// The Primary GID of your users. Using uma it is the gid from group users.
ValidGID "800";
// Comma separated list of users who are in Postgres but not the passwd file
- KnownPostgres "postgres,katie,dak,www-data,qa,guest";
+ KnownPostgres "postgres,katie,dak,www-data,qa,guest,repuser";
};
Queue-Report
{
ValidGID "800";
// Comma separated list of users who are in Postgres but not the passwd file
- KnownPostgres "postgres,dak,www-data,udmsearch";
+ KnownPostgres "postgres,dak,www-data,udmsearch,repuser";
};
Queue-Report
<DirectoryMatch ~ "^/srv/(incoming\.debian\.org/(dists/|builddweb)|ftp\.debian\.org/mirror)">
Order allow,deny
- # buildd.d.o, cimarosa
+
+ Use DebianBuilddHostList
+
+ # buildd.d.o, cimarosa
allow from 206.12.19.8
- # franck.d.o
+
+ # franck.d.o
allow from 128.148.34.3
- # test access to check functionality, ganneff
+
+ # test access to check functionality, ganneff
allow from 213.146.108.162
- # alpha
- # goetz
- allow from 193.62.202.26
- # goedel (temporarily allow two addresses; see RT#1287)
- allow from 213.188.99.214
- allow from 213.188.99.208
- # amd64
- # barber
- allow from 194.177.211.203
- allow from 2001:648:2ffc:deb:214:22ff:feb2:2370
- # brahms
- Allow from 206.12.19.115
+
+ # Should be in DSA list
+ # amd64
# vitry (archive rebuild)
allow from 194.177.211.206
allow from 2001:648:2ffc:deb:214:22ff:feb2:122c
# krenek (archive rebuild)
allow from 194.177.211.207
allow from 2001:648:2ffc:deb:214:22ff:feb1:ff56
- # arm
- # netwinder
+
+ # Known Extras
+
+ # No idea about
+ # arm
+ ## netwinder
allow from 192.133.104.24
- #
+ ##
allow from 217.147.81.26
- # toffee
+ ## toffee
allow from 78.32.9.218
- #
+ ##
allow from 86.3.74.169
- # nw1.xandros
+ ## nw1.xandros
allow from 67.210.160.89
- # nw2.xandros
+ ## nw2.xandros
allow from 67.210.160.90
- # hdges.billgatliff
+ ## hdges.billgatliff
allow from 209.251.101.204
- # armel
- # arcadelt
- allow from 82.195.75.87
- # argento
- allow from 93.94.130.160
- # allegri
+
+ # armel
+ ## allegri
allow from 157.193.39.233
- # ancina
- allow from 157.193.39.13
- # arnold
- allow from 217.140.96.57
- # alain
- allow from 217.140.96.58
- # alwyn
- allow from 217.140.96.59
- # antheil
- allow from 217.140.96.60
- # hppa
- # sarti
- allow from 193.201.200.199
- # bld3.mmjgroup
+
+ # hppa
+ ## bld3.mmjgroup
allow from 192.25.206.243
- # peri
- allow from 192.25.206.15
- #
- allow from 192.25.206.68
- # lafayette
- allow from 147.215.7.160
- # paer
+ ## paer
allow from 192.25.206.11
- # hurd-i386
- # rossini (NOT .debian.org)
+
+ # hurd-i386
+ ## rossini (NOT .debian.org)
allow from 192.33.98.55
- # back / mozart (xen domains; NOT .debian.org)
+ ## back / mozart (xen domains; NOT .debian.org)
allow from 80.87.129.151
- # i386
- # murphy
- Allow from 70.103.162.31
- # biber
- allow from 194.177.211.204
- allow from 2001:648:2ffc:deb:214:22ff:feb2:1268
- # ia64
- # caballero
- allow from 193.201.200.200
- # mundi
+
+ # ia64
+ ## mundi
allow from 192.25.206.62
- # alkman
- allow from 192.25.206.63
- # mips
- #
+
+ # mips
+ ##
allow from 217.147.81.21
- # ball
- allow from 82.195.75.70
- allow from 2001:41b8:202:deb:202:4cff:fefe:d09
- # mayr
- allow from 140.211.166.58
- # sigrun, aba
+ ## sigrun, aba
allow from 82.195.75.68
allow from 2001:41b8:202:deb:a00:69ff:fe08:30c6
- # corelli
