launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #20316
[Merge] lp:~apw/launchpad/generify-uefi-signing into lp:launchpad
Andy Whitcroft has proposed merging lp:~apw/launchpad/generify-uefi-signing into lp:launchpad.
Commit message:
Generify the UEFI signing custom upload. Switch it to be a signing upload initially only supporting UEFI signing as before. Include backwards compatibility such that raw-uefi and raw-signing are both supported.
Requested reviews:
Colin Watson (cjwatson)
For more details, see:
https://code.launchpad.net/~apw/launchpad/generify-uefi-signing/+merge/293802
Generify the UEFI signing custom upload. Switch it to be a signing upload initially only supporting UEFI signing as before. Include backwards compatibility such that raw-uefi and raw-signing are both supported. Publication is into dists in the "signed" directory. Where existing configuration exists under "uefi" we will continue to use that. We also expose dists "signed" as dists "uefi" for compatibility with existing *-signed packages.
--
Your team Launchpad code reviewers is subscribed to branch lp:launchpad.
=== modified file 'lib/lp/archivepublisher/config.py'
--- lib/lp/archivepublisher/config.py 2016-04-27 10:39:03 +0000
+++ lib/lp/archivepublisher/config.py 2016-05-04 15:59:08 +0000
@@ -78,16 +78,21 @@
pubconf.miscroot = None
if archive.is_main:
- pubconf.uefiroot = pubconf.archiveroot + '-uefi'
- pubconf.uefiautokey = False
+ pubconf.signingroot = pubconf.archiveroot + '-uefi'
+ if not os.path.exists(pubconf.signingroot):
+ pubconf.signingroot = pubconf.archiveroot + '-signing'
+ pubconf.signingautokey = False
elif archive.is_ppa:
- pubconf.uefiroot = os.path.join(
- ppa_config.signing_keys_root, "uefi",
+ signing_keys_root = os.path.join(ppa_config.signing_keys_root, "uefi")
+ if not os.path.exists(signing_keys_root):
+ signing_keys_root = os.path.join(
+ ppa_config.signing_keys_root, "signing")
+ pubconf.signingroot = os.path.join(signing_keys_root,
archive.owner.name, archive.name)
- pubconf.uefiautokey = True
+ pubconf.signingautokey = True
else:
- pubconf.uefiroot = None
- pubconf.uefiautokey = False
+ pubconf.signingroot = None
+ pubconf.signingautokey = False
pubconf.poolroot = os.path.join(pubconf.archiveroot, 'pool')
pubconf.distsroot = os.path.join(pubconf.archiveroot, 'dists')
=== renamed file 'lib/lp/archivepublisher/uefi.py' => 'lib/lp/archivepublisher/signing.py'
--- lib/lp/archivepublisher/uefi.py 2016-05-03 09:30:51 +0000
+++ lib/lp/archivepublisher/signing.py 2016-05-04 15:59:08 +0000
@@ -1,7 +1,7 @@
# Copyright 2012-2013 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
-"""The processing of UEFI boot loader images.
+"""The processing of Signing tarballs.
UEFI Secure Boot requires boot loader images to be signed, and we want to
have signed images in the archive so that they can be used for upgrades.
@@ -12,8 +12,8 @@
__metaclass__ = type
__all__ = [
- "process_uefi",
- "UefiUpload",
+ "process_signing",
+ "SigningUpload",
]
import os
@@ -23,32 +23,32 @@
from lp.services.osutils import remove_if_exists
-class UefiUpload(CustomUpload):
- """UEFI boot loader custom upload.
+class SigningUpload(CustomUpload):
+ """Signing custom upload.
The filename must be of the form:
- <TYPE>_<VERSION>_<ARCH>.tar.gz
+ <PACKAGE>_<VERSION>_<ARCH>.tar.gz
where:
- * TYPE: loader type (e.g. 'efilinux');
+ * PACKAGE: source package of the contents;
* VERSION: encoded version;
* ARCH: targeted architecture tag (e.g. 'amd64').
The contents are extracted in the archive in the following path:
- <ARCHIVE>/dists/<SUITE>/main/uefi/<TYPE>-<ARCH>/<VERSION>
+ <ARCHIVE>/dists/<SUITE>/main/signed/<PACKAGE>-<ARCH>/<VERSION>
A 'current' symbolic link points to the most recent version. The
tarfile must contain at least one file matching the wildcard *.efi, and
any such files are signed using the archive's UEFI signing key.
