+2008-04-17 Joerg Jaspert <joerg@debian.org>
+
+ * config/debian/dak.conf: Add TempPath statement for the Release
+ Transitions script
+
+ * dak/transitions.py (temp_transitions_file): Use the TempPath
+ (write_transitions_from_file): Check if the file we should get our
+ transitions from is in our TempPath, error out if it isnt
+
2008-04-12 James Troup <troup@debian.org>
* dak/clean_proposed_updates.py: add support for -s/--suite and
"""We have a file we think is valid; if we're using sudo, we invoke it
here, otherwise we just parse the file and call write_transitions"""
+ # Lets check if from_file is in the directory we expect it to be in
+ if not os.path.abspath(from_file).startswith(Cnf["Transitions::TempPath"]):
+ print "Will not accept transitions file outside of %s" % (Cnf["Transitions::TempPath"])
+ sys.exit(3)
+
if Options["sudo"]:
os.spawnl(os.P_WAIT, "/usr/bin/sudo", "/usr/bin/sudo", "-u", "dak", "-H",
"/usr/local/bin/dak", "transitions", "--import", from_file)
# We need the chmod, as the file is (most possibly) copied from a
# sudo-ed script and would be unreadable if it has default mkstemp mode
- (fd, path) = tempfile.mkstemp("","transitions")
+ (fd, path) = tempfile.mkstemp("","transitions",Cnf["Transitions::TempPath"])
os.chmod(path, 0644)
f = open(path, "w")
syck.dump(transitions, f)
projects / dak.git / commitdiff