[dak/security] more safety nets when our functions do not do what we expect from them
2008-09-07 Philipp Kern <pkern@debian.org>
* daklib/utils.py (check_hash): change the comment and warn
if a file is not found when checking the hashes (i.e. when
it is probably in the pool)
* daklib/utils.py (check_size): do not bail out if the file
is not found, because it may be in the pool
* dak/process_accepted.py (install): bail out and skip the
upload when ensure_hashes fails, print the rejection messages
as warnings
Signed-off-by: Philipp Kern <pkern@debian.org>
---
ChangeLog | 13 +++++++++++++
dak/process_accepted.py | 10 +++++++---
daklib/utils.py | 17 ++++++++++++++---
3 files changed, 34 insertions(+), 6 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 5448fb9..a5469a1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2008-09-07 Philipp Kern <pkern@debian.org>
+
+ * daklib/utils.py (check_hash): change the comment and warn
+ if a file is not found when checking the hashes (i.e. when
+ it is probably in the pool)
+
+ * daklib/utils.py (check_size): do not bail out if the file
+ is not found, because it may be in the pool
+
+ * dak/process_accepted.py (install): bail out and skip the
+ upload when ensure_hashes fails, print the rejection messages
+ as warnings
+
2008-08-28 Philipp Kern <pkern@debian.org>
* daklib/utils.py (check_hashes): adapt to different API, check
diff --git a/dak/process_accepted.py b/dak/process_accepted.py
index 5e09243..1e3997e 100755
--- a/dak/process_accepted.py
+++ b/dak/process_accepted.py
@@ -274,9 +274,13 @@ def install ():
# Begin a transaction; if we bomb out anywhere between here and the COMMIT WORK below, the DB will not be changed.
projectB.query("BEGIN WORK")
- # Check the hashes are all present: HACK: Can go away once all dak files
- # are known to be newer than the shasum changes
- utils.ensure_hashes(changes, dsc, files, dsc_files)
+ # Ensure that we have all the hashes we need below.
+ rejmsg = utils.ensure_hashes(changes, dsc, files, dsc_files)
+ if len(rejmsg) > 0:
+ # There were errors. Print them and SKIP the changes.
+ for msg in rejmsg:
+ utils.warn(msg)
+ return
# Add the .dsc file to the DB
for file in files.keys():
diff --git a/daklib/utils.py b/daklib/utils.py
index 02278e9..8e06cf3 100755
--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -250,6 +250,7 @@ def check_hash(where, files, hashname, hashfunc):
rejmsg = []
for f in files.keys():
+ file_handle = None
try:
file_handle = open_file(f)
@@ -264,10 +265,12 @@ def check_hash(where, files, hashname, hashfunc):
rejmsg.append("%s: %s check failed in %s" % (f, hashname,
where))
except CantOpenError:
- # XXX: IS THIS THE BLOODY CASE WHEN THE FILE'S IN THE POOL!?
+ # TODO: This happens when the file is in the pool.
+ warn("Cannot open file %s" % f)
continue
finally:
- file_handle.close()
+ if file_handle:
+ file_handle.close()
return rejmsg
################################################################################
@@ -278,7 +281,15 @@ def check_size(where, files):
rejmsg = []
for f in files.keys():
- actual_size = os.stat(f)[stat.ST_SIZE]
+ try:
+ entry = os.stat(f)
+ except OSError, exc:
+ if exc.errno == 2:
+ # TODO: This happens when the file is in the pool.
+ continue
+ raise
+
+ actual_size = entry[stat.ST_SIZE]
size = int(files[f]["size"])
if size != actual_size:
rejmsg.append("%s: actual file size (%s) does not match size (%s) in %s"
--
1.5.6.5
Reply to: