Merge release transitions checking

diff --git a/ChangeLog b/ChangeLog
index 1ca4a408c3a7c98da409af90262dc9f58412f591..f09a1b02bbf8aaac240c35400f0d7cd8430ad908 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2008-04-17  Joerg Jaspert  <joerg@debian.org>
+
+       * config/debian/dak.conf: Add TempPath statement for the Release
+       Transitions script
+
+       * dak/transitions.py (temp_transitions_file): Use the TempPath
+       (write_transitions_from_file): Check if the file we should get our
+       transitions from is in our TempPath, error out if it isnt
+       (main): Check for TempPath existance
+
 2008-04-12  James Troup  <troup@debian.org>
 
        * dak/clean_proposed_updates.py: add support for -s/--suite and
@@ -21,6 +31,12 @@
        adjusted to reject newer (and right now broken) 1.8 version, until
        dpkg (or debsign) is fixed and doesn't produce invalid .changes anymore
 
+2008-03-22  Joerg Jaspert  <joerg@debian.org>
+
+       * dak/transitions.py (load_transitions): Check if all our keys are
+       defined, if there are only keys defined we want and also the types
+       of the various keys.
+
 2008-03-22  Anthony Towns  <ajt@debian.org>
 
        * dak/edit_transitions.py: Add --import option.

diff --git a/config/debian/dak.conf b/config/debian/dak.conf
index 182e28af871143eb559459a82919c8513924b2f5..9763efcff67e6be114465f23b9d80ad6c4279a0f 100644 (file)
--- a/config/debian/dak.conf
+++ b/config/debian/dak.conf
@@ -38,6 +38,11 @@ Dinstall
    };
 };
 
+Transitions
+{
+   TempPath "/srv/ftp.debian.org/tmp/";
+};
+
 Binary-Upload-Restrictions
 {
  Components

diff --git a/dak/transitions.py b/dak/transitions.py
index d8845a0bfe153b9aea560f681a48613b75e8e68d..530ef0c87d99b4677ae87b2c38287d2ffee27c2e 100755 (executable)
--- a/dak/transitions.py
+++ b/dak/transitions.py
@@ -36,6 +36,9 @@ projectB = None
 
 ################################################################################
 
+#####################################
+#### This may run within sudo !! ####
+#####################################
 def init():
     global Cnf, Options, projectB
 
@@ -90,21 +93,70 @@ Options:
 
 ################################################################################
 
+#####################################
+#### This may run within sudo !! ####
+#####################################
 def load_transitions(trans_file):
     # Parse the yaml file
     sourcefile = file(trans_file, 'r')
     sourcecontent = sourcefile.read()
+    failure = False
     try:
         trans = syck.load(sourcecontent)
     except syck.error, msg:
         # Someone fucked it up
         print "ERROR: %s" % (msg)
         return None
-    # could do further validation here
+
+    # lets do further validation here
+    checkkeys = ["source", "reason", "packages", "new", "rm"]
+    for test in trans:
+        t = trans[test]
+
+        # First check if we know all the keys for the transition and if they have
+        # the right type (and for the packages also if the list has the right types
+        # included, ie. not a list in list, but only str in the list)
+        for key in t:
+            if key not in checkkeys:
+                print "ERROR: Unknown key %s in transition %s" % (key, test)
+                failure = True
+
+            if key == "packages":
+                if type(t[key]) != list:
+                    print "ERROR: Unknown type %s for packages in transition %s." % (type(t[key]), test)
+                    failure = True
+
+                try:
+                    for package in t["packages"]:
+                        if type(package) != str:
+                            print "ERROR: Packages list contains invalid type %s (as %s) in transition %s" % (type(package), package, test)
+                            failure = True
+                except TypeError:
+                    # In case someone has an empty packages list
+                    print "ERROR: No packages defined in transition %s" % (test)
+                    failure = True
+                    continue
+
+            elif type(t[key]) != str:
+                print "ERROR: Unknown type %s for key %s in transition %s" % (type(t[key]), key, test)
+                failure = True
+
+        # And now the other way round - are all our keys defined?
+        for key in checkkeys:
+            if key not in t:
+                print "ERROR: Missing key %s in transition %s" % (key, test)
+                failure = True
+
+    if failure:
+        return None
+
     return trans
 
 ################################################################################
 
+#####################################
+#### This may run within sudo !! ####
+#####################################
 def lock_file(file):
     for retry in range(10):
         lock_fd = os.open(file, os.O_RDWR | os.O_CREAT)
@@ -123,6 +175,9 @@ def lock_file(file):
 
 ################################################################################
 
+#####################################
+#### This may run within sudo !! ####
+#####################################
 def write_transitions(from_trans):
     """Update the active transitions file safely.
        This function takes a parsed input file (which avoids invalid
@@ -149,10 +204,18 @@ def write_transitions(from_trans):
 class ParseException(Exception):
     pass
 
+##########################################
+#### This usually runs within sudo !! ####
+##########################################
 def write_transitions_from_file(from_file):
     """We have a file we think is valid; if we're using sudo, we invoke it
        here, otherwise we just parse the file and call write_transitions"""
 
+    # Lets check if from_file is in the directory we expect it to be in
+    if not os.path.abspath(from_file).startswith(Cnf["Transitions::TempPath"]):
+        print "Will not accept transitions file outside of %s" % (Cnf["Transitions::TempPath"])
+        sys.exit(3)
+
     if Options["sudo"]:
         os.spawnl(os.P_WAIT, "/usr/bin/sudo", "/usr/bin/sudo", "-u", "dak", "-H", 
               "/usr/local/bin/dak", "transitions", "--import", from_file)
@@ -169,7 +232,7 @@ def temp_transitions_file(transitions):
     # We need the chmod, as the file is (most possibly) copied from a
     # sudo-ed script and would be unreadable if it has default mkstemp mode
     
-    (fd, path) = tempfile.mkstemp("","transitions")
+    (fd, path) = tempfile.mkstemp("", "transitions", Cnf["Transitions::TempPath"])
     os.chmod(path, 0644)
     f = open(path, "w")
     syck.dump(transitions, f)
@@ -342,6 +405,9 @@ def transition_info(transitions):
 def main():
     global Cnf
 
+    #####################################
+    #### This can run within sudo !! ####
+    #####################################
     init()
     
     # Check if there is a file defined (and existant)
@@ -353,6 +419,15 @@ def main():
         daklib.utils.warn("ReleaseTransitions file, %s, not found." %
                           (Cnf["Dinstall::Reject::ReleaseTransitions"]))
         sys.exit(1)
+    # Also check if our temp directory is defined and existant
+    temppath = Cnf.get("Transitions::TempPath", "")
+    if temppath == "":
+        daklib.utils.warn("Transitions::TempPath not defined")
+        sys.exit(1)
+    if not os.path.exists(temppath):
+        daklib.utils.warn("Temporary path %s not found." %
+                          (Cnf["Transitions::TempPath"]))
+        sys.exit(1)
    
     if Options["import"]:
         try:
@@ -361,6 +436,9 @@ def main():
             print m
             sys.exit(2)
         sys.exit(0)
+    ##############################################
+    #### Up to here it can run within sudo !! ####
+    ##############################################
 
     # Parse the yaml file
     transitions = load_transitions(transpath)