[dak/master] security install fun
yes, the mhy is right, its all wrong to go special for security in changesutil. remove the special case.
also, check if we process files in newstage. if thats the case (changes known and its in_queue attribute
tells us the queue its in is newstage) then dont do embargo/disembargo, this is one that got accepted
from there
Signed-off-by: Joerg Jaspert <joerg@debian.org>
---
daklib/changesutils.py | 24 ++++++------------------
daklib/queue_install.py | 13 +++++++++++++
2 files changed, 19 insertions(+), 18 deletions(-)
mode change 100644 => 100755 daklib/changesutils.py
diff --git a/daklib/changesutils.py b/daklib/changesutils.py
old mode 100644
new mode 100755
index b268add..3a4c6dd
--- a/daklib/changesutils.py
+++ b/daklib/changesutils.py
@@ -178,26 +178,14 @@ def new_accept(upload, dry_run, session):
cnf = Config()
(summary, short_summary) = upload.build_summaries()
+ destqueue = get_policy_queue('newstage', session)
- # XXX: mhy: I think this is wrong as these are all attributes on the
- # build and policy queues now
- if cnf.FindB("Dinstall::SecurityQueueHandling"):
- upload.dump_vars(cnf["Dir::Queue::Embargoed"])
- upload.move_to_queue(get_policy_queue('embargoed'))
- upload.queue_build("embargoed", cnf["Dir::Queue::Embargoed"])
- # Check for override disparities
- upload.Subst["__SUMMARY__"] = summary
- else:
- # Just a normal upload, accept it...
- (summary, short_summary) = upload.build_summaries()
- destqueue = get_policy_queue('newstage', session)
-
- srcqueue = get_policy_queue_from_path(upload.pkg.directory, session)
+ srcqueue = get_policy_queue_from_path(upload.pkg.directory, session)
- if not srcqueue:
- # Assume NEW and hope for the best
- srcqueue = get_policy_queue('new', session)
+ if not srcqueue:
+ # Assume NEW and hope for the best
+ srcqueue = get_policy_queue('new', session)
- changes_to_queue(upload, srcqueue, destqueue, session)
+ changes_to_queue(upload, srcqueue, destqueue, session)
__all__.append('new_accept')
diff --git a/daklib/queue_install.py b/daklib/queue_install.py
index d538878..e9d2a4d 100755
--- a/daklib/queue_install.py
+++ b/daklib/queue_install.py
@@ -87,6 +87,12 @@ def is_unembargo(u):
if not get_policy_queue("disembargo"):
return False
+ # If we already are in newstage, then it means this just got passed through and accepted
+ # by a security team member. Don't try to accept it for disembargo again
+ dbc = get_dbchange(u.pkg.changes_file, session)
+ if dbc and dbc.in_queue.queue_name in [ 'newstage' ]:
+ return False
+
q = session.execute("SELECT package FROM disembargo WHERE package = :source AND version = :version",
{'source': u.pkg.changes["source"],
'version': u.pkg.changes["version"]})
@@ -130,7 +136,14 @@ def do_unembargo(u, summary, short_summary, chg, session=None):
def is_embargo(u):
# if we are the security archive, we always have a embargo queue and its the
# last in line, so if that exists, return true
+ # Of course do not return true when we accept from out of newstage, as that means
+ # it just left embargo and we want it in the archive
if get_policy_queue('embargo'):
+ session = DBConn().session()
+ dbc = get_dbchange(u.pkg.changes_file, session)
+ if dbc and dbc.in_queue.queue_name in [ 'newstage' ]:
+ return False
+
return True
def do_embargo(u, summary, short_summary, chg, session=None):
--
1.5.6.5
Reply to: