From: Ansgar Burchardt Date: Thu, 20 Sep 2012 15:29:48 +0000 (+0200) Subject: Merge branch 'backports-merge' X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=0cd5ef66e65102991e2e0e77c33f4a77b06c7c4d;hp=07f1aa392e54c3d7a0747720c32db2b8aa202a42;p=dak.git Merge branch 'backports-merge' --- diff --git a/dak/acl.py b/dak/acl.py index 075c722b..568e21e4 100644 --- a/dak/acl.py +++ b/dak/acl.py @@ -23,9 +23,17 @@ from daklib.config import Config from daklib.dbconn import DBConn, Fingerprint, Uid, ACL def usage(): - print """Usage: dak acl set-fingerprints + print """Usage: + dak acl set-fingerprints + dak acl export-per-source -Reads list of fingerprints from stdin and sets the ACL to these. + set-fingerprints: + Reads list of fingerprints from stdin and sets the ACL to these. + Accepted input formats are "uid:", "name:" and + "fpr:". + + export-per-source: + Export per source upload rights for ACL . """ def get_fingerprint(entry, session): diff --git a/dak/process_commands.py b/dak/process_commands.py index a4ae1f50..d3c794c2 100644 --- a/dak/process_commands.py +++ b/dak/process_commands.py @@ -20,11 +20,13 @@ import apt_pkg import datetime import os import sys +import time from daklib.config import Config from daklib.command import CommandError, CommandFile from daklib.daklog import Logger from daklib.fstransactions import FilesystemTransaction +from daklib.gpg import GpgException from daklib.utils import find_next_free def usage(): @@ -64,13 +66,21 @@ def main(argv=None): log.log(['unexpected filename', basename]) continue - command = CommandFile(fn, log) - if command.evaluate(): - log.log(['moving to done', basename]) - dst = find_next_free(os.path.join(donedir, basename)) - else: - log.log(['moving to reject', basename]) + try: + command = CommandFile(fn, log) + command.evaluate() + except: + created = os.stat(fn).st_mtime + now = time.time() + too_new = (now - created < int(cnf.get('Dinstall::SkipTime', '60'))) + if too_new: + log.log(['skipped (too new)']) + continue + log.log(['reject', basename]) dst = find_next_free(os.path.join(rejectdir, basename)) + else: + log.log(['done', basename]) + dst = find_next_free(os.path.join(donedir, basename)) with FilesystemTransaction() as fs: fs.move(fn, dst, mode=0o644) diff --git a/daklib/command.py b/daklib/command.py index 639611c2..cbaffa8f 100644 --- a/daklib/command.py +++ b/daklib/command.py @@ -62,20 +62,23 @@ class CommandFile(object): def _evaluate_sections(self, sections, session): session.rollback() try: - sections.next() - section = sections.section - - action = section.get('Action', None) - if action is None: - raise CommandError('Encountered section without Action field') - self.result.append('Action: {0}'.format(action)) - - if action == 'dm': - self.action_dm(self.fingerprint, section, session) - elif action == 'break-the-archive': - self.action_break_the_archive(self.fingerprint, section, session) - else: - raise CommandError('Unknown action: {0}'.format(action)) + while True: + sections.next() + section = sections.section + + action = section.get('Action', None) + if action is None: + raise CommandError('Encountered section without Action field') + self.result.append('Action: {0}'.format(action)) + + if action == 'dm': + self.action_dm(self.fingerprint, section, session) + elif action == 'break-the-archive': + self.action_break_the_archive(self.fingerprint, section, session) + else: + raise CommandError('Unknown action: {0}'.format(action)) + + self.result.append('') except StopIteration: pass finally: @@ -157,13 +160,12 @@ class CommandFile(object): self.result.append('') except Exception as e: self.log.log(['ERROR', e]) - self.result.append("There was an error processing this section:\n{0}".format(e)) + self.result.append("There was an error processing this section. No changes were committed.\nDetails:\n{0}".format(e)) result = False self._notify_uploader() session.close() - self.log.log(['done', self.filename]) return result @@ -189,7 +191,8 @@ class CommandFile(object): acl_name = cnf.get('Command::DM::ACL', 'dm') acl = session.query(ACL).filter_by(name=acl_name).one() - fpr = session.query(Fingerprint).filter_by(fingerprint=section['Fingerprint']).one() + fpr_hash = section['Fingerprint'].translate(None, ' ') + fpr = session.query(Fingerprint).filter_by(fingerprint=fpr_hash).one() if fpr.keyring is None or fpr.keyring.keyring_name not in cnf.value_list('Command::DM::Keyrings'): raise CommandError('Key {0} is not in DM keyring.'.format(fpr.fingerprint)) addresses = gpg_get_key_addresses(fpr.fingerprint) @@ -203,6 +206,10 @@ class CommandFile(object): self.result.append('Uid: {0}'.format(addresses[0])) for source in self._split_packages(section.get('Allow', '')): + # Check for existance of source package to catch typos + if session.query(DBSource).filter_by(source=source).first() is None: + raise CommandError('Tried to grant permissions for unknown source package: {0}'.format(source)) + if session.query(ACLPerSource).filter_by(acl=acl, fingerprint=fpr, source=source).first() is None: aps = ACLPerSource() aps.acl = acl @@ -219,7 +226,11 @@ class CommandFile(object): session.flush() for source in self._split_packages(section.get('Deny', '')): - session.query(ACLPerSource).filter_by(acl=acl, fingerprint=fpr, source=source).delete() + count = session.query(ACLPerSource).filter_by(acl=acl, fingerprint=fpr, source=source).delete() + if count == 0: + raise CommandError('Tried to remove upload permissions for package {0}, ' + 'but no upload permissions were granted before.'.format(source)) + self.log.log(['dm', 'deny', fpr.fingerprint, source]) self.result.append('Denied: {0}'.format(source))