security install fun

yes, the mhy is right, its all wrong to go special for security in changesutil. remove the special case.
also, check if we process files in newstage. if thats the case (changes known and its in_queue attribute
tells us the queue its in is newstage) then dont do embargo/disembargo, this is one that got accepted
from there

Signed-off-by: Joerg Jaspert <joerg@debian.org>

diff --git a/daklib/changesutils.py b/daklib/changesutils.py
old mode 100644 (file)
new mode 100755 (executable)
index b268add..3a4c6dd
--- a/daklib/changesutils.py
+++ b/daklib/changesutils.py
@@ -178,26 +178,14 @@ def new_accept(upload, dry_run, session):
         cnf = Config()
 
         (summary, short_summary) = upload.build_summaries()
+        destqueue = get_policy_queue('newstage', session)
 
-        # XXX: mhy: I think this is wrong as these are all attributes on the
-        # build and policy queues now
-        if cnf.FindB("Dinstall::SecurityQueueHandling"):
-            upload.dump_vars(cnf["Dir::Queue::Embargoed"])
-            upload.move_to_queue(get_policy_queue('embargoed'))
-            upload.queue_build("embargoed", cnf["Dir::Queue::Embargoed"])
-            # Check for override disparities
-            upload.Subst["__SUMMARY__"] = summary
-        else:
-            # Just a normal upload, accept it...
-            (summary, short_summary) = upload.build_summaries()
-            destqueue = get_policy_queue('newstage', session)
-
-            srcqueue = get_policy_queue_from_path(upload.pkg.directory, session)
+        srcqueue = get_policy_queue_from_path(upload.pkg.directory, session)
 
-            if not srcqueue:
-                # Assume NEW and hope for the best
-                srcqueue = get_policy_queue('new', session)
+        if not srcqueue:
+            # Assume NEW and hope for the best
+            srcqueue = get_policy_queue('new', session)
 
-            changes_to_queue(upload, srcqueue, destqueue, session)
+        changes_to_queue(upload, srcqueue, destqueue, session)
 
 __all__.append('new_accept')

diff --git a/daklib/queue_install.py b/daklib/queue_install.py
index d53887863176972b54e7fe652eac70dbc429bb5e..e9d2a4d3fc179830c40bbf9e08e9b0da6607adf3 100755 (executable)
--- a/daklib/queue_install.py
+++ b/daklib/queue_install.py
@@ -87,6 +87,12 @@ def is_unembargo(u):
    if not get_policy_queue("disembargo"):
        return False
 
+   # If we already are in newstage, then it means this just got passed through and accepted
+   # by a security team member. Don't try to accept it for disembargo again
+   dbc = get_dbchange(u.pkg.changes_file, session)
+   if dbc and dbc.in_queue.queue_name in [ 'newstage' ]:
+       return False
+
    q = session.execute("SELECT package FROM disembargo WHERE package = :source AND version = :version",
                        {'source': u.pkg.changes["source"],
                         'version': u.pkg.changes["version"]})
@@ -130,7 +136,14 @@ def do_unembargo(u, summary, short_summary, chg, session=None):
 def is_embargo(u):
    # if we are the security archive, we always have a embargo queue and its the
    # last in line, so if that exists, return true
+   # Of course do not return true when we accept from out of newstage, as that means
+   # it just left embargo and we want it in the archive
    if get_policy_queue('embargo'):
+       session = DBConn().session()
+       dbc = get_dbchange(u.pkg.changes_file, session)
+       if dbc and dbc.in_queue.queue_name in [ 'newstage' ]:
+           return False
+
        return True
 
 def do_embargo(u, summary, short_summary, chg, session=None):