Launchpad itself

lib/canonical/launchpad/doc/publishing-security.txt (+48/-47)
lib/canonical/launchpad/doc/tales.txt (+33/-28)
lib/lp/registry/browser/tests/person-views.txt (+5/-7)
lib/lp/soyuz/browser/tests/archive-views.txt (+14/-22)
lib/lp/soyuz/browser/tests/archivesubscription-views.txt (+16/-15)
lib/lp/soyuz/browser/tests/builder-views.txt (+4/-4)
lib/lp/soyuz/doc/archive-dependencies.txt (+35/-26)
lib/lp/soyuz/doc/buildd-slavescanner.txt (+32/-22)
lib/lp/testing/factory.py (+7/-3)

To merge this branch:

bzr merge lp:~michael.nelson/launchpad/ppa-privatisation-test-refactor3

High

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Henning Eggers (community)	code	2010-02-22	Approve on 2010-02-23
Review via email: mp+19864@code.launchpad.net

Revision history for this message

Michael Nelson (michael.nelson) wrote on 2010-02-22:

This is the third branch in a series to refactor soyuz tests after fixing bug 506203.

The MP for the branch that actually fixed the bug is at:

https://code.edge.launchpad.net/~michael.nelson/launchpad/506203-ppa-privatisation-check/+merge/19415

The fix ensures that the privacy of a PPA cannot be altered once it has packages published. Unfortunately most of our test infrastructure does exactly that (switches the privacy to do a few tests and then switches it back).

The complete test breakages are as follows:
http://pastebin.ubuntu.com/378292/

This branch fixes:

bin/test -vv -t publishing-security.txt -t tales.txt -t person-views.txt -t archive-views.txt -t archivesubscription-views.txt -t builder-views.txt -t archive-dependencies.txt -t buildd-slavescanner.txt

Thanks.

Revision history for this message

Henning Eggers (henninge) wrote on 2010-02-23:

Download full text (24.6 KiB)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Michael!

Sorry for the delay. This branch looks mostly good but I have a few
stylistic issues about comments in doctests and a couple of long lines.
The only real test issue is about 'foo.bar'. Please consider that and if
I am wrong, ignore my comment. ;-)

You are good to land this when these issues have been attended to.

review approve code

Thank you for your good work! ;-)

Cheers,
Hennig

> === modified file 'lib/canonical/launchpad/doc/publishing-security.txt'
> --- lib/canonical/launchpad/doc/publishing-security.txt 2009-04-16 16:05:48 +0000
> +++ lib/canonical/launchpad/doc/publishing-security.txt 2010-02-22 13:52:24 +0000
> @@ -8,50 +8,49 @@
> are no restrictions. For those attached to a private archive, only those able
> to view the archive, or admins, can see the publication.
>
> -As an anonymous user get the first published source and binary out of cprov's
> -public PPA:
> + # Create two ppas, one public and one private and publish to both.

A comment in a doc test is very uncommon AFAIK. Since all text in here
are explanations, why not put this into the main text? "We have two
ppas, a public one and a private one. Both are published." Or something
like that.

> + >>> login('<email address hidden>')
> + >>> public_ppa = factory.makeArchive(private=False)
> + >>> private_ppa = factory.makeArchive(private=True)
> + >>> from lp.soyuz.tests.test_publishing import SoyuzTestPublisher
> + >>> test_publisher = SoyuzTestPublisher()
> + >>> test_publisher.prepareBreezyAutotest()
> + >>> ignore = test_publisher.getPubBinaries(archive=public_ppa)
> + >>> ignore = test_publisher.getPubBinaries(archive=private_ppa)
> +
> +
> +As an anonymous user we can get the first published source and binary out
> +the public PPA:
>
> >>> login(ANONYMOUS)
> -
> - >>> from canonical.launchpad.interfaces import IPersonSet
> - >>> cprov_ppa = getUtility(IPersonSet).getByName('cprov').archive
> - >>> cprov_ppa.private
> - False
> -
> - >>> source_pub = cprov_ppa.getPublishedSources()[0]
> + >>> source_pub = public_ppa.getPublishedSources()[0]
> >>> print source_pub.displayname
> - cdrkit 1.0 in breezy-autotest
> + foo 666 in breezy-autotest
>
> - >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
> + >>> binary_pub = public_ppa.getAllPublishedBinaries()[0]
> >>> print binary_pub.displayname
> - mozilla-firefox 1.0 in warty hppa
> + foo-bin 666 in breezy-autotest i386
>
> A regular user can see them too:
>
> >>> login('<email address hidden>')
> - >>> source_pub = cprov_ppa.getPublishedSources()[0]
> + >>> source_pub = public_ppa.getPublishedSources()[0]
> >>> print source_pub.displayname
> - cdrkit 1.0 in breezy-autotest
> + foo 666 in breezy-autotest
>
> - >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
> + >>> binary_pub = public_ppa.getAllPublishedBinaries()[0]
> >>> print binary_pub.displayname
> - mozilla-firefox 1.0 in warty hppa
> -
> -Now, we'll make cprov's PPA private:
> -
> - >>> login('<email address hidden>')
> - >>> cprov_ppa.private = True
> - >>> cpr...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Michael!

