Ansgar pushed to branch deploy at Debian FTP Team / dak
Commits:
-
04026687
by Ansgar Burchardt at 2019-05-14T06:41:25Z
-
e117a079
by Ansgar Burchardt at 2019-06-10T13:23:59Z
-
a25f6b67
by Ansgar Burchardt at 2019-06-10T14:13:14Z
-
5d734327
by Ansgar Burchardt at 2019-06-10T14:37:54Z
2 changed files:
Changes:
... | ... | @@ -460,26 +460,37 @@ class BinaryCheck(Check): |
460 | 460 |
|
461 | 461 |
# check dependency field syntax
|
462 | 462 |
|
463 |
- for field in ('Breaks', 'Conflicts', 'Depends', 'Enhances', 'Pre-Depends',
|
|
464 |
- 'Provides', 'Recommends', 'Replaces', 'Suggests'):
|
|
463 |
+ def check_dependency_field(
|
|
464 |
+ field, control,
|
|
465 |
+ dependency_parser=apt_pkg.parse_depends,
|
|
466 |
+ allow_alternatives=True,
|
|
467 |
+ require_strict_dependency=False):
|
|
465 | 468 |
value = control.get(field)
|
466 | 469 |
if value is not None:
|
467 | 470 |
if value.strip() == '':
|
468 | 471 |
raise Reject('{0}: empty {1} field'.format(fn, field))
|
469 | 472 |
try:
|
470 |
- apt_pkg.parse_depends(value)
|
|
473 |
+ depends = dependency_parser(value)
|
|
471 | 474 |
except:
|
472 | 475 |
raise Reject('{0}: APT could not parse {1} field'.format(fn, field))
|
476 |
+ for group in depends:
|
|
477 |
+ if not allow_alternatives and len(group) != 1:
|
|
478 |
+ raise Reject('{0}: {1}: alternatives are not allowed'.format(fn))
|
|
479 |
+ if require_strict_dependency \
|
|
480 |
+ and any(dependency[2] != '=' for dependency in group):
|
|
481 |
+ raise Reject('{0}: {1}: only strict dependencies ("=") are allowed'.format(fn, field))
|
|
473 | 482 |
|
474 |
- for field in ('Built-Using',):
|
|
475 |
- value = control.get(field)
|
|
476 |
- if value is not None:
|
|
477 |
- if value.strip() == '':
|
|
478 |
- raise Reject('{0}: empty {1} field'.format(fn, field))
|
|
479 |
- try:
|
|
480 |
- apt_pkg.parse_src_depends(value)
|
|
481 |
- except:
|
|
482 |
- raise Reject('{0}: APT could not parse {1} field'.format(fn, field))
|
|
483 |
+ for field in ('Breaks', 'Conflicts', 'Depends', 'Enhances', 'Pre-Depends',
|
|
484 |
+ 'Recommends', 'Replaces', 'Suggests'):
|
|
485 |
+ check_dependency_field(field, control)
|
|
486 |
+ |
|
487 |
+ check_dependency_field("Provides", control,
|
|
488 |
+ allow_alternatives=False,
|
|
489 |
+ require_strict_dependency=True)
|
|
490 |
+ check_dependency_field("Built-Using", control,
|
|
491 |
+ dependency_parser=apt_pkg.parse_src_depends,
|
|
492 |
+ allow_alternatives=False,
|
|
493 |
+ require_strict_dependency=True)
|
|
483 | 494 |
|
484 | 495 |
|
485 | 496 |
class BinaryTimestampCheck(Check):
|
... | ... | @@ -83,10 +83,11 @@ NEW processing |
83 | 83 |
CHANGES=FILENAME.changes
|
84 | 84 |
dak process-new
|
85 | 85 |
cd /srv/security-master.debian.org/queue/new/COMMENTS
|
86 |
- { echo NOTOK; echo; echo "Moving back to unchecked"; } > "REJECT.${CHANGES}"
|
|
87 |
- rm "ACCEPT.${CHANGES}"
|
|
86 |
+ echo $'NOTOK\n\nMoving back to unchecked' > "REJECT.${CHANGES%.changes}"
|
|
87 |
+ rm "ACCEPT.${CHANGES%.changes}"
|
|
88 | 88 |
dak process-policy new; dak clean-suites
|
89 | 89 |
cd /srv/security-master.debian.org/queue/reject
|
90 |
+ # Careful! This is only correct if there are no previous uploads!
|
|
90 | 91 |
dak admin forget-signature ${CHANGES}
|
91 | 92 |
dcmd mv -nt ../unchecked -- ${CHANGES}
|
92 | 93 |
/srv/security-master.debian.org/dak/config/debian-security/cronscript unchecked
|