From: Joerg Jaspert Date: Fri, 21 Mar 2008 15:39:38 +0000 (+0100) Subject: * dak/edit_transitions.py (edit_transitions): Use sudo to copy the X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc84d6c454b5345b7991e1f6b1a163d1a0d98b2d;p=dak * dak/edit_transitions.py (edit_transitions): Use sudo to copy the edited file back in place (check_transitions): Use proper locking and also use sudo to copy the new file in place --- diff --git a/ChangeLog b/ChangeLog index d269ff65..8766c80f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2008-03-21 Joerg Jaspert + + * dak/edit_transitions.py (edit_transitions): Use sudo to copy the + edited file back in place + (check_transitions): Use proper locking and also use sudo to copy + the new file in place + 2008-03-21 Anthony Towns * config/debian/extensions.py: Add infrastructure for replacing diff --git a/dak/edit_transitions.py b/dak/edit_transitions.py index 15cc8dc4..1b8376ab 100755 --- a/dak/edit_transitions.py +++ b/dak/edit_transitions.py @@ -104,7 +104,7 @@ def edit_transitions(): tempfile = "./%s.transition.tmp" % (os.getpid() ) - lockfile="%s.lock" % (tempfile) + lockfile="/tmp/transitions.lock" lock_file(lockfile) daklib.utils.copy(trans_file, tempfile) @@ -144,7 +144,11 @@ def edit_transitions(): break # We seem to be done and also have a working file. Copy over. - daklib.utils.copy(tempfile, trans_file, True) + # We are not using daklib.utils.copy here, as we use sudo to get this file copied, to + # limit the rights needed to edit transitions + os.spawnl(os.P_WAIT, "/usr/bin/sudo", "/usr/bin/sudo", "-u", "dak", "-H", + "cp", tempfile, trans_file) + os.unlink(tempfile) os.unlink(lockfile) @@ -230,7 +234,6 @@ def check_transitions(transitions): print "Transition source %s not in testing, transition still ongoing." % (source) else: compare = apt_pkg.VersionCompare(current, expected) - print "Apt compare says: %s" % (compare) if compare < 0: # This is still valid, the current version in database is older than # the new version we wait for @@ -266,14 +269,25 @@ def check_transitions(transitions): print "Committing" for remove in to_remove: del transitions[remove] - destfile = file(Cnf["Dinstall::Reject::ReleaseTransitions"], 'w') + + lockfile="/tmp/transitions.lock" + lock_file(lockfile) + tempfile = "./%s.transition.tmp" % (os.getpid() ) + + destfile = file(tempfile, 'w') syck.dump(transitions, destfile) + destfile.close() + + os.spawnl(os.P_WAIT, "/usr/bin/sudo", "/usr/bin/sudo", "-u", "dak", "-H", + "cp", tempfile, Cnf["Dinstall::Reject::ReleaseTransitions"]) + + os.unlink(tempfile) + os.unlink(lockfile) print "Done" else: print "WTF are you typing?" sys.exit(0) - ################################################################################ def main():