launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #00741
[Merge] lp:~salgado/launchpad/remove-security-upload-policy into lp:launchpad/devel
Guilherme Salgado has proposed merging lp:~salgado/launchpad/remove-security-upload-policy into lp:launchpad/devel.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
Remove SecurityUploadPolicy together with its tests as it's no longer used.
--
https://code.launchpad.net/~salgado/launchpad/remove-security-upload-policy/+merge/33581
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~salgado/launchpad/remove-security-upload-policy into lp:launchpad/devel.
=== modified file 'lib/lp/archiveuploader/tests/nascentupload-announcements.txt'
--- lib/lp/archiveuploader/tests/nascentupload-announcements.txt 2010-08-20 12:11:30 +0000
+++ lib/lp/archiveuploader/tests/nascentupload-announcements.txt 2010-08-24 20:24:48 +0000
@@ -17,13 +17,6 @@
* AUTO-APPROVED to BACKPORTS (via sync): submitter set receives an
'acceptance' warning ('announcement' is skipped).
- * AUTO-APPROVED sources to SECURITY (via security): submitter set
- receives an 'acceptance' warning and the target distroseries
- changeslist address receives an 'announcement' message.
-
- * AUTO-APPROVED binaries to SECURITY (via security): submitter set
- receives only an 'acceptance' warning ('announcement' is skipped).
-
* NEW, AUTO-APPROVED or UNAPPROVED source uploads targeted to section
'translations' (all policies, all pockets) do not generate any
messages. Remembering that NEW and UNAPPROVED messages are also
@@ -530,196 +523,6 @@
>>> import os
>>> os.remove(os.path.join(datadir('suite/bar_1.0-4'), 'bar_1.0.orig.tar.gz'))
-AUTO-APPROVED source upload to SECURITY pocket via 'security' policy:
-
- >>> security_policy = getPolicy(
- ... name='security', distro='ubuntu', distroseries=None)
- >>> security_policy.setDistroSeriesAndPocket('hoary-security')
-
- >>> bar_src = NascentUpload.from_changesfile_path(
- ... datadir('suite/bar_1.0-2/bar_1.0-2_source.changes'),
- ... security_policy, mock_logger_quiet)
- >>> bar_src.process()
-
- >>> bar_src.logger = mock_logger
- >>> result = bar_src.do_accept()
- DEBUG: Creating queue entry
- ...
- DEBUG: Sent a mail:
- DEBUG: Subject: [ubuntu/hoary-security] bar 1.0-2 (Accepted)
- DEBUG: Recipients: Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>
- DEBUG: Body:
- DEBUG: bar (1.0-2) breezy; urgency=low
- DEBUG:
- DEBUG: * A second upload to ensure that binary overrides of _all work
- DEBUG:
- DEBUG: * Also closes Launchpad bug #6
- DEBUG:
- DEBUG:
- DEBUG: Date: Thu, 30 Mar 2006 01:36:14 +0100
- DEBUG: Changed-By: Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>
- DEBUG: Maintainer: Launchpad team <launchpad@xxxxxxxxxxxxxxxxxxx>
- DEBUG: http://launchpad.dev/ubuntu/hoary/+source/bar/1.0-2
- DEBUG:
- DEBUG: ==
- DEBUG:
- DEBUG: Announcing to hoary-announce@xxxxxxxxxxxxxxxx
- DEBUG:
- DEBUG: Thank you for your contribution to Ubuntu Linux.
- DEBUG:
- DEBUG: --
- DEBUG: You are receiving this email because you are the uploader, maintainer or
- DEBUG: signer of the above package.
- DEBUG: Sent a mail:
- DEBUG: Subject: [ubuntu/hoary-security] bar 1.0-2 (Accepted)
- DEBUG: Recipients: hoary-announce@xxxxxxxxxxxxxxxx
- DEBUG: Body:
- DEBUG: bar (1.0-2) breezy; urgency=low
- DEBUG:
- DEBUG: * A second upload to ensure that binary overrides of _all work
- DEBUG:
- DEBUG: * Also closes Launchpad bug #6
- DEBUG:
- DEBUG:
- DEBUG: Date: Thu, 30 Mar 2006 01:36:14 +0100
- DEBUG: Changed-By: Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>
- DEBUG: Maintainer: Launchpad team <launchpad@xxxxxxxxxxxxxxxxxxx>
- DEBUG: http://launchpad.dev/ubuntu/hoary/+source/bar/1.0-2
-
- >>> import operator
- >>> msgs = pop_notifications(sort_key=operator.itemgetter('To'))
- >>> len(msgs)
- 2
-
- >>> [message['To'] for message in msgs]
- ['Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>',
- 'hoary-announce@xxxxxxxxxxxxxxxx']
-
- >>> [message['Subject'] for message in msgs]
- ['[ubuntu/hoary-security] bar 1.0-2 (Accepted)',
- '[ubuntu/hoary-security] bar 1.0-2 (Accepted)']
-
- >>> [message['X-Katie'] for message in msgs]
- ['Launchpad actually', 'Launchpad actually']
-
-The upload notification message has an attachment with the original changes
-file.
