X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=daklib%2Fchecks.py;h=3fb883c539270a0e9f4a8f7689af60d9302efe2c;hb=01b9a74483f93f1d87a3a44ab748a9ea3b4e7dbf;hp=d148d15bdd9f7d0959cae33e7163ac620e84e6ec;hpb=a30decdb682d9446e0141b231fd03cf365d74d52;p=dak.git

diff --git a/daklib/checks.py b/daklib/checks.py
index d148d15b..3fb883c5 100644
--- a/daklib/checks.py
+++ b/daklib/checks.py
@@ -39,6 +39,7 @@ from apt_pkg import version_compare
 import errno
 import os
 import subprocess
+import textwrap
 import time
 import yaml
 
@@ -108,6 +109,18 @@ class Check(object):
         return False
 
 class SignatureAndHashesCheck(Check):
+    def check_replay(self, upload):
+        # Use private session as we want to remember having seen the .changes
+        # in all cases.
+        session = DBConn().session()
+        history = SignatureHistory.from_signed_file(upload.changes)
+        r = history.query(session)
+        if r is not None:
+            raise Reject('Signature for changes file was already seen at {0}.\nPlease refresh the signature of the changes file if you want to upload it again.'.format(r.seen))
+        session.add(history)
+        session.commit()
+        return True
+
     """Check signature of changes and dsc file (if included in upload)
 
     Make sure the signature is valid and done by a known user.
@@ -116,6 +129,7 @@ class SignatureAndHashesCheck(Check):
         changes = upload.changes
         if not changes.valid_signature:
             raise Reject("Signature for .changes not valid.")
+        self.check_replay(upload)
         self._check_hashes(upload, changes.filename, changes.files.itervalues())
 
         source = None
@@ -551,16 +565,18 @@ class TransitionCheck(Check):
         if transitions is None:
             return True
 
+        session = upload.session
+
         control = upload.changes.changes
         source = re_field_source.match(control['Source']).group('package')
 
         for trans in transitions:
             t = transitions[trans]
-            source = t["source"]
+            transition_source = t["source"]
             expected = t["new"]
 
             # Will be None if nothing is in testing.
-            current = get_source_in_suite(source, "testing", session)
+            current = get_source_in_suite(transition_source, "testing", session)
             if current is not None:
                 compare = apt_pkg.version_compare(current.version, expected)
 
@@ -587,7 +603,7 @@ currently {1}, we need version {2}).  This transition is managed by the
 Release Team, and {3} is the Release-Team member responsible for it.
 Please mail debian-release@lists.debian.org or contact {3} directly if you
 need further assistance.  You might want to upload to experimental until this
-transition is done.""".format(source, currentlymsg, expected,t["rm"])))
+transition is done.""".format(transition_source, currentlymsg, expected,t["rm"])))
 
                     raise Reject(rejectmsg)
 
@@ -609,17 +625,52 @@ transition is done.""".format(source, currentlymsg, expected,t["rm"])))
         return None
 
 class NoSourceOnlyCheck(Check):
+    def is_source_only_upload(self, upload):
+        changes = upload.changes
+        if changes.source is not None and len(changes.binaries) == 0:
+            return True
+        return False
+
     """Check for source-only upload
 
     Source-only uploads are only allowed if Dinstall::AllowSourceOnlyUploads is
     set. Otherwise they are rejected.
+
+    Source-only uploads are only accepted for source packages having a
+    Package-List field that also lists architectures per package. This
+    check can be disabled via
+    Dinstall::AllowSourceOnlyUploadsWithoutPackageList.
+
+    Source-only uploads to NEW are only allowed if
+    Dinstall::AllowSourceOnlyNew is set.
+
+    Uploads not including architecture-independent packages are only
+    allowed if Dinstall::AllowNoArchIndepUploads is set.
+
     """
     def check(self, upload):
-        if Config().find_b("Dinstall::AllowSourceOnlyUploads"):
+        if not self.is_source_only_upload(upload):
             return True
+
+        allow_source_only_uploads = Config().find_b('Dinstall::AllowSourceOnlyUploads')
+        allow_source_only_uploads_without_package_list = Config().find_b('Dinstall::AllowSourceOnlyUploadsWithoutPackageList')
+        allow_source_only_new = Config().find_b('Dinstall::AllowSourceOnlyNew')
+        allow_no_arch_indep_uploads = Config().find_b('Dinstall::AllowNoArchIndepUploads')
         changes = upload.changes
-        if changes.source is not None and len(changes.binaries) == 0:
+
+        if not allow_source_only_uploads:
             raise Reject('Source-only uploads are not allowed.')
+        if not allow_source_only_uploads_without_package_list \
+           and changes.source.package_list.fallback:
+            raise Reject('Source-only uploads are only allowed if a Package-List field that also list architectures is included in the source package. dpkg (>= 1.17.7) includes this information.')
+        if not allow_source_only_new and upload.new:
+            raise Reject('Source-only uploads to NEW are not allowed.')
+
+        if not allow_no_arch_indep_uploads \
+           and 'all' not in changes.architectures \
+           and changes.source.package_list.has_arch_indep_packages():
+            raise Reject('Uploads not including architecture-independent packages are not allowed.')
+
         return True
 
 class LintianCheck(Check):