You are good to land this when these issues have been attended to.

review approve code

Thank you for your good work! ;-)

Cheers,
Hennig

> === modified file 'lib/canonical/launchpad/doc/publishing-security.txt'
> --- lib/canonical/launchpad/doc/publishing-security.txt	2009-04-16 16:05:48 +0000
> +++ lib/canonical/launchpad/doc/publishing-security.txt	2010-02-22 13:52:24 +0000
> @@ -8,50 +8,49 @@
>  are no restrictions.  For those attached to a private archive, only those able
>  to view the archive, or admins, can see the publication.
>  
> -As an anonymous user get the first published source and binary out of cprov's 
> -public PPA:
> +    # Create two ppas, one public and one private and publish to both.

> + >>> login('admin@canonical.com')
> + >>> public_ppa = factory.makeArchive(private=False)
> + >>> private_ppa = factory.makeArchive(private=True)
> + >>> from lp.soyuz.tests.test_publishing import SoyuzTestPublisher
> + >>> test_publisher = SoyuzTestPublisher()
> + >>> test_publisher.prepareBreezyAutotest()
> + >>> ignore = test_publisher.getPubBinaries(archive=public_ppa)
> + >>> ignore = test_publisher.getPubBinaries(archive=private_ppa)
> +
> +
> +As an anonymous user we can get the first published source and binary out
> +the public PPA:
> 
> >>> login(ANONYMOUS)
> -
> - >>> from canonical.launchpad.interfaces import IPersonSet
> - >>> cprov_ppa = getUtility(IPersonSet).getByName('cprov').archive
> - >>> cprov_ppa.private
> - False
> -
> - >>> source_pub = cprov_ppa.getPublishedSources()[0]
> + >>> source_pub = public_ppa.getPublishedSources()[0]
> >>> print source_pub.displayname
> - cdrkit 1.0 in breezy-autotest
> + foo 666 in breezy-autotest
> 
> - >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
> + >>> binary_pub = public_ppa.getAllPublishedBinaries()[0]
> >>> print binary_pub.displayname
> - mozilla-firefox 1.0 in warty hppa
> + foo-bin 666 in breezy-autotest i386
> 
> A regular user can see them too:
> 
> >>> login('no-priv@canonical.com')
> - >>> source_pub = cprov_ppa.getPublishedSources()[0]
> + >>> source_pub = public_ppa.getPublishedSources()[0]
> >>> print source_pub.displayname
> - cdrkit 1.0 in breezy-autotest
> + foo 666 in breezy-autotest
> 
> - >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
> + >>> binary_pub = public_ppa.getAllPublishedBinaries()[0]
> >>> print binary_pub.displayname
> - mozilla-firefox 1.0 in warty hppa
> -
> -Now, we'll make cprov's PPA private:
> -
> - >>> login('admin@canonical.com')
> - >>> cprov_ppa.private = True
> - >>> cprov_ppa.buildd_secret = "blah"
> -
> -Anonymous access will now be refused:
> + foo-bin 666 in breezy-autotest i386
> +
> +But when querying the private PPA, anonymous access will be refused:
> 
> >>> login(ANONYMOUS)
> - >>> source_pub = cprov_ppa.getPublishedSources()[0]
> + >>> source_pub = private_ppa.getPublishedSources()[0]
> Traceback (most recent call last):
> ...
> Unauthorized:...
> 
> - >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
> + >>> binary_pub = private_ppa.getAllPublishedBinaries()[0]
> Traceback (most recent call last):
> ...
> Unauthorized:...
> @@ -59,35 +58,35 @@
> As is for a regular user.
> 
> >>> login('no-priv@canonical.com')
> - >>> source_pub = cprov_ppa.getPublishedSources()[0]
> - Traceback (most recent call last):
> - ...
> - Unauthorized:...
> -
> - >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
> - Traceback (most recent call last):
> - ...
> - Unauthorized:...
> -
> -But cprov himself can see them:
> -
> - >>> login('celso.providelo@canonical.com')
> - >>> source_pub = cprov_ppa.getPublishedSources()[0]
> + >>> source_pub = private_ppa.getPublishedSources()[0]
> + Traceback (most recent call last):
> + ...
> + Unauthorized:...
> +
> + >>> binary_pub = private_ppa.getAllPublishedBinaries()[0]
> + Traceback (most recent call last):
> + ...
> + Unauthorized:...
> +
> +But the owner can see them.
> +
> + >>> login_person(private_ppa.owner)
> + >>> source_pub = private_ppa.getPublishedSources()[0]
> >>> print source_pub.displayname
> - cdrkit 1.0 in breezy-autotest
> + foo 666 in breezy-autotest
> 
> - >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
> + >>> binary_pub = private_ppa.getAllPublishedBinaries()[0]
> >>> print binary_pub.displayname
> - mozilla-firefox 1.0 in warty hppa
> + foo-bin 666 in breezy-autotest i386
> 
> As can an administrator.
> 
> >>> login('admin@canonical.com')
> - >>> source_pub = cprov_ppa.getPublishedSources()[0]
> + >>> source_pub = private_ppa.getPublishedSources()[0]
> >>> print source_pub.displayname
> - cdrkit 1.0 in breezy-autotest
> + foo 666 in breezy-autotest
> 
> - >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
> + >>> binary_pub = private_ppa.getAllPublishedBinaries()[0]
> >>> print binary_pub.displayname
> - mozilla-firefox 1.0 in warty hppa
> + foo-bin 666 in breezy-autotest i386
> 
> 
> === modified file 'lib/canonical/launchpad/doc/tales.txt'
> --- lib/canonical/launchpad/doc/tales.txt	2010-02-16 16:31:24 +0000
> +++ lib/canonical/launchpad/doc/tales.txt	2010-02-22 13:52:24 +0000
> @@ -126,55 +126,59 @@
> for referring to them in other pages and a 'reference' formatter which
> displays the unique ppa reference.
> 
> - >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
> - <a href="/~mark/+archive/ppa"
> - class="sprite ppa-icon">PPA for Mark Shuttleworth</a>
> - >>> print test_tales("ppa/fmt:reference", ppa=mark.archive)
> - ppa:mark/ppa
> + >>> login('admin@canonical.com')
> + >>> owner = factory.makePerson(name="joe", displayname="Joe Smith")
> + >>> public_ppa = factory.makeArchive(
> + ... name='ppa', private=False, owner=owner)
> + >>> login(ANONYMOUS)
> + >>> print test_tales("ppa/fmt:link", ppa=public_ppa)
> + <a href="/~joe/+archive/ppa"
> + class="sprite ppa-icon">PPA for Joe Smith</a>
> + >>> print test_tales("ppa/fmt:reference", ppa=public_ppa)
> + ppa:joe/ppa
> 
> Disabled PPAs links use a different icon and are only linkified for
> users with launchpad.View on them.
> 
> - >>> login('foo.bar@canonical.com')
> - >>> mark.archive.disable()
> + >>> login('admin@canonical.com')
> + >>> public_ppa.disable()
> 
> - >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
> - <a href="/~mark/+archive/ppa" class="sprite ppa-icon-inactive">PPA
> - for Mark Shuttleworth</a>
> + >>> print test_tales("ppa/fmt:link", ppa=public_ppa)
> + <a href="/~joe/+archive/ppa" class="sprite ppa-icon-inactive">PPA
> + for Joe Smith</a>
> 
> >>> login(ANONYMOUS)
> 
> - >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
> - PPA for Mark Shuttleworth
> + >>> print test_tales("ppa/fmt:link", ppa=public_ppa)
> + PPA for Joe Smith
> 
> Private PPAs links are not rendered for users without launchpad.View on
> them.
> 
> - >>> login('foo.bar@canonical.com')
> - >>> mark.archive.enable()
> - >>> mark.archive.buildd_secret = 'x'
> - >>> mark.archive.private = True
> + >>> login('admin@canonical.com')
> + >>> private_ppa = factory.makeArchive(
> + ... name='ppa', private=True, owner=owner)
> 
> - >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
> - <a href="/~mark/+archive/ppa" class="sprite ppa-icon">PPA
> - for Mark Shuttleworth</a>
> + >>> print test_tales("ppa/fmt:link", ppa=private_ppa)
> + <a href="/~joe/+archive/ppa" class="sprite ppa-icon">PPA
> + for Joe Smith</a>
> 
> >>> login(ANONYMOUS)
> 
> - >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
> + >>> print test_tales("ppa/fmt:link", ppa=private_ppa)
> 
> Similarly, references to private PPAs are not rendered unless the user has
> a subscription to the PPA.
> 
> >>> login('foo.bar@canonical.com')
> - >>> print test_tales("ppa/fmt:reference", ppa=mark.archive)
> + >>> print test_tales("ppa/fmt:reference", ppa=private_ppa)
> 
> - >>> login('mark@example.com')
> + >>> login_person(owner)
> >>> foo = getUtility(IPersonSet).getByName('name16')
> - >>> ignore = mark.archive.newSubscription(foo, mark)
> + >>> ignore = private_ppa.newSubscription(foo, owner)
> >>> login('foo.bar@canonical.com')
> - >>> print test_tales("ppa/fmt:reference", ppa=mark.archive)
> - ppa:mark/ppa
> + >>> print test_tales("ppa/fmt:reference", ppa=private_ppa)
> + ppa:joe/ppa

Isn't foo.bar an LP admin? So this shows that admins can see private
ppas? You may need to create another (unprivileged) user here. Not using
 sample data is also nicer.

>  
>  We also have icons for builds which may have different dimensions.
>  
> 
> === modified file 'lib/lp/registry/browser/tests/person-views.txt'
[...]
> === modified file 'lib/lp/soyuz/browser/tests/archive-views.txt'
> --- lib/lp/soyuz/browser/tests/archive-views.txt	2010-02-11 13:26:21 +0000
> +++ lib/lp/soyuz/browser/tests/archive-views.txt	2010-02-22 13:52:24 +0000
> @@ -945,9 +945,7 @@
>      >>> login('foo.bar@canonical.com')
>      >>> a_team = factory.makeTeam(mark, name="pirulito-team")
>      >>> team_ppa = factory.makeArchive(
> -    ...     distribution=ubuntu, name='ppa', owner=a_team)
> -    >>> team_ppa.buildd_secret = 'boing'
> -    >>> team_ppa.private = True
> +    ...     distribution=ubuntu, name='ppa', owner=a_team, private=True)
>      >>> transaction.commit()
>      >>> login('celso.providelo@canonical.com')
>  
> @@ -987,38 +985,34 @@
>      ...     print error
>      Public PPAs cannot depend on private ones.
>  
> -Finally, we make Celso's PPA private. That's enough for allowing Celso
> -to set PPA for Pirulito Team as dependency of his PPA.
> +Finally, we try with a private PPA of Celso's. That's enough for
> +allowing Celso to set PPA for Pirulito Team as dependency of his PPA.
>  
>      >>> login('foo.bar@canonical.com')
> -    >>> cprov.archive.buildd_secret = 'boing'
> -    >>> cprov.archive.private = True
> +    >>> cprov_private_ppa = factory.makeArchive(
> +    ...     owner=cprov, private=True, name='p3a')
>      >>> login('celso.providelo@canonical.com')
>  
>      >>> view = create_initialized_view(
> -    ...     cprov.archive, name="+edit-dependencies",
> +    ...     cprov_private_ppa, name="+edit-dependencies",
>      ...     form=add_private_form)
>  
>      >>> len(view.errors)
>      0
>  
>      >>> view = create_initialized_view(
> -    ...     cprov.archive, name="+edit-dependencies")
> +    ...     cprov_private_ppa, name="+edit-dependencies")
>  
>      >>> dependencies = view.widgets.get('selected_dependencies').vocabulary
>      >>> for dependency in dependencies:
>      ...     print dependency.value.displayname
>      PPA for Pirulito Team
>  
> -Remove Celso's membership on the new team and made his PPA public
> -again to not affect subsequent tests.
> +Remove Celso's membership on the new team and disable subsequent tests
> +unaffected.