-
- >>> announcement = msgs[0]
- >>> attachment = announcement.get_payload()[1]
- >>> attachment['Content-Disposition']
- 'attachment; filename="changesfile"'
-
-Here it is:
-
- >>> print attachment.as_string() # doctest: -NORMALIZE_WHITESPACE
- Content-Type: text/plain; charset="utf-8"
- MIME-Version: 1.0
- Content-Transfer-Encoding: quoted-printable
- Content-Disposition: attachment; filename="changesfile"
- <BLANKLINE>
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA1
- <BLANKLINE>
- Format: 1.7
- Date: Thu, 30 Mar 2006 01:36:14 +0100
- Source: bar
- Binary: bar
- Architecture: source
- Version: 1.0-2
- Distribution: breezy
- Urgency: low
- Maintainer: Launchpad team <launchpad@xxxxxxxxxxxxxxxxxxx>
- Changed-By: Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>
- Launchpad-bugs-fixed: 6
- Description: =
- <BLANKLINE>
- bar - Stuff for testing
- Changes: =
- <BLANKLINE>
- bar (1.0-2) breezy; urgency=3Dlow
- .
- * A second upload to ensure that binary overrides of _all work
- . =
- <BLANKLINE>
- * Also closes Launchpad bug #6
- .
- Files: =
- <BLANKLINE>
- bbaf6fbf41cdbbdd422b0382076f615a 512 devel optional bar_1.0-2.dsc
- ac6b4efe44e31f47ec9f0d0fac6935f4 622 devel optional bar_1.0-2.diff.gz
- <BLANKLINE>
- -----BEGIN PGP SIGNATURE-----
- Version: GnuPG v1.4.6 (GNU/Linux)
- <BLANKLINE>
- iD8DBQFGe+Yjjn63CGxkqMURAuPGAJ9ub5UHjrzKnEGmUK1oCoRuOrdligCePKxt
- QRCBMda2V9lNtxldkGRtc88=3D
- =3DgtPz
- -----END PGP SIGNATURE-----
- <BLANKLINE>
-
-The upload announcement email also has the attachment with the original
-changes file.
-
- >>> announcement = msgs[1]
- >>> attachment = announcement.get_payload()[1]
- >>> attachment['Content-Disposition']
- 'attachment; filename="changesfile"'
-
-It has the same contents as the attachment of the upload notification
-email.
-
- >>> print attachment.as_string() # doctest: -NORMALIZE_WHITESPACE
- Content-Type: text/plain; charset="utf-8"
- MIME-Version: 1.0
- Content-Transfer-Encoding: quoted-printable
- Content-Disposition: attachment; filename="changesfile"
- <BLANKLINE>
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA1
- <BLANKLINE>
- Format: 1.7
- Date: Thu, 30 Mar 2006 01:36:14 +0100
- Source: bar
- Binary: bar
- Architecture: source
- Version: 1.0-2
- Distribution: breezy
- Urgency: low
- Maintainer: Launchpad team <launchpad@xxxxxxxxxxxxxxxxxxx>
- Changed-By: Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>
- Launchpad-bugs-fixed: 6
- Description: =
- <BLANKLINE>
- bar - Stuff for testing
- Changes: =
- <BLANKLINE>
- bar (1.0-2) breezy; urgency=3Dlow
- .
- * A second upload to ensure that binary overrides of _all work
- . =
- <BLANKLINE>
- * Also closes Launchpad bug #6
- .