- Signing keys may be installed in the "uefiroot" directory specified in
+ Signing keys may be installed in the "signingroot" directory specified in
publisher configuration. In this directory, the private key is
"uefi.key" and the certificate is "uefi.crt".
"""
- custom_type = "UEFI"
+ custom_type = "SIGNING"
@staticmethod
def parsePath(tarfile_path):
@@ -59,32 +59,48 @@
return bits[0], bits[1], bits[2].split(".")[0]
def setComponents(self, tarfile_path):
- self.loader_type, self.version, self.arch = self.parsePath(
+ self.package, self.version, self.arch = self.parsePath(
tarfile_path)
def setTargetDirectory(self, pubconf, tarfile_path, distroseries):
- if pubconf.uefiroot is None:
+ if pubconf.signingroot is None:
if self.logger is not None:
- self.logger.warning("No UEFI root configured for this archive")
+ self.logger.warning(
+ "No SIGNING root configured for this archive")
self.key = None
self.cert = None
self.autokey = False
else:
- self.key = os.path.join(pubconf.uefiroot, "uefi.key")
- self.cert = os.path.join(pubconf.uefiroot, "uefi.crt")
- self.autokey = pubconf.uefiautokey
+ self.key = os.path.join(pubconf.signingroot, "uefi.key")
+ self.cert = os.path.join(pubconf.signingroot, "uefi.crt")
+ self.autokey = pubconf.signingautokey
self.setComponents(tarfile_path)
+
+ # Ensure we expose the results via uefi and signed in dists.
+ # For compatibility if efi already exists create a symlink
+ # to it from signed. Otherwise create the link the other way.
+ dists_signing = os.path.join(
+ pubconf.archiveroot, "dists", distroseries, "main", "signed")
+ dists_uefi = os.path.join(
+ pubconf.archiveroot, "dists", distroseries, "main", "uefi")
+ if not os.path.exists(dists_signing):
+ if os.path.isdir(dists_uefi):
+ os.symlink("uefi", dists_signing)
+ else:
+ os.makedirs(dists_signing, 0o755)
+ os.symlink("signed", dists_uefi)
+
+ # Extract into the "signed" path regardless of linking.
self.targetdir = os.path.join(
- pubconf.archiveroot, "dists", distroseries, "main", "uefi",
- "%s-%s" % (self.loader_type, self.arch))
+ dists_signing, "%s-%s" % (self.package, self.arch))
self.archiveroot = pubconf.archiveroot
@classmethod
def getSeriesKey(cls, tarfile_path):
try:
- loader_type, _, arch = cls.parsePath(tarfile_path)
- return loader_type, arch
+ package, _, arch = cls.parsePath(tarfile_path)
+ return package, arch
except ValueError:
return None
@@ -169,7 +185,7 @@
No actual extraction is required.
"""
- super(UefiUpload, self).extract()
+ super(SigningUpload, self).extract()
efi_filenames = list(self.findEfiFilenames())
for efi_filename in efi_filenames:
remove_if_exists("%s.signed" % efi_filename)
@@ -179,12 +195,12 @@
return filename.startswith("%s/" % self.version)
-def process_uefi(pubconf, tarfile_path, distroseries, logger=None):
- """Process a raw-uefi tarfile.
+def process_signing(pubconf, tarfile_path, distroseries, logger=None):
+ """Process a raw-uefi/raw-signing tarfile.
Unpacking it into the given archive for the given distroseries.
Raises CustomUploadError (or some subclass thereof) if anything goes
wrong.
"""
- upload = UefiUpload(logger=logger)
+ upload = SigningUpload(logger=logger)
upload.process(pubconf, tarfile_path, distroseries)
=== modified file 'lib/lp/archivepublisher/tests/test_config.py'
--- lib/lp/archivepublisher/tests/test_config.py 2016-05-03 11:11:39 +0000
+++ lib/lp/archivepublisher/tests/test_config.py 2016-05-04 15:59:08 +0000
@@ -8,6 +8,8 @@
__metaclass__ = type
+import os
+
from zope.component import getUtility
from lp.archivepublisher.config import getPubConfig
@@ -46,11 +48,19 @@
self.assertEqual(archiveroot + "-misc", primary_config.miscroot)
self.assertEqual(
self.root + "/ubuntutest-temp", primary_config.temproot)
- self.assertEqual(archiveroot + "-uefi", primary_config.uefiroot)
- self.assertFalse(primary_config.uefiautokey)
+ self.assertEqual(archiveroot + "-signing", primary_config.signingroot)
+ self.assertFalse(primary_config.signingautokey)
self.assertIs(None, primary_config.metaroot)
self.assertEqual(archiveroot + "-staging", primary_config.stagingroot)
+ def test_primary_config_compat(self):
+ # Primary archive configuration is correct.
+ archiveroot = self.root + "/ubuntutest"
+ self.addCleanup(os.rmdir, archiveroot + "-uefi")
+ os.makedirs(archiveroot + "-uefi")
+ primary_config = getPubConfig(self.ubuntutest.main_archive)
+ self.assertEqual(archiveroot + "-uefi", primary_config.signingroot)
+
def test_partner_config(self):
# Partner archive configuration is correct.
# The publisher config for PARTNER contains only 'partner' in its
@@ -70,8 +80,8 @@
self.assertIsNone(partner_config.miscroot)
self.assertEqual(
self.root + "/ubuntutest-temp", partner_config.temproot)
- self.assertEqual(archiveroot + "-uefi", partner_config.uefiroot)
- self.assertFalse(partner_config.uefiautokey)
+ self.assertEqual(archiveroot + "-signing", partner_config.signingroot)
+ self.assertFalse(partner_config.signingautokey)
self.assertIs(None, partner_config.metaroot)
self.assertEqual(archiveroot + "-staging", partner_config.stagingroot)
@@ -93,8 +103,8 @@
self.assertEqual(archiveroot + "-cache", copy_config.cacheroot)
self.assertEqual(archiveroot + "-misc", copy_config.miscroot)
self.assertEqual(archiveroot + "-temp", copy_config.temproot)
- self.assertIsNone(copy_config.uefiroot)
- self.assertFalse(copy_config.uefiautokey)
+ self.assertIsNone(copy_config.signingroot)
+ self.assertFalse(copy_config.signingautokey)
self.assertIs(None, copy_config.metaroot)
self.assertIs(None, copy_config.stagingroot)
@@ -131,10 +141,10 @@
self.assertIsNone(self.ppa_config.miscroot)
self.assertEqual(
"/var/tmp/archive/ubuntutest-temp", self.ppa_config.temproot)
- uefiroot = "/var/tmp/ppa-signing-keys.test/uefi/%s/%s" % (
+ signingroot = "/var/tmp/ppa-signing-keys.test/signing/%s/%s" % (
self.ppa.owner.name, self.ppa.name)
- self.assertEqual(uefiroot, self.ppa_config.uefiroot)
- self.assertTrue(self.ppa_config.uefiautokey)
+ self.assertEqual(signingroot, self.ppa_config.signingroot)
+ self.assertTrue(self.ppa_config.signingautokey)
self.assertIs(None, self.ppa_config.metaroot)
self.assertIs(None, self.ppa_config.stagingroot)
@@ -166,10 +176,10 @@
"/var/tmp/archive/ubuntutest-temp", p3a_config.temproot)
# It's OK for the signing keys to be in the same location as for
# public PPAs, as the owner/name namespace is shared.
- uefiroot = "/var/tmp/ppa-signing-keys.test/uefi/%s/%s" % (
+ signingroot = "/var/tmp/ppa-signing-keys.test/signing/%s/%s" % (
p3a.owner.name, p3a.name)
- self.assertEqual(uefiroot, p3a_config.uefiroot)
- self.assertTrue(self.ppa_config.uefiautokey)
+ self.assertEqual(signingroot, p3a_config.signingroot)
+ self.assertTrue(self.ppa_config.signingautokey)
self.assertIs(None, p3a_config.metaroot)
self.assertIs(None, p3a_config.stagingroot)
@@ -186,3 +196,23 @@
ubuntu_ppa.owner.name, ubuntu_ppa.name),
getPubConfig(ubuntu_ppa).metaroot)
self.assertIs(None, getPubConfig(test_ppa).metaroot)
+
+
+class TestGetPubConfigPPACompatUefi(TestCaseWithFactory):
+
+ layer = ZopelessDatabaseLayer
+
+ def setUp(self):
+ super(TestGetPubConfigPPACompatUefi, self).setUp()
+ self.ubuntutest = getUtility(IDistributionSet)['ubuntutest']
+ self.ppa = self.factory.makeArchive(
+ distribution=self.ubuntutest, purpose=ArchivePurpose.PPA)
+ signingroot = "/var/tmp/ppa-signing-keys.test/uefi"
+ self.addCleanup(os.rmdir, signingroot)
+ os.makedirs(signingroot)
+ self.ppa_config = getPubConfig(self.ppa)
+
+ def test_ppa_uefi_config(self):
+ signingroot = "/var/tmp/ppa-signing-keys.test/uefi/%s/%s" % (
+ self.ppa.owner.name, self.ppa.name)
+ self.assertEqual(signingroot, self.ppa_config.signingroot)
=== modified file 'lib/lp/archivepublisher/tests/test_ftparchive.py'
--- lib/lp/archivepublisher/tests/test_ftparchive.py 2016-04-05 02:07:48 +0000
+++ lib/lp/archivepublisher/tests/test_ftparchive.py 2016-05-04 15:59:08 +0000
@@ -552,9 +552,10 @@
self._addRepositoryFile("main", "tiny", "tiny_0.1.tar.gz")
self._addRepositoryFile("main", "tiny", "tiny_0.1_i386.deb")
comp_dir = os.path.join(self._distsdir, "hoary-test", "main")
- os.makedirs(os.path.join(comp_dir, "uefi"))
- with open(os.path.join(comp_dir, "uefi", "stuff"), "w"):
+ os.makedirs(os.path.join(comp_dir, "signed"))
+ with open(os.path.join(comp_dir, "signed", "stuff"), "w"):
pass
+ os.symlink("signed", os.path.join(comp_dir, "uefi"))
os.makedirs(os.path.join(comp_dir, "i18n"))
for name in ("Translation-de", "Translation-de.gz", "Translation-en",
"Translation-en.Z"):
@@ -602,6 +603,9 @@
self.assertContentEqual(
["Sources.gz", "Sources.xz"],
os.listdir(os.path.join(comp_dir, "source")))
+ self.assertEqual(
+ ["stuff"],
+ os.listdir(os.path.join(comp_dir, "signed")))
self.assertEqual(["stuff"], os.listdir(os.path.join(comp_dir, "uefi")))
self.assertContentEqual(
["Translation-de", "Translation-de.gz", "Translation-en.gz",
=== renamed file 'lib/lp/archivepublisher/tests/test_uefi.py' => 'lib/lp/archivepublisher/tests/test_signing.py'
--- lib/lp/archivepublisher/tests/test_uefi.py 2016-05-03 13:35:16 +0000
+++ lib/lp/archivepublisher/tests/test_signing.py 2016-05-04 15:59:08 +0000
@@ -13,7 +13,7 @@
CustomUploadAlreadyExists,
CustomUploadBadUmask,
)
-from lp.archivepublisher.uefi import UefiUpload
+from lp.archivepublisher.signing import SigningUpload
from lp.services.osutils import write_file
from lp.services.tarfile_helpers import LaunchpadWriteTarFile
from lp.testing import TestCase
@@ -35,20 +35,20 @@
class FakeConfig:
"""A fake publisher configuration for the main archive."""
- def __init__(self, distroroot, uefiroot):
+ def __init__(self, distroroot, signingroot):
self.distroroot = distroroot
- self.uefiroot = uefiroot
+ self.signingroot = signingroot
self.archiveroot = os.path.join(self.distroroot, 'ubuntu')
- self.uefiautokey = False
+ self.signingautokey = False
class FakeConfigPPA:
"""A fake publisher configuration for a PPA."""
- def __init__(self, distroroot, uefiroot, owner, ppa):
+ def __init__(self, distroroot, signingroot, owner, ppa):
self.distroroot = distroroot
- self.uefiroot = uefiroot
+ self.signingroot = signingroot
self.archiveroot = os.path.join(self.distroroot, owner, ppa, 'ubuntu')
- self.uefiautokey = True
+ self.signingautokey = True
class TestUefi(TestCase):
@@ -56,21 +56,21 @@
def setUp(self):
super(TestUefi, self).setUp()
self.temp_dir = self.makeTemporaryDirectory()
- self.uefi_dir = self.makeTemporaryDirectory()
- self.pubconf = FakeConfig(self.temp_dir, self.uefi_dir)
+ self.signing_dir = self.makeTemporaryDirectory()
+ self.pubconf = FakeConfig(self.temp_dir, self.signing_dir)
self.suite = "distroseries"
# CustomUpload.installFiles requires a umask of 0o022.
old_umask = os.umask(0o022)
self.addCleanup(os.umask, old_umask)
def setUpPPA(self):
- self.pubconf = FakeConfigPPA(self.temp_dir, self.uefi_dir,
+ self.pubconf = FakeConfigPPA(self.temp_dir, self.signing_dir,
'ubuntu-archive', 'testing')
self.testcase_cn = '/CN=PPA ubuntu-archive testing/'
def setUpKeyAndCert(self, create=True):
- self.key = os.path.join(self.uefi_dir, "uefi.key")
- self.cert = os.path.join(self.uefi_dir, "uefi.crt")
+ self.key = os.path.join(self.signing_dir, "uefi.key")
+ self.cert = os.path.join(self.signing_dir, "uefi.crt")
if create:
write_file(self.key, "")
write_file(self.cert, "")
@@ -85,7 +85,7 @@
self.archive.close()
self.buffer.close()
fake_call = FakeMethod()
- upload = UefiUpload()
+ upload = SigningUpload()
upload.signUefi = FakeMethod()
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
upload.process(self.pubconf, self.path, self.suite)
@@ -94,6 +94,11 @@
return upload
+ def getSignedPath(self, loader_type, arch):
+ return os.path.join(
+ self.pubconf.archiveroot, "dists", self.suite, "main", "signed",
+ "%s-%s" % (loader_type, arch))
+
def getUefiPath(self, loader_type, arch):
return os.path.join(
self.pubconf.archiveroot, "dists", self.suite, "main", "uefi",
@@ -124,7 +129,7 @@
self.archive.add_file("1.0/hello", "world")
upload = self.process()
self.assertTrue(os.path.exists(os.path.join(
- self.getUefiPath("empty", "amd64"), "1.0", "hello")))
+ self.getSignedPath("empty", "amd64"), "1.0", "hello")))
self.assertEqual(0, upload.signUefi.call_count)
def test_already_exists(self):
@@ -132,7 +137,7 @@
self.setUpKeyAndCert()
self.openArchive("test", "1.0", "amd64")
self.archive.add_file("1.0/empty.efi", "")
- os.makedirs(os.path.join(self.getUefiPath("test", "amd64"), "1.0"))
+ os.makedirs(os.path.join(self.getSignedPath("test", "amd64"), "1.0"))
self.assertRaises(CustomUploadAlreadyExists, self.process)
def test_bad_umask(self):
@@ -149,7 +154,7 @@
self.setUpKeyAndCert()
fake_call = FakeMethod()
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
- upload = UefiUpload()
+ upload = SigningUpload()
upload.generateUefiKeys = FakeMethod()
upload.setTargetDirectory(
self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")
@@ -169,7 +174,7 @@
self.setUpKeyAndCert(create=False)
fake_call = FakeMethod()
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
- upload = UefiUpload()
+ upload = SigningUpload()
upload.generateUefiKeys = FakeMethod()
upload.setTargetDirectory(
self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")
@@ -184,7 +189,7 @@
self.setUpKeyAndCert(create=False)
fake_call = FakeMethod()
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
- upload = UefiUpload()
+ upload = SigningUpload()
upload.setTargetDirectory(
self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")
upload.generateUefiKeys()
@@ -213,6 +218,8 @@
self.archive.add_file("1.0/empty.efi", "")
self.process()
self.assertTrue(os.path.exists(os.path.join(
+ self.getSignedPath("test", "amd64"), "1.0", "empty.efi")))
+ self.assertTrue(os.path.exists(os.path.join(
self.getUefiPath("test", "amd64"), "1.0", "empty.efi")))
def test_create_uefi_keys_autokey_off(self):
@@ -222,7 +229,7 @@
self.assertFalse(os.path.exists(self.cert))
fake_call = FakeMethod()
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
- upload = UefiUpload()
+ upload = SigningUpload()
upload.generateUefiKeys = FakeMethodGenUefiKeys(upload=upload)
upload.setTargetDirectory(
self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")
@@ -239,7 +246,7 @@
self.assertFalse(os.path.exists(self.cert))
fake_call = FakeMethod()
self.useFixture(MonkeyPatch("subprocess.call", fake_call))
- upload = UefiUpload()
+ upload = SigningUpload()
upload.generateUefiKeys = FakeMethodGenUefiKeys(upload=upload)