- allow from 206.12.19.16
- # lucatelli
- allow from 206.12.19.15
- # mipsel
- # rem
- allow from 82.195.75.68
- allow from 2001:41b8:202:deb:202:4cff:fefe:d06
- # mayer
- allow from 140.211.166.78
- # monteverdi
+
+ # mipsel
+ ## monteverdi
allow from 78.47.2.111
- # kritias, aba
+ ## kritias, aba
allow from 78.46.213.163
- # powerpc
- # static-72-66-115-54.washdc.fios.verizon.net
- allow from 72.66.115.54
- # praetorius
- allow from 130.239.18.121
- # poulenc
- allow from 144.32.168.77
- # porpora
- allow from 144.32.168.78
- # s390
- # debian01.zseries
+
+ # s390
+ ## debian01.zseries
allow from 195.243.109.161
- # l003092.zseriespenguins.ihost.com
+ ## l003092.zseriespenguins.ihost.com
allow from 32.97.40.46
- #
+ ##
allow from 148.100.96.45
- #
+ ##
allow from 148.100.96.52
- # lxdebian.bfinv
+ ## lxdebian.bfinv
allow from 80.245.147.60
- # zandonai
- allow from 80.245.147.46
- # sparc
- # spontini
- allow from 206.12.19.14
- # lebrun
- allow from 193.198.184.10
- # schroeder
- allow from 193.198.184.11
- # titan.ayous.org ('non-standard' buildd; contact HE)
+
+ # sparc
+ ## titan.ayous.org ('non-standard' buildd; contact HE)
allow from 82.195.75.33
- # kfreebsd
- # amd64
- # fasch
- allow from 194.177.211.201
- # fano
- allow from 206.12.19.110
- # i386
+
+ # kfreebsd
+ ## i386
# himalai1, ganymede1
allow from 129.175.22.65
- # field
- allow from 194.177.211.210
- # luchesi
- # Password based due to being KVM instance
- # allow from 137.82.84.78
-# dynamics use password auth
+ ## luchesi
+ ## Password based due to being KVM instance
+ ## allow from 137.82.84.78
+
+ # Dynamics use password auth
+
AuthType Basic
AuthName "incoming.debian.org"
AuthUserFile /srv/incoming.debian.org/htpasswd
{
ValidGID "800";
// Comma separated list of users who are in Postgres but not the passwd file
- KnownPostgres "postgres,dak,katie,release,qa,www-data,guest";
+ KnownPostgres "postgres,dak,katie,release,qa,www-data,guest,repuser";
};
Clean-Queues
rsync -aH -B8192 \
--exclude backup/*.xz \
--exclude backup/dump* \
- --exclude database/*.db \
+ --exclude database/\*.db \
${EXTRA} \
--exclude mirror \
--exclude morgue/ \
-s, --suite={stable,testing,unstable,...}
only operate on specified suite names
+ -c, --component={main,contrib,non-free}
+ only operate on specified components
+
-f, --force
write Contents files for suites marked as untouchable, too
################################################################################
-def write_all(cnf, suite_names = [], force = None):
+def write_all(cnf, suite_names = [], component_names = [], force = None):
Logger = daklog.Logger(cnf.Cnf, 'contents generate')
- ContentsWriter.write_all(Logger, suite_names, force)
+ ContentsWriter.write_all(Logger, suite_names, component_names, force)
Logger.close()
################################################################################
cnf = Config()
cnf['Contents::Options::Help'] = ''
cnf['Contents::Options::Suite'] = ''
+ cnf['Contents::Options::Component'] = ''
cnf['Contents::Options::Limit'] = ''
cnf['Contents::Options::Force'] = ''
- arguments = [('h', "help", 'Contents::Options::Help'),
- ('s', "suite", 'Contents::Options::Suite', "HasArg"),
- ('l', "limit", 'Contents::Options::Limit', "HasArg"),
- ('f', "force", 'Contents::Options::Force'),