- Files: =
- <BLANKLINE>
- bbaf6fbf41cdbbdd422b0382076f615a 512 devel optional bar_1.0-2.dsc
- ac6b4efe44e31f47ec9f0d0fac6935f4 622 devel optional bar_1.0-2.diff.gz
- <BLANKLINE>
- -----BEGIN PGP SIGNATURE-----
- Version: GnuPG v1.4.6 (GNU/Linux)
- <BLANKLINE>
- iD8DBQFGe+Yjjn63CGxkqMURAuPGAJ9ub5UHjrzKnEGmUK1oCoRuOrdligCePKxt
- QRCBMda2V9lNtxldkGRtc88=3D
- =3DgtPz
- -----END PGP SIGNATURE-----
- <BLANKLINE>
-
-Remove orig.tar.gz pumped from librarian to disk during the upload
-checks:
-
- >>> os.remove(os.path.join(datadir('suite/bar_1.0-2'), 'bar_1.0.orig.tar.gz'))
-
DEBIAN SYNC upload of a source via the 'sync' policy.
These uploads do not generate any announcement emails for auto-accepted
packages, just the upload notification.
@@ -762,6 +565,7 @@
Two emails generated:
+ >>> import operator
>>> msgs = pop_notifications(sort_key=operator.itemgetter('To'))
>>> len(msgs)
2
@@ -782,58 +586,6 @@
>>> os.remove(os.path.join(datadir('suite/bar_1.0-6'),
... 'bar_1.0.orig.tar.gz'))
-
-AUTO-APPROVED binary upload to SECURITY pocket via 'security' policy:
-
- >>> security_policy = getPolicy(
- ... name='security', distro='ubuntu', distroseries=None)
- >>> security_policy.setDistroSeriesAndPocket('hoary-security')
-
- >>> bar_bin = NascentUpload.from_changesfile_path(
- ... datadir('suite/bar_1.0-2_binary/bar_1.0-2_i386.changes'),
- ... security_policy, mock_logger_quiet)
- >>> bar_bin.process()
-
- >>> bar_bin.logger = mock_logger
- >>> result = bar_bin.do_accept()
- DEBUG: Creating queue entry
- ...
- DEBUG: Sent a mail:
- DEBUG: Subject: [ubuntu/hoary-security] bar 1.0-2 (Accepted)
- DEBUG: Recipients: Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>
- DEBUG: Body:
- DEBUG: bar (1.0-2) breezy; urgency=low
- DEBUG:
- DEBUG: * A second upload to ensure that binary overrides of _all work
- DEBUG:
- DEBUG: Date: Thu, 30 Mar 2006 01:36:14 +0100
- DEBUG: Changed-By: Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>
- DEBUG: Maintainer: Launchpad team <launchpad@xxxxxxxxxxxxxxxxxxx>
- DEBUG: http://launchpad.dev/ubuntu/hoary/+source/bar/1.0-2
- DEBUG:
- DEBUG: ==
- DEBUG:
- DEBUG: Announcing to hoary-announce@xxxxxxxxxxxxxxxx
- DEBUG:
- DEBUG: Thank you for your contribution to Ubuntu Linux.
- DEBUG:
- DEBUG: --
- DEBUG: You are receiving this email because you are the uploader, maintainer or
- DEBUG: signer of the above package.
-
-One email generated:
-
- >>> [notification] = pop_notifications()
-
- >>> notification['X-Katie']
- 'Launchpad actually'
-
- >>> notification['To']
- 'Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>'
-
- >>> notification['Subject']
- '[ubuntu/hoary-security] bar 1.0-2 (Accepted)'
-
Dry run uploads should not generate any emails. Call do_accept with
notify=False:
@@ -873,27 +625,14 @@
DEBUG: Building recipients list.
...
INFO: Would have sent a mail:
- INFO: Subject: [ubuntu/hoary-security] bar 1.0-2 (Accepted)
- INFO: Sender: Root <root@localhost>
- INFO: Recipients: Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>
- INFO: Bcc: Root <root@localhost>
- INFO: Body:
- INFO: bar (1.0-2) breezy; urgency=low
- INFO:
- INFO: * A second upload to ensure that binary overrides of _all work
- INFO:
- INFO: Date: Thu, 30 Mar 2006 01:36:14 +0100
- INFO: Changed-By: Daniel Silverstone <daniel.silverstone@xxxxxxxxxxxxx>
- INFO: Maintainer: Launchpad team <launchpad@xxxxxxxxxxxxxxxxxxx>
- INFO: http://launchpad.dev/ubuntu/hoary/+source/bar/1.0-2
- INFO:
- INFO: ==
- INFO:
+ INFO: Subject: [ubuntu/hoary] bar 1.0-6 (Accepted)
+ ...
