From: Joerg Jaspert Date: Mon, 24 Nov 2008 19:45:42 +0000 (+0100) Subject: binary-upload-restrictions removed X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60fe2e4c0d8a13833058830e5f88db3256082fdf;p=dak binary-upload-restrictions removed unused code. thanks to gr... Signed-off-by: Joerg Jaspert --- diff --git a/ChangeLog b/ChangeLog index b268bac1..d277537e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2008-11-24 Joerg Jaspert + * dak/process_unchecked.py (check_signed_by_key): remove the + binary-upload restriction stuff. unused. + * config/debian-security/apt.conf.buildd: byebye sarge * scripts/nfu/get-w-b-db: remove m68k @@ -7,6 +10,7 @@ * scripts/debian/update-ftpstats: remove m68k * config/debian/dak.conf: remove m68k + remove the binary-upload-restrictions * config/debian/vars (archs): Remove m68k diff --git a/config/debian/dak.conf b/config/debian/dak.conf index c5a87ca1..6816206f 100644 --- a/config/debian/dak.conf +++ b/config/debian/dak.conf @@ -43,56 +43,6 @@ Transitions TempPath "/srv/ftp.debian.org/tmp/"; }; -Binary-Upload-Restrictions -{ - Components - { - //main; - //contrib; - // Yay for consensus through GRs voted on by people not actually involved in the affected architectures - none; - }; - unstable - { - arm - { - 9BF093BC475BABF8B6AEA5F6D7C3F131AB2A91F5; - 70BC7F9D8C60D2265B7076A23760DBCFFD6645AB; - F849E2025D1C194DE62BC6C829BE5D2268FD549F; - }; - alpha - { - 9BF093BC475BABF8B6AEA5F6D7C3F131AB2A91F5; - 70BC7F9D8C60D2265B7076A23760DBCFFD6645AB; - }; - }; -}; - -Binary-Upload-Restrictions -{ - Components - { - //main; - //contrib; - // Yay for consensus through GRs voted on by people not actually involved in the affected architectures - none; - }; - unstable - { - arm - { - 9BF093BC475BABF8B6AEA5F6D7C3F131AB2A91F5; - 70BC7F9D8C60D2265B7076A23760DBCFFD6645AB; - F849E2025D1C194DE62BC6C829BE5D2268FD549F; - }; - alpha - { - 9BF093BC475BABF8B6AEA5F6D7C3F131AB2A91F5; - 70BC7F9D8C60D2265B7076A23760DBCFFD6645AB; - }; - }; -}; - Generate-Index-Diffs { Options diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index 84f99124..167fd63a 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -1077,42 +1077,6 @@ def check_signed_by_key(): if files[f].has_key("new"): reject("%s may not upload NEW file %s" % (uid, f)) - # The remaining checks only apply to binary-only uploads right now - if changes["architecture"].has_key("source"): - return - - if not Cnf.Exists("Binary-Upload-Restrictions"): - return - - restrictions = Cnf.SubTree("Binary-Upload-Restrictions") - - # If the restrictions only apply to certain components make sure - # that the upload is actual targeted there. - if restrictions.Exists("Components"): - restricted_components = restrictions.SubTree("Components").ValueList() - is_restricted = False - for f in files: - if files[f]["component"] in restricted_components: - is_restricted = True - break - if not is_restricted: - return - - # Assuming binary only upload restrictions are in place we then - # iterate over suite and architecture checking the key is in the - # allowed list. If no allowed list exists for a given suite or - # architecture it's assumed to be open to anyone. - for suite in changes["distribution"].keys(): - if not restrictions.Exists(suite): - continue - for arch in changes["architecture"].keys(): - if not restrictions.SubTree(suite).Exists(arch): - continue - allowed_keys = restrictions.SubTree("%s::%s" % (suite, arch)).ValueList() - if changes["fingerprint"] not in allowed_keys: - base_filename = os.path.basename(pkg.changes_file) - reject("%s: not signed by authorised uploader for %s/%s" - % (base_filename, suite, arch)) ################################################################################ ################################################################################