+ arguments = [('h', "help", 'Contents::Options::Help'),
+ ('s', "suite", 'Contents::Options::Suite', "HasArg"),
+ ('c', "component", 'Contents::Options::Component', "HasArg"),
+ ('l', "limit", 'Contents::Options::Limit', "HasArg"),
+ ('f', "force", 'Contents::Options::Force'),
]
args = apt_pkg.ParseCommandLine(cnf.Cnf, arguments, sys.argv)
options = cnf.SubTree('Contents::Options')
binary_scan_all(cnf, limit)
return
- suite_names = utils.split_args(options['Suite'])
+ suite_names = utils.split_args(options['Suite'])
+ component_names = utils.split_args(options['Component'])
force = bool(options['Force'])
if args[0] == 'generate':
- write_all(cnf, suite_names, force)
+ write_all(cnf, suite_names, component_names, force)
return
usage()
--- /dev/null
+#!/usr/bin/env python
+# coding=utf8
+
+"""
+Fix permissions again
+
+@contact: Debian FTP Master <ftpmaster@debian.org>
+@copyright: 2011 Mark Hymers <mhy@debian.org>
+@license: GNU General Public License version 2 or later
+"""
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+################################################################################
+
+import psycopg2
+from daklib.dak_exceptions import DBUpdateError
+
+################################################################################
+def do_update(self):
+ """
+ Fix up permissions (again)
+ """
+ print __doc__
+ try:
+ c = self.db.cursor()
+
+ for table in ['build_queue_policy_files',
+ 'version_check']:
+ c.execute("""GRANT SELECT, UPDATE, INSERT ON %s TO ftpmaster""" % table)
+ c.execute("""GRANT SELECT ON %s TO public""" % table)
+
+ # Make sure all sequences are fixed up
+ for seq in ['architecture_id_seq',
+ 'archive_id_seq',
+ 'bin_associations_id_seq',
+ 'binaries_id_seq',
+ 'binary_acl_id_seq',
+ 'binary_acl_map_id_seq',
+ 'build_queue_files_id_seq',
+ 'build_queue_id_seq',
+ 'changelogs_text_id_seq',
+ 'changes_id_seq',
+ 'changes_pending_binaries_id_seq',
+ 'changes_pending_files_id_seq',
+ 'changes_pending_source_id_seq',
+ 'component_id_seq',
+ 'config_id_seq',
+ 'dsc_files_id_seq',
+ 'files_id_seq',
+ 'fingerprint_id_seq',
+ 'keyring_acl_map_id_seq',
+ 'keyrings_id_seq',
+ 'location_id_seq',
+ 'maintainer_id_seq',
+ 'metadata_keys_key_id_seq',
+ 'new_comments_id_seq',
+ 'override_type_id_seq',
+ 'policy_queue_id_seq',
+ 'priority_id_seq',
+ 'section_id_seq',
+ 'source_acl_id_seq',
+ 'source_id_seq',
+ 'src_associations_id_seq',
+ 'src_format_id_seq',
+ 'src_uploaders_id_seq',
+ 'suite_id_seq',
+ 'uid_id_seq',
+ 'upload_blocks_id_seq']:
+ c.execute("""GRANT SELECT, UPDATE, USAGE ON %s TO ftpmaster""" % seq)
+ c.execute("""GRANT SELECT ON %s TO public""" % seq)
+
+ c.execute("UPDATE config SET value = '58' WHERE name = 'db_revision'")
+ self.db.commit()
+
+ except psycopg2.ProgrammingError, msg:
+ self.db.rollback()
+ raise DBUpdateError, 'Unable to apply sick update 58, rollback issued. Error message : %s' % (str(msg))
for archobj in architectures:
architecture = archobj.arch_string
- if architecture != "source":
- # Process Contents
- file = "%s/Contents-%s" % (Cnf["Dir::Root"] + tree,
- architecture)
- storename = "%s/%s_contents_%s" % (Options["TempDir"], suite, architecture)
- genchanges(Options, file + ".diff", storename, file, \
- Cnf.get("Suite::%s::Generate-Index-Diffs::MaxDiffs::Contents" % (suite), maxcontents))