upload.setTargetDirectory(
self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")
=== modified file 'lib/lp/archiveuploader/nascentuploadfile.py'
--- lib/lp/archiveuploader/nascentuploadfile.py 2015-01-28 17:54:34 +0000
+++ lib/lp/archiveuploader/nascentuploadfile.py 2016-05-04 15:59:08 +0000
@@ -33,7 +33,7 @@
from lp.archivepublisher.debian_installer import DebianInstallerUpload
from lp.archivepublisher.dist_upgrader import DistUpgraderUpload
from lp.archivepublisher.rosetta_translations import RosettaTranslationsUpload
-from lp.archivepublisher.uefi import UefiUpload
+from lp.archivepublisher.signing import SigningUpload
from lp.archiveuploader.utils import (
determine_source_file_type,
prefix_multi_line_string,
@@ -258,7 +258,8 @@
PackageUploadCustomFormat.STATIC_TRANSLATIONS,
'raw-meta-data':
PackageUploadCustomFormat.META_DATA,
- 'raw-uefi': PackageUploadCustomFormat.UEFI,
+ 'raw-signing': PackageUploadCustomFormat.SIGNING,
+ 'raw-uefi': PackageUploadCustomFormat.SIGNING, # Compatibility
}
custom_handlers = {
@@ -267,7 +268,7 @@
PackageUploadCustomFormat.DDTP_TARBALL: DdtpTarballUpload,
PackageUploadCustomFormat.ROSETTA_TRANSLATIONS:
RosettaTranslationsUpload,
- PackageUploadCustomFormat.UEFI: UefiUpload,
+ PackageUploadCustomFormat.SIGNING: SigningUpload,
}
@property
@@ -306,8 +307,9 @@
def autoApprove(self):
"""Return whether this custom upload can be automatically approved."""
- # UEFI uploads are signed, and must therefore be approved by a human.
- if self.custom_type == PackageUploadCustomFormat.UEFI:
+ # Signing uploads will be signed, and must therefore be approved
+ # by a human.
+ if self.custom_type == PackageUploadCustomFormat.SIGNING:
return False
return True
=== modified file 'lib/lp/archiveuploader/tests/test_nascentuploadfile.py'
--- lib/lp/archiveuploader/tests/test_nascentuploadfile.py 2015-03-04 13:06:02 +0000
+++ lib/lp/archiveuploader/tests/test_nascentuploadfile.py 2016-05-04 15:59:08 +0000
@@ -161,10 +161,16 @@
"bla.txt", "data", "main/raw-installer", "extra")
self.assertTrue(uploadfile.autoApprove())
+ def test_uefi_not_auto_approved_compat(self):
+ # UEFI uploads are auto-approved.
+ uploadfile = self.createCustomUploadFile(
+ "bla.txt", "data", "main/raw-uefi", "extra")
+ self.assertFalse(uploadfile.autoApprove())
+
def test_uefi_not_auto_approved(self):
# UEFI uploads are auto-approved.
uploadfile = self.createCustomUploadFile(
- "bla.txt", "data", "main/raw-uefi", "extra")
+ "bla.txt", "data", "main/raw-signing", "extra")
self.assertFalse(uploadfile.autoApprove())
=== modified file 'lib/lp/archiveuploader/tests/test_uploadpolicy.py'
--- lib/lp/archiveuploader/tests/test_uploadpolicy.py 2013-08-01 14:09:45 +0000
+++ lib/lp/archiveuploader/tests/test_uploadpolicy.py 2016-05-04 15:59:08 +0000
@@ -304,6 +304,17 @@
upload.changes = FakeChangesFile(custom_files=[uploadfile])
self.assertFalse(buildd_policy.autoApprove(upload))
+ def test_buildd_does_not_approve_signed(self):
+ # Uploads to the primary archive containing files for signing are
+ # not approved.
+ buildd_policy = findPolicyByName("buildd")
+ uploadfile = CustomUploadFile(
+ "uefi.tar.gz", None, 0, "main/raw-signing", "extra", buildd_policy,
+ None)
+ upload = make_fake_upload(binaryful=True)
+ upload.changes = FakeChangesFile(custom_files=[uploadfile])
+ self.assertFalse(buildd_policy.autoApprove(upload))
+
def test_buildd_approves_uefi_ppa(self):
# Uploads to PPAs containing UEFI custom files are auto-approved.
buildd_policy = findPolicyByName("buildd")
@@ -313,3 +324,13 @@
upload = make_fake_upload(binaryful=True, is_ppa=True)
upload.changes = FakeChangesFile(custom_files=[uploadfile])
self.assertTrue(buildd_policy.autoApprove(upload))
+
+ def test_buildd_approves_signing_ppa(self):
+ # Uploads to PPAs containing UEFI custom files are auto-approved.
