From 2a795dda1eedc0d97277caafd3e8a21272a34f8c Mon Sep 17 00:00:00 2001 From: Joerg Jaspert Date: Sun, 12 Dec 2010 21:05:11 +0100 Subject: [PATCH] security install fun yes, the mhy is right, its all wrong to go special for security in changesutil. remove the special case. also, check if we process files in newstage. if thats the case (changes known and its in_queue attribute tells us the queue its in is newstage) then dont do embargo/disembargo, this is one that got accepted from there Signed-off-by: Joerg Jaspert --- daklib/changesutils.py | 24 ++++++------------------ daklib/queue_install.py | 13 +++++++++++++ 2 files changed, 19 insertions(+), 18 deletions(-) mode change 100644 => 100755 daklib/changesutils.py diff --git a/daklib/changesutils.py b/daklib/changesutils.py old mode 100644 new mode 100755 index b268add5..3a4c6dd7 --- a/daklib/changesutils.py +++ b/daklib/changesutils.py @@ -178,26 +178,14 @@ def new_accept(upload, dry_run, session): cnf = Config() (summary, short_summary) = upload.build_summaries() + destqueue = get_policy_queue('newstage', session) - # XXX: mhy: I think this is wrong as these are all attributes on the - # build and policy queues now - if cnf.FindB("Dinstall::SecurityQueueHandling"): - upload.dump_vars(cnf["Dir::Queue::Embargoed"]) - upload.move_to_queue(get_policy_queue('embargoed')) - upload.queue_build("embargoed", cnf["Dir::Queue::Embargoed"]) - # Check for override disparities - upload.Subst["__SUMMARY__"] = summary - else: - # Just a normal upload, accept it... - (summary, short_summary) = upload.build_summaries() - destqueue = get_policy_queue('newstage', session) - - srcqueue = get_policy_queue_from_path(upload.pkg.directory, session) + srcqueue = get_policy_queue_from_path(upload.pkg.directory, session) - if not srcqueue: - # Assume NEW and hope for the best - srcqueue = get_policy_queue('new', session) + if not srcqueue: + # Assume NEW and hope for the best + srcqueue = get_policy_queue('new', session) - changes_to_queue(upload, srcqueue, destqueue, session) + changes_to_queue(upload, srcqueue, destqueue, session) __all__.append('new_accept') diff --git a/daklib/queue_install.py b/daklib/queue_install.py index d5388786..e9d2a4d3 100755 --- a/daklib/queue_install.py +++ b/daklib/queue_install.py @@ -87,6 +87,12 @@ def is_unembargo(u): if not get_policy_queue("disembargo"): return False + # If we already are in newstage, then it means this just got passed through and accepted + # by a security team member. Don't try to accept it for disembargo again + dbc = get_dbchange(u.pkg.changes_file, session) + if dbc and dbc.in_queue.queue_name in [ 'newstage' ]: + return False + q = session.execute("SELECT package FROM disembargo WHERE package = :source AND version = :version", {'source': u.pkg.changes["source"], 'version': u.pkg.changes["version"]}) @@ -130,7 +136,14 @@ def do_unembargo(u, summary, short_summary, chg, session=None): def is_embargo(u): # if we are the security archive, we always have a embargo queue and its the # last in line, so if that exists, return true + # Of course do not return true when we accept from out of newstage, as that means + # it just left embargo and we want it in the archive if get_policy_queue('embargo'): + session = DBConn().session() + dbc = get_dbchange(u.pkg.changes_file, session) + if dbc and dbc.in_queue.queue_name in [ 'newstage' ]: + return False + return True def do_embargo(u, summary, short_summary, chg, session=None): -- 2.39.5