-
# use sections instead of components since dak.conf
# treats "foo/bar main" as suite "foo", suitesuffix "bar" and
# component "bar/main". suck.
longarch = "binary-%s"% (architecture)
packages = "Packages"
maxsuite = maxpackages
+ # Process Contents
+ file = "%s/%s/Contents-%s" % (Cnf["Dir::Root"] + tree, component,
+ architecture)
+ storename = "%s/%s_%s_contents_%s" % (Options["TempDir"], suite, component, architecture)
+ genchanges(Options, file + ".diff", storename, file, \
+ Cnf.get("Suite::%s::Generate-Index-Diffs::MaxDiffs::Contents" % (suite), maxcontents))
file = "%s/%s/%s/%s" % (Cnf["Dir::Root"] + tree,
component, longarch, packages)
# We can only use one key for inline signing so use the first one in
# the array for consistency
- firstkey = False
+ firstkey = True
for keyid in suite.signingkeys:
defkeyid = "--default-key %s" % keyid
suite_suffix = "%s" % (cnf.Find("Dinstall::SuiteSuffix"))
outfile = os.path.join(cnf["Dir::Root"], 'dists', "%s/%s" % (suite.suite_name, suite_suffix), "Release")
- out = open(outfile, "w")
+ out = open(outfile + ".new", "w")
for key, dbfield in attribs:
if getattr(suite, dbfield) is not None:
out.write(" %s %8d %s\n" % (fileinfo[filename][h], fileinfo[filename]['len'], filename))
out.close()
+ os.rename(outfile + '.new', outfile)
sign_release_dir(suite, os.path.dirname(outfile))
Delayed-Until: %s
Delay-Remaining: %s"""%(time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime(time.time()+u[0])),u[2])
print >> f, fields
- print >> f, str(u[5]).rstrip()
- open(os.path.join(Cnf["Show-Deferred::LinkPath"],u[1]),"w").write(str(u[5])+fields+'\n')
+ encoded = unicode(u[5]).encode('utf-8')
+ print >> f, encoded.rstrip()
+ open(os.path.join(Cnf["Show-Deferred::LinkPath"],u[1]),"w").write(encoded+fields+'\n')
print >> f
f.close()
os.rename(os.path.join(Cnf["Show-Deferred::LinkPath"],'.status.tmp'),
################################################################################
Cnf = None
-required_database_schema = 57
+required_database_schema = 58
################################################################################
def __get_file_from_pool(self, filename, entry, session):
cnf = Config()
- poolname = poolify(entry["source"], entry["component"])
- l = get_location(cnf["Dir::Pool"], entry["component"], session=session)
+ if cnf.has_key("Dinstall::SuiteSuffix"):
+ component = cnf["Dinstall::SuiteSuffix"] + entry["component"]
+ else:
+ component = entry["component"]
+
+ poolname = poolify(entry["source"], component)
+ l = get_location(cnf["Dir::Pool"], component, session=session)
found, poolfile = check_poolfile(os.path.join(poolname, filename),
entry['size'],
session=session)
if found is None:
- Logger.log(["E: Found multiple files for pool (%s) for %s" % (chg_fn, entry["component"])])
+ Logger.log(["E: Found multiple files for pool (%s) for %s" % (filename, component)])
return None
elif found is False and poolfile is not None:
- Logger.log(["E: md5sum/size mismatch for %s in pool" % (chg_fn)])
+ Logger.log(["E: md5sum/size mismatch for %s in pool" % (filename)])
return None
else:
if poolfile is None:
- Logger.log(["E: Could not find %s in pool" % (chg_fn)])
+ Logger.log(["E: Could not find %s in pool" % (filename)])
return None
else:
return poolfile
'''
BinaryContentsWriter writes the Contents-$arch.gz files.
'''
- def __init__(self, suite, architecture, overridetype, component = None):
+ def __init__(self, suite, architecture, overridetype, component):
self.suite = suite
self.architecture = architecture
self.overridetype = overridetype
params = {
'suite': self.suite.suite_id,
'overridesuite': overridesuite.suite_id,
+ 'component': self.component.component_id,
'arch_all': get_architecture('all', self.session).arch_id,
'arch': self.architecture.arch_id,
'type_id': self.overridetype.overridetype_id,
'type': self.overridetype.overridetype,
}
- if self.component is not None:
- params['component'] = self.component.component_id
- sql = '''
+ sql = '''
create temp table newest_binaries (
id integer primary key,
package text);
where o.suite = :overridesuite and o.type = :type_id and o.section = s.id and
o.component = :component)
-select bc.file, string_agg(o.section || '/' || b.package, ',' order by b.package) as pkglist
- from newest_binaries b, bin_contents bc, unique_override o
- where b.id = bc.binary_id and o.package = b.package
- group by bc.file'''
-
- else:
- sql = '''
-create temp table newest_binaries (
- id integer primary key,
- package text);
-
-create index newest_binaries_by_package on newest_binaries (package);
-
-insert into newest_binaries (id, package)
- select distinct on (package) id, package from binaries
- where type = :type and
- (architecture = :arch_all or architecture = :arch) and
- id in (select bin from bin_associations where suite = :suite)
- order by package, version desc;
-
-with
-
-unique_override as
- (select distinct on (o.package, s.section) o.package, s.section
- from override o, section s
- where o.suite = :overridesuite and o.type = :type_id and o.section = s.id
- order by o.package, s.section, o.modified desc)
-
select bc.file, string_agg(o.section || '/' || b.package, ',' order by b.package) as pkglist
from newest_binaries b, bin_contents bc, unique_override o
where b.id = bc.binary_id and o.package = b.package
'''
values = {
'suite': self.suite.suite_name,
+ 'component': self.component.component_name,
+ 'debtype': self.overridetype.overridetype,
'architecture': self.architecture.arch_string,
}
- if self.component is not None:
- values['component'] = self.component.component_name
return BinaryContentsFileWriter(**values)
def get_header(self):
writer.close()
-def binary_helper(suite_id, arch_id, overridetype_id, component_id = None):
+def binary_helper(suite_id, arch_id, overridetype_id, component_id):
'''
This function is called in a new subprocess and multiprocessing wants a top
level function.
suite = Suite.get(suite_id, session)
architecture = Architecture.get(arch_id, session)
overridetype = OverrideType.get(overridetype_id, session)
- log_message = [suite.suite_name, architecture.arch_string, overridetype.overridetype]
- if component_id is None:
- component = None
- else:
- component = Component.get(component_id, session)
- log_message.append(component.component_name)
+ component = Component.get(component_id, session)
+ log_message = [suite.suite_name, architecture.arch_string, \
+ overridetype.overridetype, component.component_name]
contents_writer = BinaryContentsWriter(suite, architecture, overridetype, component)
contents_writer.write_file()
return log_message
class_.logger.log(result)
@classmethod
- def write_all(class_, logger, suite_names = [], force = False):
+ def write_all(class_, logger, suite_names = [], component_names = [], force = False):
'''
Writes all Contents files for suites in list suite_names which defaults
to all 'touchable' suites if not specified explicitely. Untouchable
suite_query = session.query(Suite)
if len(suite_names) > 0:
suite_query = suite_query.filter(Suite.suite_name.in_(suite_names))
+ component_query = session.query(Component)