+ INFO: Recipients: Celso Providelo <celso.providelo@xxxxxxxxxxxxx>
+ ...
+ INFO: bar (1.0-6) breezy; urgency=low
+ ...
INFO: No announcement sent
- INFO:
- INFO: Thank you for your contribution to Ubuntu Linux.
- INFO:
- INFO: --
+ ...
INFO: You are receiving this email because you are the uploader, maintainer or
INFO: signer of the above package.
=== removed file 'lib/lp/archiveuploader/tests/nascentupload-security-uploads.txt'
--- lib/lp/archiveuploader/tests/nascentupload-security-uploads.txt 2010-08-04 00:16:44 +0000
+++ lib/lp/archiveuploader/tests/nascentupload-security-uploads.txt 1970-01-01 00:00:00 +0000
@@ -1,144 +0,0 @@
-= Fully Transactional Security Uploads =
-
-In order to allow security uploads to be transactional, i.e., either
-get published entirely, source and binaries, or get fully rejected; we
-have to allow the security uploads to produce a changesfile that
-includes the source and all binaries for the task in question.
-
-This is an extension of the already implemented mixed_mode upload,
-which previously allow the user to upload the source and one
-respective binary.
-
-While we don't have Security-in-Soyuz (s-i-s) implemented, this will
-be a more secure way to perform security uploads of binaires built in
-dak, since it guarantee that the interactions will be atomic.
-
-We need to be logged into the security framework in order to get any further
-
- >>> login('foo.bar@xxxxxxxxxxxxx')
-
-A NascentUpload is a collection of files in a directory. They
-represent what may turn out to be an acceptable upload to a launchpad
-managed archive.
-
- >>> from lp.archiveuploader.nascentupload import NascentUpload
- >>> from lp.archiveuploader.tests import (
- ... datadir, getPolicy, mock_logger, mock_logger_quiet)
-
- >>> security_policy = getPolicy(name='security', distro='ubuntu')
-
-We are going to use 'warty/powerpc' distroarchseries and its
-respective processorfamily and processor. Let's create them
-on-the-fly:
-
- >>> from canonical.testing.layers import LaunchpadZopelessLayer
- >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
- >>> from canonical.launchpad.interfaces import IDistributionSet
- >>> from canonical.launchpad.database import (
- ... Processor, ProcessorFamily)
-
- >>> powerpc_family = ProcessorFamily.selectOneBy(name='powerpc')
- >>> powerpc_proc = Processor(
- ... family=powerpc_family, name='G4', title='foo', description='nahh')
-
- >>> ubuntu = getUtility(IDistributionSet)['ubuntu']
- >>> warty = ubuntu['warty']
- >>> warty_powerpc = warty.newArch('powerpc', powerpc_family, True, warty.owner)
-
- >>> import transaction
- >>> transaction.commit()
- >>> LaunchpadZopelessLayer.switchDbUser('uploader')
-
-
-== Mixed Security Upload ==
-
-The upload in question contains a source and its 2 builds for i386 and
-powerpc:
-
- >>> foo_mixed_upload = NascentUpload.from_changesfile_path(
- ... datadir('suite/foo_1.0-1_multi_binary/foo_1.0-1_multi.changes'),
- ... security_policy, mock_logger_quiet)
- >>> foo_mixed_upload.process()
-
-Inspecting the files processed:
-
- >>> for file in foo_mixed_upload.changes.files:
- ... print file.filename
- foo_1.0-1.dsc
- foo_1.0.orig.tar.gz
- foo_1.0-1.diff.gz
- foo_1.0-1_i386.deb
- foo_1.0-1_powerpc.deb
-
-Perform acceptance, creating the respective PackageUpload item and children.
-Please note how the package name appears only one time in the subject line
-(although the upload has one source and two builds associated with it).
-
- >>> foo_mixed_upload.logger = mock_logger
- >>> success = foo_mixed_upload.do_accept()
- DEBUG: ...
- DEBUG: Subject: [ubuntu/warty-security] foo 1.0-1 (New)
- ...