Should that be "disable subsequent unaffected tests"? Or what is missing
in this sentence?

>  
>      >>> cprov.leave(a_team)
> -
> -    >>> login('foo.bar@canonical.com')
> -    >>> cprov.archive.private = False
> -    >>> cprov.archive.buildd_secret = ''
> -    >>> login('celso.providelo@canonical.com')
> +    >>> cprov_private_ppa.disable()
>  
>  
>  == ArchivePackageCopyingView ==
> @@ -1304,12 +1298,10 @@
>  it happens via 'delayed-copies' not the usual direct copying method.
>  See more information in scripts/packagecopier.py
>  
> -First we will make Celso's PPA private.
> +First we will enable Celso's private PPA.
>  
>      >>> login('foo.bar@canonical.com')
> -
> -    >>> cprov.archive.buildd_secret = 'boing'
> -    >>> cprov.archive.private = True
> +    >>> cprov_private_ppa.enable()
>  
>  Then we will create a testing publication, that will be restricted.
>  
> @@ -1320,7 +1312,7 @@
>      >>> test_publisher.addFakeChroots(hoary)
>      >>> unused = test_publisher.setUpDefaultDistroSeries(hoary)
>      >>> private_source = test_publisher.createSource(
> -    ...     cprov.archive, 'foocomm', '1.0-1', new_version='2.0-1')
> +    ...     cprov_private_ppa, 'foocomm', '1.0-1', new_version='2.0-1')
>      >>> transaction.commit()
>  
>  Now, as Celso we will try to copy the just created 'private' source to
> @@ -1334,7 +1326,7 @@
>  
>      >>> login('celso.providelo@canonical.com')
>      >>> view = create_initialized_view(
> -    ...     cprov.archive, name="+copy-packages",
> +    ...     cprov_private_ppa, name="+copy-packages",
>      ...     form={
>      ...         'field.selected_sources': [str(private_source.id)],
>      ...         'field.destination_archive': 'ubuntu-team/ppa',
> 
> === modified file 'lib/lp/soyuz/browser/tests/archivesubscription-views.txt'
> --- lib/lp/soyuz/browser/tests/archivesubscription-views.txt	2009-09-14 08:08:51 +0000
> +++ lib/lp/soyuz/browser/tests/archivesubscription-views.txt	2010-02-22 13:52:24 +0000
> @@ -22,18 +22,18 @@
>      >>> login('foo.bar@canonical.com')
>      >>> from lp.registry.interfaces.person import IPersonSet
>      >>> cprov = getUtility(IPersonSet).getByName("cprov")
> -    >>> cprov.archive.buildd_secret = 'boing'
> -    >>> cprov.archive.private = True
> +    >>> cprov_private_ppa = factory.makeArchive(
> +    ...     owner=cprov, private=True)
>      >>> mark = getUtility(IPersonSet).getByName("mark")
> -    >>> mark.archive.buildd_secret = 'boing'
> -    >>> mark.archive.private = True
> +    >>> mark_private_ppa = factory.makeArchive(
> +    ...     owner=mark, private=True)
>      >>> transaction.commit()
>      >>> logout()
>  
>  The view includes a label property.
>  
>      >>> login('celso.providelo@canonical.com')
> -    >>> view = create_initialized_view(cprov.archive, name="+subscriptions")
> +    >>> view = create_initialized_view(cprov_private_ppa, name="+subscriptions")

Long line. ;)