+ if len(component_names) > 0:
+ component_query = component_query.filter(Component.component_name.in_(component_names))
if not force:
suite_query = suite_query.filter_by(untouchable = False)
deb_id = get_override_type('deb', session).overridetype_id
udeb_id = get_override_type('udeb', session).overridetype_id
- main_id = get_component('main', session).component_id
- contrib_id = get_component('contrib', session).component_id
- non_free_id = get_component('non-free', session).component_id
pool = Pool()
for suite in suite_query:
suite_id = suite.suite_id
- # handle source packages
- pool.apply_async(source_helper, (suite_id, main_id),
- callback = class_.log_result)
- pool.apply_async(source_helper, (suite_id, contrib_id),
- callback = class_.log_result)
- pool.apply_async(source_helper, (suite_id, non_free_id),
- callback = class_.log_result)
- for architecture in suite.get_architectures(skipsrc = True, skipall = True):
- arch_id = architecture.arch_id
- # handle 'deb' packages
- pool.apply_async(binary_helper, (suite_id, arch_id, deb_id), \
- callback = class_.log_result)
- # handle 'udeb' packages for 'main' and 'non-free'
- pool.apply_async(binary_helper, (suite_id, arch_id, udeb_id, main_id), \
- callback = class_.log_result)
- pool.apply_async(binary_helper, (suite_id, arch_id, udeb_id, non_free_id), \
+ for component in component_query:
+ component_id = component.component_id
+ # handle source packages
+ pool.apply_async(source_helper, (suite_id, component_id),
callback = class_.log_result)
+ for architecture in suite.get_architectures(skipsrc = True, skipall = True):
+ arch_id = architecture.arch_id
+ # handle 'deb' packages
+ pool.apply_async(binary_helper, (suite_id, arch_id, deb_id, component_id), \
+ callback = class_.log_result)
+ # handle 'udeb' packages
+ pool.apply_async(binary_helper, (suite_id, arch_id, udeb_id, component_id), \
+ callback = class_.log_result)
pool.close()
pool.join()
session.close()
# Check if we have a file of this name or this ID already
for f in self.queuefiles:
- if f.fileid is not None and f.fileid == poolfile.file_id or \
- f.poolfile.filename == poolfile_basename:
+ if (f.fileid is not None and f.fileid == poolfile.file_id) or \
+ (f.poolfile is not None and f.poolfile.filename == poolfile_basename):
# In this case, update the BuildQueueFile entry so we
# don't remove it too early
f.lastused = datetime.now()
'''
Returns a file object for writing.
'''
+ # create missing directories
+ try:
+ os.makedirs(os.path.dirname(self.path))
+ except:
+ pass
self.file = open(self.path + '.new', 'w')
return self.file
'bzip2': False
}
flags.update(keywords)
- if 'component' in flags:
+ if flags['debtype'] == 'deb':
template = "dists/%(suite)s/%(component)s/Contents-%(architecture)s"
- else:
- template = "dists/%(suite)s/Contents-%(architecture)s"
+ else: # udeb
+ template = "dists/%(suite)s/%(component)s/Contents-udeb-%(architecture)s"
BaseFileWriter.__init__(self, template, **flags)
class SourceContentsFileWriter(BaseFileWriter):
# Read in the TEMPKEYDATAFILE, but avoid using a subshell like a
# while read line otherwise would do
exec 4<> "${TEMPKEYDATA}"
- error=""
+ KEYUID=""
+ #pub:-:4096:1:FAB983612A6554FA:2011-03-24:2011-07-22::-:buildd autosigning key poulenc <buildd_powerpc-poulenc@buildd.debian.org>:
+
+ # Of course this sucky gpg crapshit of an "interface" does give you different things depending on how people
+ # created their keys. And of course the buildd people created the test keys differently to what they now do
+ # which just means extra work for nothing. So as they now do other steps, the thing we get back suddenly looks like
+
+ #pub:-:4096:1:99595DC7865BEAD2:2011-03-26:2011-07-24::-:
+ #uid:::::::::buildd autosigning key corelli <buildd_mips-corelli@buildd.debian.org>:
+
+ # Besides fiddling out the data we need to check later, this regex also check:
+ # - the keytype (:1:, 1 there means RSA)
+ # - the UID
+ # - that the key does have an expiration date (or it wont match, the second date
+ # field would be empty
+ regex="^pub:-:([0-9]{4}):1:([0-9A-F]{16}):([0-9]{4}-[0-9]{2}-[0-9]{2}):([0-9]{4}-[0-9]{2}-[0-9]{2})::-:(buildd autosigning key ${BUILDD} <buildd_${ARCH}-${BUILDD}@buildd.debian.org>):$"
+ regex2="^pub:-:([0-9]{4}):1:([0-9A-F]{16}):([0-9]{4}-[0-9]{2}-[0-9]{2}):([0-9]{4}-[0-9]{2}-[0-9]{2})::-:$"
+ regex3="^uid:::::::::(buildd autosigning key ${BUILDD} <buildd_${ARCH}-${BUILDD}@buildd.debian.org>):$"
while read line <&4; do
- #pub:-:4096:1:FAB983612A6554FA:2011-03-24:2011-07-22::-:buildd autosigning key poulenc <buildd_powerpc-poulenc@buildd.debian.org>:
-
- # Besides fiddling out the data we need to check later, this regex also check:
- # - the keytype (:1:, 1 there means RSA)
- # - the UID
- # - that the key does have an expiration date (or it wont match, the second date
- # field would be empty
- regex="^pub:-:([0-9]{4}):1:([0-9A-F]{16}):([0-9]{4}-[0-9]{2}-[0-9]{2}):([0-9]{4}-[0-9]{2}-[0-9]{2})::-:buildd autosigning key ${BUILDD} <buildd_${ARCH}-${BUILDD}@buildd.debian.org>:$"
if [[ $line =~ $regex ]]; then
KEYSIZE=${BASH_REMATCH[1]}
KEYID=${BASH_REMATCH[2]}
KEYCREATE=${BASH_REMATCH[3]}
KEYEXPIRE=${BASH_REMATCH[4]}
-
- # We do want 4096 or anything above
- if [ ${KEYSIZE} -lt 4096 ]; then
- log "Keysize ${KEYSIZE} too small"
- error="${error} Keysize ${KEYSIZE} too small"
- continue
- fi
-
- # We want a maximum lifetime of 120 days, so check that.
- # Easiest to compare in epoch, so lets see, 120 days midnight from now,
- # compared with their set expiration date at midnight
- # maxdate should turn out higher. just in case we make it 121 for this check
- maxdate=$(date -d '121 day 00:00:00' +%s)
- theirexpire=$(date -d "${KEYEXPIRE} 00:00:00" +%s)
- if [ ${theirexpire} -gt ${maxdate} ]; then
- log "Key expiry ${KEYEXPIRE} wrong"
- error="${error} Key expiry ${KEYEXPIRE} wrong"
- continue
- fi
- else
- log "Unknown line $line, sod off"
- error="${error} Unknown line $line, sod off"
- continue
- fi
+ KEYUID=${BASH_REMATCH[5]}
+ elif [[ $line =~ $regex2 ]]; then
+ KEYSIZE=${BASH_REMATCH[1]}
+ KEYID=${BASH_REMATCH[2]}
+ KEYCREATE=${BASH_REMATCH[3]}
+ KEYEXPIRE=${BASH_REMATCH[4]}
+ elif [[ $line =~ $regex3 ]]; then
+ KEYUID=${BASH_REMATCH[1]}
+ else
+ log "Didn't recognize the key. Go kiss gpg"
+ DATE=$(date -Is)
+ mv "${INCOMING}/${file}" "${ERRORS}/badkey.${file}.${DATE}"
+ mv "${GPGSTATUS}" "${ERRORS}/badkey.${file}.gpgstatus.${DATE}"
+ mv "${GPGLOGS}" "${ERRORS}/badkey.${file}.gpglogs.${DATE}"
+ rm -f "${GPGOUTF}"
+ continue
+ fi
done
- if [ -n "${error}" ]; then
- log ${error}
+ if [ -z "${KEYUID}" ]; then
+ log "Did not recognize the UID format"
DATE=$(date -Is)
- mv "${INCOMING}/${file}" "${ERRORS}/badkey.${file}.${DATE}"
- mv "${GPGSTATUS}" "${ERRORS}/badkey.${file}.gpgstatus.${DATE}"
- mv "${GPGLOGS}" "${ERRORS}/badkey.${file}.gpglogs.${DATE}"
- echo "${error}" >> "${ERRORS}/badkey.${file}.error.${DATE}"
+ mv "${INCOMING}/${file}" "${ERRORS}/keyuid.${file}.${DATE}"
+ mv "${GPGSTATUS}" "${ERRORS}/keyuid.${file}.gpgstatus.${DATE}"
+ mv "${GPGLOGS}" "${ERRORS}/keyuid.${file}.gpglogs.${DATE}"
rm -f "${GPGOUTF}"
- continue
+ continue
+ fi
+ # We do want 4096 or anything above
+ if [ ${KEYSIZE} -lt 4096 ]; then
+ log "Keysize ${KEYSIZE} too small"
+ DATE=$(date -Is)
+ mv "${INCOMING}/${file}" "${ERRORS}/keysize.${file}.${DATE}"
+ mv "${GPGSTATUS}" "${ERRORS}/keysize.${file}.gpgstatus.${DATE}"
+ mv "${GPGLOGS}" "${ERRORS}/keysize.${file}.gpglogs.${DATE}"
+ rm -f "${GPGOUTF}"
+ continue
+ fi
+
+ # We want a maximum lifetime of 120 days, so check that.
