Check hashes from .changes before loading .dsc.

diff --git a/daklib/archive.py b/daklib/archive.py
index 806ba40211b82d31ee6840aa8e8e48e9c6875436..e2b3a17a5ccf10c6e69d1492d760c6480dab1976 100644 (file)
--- a/daklib/archive.py
+++ b/daklib/archive.py
@@ -887,9 +887,8 @@ class ArchiveUpload(object):
         try:
             # Validate signatures and hashes before we do any real work:
             for chk in (
-                    checks.SignatureCheck,
+                    checks.SignatureAndHashesCheck,
                     checks.ChangesCheck,
-                    checks.HashesCheck,
                     checks.ExternalHashesCheck,
                     checks.SourceCheck,
                     checks.BinaryCheck,

diff --git a/daklib/checks.py b/daklib/checks.py
index 3c22f390aa0ba393a67ba5089cd22223d2405d71..bfc8a17297d1f80b7c757ee74d4523e481d7b300 100644 (file)
--- a/daklib/checks.py
+++ b/daklib/checks.py
@@ -99,7 +99,7 @@ class Check(object):
         """
         return False
 
-class SignatureCheck(Check):
+class SignatureAndHashesCheck(Check):
     """Check signature of changes and dsc file (if included in upload)
 
     Make sure the signature is valid and done by a known user.
@@ -108,14 +108,47 @@ class SignatureCheck(Check):
         changes = upload.changes
         if not changes.valid_signature:
             raise Reject("Signature for .changes not valid.")
-        if changes.source is not None:
-            if not changes.source.valid_signature:
+        self._check_hashes(upload, changes.filename, changes.files.itervalues())
+
+        source = None
+        try:
+            source = changes.source
+        except Exception as e:
+            raise Reject("Invalid dsc file: {0}".format(e))
+        if source is not None:
+            if not source.valid_signature:
                 raise Reject("Signature for .dsc not valid.")
-            if changes.source.primary_fingerprint != changes.primary_fingerprint:
+            if source.primary_fingerprint != changes.primary_fingerprint:
                 raise Reject(".changes and .dsc not signed by the same key.")
+            self._check_hashes(upload, source.filename, source.files.itervalues())
+
         if upload.fingerprint is None or upload.fingerprint.uid is None:
             raise Reject(".changes signed by unknown key.")
 
+    """Make sure hashes match existing files
+
+    @type  upload: L{daklib.archive.ArchiveUpload}
+    @param upload: upload we are processing
+
+    @type  filename: str
+    @param filename: name of the file the expected hash values are taken from
+
+    @type  files: sequence of L{daklib.upload.HashedFile}
+    @param files: files to check the hashes for
+    """
+    def _check_hashes(self, upload, filename, files):
+        try:
+            for f in files:
+                f.check(upload.directory)
+        except IOError as e:
+            if e.errno == errno.ENOENT:
+                raise Reject('{0} refers to non-existing file: {1}\n'
+                             'Perhaps you need to include it in your upload?'
+                             .format(filename, os.path.basename(e.filename)))
+            raise
+        except InvalidHashException as e:
+            raise Reject('{0}: {1}'.format(what, unicode(e)))
+
 class ChangesCheck(Check):
     """Check changes file for syntax errors."""
     def check(self, upload):
@@ -173,29 +206,6 @@ class ChangesCheck(Check):
 
         return True
 
-class HashesCheck(Check):
-    """Check hashes in .changes and .dsc are valid."""
-    def check(self, upload):
-        what = None
-        try:
-            changes = upload.changes
-            what = changes.filename
-            for f in changes.files.itervalues():
-                f.check(upload.directory)
-            source = changes.source
-            if source is not None:
-                what = source.filename
-                for f in source.files.itervalues():
-                    f.check(upload.directory)
-        except IOError as e:
-            if e.errno == errno.ENOENT:
-                raise Reject('{0} refers to non-existing file: {1}\n'
-                             'Perhaps you need to include it in your upload?'
-                             .format(what, os.path.basename(e.filename)))
-            raise
-        except InvalidHashException as e:
-            raise Reject('{0}: {1}'.format(what, unicode(e)))
-
 class ExternalHashesCheck(Check):
     """Checks hashes in .changes and .dsc against an external database."""
     def check_single(self, session, f):