X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=daklib%2Fchecks.py;h=c5a3f35dc6cdad45e3dca0438f9017acfc081283;hb=934c6eaee7864ecaaffaa8a85afa5464f7884268;hp=b7931f2f6d8e60a2b893f6a304b357fe88cefd31;hpb=206fb80997ed8e3aa8ee317d454a3fb9470b7ffc;p=dak.git diff --git a/daklib/checks.py b/daklib/checks.py index b7931f2f..c5a3f35d 100644 --- a/daklib/checks.py +++ b/daklib/checks.py @@ -31,11 +31,12 @@ from daklib.regexes import * from daklib.textutils import fix_maintainer, ParseMaintError import daklib.lintian as lintian import daklib.utils as utils -from daklib.upload import InvalidHashException +import daklib.upload import apt_inst import apt_pkg from apt_pkg import version_compare +import datetime import errno import os import subprocess @@ -112,13 +113,11 @@ class SignatureAndHashesCheck(Check): def check_replay(self, upload): # Use private session as we want to remember having seen the .changes # in all cases. - session = DBConn().session() + session = upload.session history = SignatureHistory.from_signed_file(upload.changes) r = history.query(session) if r is not None: - raise Reject('Signature for changes file was already seen at {0}'.format(r.seen)) - session.add(history) - session.commit() + raise Reject('Signature for changes file was already seen at {0}.\nPlease refresh the signature of the changes file if you want to upload it again.'.format(r.seen)) return True """Check signature of changes and dsc file (if included in upload) @@ -162,15 +161,32 @@ class SignatureAndHashesCheck(Check): try: for f in files: f.check(upload.directory) - except IOError as e: - if e.errno == errno.ENOENT: - raise Reject('{0} refers to non-existing file: {1}\n' - 'Perhaps you need to include it in your upload?' - .format(filename, os.path.basename(e.filename))) - raise - except InvalidHashException as e: + except daklib.upload.FileDoesNotExist as e: + raise Reject('{0}: {1}\n' + 'Perhaps you need to include the file in your upload?' + .format(filename, unicode(e))) + except daklib.upload.UploadException as e: raise Reject('{0}: {1}'.format(filename, unicode(e))) +class SignatureTimestampCheck(Check): + """Check timestamp of .changes signature""" + def check(self, upload): + changes = upload.changes + + now = datetime.datetime.utcnow() + timestamp = changes.signature_timestamp + age = now - timestamp + + age_max = datetime.timedelta(days=365) + age_min = datetime.timedelta(days=-7) + + if age > age_max: + raise Reject('{0}: Signature from {1} is too old (maximum age is {2} days)'.format(changes.filename, timestamp, age_max.days)) + if age < age_min: + raise Reject('{0}: Signature from {1} is too far in the future (tolerance is {2} days)'.format(changes.filename, timestamp, abs(age_min.days))) + + return True + class ChangesCheck(Check): """Check changes file for syntax errors.""" def check(self, upload): @@ -284,7 +300,7 @@ class BinaryCheck(Check): fn = binary.hashed_file.filename control = binary.control - for field in ('Package', 'Architecture', 'Version', 'Description'): + for field in ('Package', 'Architecture', 'Version', 'Description', 'Section'): if field not in control: raise Reject('{0}: Missing mandatory field {0}.'.format(fn, field))