[...]
> === modified file 'lib/lp/soyuz/browser/tests/builder-views.txt'
[...]
> === modified file 'lib/lp/soyuz/doc/archive-dependencies.txt'
> --- lib/lp/soyuz/doc/archive-dependencies.txt	2010-02-18 12:56:14 +0000
> +++ lib/lp/soyuz/doc/archive-dependencies.txt	2010-02-22 13:52:24 +0000
> @@ -225,11 +225,11 @@
>  
>      >>> print_building_sources_list(a_build)
>      deb http://ftpmaster.internal/ubuntu hoary
> -    	main restricted universe multiverse
> +        main restricted universe multiverse
>      deb http://ftpmaster.internal/ubuntu hoary-security
> -    	main restricted universe multiverse
> +        main restricted universe multiverse
>      deb http://ftpmaster.internal/ubuntu hoary-updates
> -    	main restricted universe multiverse
> +        main restricted universe multiverse
>  
>  Once we publish a test binary in Celso's PPA hoary/i386,
>  this archive becomes relevant for building, and thus listed in the
> @@ -242,11 +242,11 @@
>      >>> print_building_sources_list(a_build)
>      deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
>      deb http://ftpmaster.internal/ubuntu hoary
> -    	main restricted universe multiverse
> +        main restricted universe multiverse
>      deb http://ftpmaster.internal/ubuntu hoary-security
> -    	main restricted universe multiverse
> +        main restricted universe multiverse
>      deb http://ftpmaster.internal/ubuntu hoary-updates
> -    	main restricted universe multiverse
> +        main restricted universe multiverse
>  
>  Similarly, populated PPA dependencies are listed in the building
>  'sources_list'.
> @@ -264,32 +264,42 @@
>      deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
>      deb http://ppa.launchpad.dev/mark/ppa/ubuntu hoary main
>      deb http://ftpmaster.internal/ubuntu hoary
> -    	main restricted universe multiverse
> +        main restricted universe multiverse
>      deb http://ftpmaster.internal/ubuntu hoary-security
>          main restricted universe multiverse
>      deb http://ftpmaster.internal/ubuntu hoary-updates
> -    	main restricted universe multiverse
> +        main restricted universe multiverse
>  
>  The authentication information gets added for private PPA
>  dependencies.
>  
> -    >>> mark.archive.buildd_secret = "not-so-secret"
> -    >>> mark.archive.private = True
> -
> -    >>> print_building_sources_list(a_build)
> -    deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
> -    deb http://buildd:not-so-secret@private-ppa.launchpad.dev/mark/ppa/ubuntu
> -    	hoary main
> -    deb http://ftpmaster.internal/ubuntu hoary
> -    	main restricted universe multiverse
> -    deb http://ftpmaster.internal/ubuntu hoary-security
> -        main restricted universe multiverse
> -    deb http://ftpmaster.internal/ubuntu hoary-updates
> -    	main restricted universe multiverse
> -
> -Good enough, let's delete the archive dependency on Mark's PPA.
> -
> +    >>> private_ppa = factory.makeArchive(
> +    ...     owner=mark, name='p3a', private=True, distribution=ubuntu)
> +    >>> pub_binaries = test_publisher.getPubBinaries(
> +    ...     binaryname='dep-bin', archive=private_ppa,
> +    ...     status=PackagePublishingStatus.PUBLISHED)
> +
> +    # Remove the dependency on mark's archive and add one for the
> +    # private PPA.

Again, I find comments in doctests strange.

>      >>> cprov.archive.removeArchiveDependency(mark.archive)
> +    >>> archive_dependency = cprov.archive.addArchiveDependency(
> +    ...     private_ppa, PackagePublishingPocket.RELEASE,
> +    ...     getUtility(IComponentSet)['main'])
> +
> +    >>> print_building_sources_list(a_build)
> +    deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
> +    deb http://buildd:sekrit@private-ppa.launchpad.dev/mark/p3a/ubuntu
> +        hoary main
> +    deb http://ftpmaster.internal/ubuntu hoary
> +        main restricted universe multiverse
> +    deb http://ftpmaster.internal/ubuntu hoary-security
> +        main restricted universe multiverse
> +    deb http://ftpmaster.internal/ubuntu hoary-updates
> +        main restricted universe multiverse
> +
> +Remove the private PPA dependency before continuing.

See, this isn't a comment, either.

> +
> +    >>> cprov.archive.removeArchiveDependency(private_ppa)
>  
>  
>  == Overriding default primary archive dependencies ==
> 
> === modified file 'lib/lp/soyuz/doc/buildd-slavescanner.txt'
> --- lib/lp/soyuz/doc/buildd-slavescanner.txt	2010-01-29 17:15:31 +0000
> +++ lib/lp/soyuz/doc/buildd-slavescanner.txt	2010-02-22 13:52:24 +0000
> @@ -881,16 +881,19 @@
>  published.  We need to tweak the status of the publishing record again
>  to demonstrate this, and also make the archive private:
>  
> -    >>> build = getUtility(IBuildSet).getByQueueEntry(new_candidate)
> -    >>> source = build.sourcepackagerelease
> -    >>> secure_pub = removeSecurityProxy(
> -    ...     build).current_source_publication.secure_record
> +XXX Michael Nelson 2010-02-19 bug=394276 Please let's put some time
> +aside to convert these to unit-tests.
> +
> +    >>> naked_build = removeSecurityProxy(
> +    ...     getUtility(IBuildSet).getByQueueEntry(new_candidate))
> +    >>> original_archive = naked_build.archive
> +    >>> secure_pub = naked_build.current_source_publication.secure_record
>      >>> commit()
>      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
> +    >>> private_ppa = factory.makeArchive(private=True)
> +    >>> naked_build.archive = private_ppa
> +    >>> secure_pub.archive = private_ppa
>      >>> secure_pub.status = PackagePublishingStatus.PENDING
> -    >>> test_archive = secure_pub.archive
> -    >>> test_archive.private = True
> -    >>> test_archive.buildd_secret = "secret"
>      >>> commit()
>      >>> LaunchpadZopelessLayer.switchDbUser(config.builddmaster.dbuser)
>  
> @@ -924,11 +927,9 @@
>  making the build be superseded and no candidate is returned.
>  
>      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
> -    >>> secure_pub = removeSecurityProxy(
> -    ...     build).current_source_publication.secure_record
> +    >>> secure_pub = naked_build.current_source_publication.secure_record
>      >>> secure_pub.status = PackagePublishingStatus.DELETED
> -    >>> secure_pub = removeSecurityProxy(
> -    ...     build).current_source_publication.secure_record
> +    >>> secure_pub = naked_build.current_source_publication.secure_record
>      >>> secure_pub.status = PackagePublishingStatus.SUPERSEDED
>      >>> commit()
>      >>> LaunchpadZopelessLayer.switchDbUser(config.builddmaster.dbuser)
> @@ -949,7 +950,8 @@
>  
>      >>> commit()
>      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
> -    >>> test_archive.private = False
> +    >>> naked_build.archive = original_archive
> +    >>> secure_pub.archive = original_archive
>      >>> commit()
>      >>> LaunchpadZopelessLayer.switchDbUser(config.builddmaster.dbuser)
>  
> @@ -1162,19 +1164,23 @@
>  If the build is for a private PPA, the slave scanner will pass a
>  sources.list entry that contains a password to access the archive.
>  
> -Making Celso's PPA private and set the buildd_secret (which is the
> -password for the archive):
> -
>      >>> from canonical.testing import LaunchpadZopelessLayer
>      >>> commit()
>      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
>      >>> login('foo.bar@canonical.com')
> -    >>> cprov_archive.private = True
> -    >>> cprov_archive.buildd_secret = "secret"
> -    >>> cprov_archive.require_virtualized = False
>      >>> build = getUtility(IBuildSet).getByQueueEntry(candidate)
>      >>> for build_file in build.sourcepackagerelease.files:
>      ...     removeSecurityProxy(build_file).libraryfile.restricted = True
> +    >>> private_ppa = factory.makeArchive(
> +    ...     owner=cprov_archive.owner, name='pppa', private=True,
> +    ...     virtualized=False, distribution=ubuntu)
> +
> +    # We need to publish some binaries so that the dependencies will include
> +    # this ppa itself below in the sources list.

Again a comment. "With published binaries, the dependencies will ..."

> +    >>> binaries = test_publisher.getPubBinaries(
> +    ...     distroseries=ubuntu['hoary'], archive=private_ppa,
> +    ...     status=PackagePublishingStatus.PUBLISHED)
> +    >>> removeSecurityProxy(build).archive = private_ppa
>      >>> commit()
>      >>> LaunchpadZopelessLayer.switchDbUser(test_dbuser)
>      >>> login(ANONYMOUS)
> @@ -1204,11 +1210,11 @@
>      >>> removeSecurityProxy(a_builder)._dispatchBuildCandidate(candidate)
>      ensurepresent called, url=...
>      ensurepresent called,
> -        url=http://private-ppa.launchpad.dev/cprov/ppa/ubuntu/pool/main/m/mozilla-firefox/firefox_0.9.2.orig.tar.gz
> -    URL authorisation with buildd/secret
> +        url=http://private-ppa.launchpad.dev/cprov/pppa/ubuntu/pool/main/m/mozilla-firefox/firefox_0.9.2.orig.tar.gz

Could you throw a ... in there somewhere, like in the host name, to make
this line shorter?

> +    URL authorisation with buildd/sekrit
>      OkSlave BUILDING
>      Archives:
> -     deb http://buildd:secret@private-ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
> +     deb http://buildd:sekrit@private-ppa.launchpad.dev/cprov/pppa/ubuntu hoary main

This one can easily be broken to  make it shorter. Or add ... or di
both.  ;)
     deb http://buildd:sekrit@private-ppa..../cprov/pppa/ubuntu
        hoary main
>       deb http://ftpmaster.internal/ubuntu hoary
>           main restricted universe multiverse
>       deb http://ftpmaster.internal/ubuntu hoary-security
> @@ -1295,7 +1301,9 @@
>      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
>      >>> login('foo.bar@canonical.com')
>  
> -    >>> cprov_archive.private = False
> +    # Switch the build's archive back to Celso's PPA and set it back
> +    # to virtualized.

And again a comment.

> +    >>> removeSecurityProxy(build).archive = cprov_archive
>      >>> cprov_archive.require_virtualized = True
>      >>> for build_file in a_build.sourcepackagerelease.files:
>      ...     removeSecurityProxy(build_file).libraryfile.restricted = False
> 
> === modified file 'lib/lp/testing/factory.py'
[...]
Thanks for adding to the factory. ;)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkuDpu4ACgkQBT3oW1L17ihQKACgzWzshj/h15IYfZsGo0nIaGaG
T2QAoMBS0eR88QV73CwX2GelfcmTW825
=/4Tz
-----END PGP SIGNATURE-----

review: Approve (code)

Revision history for this message

Michael Nelson (michael.nelson) wrote on 2010-02-23:

Download full text (19.8 KiB)

On Tue, Feb 23, 2010 at 11:00 AM, Henning Eggers
<email address hidden> wrote:
> Review: Approve code
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Michael!
>
> Sorry for the delay. This branch looks mostly good but I have a few
> stylistic issues about comments in doctests and a couple of long lines.
> The only real test issue is about 'foo.bar'. Please consider that and if
> I am wrong, ignore my comment. ;-)

Thanks for all the thoughts below!