+ buildd_policy = findPolicyByName("buildd")
+ uploadfile = CustomUploadFile(
+ "uefi.tar.gz", None, 0, "main/raw-signing", "extra", buildd_policy,
+ None)
+ upload = make_fake_upload(binaryful=True, is_ppa=True)
+ upload.changes = FakeChangesFile(custom_files=[uploadfile])
+ self.assertTrue(buildd_policy.autoApprove(upload))
=== modified file 'lib/lp/soyuz/browser/queue.py'
--- lib/lp/soyuz/browser/queue.py 2015-07-09 20:06:17 +0000
+++ lib/lp/soyuz/browser/queue.py 2016-05-04 15:59:08 +0000
@@ -574,7 +574,7 @@
(self.contains_installer, ("Installer", 'ubuntu-icon')),
(self.contains_upgrader, ("Upgrader", 'ubuntu-icon')),
(self.contains_ddtp, (ddtp, 'ubuntu-icon')),
- (self.contains_uefi, ("Signed UEFI boot loader", 'ubuntu-icon')),
+ (self.contains_signing, ("Signing", 'ubuntu-icon')),
]
return [
self.composeIcon(*details)
=== modified file 'lib/lp/soyuz/configure.zcml'
--- lib/lp/soyuz/configure.zcml 2016-03-22 12:51:03 +0000
+++ lib/lp/soyuz/configure.zcml 2016-05-04 15:59:08 +0000
@@ -168,6 +168,7 @@
contains_installer
contains_upgrader
contains_ddtp
+ contains_signing
contains_uefi
displayname
displayarchs
=== modified file 'lib/lp/soyuz/enums.py'
--- lib/lp/soyuz/enums.py 2016-02-05 20:28:29 +0000
+++ lib/lp/soyuz/enums.py 2016-05-04 15:59:08 +0000
@@ -481,10 +481,10 @@
the Software Center.
""")
- UEFI = DBItem(6, """
- uefi
+ SIGNING = DBItem(6, """
+ signing
- A UEFI boot loader image to be signed.
+ A tarball containing images to be signed.
""")
=== modified file 'lib/lp/soyuz/interfaces/queue.py'
--- lib/lp/soyuz/interfaces/queue.py 2015-09-03 15:14:07 +0000
+++ lib/lp/soyuz/interfaces/queue.py 2016-05-04 15:59:08 +0000
@@ -264,8 +264,11 @@
"whether or not this upload contains upgrader images")
contains_ddtp = Attribute(
"whether or not this upload contains DDTP images")
+ contains_signing = Attribute(
+ "whether or not this upload contains signing images")
contains_uefi = Attribute(
- "whether or not this upload contains a signed UEFI boot loader image")
+ "whether or not this upload contains a signed UEFI boot loader image" +
+ " (deprecated)")
isPPA = Attribute(
"Return True if this PackageUpload is a PPA upload.")
=== modified file 'lib/lp/soyuz/model/queue.py'
--- lib/lp/soyuz/model/queue.py 2016-03-14 23:42:45 +0000
+++ lib/lp/soyuz/model/queue.py 2016-05-04 15:59:08 +0000
@@ -665,9 +665,11 @@
return PackageUploadCustomFormat.DDTP_TARBALL in self._customFormats
@cachedproperty
- def contains_uefi(self):
+ def contains_signing(self):
"""See `IPackageUpload`."""
- return PackageUploadCustomFormat.UEFI in self._customFormats
+ return PackageUploadCustomFormat.SIGNING in self._customFormats
+
+ contains_uefi = contains_signing
@property
def package_name(self):
@@ -1462,13 +1464,13 @@
self.libraryfilealias.open()
copy_and_close(self.libraryfilealias, file_obj)
- def publishUefi(self, logger=None):
+ def publishSigning(self, logger=None):
"""See `IPackageUploadCustom`."""
