security install fun

yes, the mhy is right, its all wrong to go special for security in changesutil. remove the special case. also, check if we process files in newstage. if thats the case (changes known and its in_queue attribute tells us the queue its in is newstage) then dont do embargo/disembargo, this is one that got accepted from there Signed-off-by: N Joerg Jaspert <joerg@debian.org>

security install fun
yes, the mhy is right, its all wrong to go special for security in changesutil. remove the special case. also, check if we process files in newstage. if thats the case (changes known and its in_queue attribute tells us the queue its in is newstage) then dont do embargo/disembargo, this is one that got accepted from there Signed-off-by: N Joerg Jaspert <joerg@debian.org>
2a795dda · Joerg Jaspert · 125987c8 · 2a795dda · 2a795dda
隐藏空白更改
内联并排

Showing with 19 addition and 18 deletion

daklib/changesutils.py daklib/changesutils.py +6 -18

daklib/queue_install.py daklib/queue_install.py +13 -0

未找到文件。
--- a/daklib/changesutils.py
+++ b/daklib/changesutils.py
@@ -178,26 +178,14 @@ def new_accept(upload, dry_run, session):
        cnf = Config()

        (summary, short_summary) = upload.build_summaries()
+        destqueue = get_policy_queue('newstage', session)

-        # XXX: mhy: I think this is wrong as these are all attributes on the
-        # build and policy queues now
-        if cnf.FindB("Dinstall::SecurityQueueHandling"):
-            upload.dump_vars(cnf["Dir::Queue::Embargoed"])
-            upload.move_to_queue(get_policy_queue('embargoed'))
-            upload.queue_build("embargoed", cnf["Dir::Queue::Embargoed"])
-            # Check for override disparities
-            upload.Subst["__SUMMARY__"] = summary
-        else:
-            # Just a normal upload, accept it...
-            (summary, short_summary) = upload.build_summaries()
-            destqueue = get_policy_queue('newstage', session)
-
-            srcqueue = get_policy_queue_from_path(upload.pkg.directory, session)
+        srcqueue = get_policy_queue_from_path(upload.pkg.directory, session)

-            if not srcqueue:
-                # Assume NEW and hope for the best
-                srcqueue = get_policy_queue('new', session)
+        if not srcqueue:
+            # Assume NEW and hope for the best
+            srcqueue = get_policy_queue('new', session)

-            changes_to_queue(upload, srcqueue, destqueue, session)
+        changes_to_queue(upload, srcqueue, destqueue, session)

 __all__.append('new_accept')
--- a/daklib/queue_install.py
+++ b/daklib/queue_install.py
@@ -87,6 +87,12 @@ def is_unembargo(u):
   if not get_policy_queue("disembargo"):
       return False

+   # If we already are in newstage, then it means this just got passed through and accepted
+   # by a security team member. Don't try to accept it for disembargo again
+   dbc = get_dbchange(u.pkg.changes_file, session)
+   if dbc and dbc.in_queue.queue_name in [ 'newstage' ]:
+       return False
+
   q = session.execute("SELECT package FROM disembargo WHERE package = :source AND version = :version",
                       {'source': u.pkg.changes["source"],
                        'version': u.pkg.changes["version"]})
@@ -130,7 +136,14 @@ def do_unembargo(u, summary, short_summary, chg, session=None):
 def is_embargo(u):
   # if we are the security archive, we always have a embargo queue and its the
   # last in line, so if that exists, return true
+   # Of course do not return true when we accept from out of newstage, as that means
+   # it just left embargo and we want it in the archive
   if get_policy_queue('embargo'):
+       session = DBConn().session()
+       dbc = get_dbchange(u.pkg.changes_file, session)
+       if dbc and dbc.in_queue.queue_name in [ 'newstage' ]:
+           return False
+
       return True

 def do_embargo(u, summary, short_summary, chg, session=None):