>
> You are good to land this when these issues have been attended to.
>
> review approve code
>
> Thank you for your good work! ;-)
>
> Cheers,
> Hennig
>
>
>> === modified file 'lib/canonical/launchpad/doc/publishing-security.txt'
>> --- lib/canonical/launchpad/doc/publishing-security.txt 2009-04-16 16:05:48 +0000
>> +++ lib/canonical/launchpad/doc/publishing-security.txt 2010-02-22 13:52:24 +0000
>> @@ -8,50 +8,49 @@
>> are no restrictions. For those attached to a private archive, only those able
>> to view the archive, or admins, can see the publication.
>>
>> -As an anonymous user get the first published source and binary out of cprov's
>> -public PPA:
>> + # Create two ppas, one public and one private and publish to both.
>
> A comment in a doc test is very uncommon AFAIK. Since all text in here
> are explanations, why not put this into the main text? "We have two
> ppas, a public one and a private one. Both are published." Or something
> like that.
>

True. I've tended to add python comments just to indicate that it is
not part of the narrative, but rather is setup code. But I'll stop now
:)

On Tue, Feb 23, 2010 at 11:00 AM, Henning Eggers
<henning.eggers@canonical.com> wrote:
> Review: Approve code
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Michael!
>
> Sorry for the delay. This branch looks mostly good but I have a few
> stylistic issues about comments in doctests and a couple of long lines.
> The only real test issue is about 'foo.bar'. Please consider that and if
> I am wrong, ignore my comment. ;-)

Thanks for all the thoughts below!

>
> You are good to land this when these issues have been attended to.
>
>  review approve code
>
> Thank you for your good work! ;-)
>
> Cheers,
> Hennig
>
>
>> === modified file 'lib/canonical/launchpad/doc/publishing-security.txt'
>> --- lib/canonical/launchpad/doc/publishing-security.txt       2009-04-16 16:05:48 +0000
>> +++ lib/canonical/launchpad/doc/publishing-security.txt       2010-02-22 13:52:24 +0000
>> @@ -8,50 +8,49 @@
>>  are no restrictions.  For those attached to a private archive, only those able
>>  to view the archive, or admins, can see the publication.
>>
>> -As an anonymous user get the first published source and binary out of cprov's
>> -public PPA:
>> +    # Create two ppas, one public and one private and publish to both.
>
> A comment in a doc test is very uncommon AFAIK. Since all text in here
> are explanations, why not put this into the main text? "We have two
> ppas, a public one and a private one. Both are published." Or something
> like that.
>

True. I've tended to add python comments just to indicate that it is
not part of the narrative, but rather is setup code. But I'll stop now
:)

>> === modified file 'lib/canonical/launchpad/doc/tales.txt'
>> --- lib/canonical/launchpad/doc/tales.txt     2010-02-16 16:31:24 +0000
>> +++ lib/canonical/launchpad/doc/tales.txt     2010-02-22 13:52:24 +0000
>> @@ -126,55 +126,59 @@
>>  for referring to them in other pages and a 'reference' formatter which
>>  displays the unique ppa reference.
>>
>> -    >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
>> -    <a href="/~mark/+archive/ppa"
>> -       class="sprite ppa-icon">PPA for Mark Shuttleworth</a>
>> -    >>> print test_tales("ppa/fmt:reference", ppa=mark.archive)
>> -    ppa:mark/ppa
>> +    >>> login('admin@canonical.com')
>> +    >>> owner = factory.makePerson(name="joe", displayname="Joe Smith")
>> +    >>> public_ppa = factory.makeArchive(
>> +    ...     name='ppa', private=False, owner=owner)
>> +    >>> login(ANONYMOUS)
>> +    >>> print test_tales("ppa/fmt:link", ppa=public_ppa)
>> +    <a href="/~joe/+archive/ppa"
>> +       class="sprite ppa-icon">PPA for Joe Smith</a>
>> +    >>> print test_tales("ppa/fmt:reference", ppa=public_ppa)
>> +    ppa:joe/ppa
>>
>>  Disabled PPAs links use a different icon and are only linkified for
>>  users with launchpad.View on them.
>>
>> -    >>> login('foo.bar@canonical.com')
>> -    >>> mark.archive.disable()
>> +    >>> login('admin@canonical.com')
>> +    >>> public_ppa.disable()
>>
>> -    >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
>> -    <a href="/~mark/+archive/ppa" class="sprite ppa-icon-inactive">PPA
>> -    for Mark Shuttleworth</a>
>> +    >>> print test_tales("ppa/fmt:link", ppa=public_ppa)
>> +    <a href="/~joe/+archive/ppa" class="sprite ppa-icon-inactive">PPA
>> +    for Joe Smith</a>
>>
>>      >>> login(ANONYMOUS)
>>
>> -    >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
>> -    PPA for Mark Shuttleworth
>> +    >>> print test_tales("ppa/fmt:link", ppa=public_ppa)
>> +    PPA for Joe Smith
>>
>>  Private PPAs links are not rendered for users without launchpad.View on
>>  them.
>>
>> -    >>> login('foo.bar@canonical.com')
>> -    >>> mark.archive.enable()
>> -    >>> mark.archive.buildd_secret = 'x'
>> -    >>> mark.archive.private = True
>> +    >>> login('admin@canonical.com')
>> +    >>> private_ppa = factory.makeArchive(
>> +    ...     name='ppa', private=True, owner=owner)
>>
>> -    >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
>> -    <a href="/~mark/+archive/ppa" class="sprite ppa-icon">PPA
>> -    for Mark Shuttleworth</a>
>> +    >>> print test_tales("ppa/fmt:link", ppa=private_ppa)
>> +    <a href="/~joe/+archive/ppa" class="sprite ppa-icon">PPA
>> +    for Joe Smith</a>
>>
>>      >>> login(ANONYMOUS)
>>
>> -    >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
>> +    >>> print test_tales("ppa/fmt:link", ppa=private_ppa)
>>
>>  Similarly, references to private PPAs are not rendered unless the user has
>>  a subscription to the PPA.
>>
>>      >>> login('foo.bar@canonical.com')
>> -    >>> print test_tales("ppa/fmt:reference", ppa=mark.archive)
>> +    >>> print test_tales("ppa/fmt:reference", ppa=private_ppa)
>>
>> -    >>> login('mark@example.com')
>> +    >>> login_person(owner)
>>      >>> foo = getUtility(IPersonSet).getByName('name16')
>> -    >>> ignore = mark.archive.newSubscription(foo, mark)
>> +    >>> ignore = private_ppa.newSubscription(foo, owner)
>>      >>> login('foo.bar@canonical.com')
>> -    >>> print test_tales("ppa/fmt:reference", ppa=mark.archive)
>> -    ppa:mark/ppa
>> +    >>> print test_tales("ppa/fmt:reference", ppa=private_ppa)
>> +    ppa:joe/ppa
>
> Isn't foo.bar an LP admin? So this shows that admins can see private
> ppas? You may need to create another (unprivileged) user here. Not using
>  sample data is also nicer.

