[Git][ftp-team/dak][deploy] 4 commits: debian-specific: minor updates to security-NEW

[Ansgar <ansgar@debian.org>]

Title: GitLab

Ansgar pushed to branch deploy at Debian FTP Team / dak

Commits:

• 04026687
  by Ansgar Burchardt at 2019-05-14T06:41:25Z

  debian-specific: minor updates to security-NEW
  
  The commands missed stripping the ".changes" extension for the notes
  in COMMENTS.  Also files might have gotten renamed if there were
  previous uploads that were rejected.
  

• e117a079
  by Ansgar Burchardt at 2019-06-10T13:23:59Z

  remove duplicated code
  
  The only difference between the two versions was the function used to
  parse the dependency.
  

• a25f6b67
  by Ansgar Burchardt at 2019-06-10T14:13:14Z

  BinaryCheck: stricter check for Provides and Built-Using fields
  

• 5d734327
  by Ansgar Burchardt at 2019-06-10T14:37:54Z

  Merge branch 'master' into deploy
  

2 changed files:

• daklib/checks.py
• docs/debian-specific.rst

Changes:

daklib/checks.py

---

...	...	@@ -460,26 +460,37 @@ class BinaryCheck(Check):
460	460
461	461	# check dependency field syntax
462	462
463		- for field in ('Breaks', 'Conflicts', 'Depends', 'Enhances', 'Pre-Depends',
464		- 'Provides', 'Recommends', 'Replaces', 'Suggests'):
	463	+ def check_dependency_field(
	464	+ field, control,
	465	+ dependency_parser=apt_pkg.parse_depends,
	466	+ allow_alternatives=True,
	467	+ require_strict_dependency=False):
465	468	value = control.get(field)
466	469	if value is not None:
467	470	if value.strip() == '':
468	471	raise Reject('{0}: empty {1} field'.format(fn, field))
469	472	try:
470		- apt_pkg.parse_depends(value)
	473	+ depends = dependency_parser(value)
471	474	except:
472	475	raise Reject('{0}: APT could not parse {1} field'.format(fn, field))
	476	+ for group in depends:
	477	+ if not allow_alternatives and len(group) != 1:
	478	+ raise Reject('{0}: {1}: alternatives are not allowed'.format(fn))
	479	+ if require_strict_dependency \
	480	+ and any(dependency[2] != '=' for dependency in group):
	481	+ raise Reject('{0}: {1}: only strict dependencies ("=") are allowed'.format(fn, field))
473	482
474		- for field in ('Built-Using',):
475		- value = control.get(field)
476		- if value is not None:
477		- if value.strip() == '':
478		- raise Reject('{0}: empty {1} field'.format(fn, field))
479		- try:
480		- apt_pkg.parse_src_depends(value)
481		- except:
482		- raise Reject('{0}: APT could not parse {1} field'.format(fn, field))
	483	+ for field in ('Breaks', 'Conflicts', 'Depends', 'Enhances', 'Pre-Depends',
	484	+ 'Recommends', 'Replaces', 'Suggests'):
	485	+ check_dependency_field(field, control)
	486	+
	487	+ check_dependency_field("Provides", control,
	488	+ allow_alternatives=False,
	489	+ require_strict_dependency=True)
	490	+ check_dependency_field("Built-Using", control,
	491	+ dependency_parser=apt_pkg.parse_src_depends,
	492	+ allow_alternatives=False,
	493	+ require_strict_dependency=True)
483	494
484	495
485	496	class BinaryTimestampCheck(Check):

docs/debian-specific.rst

---

...	...	@@ -83,10 +83,11 @@ NEW processing
83	83	CHANGES=FILENAME.changes
84	84	dak process-new
85	85	cd /srv/security-master.debian.org/queue/new/COMMENTS
86		- { echo NOTOK; echo; echo "Moving back to unchecked"; } > "REJECT.${CHANGES}"
87		- rm "ACCEPT.${CHANGES}"
	86	+ echo $'NOTOK\n\nMoving back to unchecked' > "REJECT.${CHANGES%.changes}"
	87	+ rm "ACCEPT.${CHANGES%.changes}"
88	88	dak process-policy new; dak clean-suites
89	89	cd /srv/security-master.debian.org/queue/reject
	90	+ # Careful! This is only correct if there are no previous uploads!
90	91	dak admin forget-signature ${CHANGES}
91	92	dcmd mv -nt ../unchecked -- ${CHANGES}
92	93	/srv/security-master.debian.org/dak/config/debian-security/cronscript unchecked

—
View it on GitLab.
You're receiving this email because of your account on salsa.debian.org. If you'd like to receive fewer emails, you can adjust your notification settings.