From 584eac709b79fd78c77a4fd64562b7e6e46d8846 Mon Sep 17 00:00:00 2001 From: James Troup Date: Thu, 23 May 2002 12:18:32 +0000 Subject: [PATCH] Autobuild support take 3 (security). --- add_constraints.sql | 2 ++ init_pool.sql | 3 ++- katie | 39 +++++++++++++++++++++++---------------- katie.py | 34 +++++++++++++++++++++++----------- rhona | 19 ++++++++++--------- 5 files changed, 60 insertions(+), 37 deletions(-) diff --git a/add_constraints.sql b/add_constraints.sql index 67ec71b1..f459835f 100644 --- a/add_constraints.sql +++ b/add_constraints.sql @@ -32,6 +32,8 @@ ALTER TABLE override ADD CONSTRAINT override_priority FOREIGN KEY (priority) REF ALTER TABLE override ADD CONSTRAINT override_section FOREIGN KEY (section) REFERENCES section(id) MATCH FULL; ALTER TABLE override ADD CONSTRAINT override_type FOREIGN KEY (type) REFERENCES override_type(id) MATCH FULL; +ALTER TABLE accepted_autobuild ADD CONSTRAINT accepted_autobuild_suite FOREIGN KEY (suite) REFERENCES suite(id) MATCH FULL; + -- Then correct all the id SERIAL PRIMARY KEY columns... CREATE FUNCTION files_id_max() RETURNS INT4 diff --git a/init_pool.sql b/init_pool.sql index 0730d8fa..a4bcd2b0 100644 --- a/init_pool.sql +++ b/init_pool.sql @@ -142,7 +142,8 @@ CREATE TABLE override ( unique (suite, component, package, type) ); -CREATE TABLE unstable_accepted ( +CREATE TABLE accepted_autobuild ( + suite INT4 NOT NULL, -- references suite filename TEXT NOT NULL, in_accepted BOOLEAN NOT NULL, last_used TIMESTAMP diff --git a/katie b/katie index 4f5ff941..ad48fa0e 100755 --- a/katie +++ b/katie @@ -2,7 +2,7 @@ # Installs Debian packages # Copyright (C) 2000, 2001, 2002 James Troup -# $Id: katie,v 1.83 2002-05-19 19:55:29 troup Exp $ +# $Id: katie,v 1.84 2002-05-23 12:18:32 troup Exp $ # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -39,7 +39,7 @@ import db_access, katie, logging, utils; ############################################################################### # Globals -katie_version = "$Revision: 1.83 $"; +katie_version = "$Revision: 1.84 $"; Cnf = None; Options = None; @@ -391,30 +391,37 @@ def install (): # Undo the work done in katie.py(accept) to help auto-building # from accepted. - if Cnf.FindB("Dinstall::SpecialAcceptedAutoBuild") and \ - changes["distribution"].has_key("unstable"): + projectB.query("BEGIN WORK"); + for suite in changes["distribution"].keys(): + if suite not in Cnf.ValueList("Dinstall::AcceptedAutoBuildSuites"): + continue; now_date = time.strftime("%Y-%m-%d %H:%M", time.localtime(time.time())); - projectB.query("BEGIN WORK"); + suite_id = db_access.get_suite_id(suite); + dest_dir = Cnf["Dir::AcceptedAutoBuild"]; + if Cnf.FindB("Dinstall::SecurityAcceptedAutoBuild"): + dest_dir = os.path.join(dest_dir, suite); for file in files.keys(): - dest = os.path.join(Cnf["Dir::AcceptedAutoBuild"], file); + dest = os.path.join(dest_dir, file); # Remove it from the list of packages for later processing by apt-ftparchive - projectB.query("UPDATE unstable_accepted SET in_accepted = 'f', last_used = '%s' WHERE filename = '%s'" % (now_date, dest)); - # Update the symlink to point to the new location in the pool - pool_location = utils.poolify (changes["source"], files[file]["component"]); - src = os.path.join(Cnf["Dir::Pool"], pool_location, os.path.basename(file)); - if os.path.islink(dest): - os.unlink(dest); - os.symlink(src, dest); + projectB.query("UPDATE accepted_autobuild SET in_accepted = 'f', last_used = '%s' WHERE filename = '%s' AND suite = %s" % (now_date, dest, suite_id)); + if not Cnf.FindB("Dinstall::SecurityAcceptedAutoBuild"): + # Update the symlink to point to the new location in the pool + pool_location = utils.poolify (changes["source"], files[file]["component"]); + src = os.path.join(Cnf["Dir::Pool"], pool_location, os.path.basename(file)); + if os.path.islink(dest): + os.unlink(dest); + os.symlink(src, dest); # Update last_used on any non-upload .orig.tar.gz symlink if orig_tar_id: # Determine the .orig.tar.gz file name for dsc_file in dsc_files.keys(): if dsc_file[-12:] == ".orig.tar.gz": - orig_tar_gz = os.path.join(Cnf["Dir::AcceptedAutoBuild"], dsc_file); + orig_tar_gz = os.path.join(dest_dir, dsc_file); # Remove it from the list of packages for later processing by apt-ftparchive - projectB.query("UPDATE unstable_accepted SET in_accepted = 'f', last_used = '%s' WHERE filename = '%s'" % (now_date, orig_tar_gz)); - projectB.query("COMMIT WORK"); + projectB.query("UPDATE accepted_autobuild SET in_accepted = 'f', last_used = '%s' WHERE filename = '%s' AND suite = %s" % (now_date, orig_tar_gz, suite_id)); + projectB.query("COMMIT WORK"); + # Finally... install_count = install_count + 1; ################################################################################ diff --git a/katie.py b/katie.py index fea6ca92..f611b81b 100644 --- a/katie.py +++ b/katie.py @@ -2,7 +2,7 @@ # Utility functions for katie # Copyright (C) 2001, 2002 James Troup -# $Id: katie.py,v 1.22 2002-05-19 00:47:07 troup Exp $ +# $Id: katie.py,v 1.23 2002-05-23 12:18:32 troup Exp $ # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -391,16 +391,25 @@ distribution."""; self.announce(short_summary, 1) # Special support to enable clean auto-building of accepted packages - if Cnf.FindB("Dinstall::SpecialAcceptedAutoBuild") and \ - self.pkg.changes["distribution"].has_key("unstable"): - self.projectB.query("BEGIN WORK"); + self.projectB.query("BEGIN WORK"); + for suite in self.pkg.changes["distribution"].keys(): + if suite not in Cnf.ValueList("Dinstall::AcceptedAutoBuildSuites"): + continue; + suite_id = db_access.get_suite_id(suite); + dest_dir = Cnf["Dir::AcceptedAutoBuild"]; + if Cnf.FindB("Dinstall::SecurityAcceptedAutoBuild"): + dest_dir = os.path.join(dest_dir, suite); for file in file_keys: src = os.path.join(Cnf["Dir::Queue::Accepted"], file); - dest = os.path.join(Cnf["Dir::AcceptedAutoBuild"], file); - # Create a symlink to it - os.symlink(src, dest); + dest = os.path.join(dest_dir, file); + if Cnf.FindB("Dinstall::SecurityAcceptedAutoBuild"): + # Copy it since the original won't be readable by www-data + utils.copy(src, dest); + else: + # Create a symlink to it + os.symlink(src, dest); # Add it to the list of packages for later processing by apt-ftparchive - self.projectB.query("INSERT INTO unstable_accepted (filename, in_accepted) VALUES ('%s', 't')" % (dest)); + self.projectB.query("INSERT INTO accepted_autobuild (suite, filename, in_accepted) VALUES (%s, '%s', 't')" % (suite_id, dest)); # If the .orig.tar.gz is in the pool, create a symlink to # it (if one doesn't already exist) if self.pkg.orig_tar_id: @@ -408,7 +417,7 @@ distribution."""; for dsc_file in self.pkg.dsc_files.keys(): if dsc_file[-12:] == ".orig.tar.gz": filename = dsc_file; - dest = os.path.join(Cnf["Dir::AcceptedAutoBuild"],filename); + dest = os.path.join(dest_dir, filename); # If it doesn't exist, create a symlink if not os.path.exists(dest): # Find the .orig.tar.gz in the pool @@ -419,9 +428,12 @@ distribution."""; src = os.path.join(ql[0][0], ql[0][1]); os.symlink(src, dest); # Add it to the list of packages for later processing by apt-ftparchive - self.projectB.query("INSERT INTO unstable_accepted (filename, in_accepted) VALUES ('%s', 't')" % (dest)); + self.projectB.query("INSERT INTO accepted_autobuild (suite, filename, in_accepted) VALUES (%s, '%s', 't')" % (suite_id, dest)); + # if it does, update things to ensure it's not removed prematurely + else: + self.projectB.query("UPDATE accepted_autobuild SET in_accepted = 't', last_used = NULL WHERE filename = '%s' AND suite = %s" % (dest, suite_id)); - self.projectB.query("COMMIT WORK"); + self.projectB.query("COMMIT WORK"); ########################################################################### diff --git a/rhona b/rhona index 7033a23e..fe119520 100755 --- a/rhona +++ b/rhona @@ -2,7 +2,7 @@ # rhona, cleans up unassociated binary and source packages # Copyright (C) 2000, 2001, 2002 James Troup -# $Id: rhona,v 1.23 2002-05-08 11:13:30 troup Exp $ +# $Id: rhona,v 1.24 2002-05-23 12:18:32 troup Exp $ # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -288,7 +288,7 @@ SELECT f.id FROM fingerprint f def clean_accepted_autobuild(): global now_date; - if not Cnf.FindB("Dinstall::SpecialAcceptedAutoBuild") or Options["No-Action"]: + if not Cnf.ValueList("Dinstall::AcceptedAutoBuildSuites") or Options["No-Action"]: return; print "Cleaning out accepted autobuild symlinks..." @@ -296,19 +296,20 @@ def clean_accepted_autobuild(): our_delete_date = time.strftime("%Y-%m-%d %H:%M", time.localtime(time.time()-int(Cnf["Rhona::AcceptedAutoBuildStayOfExecution"]))); count = 0; - q = projectB.query("SELECT filename FROM unstable_accepted WHERE last_used <= '%s'" % (our_delete_date)); + q = projectB.query("SELECT filename FROM accepted_autobuild WHERE last_used <= '%s'" % (our_delete_date)); for i in q.getresult(): filename = i[0]; if not os.path.exists(filename): - utils.fubar("%s (from unstable_accepted) doesn't exist." % (filename)); - if not os.path.islink(filename): - utils.fubar("%s (from unstable_accepted) should be a symlink but isn't." % (filename)); + utils.warn("%s (from accepted_autobuild) doesn't exist." % (filename)); + continue; + if not Cnf.FindB("Dinstall::SecurityAcceptedAutoBuild") and not os.path.islink(filename): + utils.fubar("%s (from accepted_autobuild) should be a symlink but isn't." % (filename)); os.unlink(filename); count = count + 1; - projectB.query("DELETE FROM unstable_accepted WHERE last_used <= '%s'" % (our_delete_date)); + projectB.query("DELETE FROM accepted_autobuild WHERE last_used <= '%s'" % (our_delete_date)); - if count > 0: - sys.stderr.write("Cleaned %d accepted-autobuild symlinks.\n" % (count)); + if count: + sys.stderr.write("Cleaned %d accepted-autobuild files.\n" % (count)); ################################################################################ -- 2.39.2