+ # Easiest to compare in epoch, so lets see, 120 days midnight from now,
+ # compared with their set expiration date at midnight
+ # maxdate should turn out higher. just in case we make it 121 for this check
+ maxdate=$(date -d '121 day 00:00:00' +%s)
+ theirexpire=$(date -d "${KEYEXPIRE} 00:00:00" +%s)
+ if [ ${theirexpire} -gt ${maxdate} ]; then
+ log "Key expiry ${KEYEXPIRE} wrong"
+ DATE=$(date -Is)
+ mv "${INCOMING}/${file}" "${ERRORS}/keyexpire.${file}.${DATE}"
+ mv "${GPGSTATUS}" "${ERRORS}/keyexpire.${file}.gpgstatus.${DATE}"
+ mv "${GPGLOGS}" "${ERRORS}/keyexpire.${file}.gpglogs.${DATE}"
+ rm -f "${GPGOUTF}"
+ continue
fi
# And now lets check how many keys this buildd already has. 2 is the maximum, so key
# Right. At this point everything should be in order, which means we should put the key into
# the keyring
- log "Accepting key ${KEYID} for ${ARCH} buildd ${BUILDD}, expire ${KEYEXPIRE}"
+ KEYSUBMITTER=$(cat "${GPGSTATUS}"|grep GOODSIG)
+ KEYSUBMITTER=${KEYSUBMITTER##*GOODSIG}
+ log "${KEYSUBMITTER} added key ${KEYID} for ${ARCH} buildd ${BUILDD}, expire ${KEYEXPIRE}"
gpg ${DEFGPGOPT} --status-fd 4 --logger-fd 5 --keyring "${ARCHKEYRING}" --import "${GPGOUTF}" 2>/dev/null
mv "${INCOMING}/${file}" "${base}/${ARCH}"
self.setup_overrides()
self.binary['hello_2.2-1_i386'].contents.append(BinContents(file = '/usr/bin/hello'))
self.session.commit()
- cw = BinaryContentsWriter(self.suite['squeeze'], self.arch['i386'], self.otype['deb'])
+ cw = BinaryContentsWriter(self.suite['squeeze'], self.arch['i386'], \
+ self.otype['deb'], self.comp['main'])
self.assertEqual(['/usr/bin/hello python/hello\n'], \
cw.get_list())
# test formatline and sort order
self.assertEqual('/usr/bin/hello python/hello\n', \
cw.formatline('/usr/bin/hello', 'python/hello'))
- # test output_filename
- self.assertEqual('tests/fixtures/ftp/dists/squeeze/Contents-i386.gz', \
- normpath(cw.output_filename()))
- cw = BinaryContentsWriter(self.suite['squeeze'], self.arch['i386'], \
- self.otype['udeb'], self.comp['main'])
- self.assertEqual('tests/fixtures/ftp/dists/squeeze/main/Contents-i386.gz', \
- normpath(cw.output_filename()))
# test unicode support
self.binary['hello_2.2-1_i386'].contents.append(BinContents(file = '\xc3\xb6'))
self.session.commit()