X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=daklib%2Fchecks.py;h=26439aaa798e2726b5ca5cb21d6f5f8a42258c61;hb=9161d6b2afaa90adaa1dbc4e5a9b34f32b31317b;hp=b7931f2f6d8e60a2b893f6a304b357fe88cefd31;hpb=206fb80997ed8e3aa8ee317d454a3fb9470b7ffc;p=dak.git diff --git a/daklib/checks.py b/daklib/checks.py index b7931f2f..26439aaa 100644 --- a/daklib/checks.py +++ b/daklib/checks.py @@ -31,11 +31,12 @@ from daklib.regexes import * from daklib.textutils import fix_maintainer, ParseMaintError import daklib.lintian as lintian import daklib.utils as utils -from daklib.upload import InvalidHashException +import daklib.upload import apt_inst import apt_pkg from apt_pkg import version_compare +import datetime import errno import os import subprocess @@ -112,13 +113,11 @@ class SignatureAndHashesCheck(Check): def check_replay(self, upload): # Use private session as we want to remember having seen the .changes # in all cases. - session = DBConn().session() + session = upload.session history = SignatureHistory.from_signed_file(upload.changes) r = history.query(session) if r is not None: - raise Reject('Signature for changes file was already seen at {0}'.format(r.seen)) - session.add(history) - session.commit() + raise Reject('Signature for changes file was already seen at {0}.\nPlease refresh the signature of the changes file if you want to upload it again.'.format(r.seen)) return True """Check signature of changes and dsc file (if included in upload) @@ -162,15 +161,32 @@ class SignatureAndHashesCheck(Check): try: for f in files: f.check(upload.directory) - except IOError as e: - if e.errno == errno.ENOENT: - raise Reject('{0} refers to non-existing file: {1}\n' - 'Perhaps you need to include it in your upload?' - .format(filename, os.path.basename(e.filename))) - raise - except InvalidHashException as e: + except daklib.upload.FileDoesNotExist as e: + raise Reject('{0}: {1}\n' + 'Perhaps you need to include the file in your upload?' + .format(filename, unicode(e))) + except daklib.upload.UploadException as e: raise Reject('{0}: {1}'.format(filename, unicode(e))) +class SignatureTimestampCheck(Check): + """Check timestamp of .changes signature""" + def check(self, upload): + changes = upload.changes + + now = datetime.datetime.utcnow() + timestamp = changes.signature_timestamp + age = now - timestamp + + age_max = datetime.timedelta(days=365) + age_min = datetime.timedelta(days=-7) + + if age > age_max: + raise Reject('{0}: Signature from {1} is too old (maximum age is {2} days)'.format(changes.filename, timestamp, age_max.days)) + if age < age_min: + raise Reject('{0}: Signature from {1} is too far in the future (tolerance is {2} days)'.format(changes.filename, timestamp, abs(age_min.days))) + + return True + class ChangesCheck(Check): """Check changes file for syntax errors.""" def check(self, upload): @@ -284,7 +300,7 @@ class BinaryCheck(Check): fn = binary.hashed_file.filename control = binary.control - for field in ('Package', 'Architecture', 'Version', 'Description'): + for field in ('Package', 'Architecture', 'Version', 'Description', 'Section'): if field not in control: raise Reject('{0}: Missing mandatory field {0}.'.format(fn, field)) @@ -345,6 +361,11 @@ class BinaryCheck(Check): except: raise Reject('{0}: APT could not parse {1} field'.format(fn, field)) + # "Multi-Arch: no" breaks wanna-build, #768353 + multi_arch = control.get("Multi-Arch") + if multi_arch == 'no': + raise Reject('{0}: Multi-Arch: no support in Debian is broken (#768353)'.format(fn)) + class BinaryTimestampCheck(Check): """check timestamps of files in binary packages @@ -668,6 +689,7 @@ class NoSourceOnlyCheck(Check): if not allow_no_arch_indep_uploads \ and 'all' not in changes.architectures \ + and 'experimental' not in changes.distributions \ and changes.source.package_list.has_arch_indep_packages(): raise Reject('Uploads not including architecture-independent packages are not allowed.')