# XXX cprov 2005-03-03: We need to use the Zope Component Lookup
# to instantiate the object in question and avoid circular imports
- from lp.archivepublisher.uefi import process_uefi
+ from lp.archivepublisher.signing import process_signing
- self._publishCustom(process_uefi, logger=logger)
+ self._publishCustom(process_signing, logger=logger)
publisher_dispatch = {
PackageUploadCustomFormat.DEBIAN_INSTALLER: publishDebianInstaller,
@@ -1479,7 +1481,7 @@
PackageUploadCustomFormat.STATIC_TRANSLATIONS:
publishStaticTranslations,
PackageUploadCustomFormat.META_DATA: publishMetaData,
- PackageUploadCustomFormat.UEFI: publishUefi,
+ PackageUploadCustomFormat.SIGNING: publishSigning,
}
# publisher_dispatch must have an entry for each value of
=== modified file 'lib/lp/soyuz/scripts/custom_uploads_copier.py'
--- lib/lp/soyuz/scripts/custom_uploads_copier.py 2013-10-10 18:47:16 +0000
+++ lib/lp/soyuz/scripts/custom_uploads_copier.py 2016-05-04 15:59:08 +0000
@@ -18,7 +18,7 @@
from lp.archivepublisher.debian_installer import DebianInstallerUpload
from lp.archivepublisher.dist_upgrader import DistUpgraderUpload
from lp.archivepublisher.rosetta_translations import RosettaTranslationsUpload
-from lp.archivepublisher.uefi import UefiUpload
+from lp.archivepublisher.signing import SigningUpload
from lp.registry.interfaces.pocket import PackagePublishingPocket
from lp.services.database.bulk import load_referencing
from lp.soyuz.enums import PackageUploadCustomFormat
@@ -40,7 +40,7 @@
PackageUploadCustomFormat.DDTP_TARBALL: DdtpTarballUpload,
PackageUploadCustomFormat.ROSETTA_TRANSLATIONS:
RosettaTranslationsUpload,
- PackageUploadCustomFormat.UEFI: UefiUpload,
+ PackageUploadCustomFormat.SIGNING: SigningUpload,
}
def __init__(self, target_series,
@@ -61,8 +61,9 @@
if (custom.packageupload.archive.is_ppa or
custom.packageupload.archive == source_archive):
return True
- # UEFI uploads are signed, and must therefore be approved by a human.
- if custom.customformat == PackageUploadCustomFormat.UEFI:
+ # Signing uploads will be signed, and must therefore be approved
+ # by a human.
+ if custom.customformat == PackageUploadCustomFormat.SIGNING:
return False
return True
=== modified file 'lib/lp/soyuz/scripts/tests/test_custom_uploads_copier.py'
--- lib/lp/soyuz/scripts/tests/test_custom_uploads_copier.py 2013-10-10 18:47:16 +0000
+++ lib/lp/soyuz/scripts/tests/test_custom_uploads_copier.py 2016-05-04 15:59:08 +0000
@@ -408,36 +408,36 @@
copied_pu = copier.copyUpload(original_upload).packageupload
self.assertEqual(PackageUploadStatus.ACCEPTED, copied_pu.status)
- def test_copyUpload_unapproves_uefi_from_different_archive(self):
+ def test_copyUpload_unapproves_signing_from_different_archive(self):
# Copies of UEFI custom uploads to a primary archive are set to
# UNAPPROVED, since they will normally end up being signed.
target_series = self.factory.makeDistroSeries()
archive = self.factory.makeArchive(
distribution=target_series.distribution)
original_upload = self.makeUpload(
- archive=archive, custom_type=PackageUploadCustomFormat.UEFI)
+ archive=archive, custom_type=PackageUploadCustomFormat.SIGNING)
copier = CustomUploadsCopier(
target_series, target_archive=target_series.main_archive)
copied_pu = copier.copyUpload(original_upload).packageupload
self.assertEqual(PackageUploadStatus.UNAPPROVED, copied_pu.status)
- def test_copyUpload_approves_uefi_from_same_archive(self):
+ def test_copyUpload_approves_signing_from_same_archive(self):
# Copies of UEFI custom uploads within the same archive are
# automatically accepted, since they have already been signed.
original_upload = self.makeUpload(
- custom_type=PackageUploadCustomFormat.UEFI)
+ custom_type=PackageUploadCustomFormat.SIGNING)
target_series = self.factory.makeDistroSeries()
copier = CustomUploadsCopier(target_series)
copied_pu = copier.copyUpload(original_upload).packageupload
self.assertEqual(PackageUploadStatus.ACCEPTED, copied_pu.status)
- def test_copyUpload_approves_uefi_to_ppa(self):
+ def test_copyUpload_approves_signing_to_ppa(self):
# Copies of UEFI custom uploads to a PPA are automatically accepted,
# since PPAs have much more limited upload permissions than the main
# archive, and in any case PPAs do not have an upload approval
# workflow.
original_upload = self.makeUpload(
- custom_type=PackageUploadCustomFormat.UEFI)
+ custom_type=PackageUploadCustomFormat.SIGNING)
target_series = self.factory.makeDistroSeries()
target_archive = self.factory.makeArchive(
distribution=target_series.distribution)
Follow ups
