Ansgar Burchardt [Sat, 19 Dec 2015 10:52:38 +0000 (11:52 +0100)]
Include all source packages in index
Previously we required that either an override is present or the
source is an "extra source" introduced via Built-Using. However as we
now include all binary packages (see previous commit), we should also
include all source packages to treat both in a consistent way.
Ansgar Burchardt [Sat, 19 Dec 2015 10:50:25 +0000 (11:50 +0100)]
Use Priority/Section from package as a fallback
This change makes generage-packages-sources2 use the Section and
Priority values provided by the package in case no override is
present.
With this change, automatic override packages do not require manual
override handling. It is also useful for testing purposes or possibly
users with other workflows than Debian's.
Preparing for phasing out SHA1 means first and for most eliminating hard
dependencies on it, so lets include SHA256 hashes in .diff/Index as new
fields as this keeps backward compatibility.
Signed-off-by: David Kalnischkies <david@kalnischkies.de>
include hashsum for compressed patch file in .diff/Index
APT prefers to download files it has hashes for to check it actually got
the file it wanted instead of some man-in-the-middled file (by an attacker
or simply by a webportal returning a login mask for every request).
Giving it the hash of the compressed file saves APT from needing to
uncompress the patch before being able to verify its integrity.
Signed-off-by: David Kalnischkies <david@kalnischkies.de> Signed-off-by: Joerg Jaspert <joerg@debian.org>
We have it readily available, and most scripts try to get it back from
the changes file anyway.
This makes things consistent for the scripts, so they won't get confused
by aliases (due to codenames or suite mappings) depending on whatever is
in the .changes file.
Ansgar Burchardt [Wed, 18 Nov 2015 13:33:30 +0000 (14:33 +0100)]
debianqueued: No early notifications
debianqueued used to send early warnings about invalid uploads, but
relied on being able to (ab)use the setgid bit on the .changes file to
keep track for which uploads it has already complained. If it was
unable to set the setgid bit, it would send mails every run.
This change removes the early warnings. A mail will only be sent when
debianqueued gives up on the upload.
Merge remote-tracking branch 'lamby/misc-fixes-796786' into merge
* lamby/misc-fixes-796786:
daklib/utils.py: mandantory -> mandatory spelling error
daliblib/dak_exceptions: Add trailing comma to avoid future VCS noise
tests/test_packagelist.py: make executable
dalkib/dbconn.py: Mention which version is installed in sqlalchemy check
dak/copy_installer.py: Include which directory doesn't exist in exception
Merge remote-tracking branch 'lamby/improve-parse-changes-tests-796787' into merge
* lamby/improve-parse-changes-tests-796787:
tests/test_parse_changes.py: Move test to ParseDscTestCase as we call with dsc_file=1
tests/test_parse_changes.py: Test that an contentless .dsc fails correctly
tests/test_parse_changes.py: Actually use the blank file test fixture
tests/test_parse_changes.py: Rewrite loose and difficult-to-use-correctly assertFails
tests/test_parse_changes.py: Actually set dsc_file=1 when testing .dsc
generate-releases: Use the right key when testing uncompnotseen
This issue caused dak to not generate hashes for uncompressed Contents
files for some architectures in some components. A bit of context,
there were up to 4 Contents files per architecture:
Any */Contents-ARCH that appeared on the filesystem AFTER the legacy
"Contents-ARCH" would be ignored, because generate-releases used the
wrong key to check if the file was already in uncompnotseen.
Chris Lamb [Wed, 2 Sep 2015 15:05:10 +0000 (16:05 +0100)]
"Update" Debian packaging
Whilst the packaging is obviously not for use, I'm finding it extremely
useful at least having the Build-Depends at a point where it will run the
tests.
It might be tempting to remove debian/ entirely, but Build-Depends is
just too useful for specifying, well, dependencies that tools such as
mk-build-deps can consume just like other packages.
Paul Tagliamonte [Fri, 14 Aug 2015 19:33:47 +0000 (21:33 +0200)]
Modify binary package name check to accept -dbgsym
In particular, we should tolerate .deb packages that are in the
Files, but are not present in the Binary package listing, since
adding them into debian/control is a pretty bad idea.
debhelper (currently, this will be default later), when givin
`DH_BUILD_DDEBS=1` will build DH_BUILD_DDEBS that are in the Files
list, named foo-dbgsym.
The check now validates that the -dbgsym package corresponds to
a package that *is* listed in the Binary package listing, and in
the section "debug".
Ansgar Burchardt [Tue, 11 Aug 2015 19:39:27 +0000 (21:39 +0200)]
Initial work on import-repository
The new subcommand allows importing packages from an existing
repository. It is currently intended to be used on Debian Ports to
import source and arch:all packages from the main archive.
Ansgar Burchardt [Fri, 14 Aug 2015 10:58:48 +0000 (12:58 +0200)]
SignedFile: allow multiple signatures
The InRelease file is currently signed using multiple keys and we want
to be able to verify its signature. So allow multiple signatures as
long as all of them are valid.
For uploads (.changes files) we still require that only a single
signature is present. This is currently enforced by the 'fingerprint',
'primary_fingerprint' and 'signature_id' accessors.
Ansgar Burchardt [Thu, 13 Aug 2015 09:43:55 +0000 (11:43 +0200)]
Add install_source_to_archive method
This method install the source into an archive without adding it to
any suite. It is intended to be used to import extra source packages
(i.e. those referenced only by Built-Using).
Ansgar Burchardt [Thu, 13 Aug 2015 09:33:53 +0000 (11:33 +0200)]
Do not require all attributes to match
If the same source or binary package is uploaded again, the
fingerprint and changed_by might be different if some other person
signed the new .changes (or if there is no .changes). We still want to
be able to import such packages without error, retaining the
attributes already present.
Ansgar Burchardt [Tue, 11 Aug 2015 19:36:43 +0000 (21:36 +0200)]
Generalize parse_file_list to allow handling Release files
Release files use different field names for checksum fields and the
set of allowed filenames is larger (slashes are allowed). This patch
allows switching the regexp used to validate filenames and the fields
for checksums to allow using parse_file_list not only for .dsc files,
but also for Release files.