-
- >>> foo_mixed_queue = foo_mixed_upload.queue_root
- >>> foo_mixed_queue.status.name
- 'NEW'
-
-Ensure we have only one source attaches to the PackageUpload record:
-
- >>> foo_mixed_queue.sources.count()
- 1
-
-And it is the right one:
-
- >>> for source in foo_mixed_queue.sources:
- ... source.sourcepackagerelease.name
- u'foo'
-
-Ensure we have the two expected builds attached to the PackageUpload record:
-
- >>> foo_mixed_queue.builds.count()
- 2
-
-And they are the correct ones:
-
- >>> for build in foo_mixed_queue.builds:
- ... build.build.title
- u'i386 build of foo 1.0-1 in ubuntu warty SECURITY'
- u'powerpc build of foo 1.0-1 in ubuntu warty SECURITY'
-
-Including the uploaded binaries
-
- >>> for build in foo_mixed_queue.builds:
- ... [(bin.name, bin.version) for bin in build.build.binarypackages]
- [(u'foo', u'1.0-1')]
- [(u'foo', u'1.0-1')]
-
-
-== Detecting Inconsistencies ==
-
-NascentUpload code will be able to detect inconsistencies in a
-security upload, for example, detecting that the source and the
-binaries sent do not match.
-
- >>> bar_mixed_upload = NascentUpload.from_changesfile_path(
- ... datadir('suite/foo_1.0-1_broken_binary/bar_1.0-1_multi.changes'),
- ... security_policy, mock_logger_quiet)
- >>> bar_mixed_upload.process()
-
-Inspecting the files processed:
-
- >>> for file in bar_mixed_upload.changes.files:
- ... print file.filename
- bar_1.0-1.dsc
- bar_1.0.orig.tar.gz
- bar_1.0-1.diff.gz
- foo_1.0-1_i386.deb
- foo_1.0-1_powerpc.deb
-
- >>> bar_mixed_upload.is_rejected
- True
-
- >>> print bar_mixed_upload.rejection_message
- foo_1.0-1_i386.deb: control file lists name as 'foo', which isn't in changes file.
- foo_1.0-1_powerpc.deb: control file lists name as 'foo', which isn't in changes file.
=== removed file 'lib/lp/archiveuploader/tests/test_securityuploads.py'
--- lib/lp/archiveuploader/tests/test_securityuploads.py 2010-08-20 20:31:18 +0000
+++ lib/lp/archiveuploader/tests/test_securityuploads.py 1970-01-01 00:00:00 +0000
@@ -1,263 +0,0 @@
-# Copyright 2009-2010 Canonical Ltd. This software is licensed under the
-# GNU Affero General Public License version 3 (see the file LICENSE).
-
-"""Test security uploads use-cases."""
-
-__metaclass__ = type
-
-import os
-
-from zope.component import getUtility
-
-from canonical.launchpad.interfaces import (
- IDistributionSet,
- PackageUploadStatus,
- )
-from lp.archiveuploader.tests.test_uploadprocessor import (
- TestUploadProcessorBase,
- )
-from lp.registry.interfaces.pocket import PackagePublishingPocket
-from lp.soyuz.model.binarypackagebuild import BinaryPackageBuild
-from lp.soyuz.model.processor import ProcessorFamily
-
-
-class TestStagedBinaryUploadBase(TestUploadProcessorBase):
- name = 'baz'
- version = '1.0-1'
- distribution_name = None
- distroseries_name = None
- pocket = None
- policy = 'buildd'
- no_mails = True
-
- @property
- def distribution(self):
- return getUtility(IDistributionSet)[self.distribution_name]
-
- @property
- def distroseries(self):
- return self.distribution[self.distroseries_name]
-
- @property
- def package_name(self):
- return "%s_%s" % (self.name, self.version)
-
- @property
- def source_dir(self):
- return self.package_name
-
- @property
- def source_changesfile(self):
- return "%s_source.changes" % self.package_name
-
- @property
- def binary_dir(self):
- return "%s_binary" % self.package_name
-
- def getBinaryChangesfileFor(self, archtag):
- return "%s_%s.changes" % (self.package_name, archtag)
-
- def setUp(self):
- """Setup environment for staged binaries upload via security policy.
-
- 1. Setup queue directory and other basic attributes
- 2. Override policy options to get security policy and not send emails
- 3. Setup a common UploadProcessor with the overridden options
- 4. Store number of build present before issuing any upload
- 5. Upload the source package via security policy
- 6. Clean log messages.
- 7. Commit transaction, so the upload source can be seen.
