config import Config
from daklib.dbconn import DBConn, get_component_by_package_suite
from daklib.gpg import SignedFile
from daklib.regexes import html_escaping, re_html_escaping, re_version, re_spacestrip, \
from daklib.dbconn import DBConn, get_component_by_package_suite
from daklib.gpg import SignedFile
from daklib.regexes import html_escaping, re_html_escaping, re_version, re_spacestrip, \
package_relations = {} #: Store relations of packages for later output
# default is to not output html.
package_relations = {} #: Store relations of packages for later output
# default is to not output html.
################################################################################
################################################################################
to_print += " "+format_field(key,field_value)+'\n'
return to_print
to_print += " "+format_field(key,field_value)+'\n'
return to_print
-def do_command (command, filename, escaped=0):
+def do_command (command, filename, escaped=False):
o = os.popen("%s %s" % (command, filename))
if escaped:
return escaped_text(o.read())
o = os.popen("%s %s" % (command, filename))
if escaped:
return escaped_text(o.read())
return formatted_text(o.read())
def do_lintian (filename):
return formatted_text(o.read())
def do_lintian (filename):
+ cnf = Config()
+ cmd = []
+
+ user = cnf.get('Dinstall::UnprivUser') or None
+ if user is not None:
+ cmd.extend(['sudo', '-H', '-u', user])
+
+ color = 'always'
- return do_command("lintian --show-overrides --color html", filename, 1)
- else:
- return do_command("lintian --show-overrides --color always", filename, 1)
+ color = 'html'
+
+ cmd.extend(['lintian', '--show-overrides', '--color', color])
+
+ return do_command(' '.join(cmd), filename, escaped=True)
def get_copyright (deb_filename):
global printed
def get_copyright (deb_filename):
global printed
if Options["Html-Output"]:
global use_html
if Options["Html-Output"]:
global use_html
dsc = upload.source
cnf = Config()
dsc = upload.source
cnf = Config()
+ group = cnf.get('Dinstall::UnprivGroup') or None
+
#bcc = "X-DAK: dak process-new"
#if cnf.has_key("Dinstall::Bcc"):
# u.Subst["__BCC__"] = bcc + "\nBcc: %s" % (cnf["Dinstall::Bcc"])
#bcc = "X-DAK: dak process-new"
#if cnf.has_key("Dinstall::Bcc"):
# u.Subst["__BCC__"] = bcc + "\nBcc: %s" % (cnf["Dinstall::Bcc"])
try:
with lock_package(upload.changes.source):
try:
with lock_package(upload.changes.source):
- with UploadCopy(upload) as upload_copy:
+ with UploadCopy(upload, group=group) as upload_copy:
handler = PolicyQueueUploadHandler(upload, session)
if handler.get_action() is not None:
print "PENDING %s\n" % handler.get_action()
handler = PolicyQueueUploadHandler(upload, session)
if handler.get_action() is not None:
print "PENDING %s\n" % handler.get_action()
session = DBConn().session()
upload = session.query(PolicyQueueUpload).filter_by(id=upload_id).one()
session = DBConn().session()
upload = session.query(PolicyQueueUpload).filter_by(id=upload_id).one()
htmlfiles_to_process.append(htmlfile)
sources.append(htmlname)
htmlfiles_to_process.append(htmlfile)
sources.append(htmlname)
+ group = cnf.get('Dinstall::UnprivGroup') or None
+
with open(htmlfile, 'w') as outfile:
with open(htmlfile, 'w') as outfile:
- with policy.UploadCopy(upload) as upload_copy:
+ with policy.UploadCopy(upload, group=group) as upload_copy:
handler = policy.PolicyQueueUploadHandler(upload, session)
missing = [ (o['type'], o['package']) for o in handler.missing_overrides() ]
distribution = changes.distribution
handler = policy.PolicyQueueUploadHandler(upload, session)
missing = [ (o['type'], o['package']) for o in handler.missing_overrides() ]
distribution = changes.distribution
cnf = Config()
session = self.transaction.session
cnf = Config()
session = self.transaction.session
+ group = cnf.get('Dinstall::UnprivGroup') or None
self.directory = utils.temp_dirname(parent=cnf.get('Dir::TempPath'),
self.directory = utils.temp_dirname(parent=cnf.get('Dir::TempPath'),
- mode=0o2750, group=cnf.unprivgroup)
+ mode=0o2750, group=group)
with FilesystemTransaction() as fs:
src = os.path.join(self.original_directory, self.original_changes.filename)
dst = os.path.join(self.directory, self.original_changes.filename)
with FilesystemTransaction() as fs:
src = os.path.join(self.original_directory, self.original_changes.filename)
dst = os.path.join(self.directory, self.original_changes.filename)
changespath = os.path.join(upload.directory, changes.filename)
try:
changespath = os.path.join(upload.directory, changes.filename)
try:
- if cnf.unprivgroup:
- cmd = "sudo -H -u {0} -- /usr/bin/lintian --show-overrides --tags-from-file {1} {2}".format(cnf.unprivgroup, temp_filename, changespath)
- else:
- cmd = "/usr/bin/lintian --show-overrides --tags-from-file {0} {1}".format(temp_filename, changespath)
- result, output = commands.getstatusoutput(cmd)
+ cmd = []
+
+ user = cnf.get('Dinstall::UnprivUser') or None
+ if user is not None:
+ cmd.extend(['sudo', '-H', '-u', user])
+
+ cmd.extend(['/usr/bin/lintian', '--show-overrides', '--tags-from-file', temp_filename, changespath])
+ result, output = commands.getstatusoutput(" ".join(cmd))
finally:
os.unlink(temp_filename)
finally:
os.unlink(temp_filename)
for field in [('db_revision', None, int),
('defaultsuitename', 'unstable', str),
('exportpath', '', str),
for field in [('db_revision', None, int),
('defaultsuitename', 'unstable', str),
('exportpath', '', str),
- ('unprivgroup', None, str),
('use_extfiles', None, int)
]:
setattr(self, 'get_%s' % field[0], lambda s=None, x=field[0], y=field[1], z=field[2]: self.get_db_value(x, y, z))
('use_extfiles', None, int)
]:
setattr(self, 'get_%s' % field[0], lambda s=None, x=field[0], y=field[1], z=field[2]: self.get_db_value(x, y, z))
given by the C{directory} attribute. The copy will be removed on leaving
the with-block.
"""
given by the C{directory} attribute. The copy will be removed on leaving
the with-block.
"""
- def __init__(self, upload):
+ def __init__(self, upload, group=None):
"""initializer
@type upload: L{daklib.dbconn.PolicyQueueUpload}
"""initializer
@type upload: L{daklib.dbconn.PolicyQueueUpload}
self.directory = None
self.upload = upload
self.directory = None
self.upload = upload
def export(self, directory, mode=None, symlink=True, ignore_existing=False):
"""export a copy of the upload
def export(self, directory, mode=None, symlink=True, ignore_existing=False):
"""export a copy of the upload
def __enter__(self):
assert self.directory is None
def __enter__(self):
assert self.directory is None
+ mode = 0o0700
+ symlink = True
+ if self.group is not None:
+ mode = 0o2750
+ symlink = False
+
- self.directory = tempfile.mkdtemp(dir=cnf.get('Dir::TempPath'))
- self.export(self.directory, symlink=True)
+ self.directory = utils.temp_dirname(parent=cnf.get('Dir::TempPath'),
+ mode=mode,
+ group=self.group)
+ self.export(self.directory, symlink=symlink)
return self
def __exit__(self, *args):
return self
def __exit__(self, *args):