- """
- super(TestStagedBinaryUploadBase, self).setUp()
- self.options.context = self.policy
- self.options.nomails = self.no_mails
- # Set up the uploadprocessor with appropriate options and logger
- self.uploadprocessor = self.getUploadProcessor(self.layer.txn)
- self.builds_before_upload = BinaryPackageBuild.select().count()
- self.source_queue = None
- self._uploadSource()
- self.log.lines = []
- self.layer.txn.commit()
-
- def assertBuildsCreated(self, amount):
- """Assert that a given 'amount' of build records was created."""
- builds_count = BinaryPackageBuild.select().count()
- self.assertEqual(
- self.builds_before_upload + amount, builds_count)
-
- def _prepareUpload(self, upload_dir):
- """Place a copy of the upload directory into incoming queue."""
- os.system("cp -a %s %s" %
- (os.path.join(self.test_files_dir, upload_dir),
- os.path.join(self.queue_folder, "incoming")))
-
- def _uploadSource(self):
- """Upload and Accept (if necessary) the base source."""
- self._prepareUpload(self.source_dir)
- self.uploadprocessor.processChangesFile(
- os.path.join(self.queue_folder, "incoming", self.source_dir),
- self.source_changesfile)
- queue_item = self.uploadprocessor.last_processed_upload.queue_root
- self.assertTrue(
- queue_item is not None,
- "Source Upload Failed\nGot: %s" % "\n".join(self.log.lines))
- acceptable_statuses = [
- PackageUploadStatus.NEW,
- PackageUploadStatus.UNAPPROVED,
- ]
- if queue_item.status in acceptable_statuses:
- queue_item.setAccepted()
- # Store source queue item for future use.
- self.source_queue = queue_item
-
- def _uploadBinary(self, archtag):
- """Upload the base binary.
-
- Ensure it got processed and has a respective queue record.
- Return the IBuild attached to upload.
- """
- self._prepareUpload(self.binary_dir)
- self.uploadprocessor.processChangesFile(
- os.path.join(self.queue_folder, "incoming", self.binary_dir),
- self.getBinaryChangesfileFor(archtag))
- queue_item = self.uploadprocessor.last_processed_upload.queue_root
- self.assertTrue(
- queue_item is not None,
- "Binary Upload Failed\nGot: %s" % "\n".join(self.log.lines))
- self.assertEqual(queue_item.builds.count(), 1)
- return queue_item.builds[0].build
-
- def _createBuild(self, archtag):
- """Create a build record attached to the base source."""
- spr = self.source_queue.sources[0].sourcepackagerelease
- build = spr.createBuild(
- distro_arch_series=self.distroseries[archtag],
- pocket=self.pocket, archive=self.distroseries.main_archive)
- self.layer.txn.commit()
- return build
-
-
-class TestStagedSecurityUploads(TestStagedBinaryUploadBase):
- """Test how security uploads behave inside Soyuz.
-
- Security uploads still coming from dak system, we have special upload
- policy which allows source and binary uploads.
-
- An upload of a source and its binaries does not necessary need
- to happen in the same batch, and Soyuz is prepared to cope with it.
-
- The only mandatory condition is to process the sources first.
-
- This class will start to tests all known/possible cases using a test
- (empty) upload and its binary.
-
- * 'lib/lp/archivepublisher/tests/data/suite/baz_1.0-1/'
- * 'lib/lp/archivepublisher/tests/data/suite/baz_1.0-1_binary/'
- """
- name = 'baz'
- version = '1.0-1'
- distribution_name = 'ubuntu'
- distroseries_name = 'warty'
- pocket = PackagePublishingPocket.SECURITY
- policy = 'security'
- no_mails = True
-
- def setUp(self):
- """Setup base class and create the required new distroarchseries."""
- super(TestStagedSecurityUploads, self).setUp()
- distribution = getUtility(IDistributionSet).getByName(
- self.distribution_name)
- distroseries = distribution[self.distroseries.name]
- proc_family = ProcessorFamily.selectOneBy(name='amd64')
- distroseries.newArch(
- 'amd64', proc_family, True, distribution.owner)
-
- def testBuildCreation(self):
- """Check if the builds get created for a binary security uploads.
-
- That is the usual case, security binary uploads come after the
- not published (accepted) source but in the same batch.
-
- NascentUpload should create appropriate builds attached to the
- correct source for the incoming binaries.
- """
- build_used = self._uploadBinary('i386')
-
- self.assertBuildsCreated(1)
- self.assertEqual(
- u'i386 build of baz 1.0-1 in ubuntu warty SECURITY',
- build_used.title)
- self.assertEqual('FULLYBUILT', build_used.status.name)
-
- build_used = self._uploadBinary('amd64')
-
- self.assertBuildsCreated(2)
- self.assertEqual(
- u'amd64 build of baz 1.0-1 in ubuntu warty SECURITY',
- build_used.title)
-
- self.assertEqual('FULLYBUILT', build_used.status.name)
-
- def testBuildLookup(self):
- """Check if an available build gets used when it is appropriate.
-
- It happens when the security source upload got already published
- when the binary uploads arrive.
- The queue-build has already created build records for it and
- NascentUpload should identify this condition and used them instead
- of creating new ones.
- Also verify that builds for another architecture does not got
- erroneously attached.
- """
- build_right_candidate = self._createBuild('i386')
- build_wrong_candidate = self._createBuild('hppa')
- build_used = self._uploadBinary('i386')
-
- self.assertEqual(build_right_candidate.id, build_used.id)
- self.assertNotEqual(build_wrong_candidate.id, build_used.id)
- self.assertBuildsCreated(2)
- self.assertEqual(
- u'i386 build of baz 1.0-1 in ubuntu warty SECURITY',
- build_used.title)
- self.assertEqual('FULLYBUILT', build_used.status.name)
-
- def testCorrectBuildPassedViaCommandLine(self):
- """Check if command-line build argument gets attached correctly.
-
- It's also possible to pass an specific buildid via the command-line
- to be attached to the current upload.
-
- This is only used in 'buildd' policy and does not produce very useful
- results in 'security', however we want to check if it, at least,
- does not 'break the system' entirely.
- """
- build_candidate = self._createBuild('i386')
- self.options.buildid = str(build_candidate.id)
- self.uploadprocessor = self.getUploadProcessor(self.layer.txn)
-
- build_used = self._uploadBinary('i386')
-
- self.assertEqual(build_candidate.id, build_used.id)
- self.assertBuildsCreated(1)
- self.assertEqual(
- u'i386 build of baz 1.0-1 in ubuntu warty SECURITY',
- build_used.title)
-
- self.assertEqual('FULLYBUILT', build_used.status.name)
-
- def testWrongBuildPassedViaCommandLine(self):
- """Check if a misapplied passed buildid is correctly identified.
-
- When we identify misapplied build, either by getting it from command
- line or by a failure in lookup methods the upload is rejected before
- anything wrong gets into the DB.
- """
- build_candidate = self._createBuild('hppa')
- self.options.buildid = str(build_candidate.id)
- self.uploadprocessor = self.getUploadProcessor(self.layer.txn)
-
- self.assertRaises(AssertionError, self._uploadBinary, 'i386')
-
- self.assertLogContains(
- "UploadError: Attempt to upload binaries specifying build %d, "
- "where they don't fit.\n" % (build_candidate.id, ))
=== modified file 'lib/lp/archiveuploader/uploadpolicy.py'
--- lib/lp/archiveuploader/uploadpolicy.py 2010-08-20 20:31:18 +0000
+++ lib/lp/archiveuploader/uploadpolicy.py 2010-08-24 20:24:48 +0000
@@ -331,28 +331,6 @@
pass
-class SecurityUploadPolicy(AbstractUploadPolicy):
- """The security-upload policy.
-
- It allows unsigned changes and binary uploads.
- """
-
- name = 'security'
-
- def __init__(self):
- AbstractUploadPolicy.__init__(self)
- self.unsigned_dsc_ok = True
- self.unsigned_changes_ok = True
- self.can_upload_mixed = True
- self.can_upload_binaries = True
-
- def policySpecificChecks(self, upload):
- """Deny uploads to any pocket other than the security pocket."""
- if self.pocket != PackagePublishingPocket.SECURITY:
- upload.reject(
- "Not permitted to do security upload to non SECURITY pocket")
-
-
def findPolicyByName(policy_name):
"""Return a new policy instance for the given policy name."""
return getUtility(IArchiveUploadPolicy, policy_name)()
@@ -362,8 +340,7 @@
policies = [
BuildDaemonUploadPolicy,
InsecureUploadPolicy,
- SyncUploadPolicy,
- SecurityUploadPolicy]
+ SyncUploadPolicy]
sm = getGlobalSiteManager()
for policy in policies:
sm.registerUtility(