Done.

>
>>
>>  We also have icons for builds which may have different dimensions.
>>
>>
>> === modified file 'lib/lp/registry/browser/tests/person-views.txt'
> [...]
>> === modified file 'lib/lp/soyuz/browser/tests/archive-views.txt'
>> --- lib/lp/soyuz/browser/tests/archive-views.txt      2010-02-11 13:26:21 +0000
>> +++ lib/lp/soyuz/browser/tests/archive-views.txt      2010-02-22 13:52:24 +0000
>> @@ -945,9 +945,7 @@
>>      >>> login('foo.bar@canonical.com')
>>      >>> a_team = factory.makeTeam(mark, name="pirulito-team")
>>      >>> team_ppa = factory.makeArchive(
>> -    ...     distribution=ubuntu, name='ppa', owner=a_team)
>> -    >>> team_ppa.buildd_secret = 'boing'
>> -    >>> team_ppa.private = True
>> +    ...     distribution=ubuntu, name='ppa', owner=a_team, private=True)
>>      >>> transaction.commit()
>>      >>> login('celso.providelo@canonical.com')
>>
>> @@ -987,38 +985,34 @@
>>      ...     print error
>>      Public PPAs cannot depend on private ones.
>>
>> -Finally, we make Celso's PPA private. That's enough for allowing Celso
>> -to set PPA for Pirulito Team as dependency of his PPA.
>> +Finally, we try with a private PPA of Celso's. That's enough for
>> +allowing Celso to set PPA for Pirulito Team as dependency of his PPA.
>>
>>      >>> login('foo.bar@canonical.com')
>> -    >>> cprov.archive.buildd_secret = 'boing'
>> -    >>> cprov.archive.private = True
>> +    >>> cprov_private_ppa = factory.makeArchive(
>> +    ...     owner=cprov, private=True, name='p3a')
>>      >>> login('celso.providelo@canonical.com')
>>
>>      >>> view = create_initialized_view(
>> -    ...     cprov.archive, name="+edit-dependencies",
>> +    ...     cprov_private_ppa, name="+edit-dependencies",
>>      ...     form=add_private_form)
>>
>>      >>> len(view.errors)
>>      0
>>
>>      >>> view = create_initialized_view(
>> -    ...     cprov.archive, name="+edit-dependencies")
>> +    ...     cprov_private_ppa, name="+edit-dependencies")
>>
>>      >>> dependencies = view.widgets.get('selected_dependencies').vocabulary
>>      >>> for dependency in dependencies:
>>      ...     print dependency.value.displayname
>>      PPA for Pirulito Team
>>
>> -Remove Celso's membership on the new team and made his PPA public
>> -again to not affect subsequent tests.
>> +Remove Celso's membership on the new team and disable subsequent tests
>> +unaffected.
>
> Should that be "disable subsequent unaffected tests"? Or what is missing
> in this sentence?

Yes, updated to "and disable his private PPA so we don't affect the
following tests."

>> === modified file 'lib/lp/soyuz/browser/tests/archivesubscription-views.txt'
>> --- lib/lp/soyuz/browser/tests/archivesubscription-views.txt  2009-09-14 08:08:51 +0000
>> +++ lib/lp/soyuz/browser/tests/archivesubscription-views.txt  2010-02-22 13:52:24 +0000
>> @@ -22,18 +22,18 @@
>>      >>> login('foo.bar@canonical.com')
>>      >>> from lp.registry.interfaces.person import IPersonSet
>>      >>> cprov = getUtility(IPersonSet).getByName("cprov")
>> -    >>> cprov.archive.buildd_secret = 'boing'
>> -    >>> cprov.archive.private = True
>> +    >>> cprov_private_ppa = factory.makeArchive(
>> +    ...     owner=cprov, private=True)
>>      >>> mark = getUtility(IPersonSet).getByName("mark")
>> -    >>> mark.archive.buildd_secret = 'boing'
>> -    >>> mark.archive.private = True
>> +    >>> mark_private_ppa = factory.makeArchive(
>> +    ...     owner=mark, private=True)
>>      >>> transaction.commit()
>>      >>> logout()
>>
>>  The view includes a label property.
>>
>>      >>> login('celso.providelo@canonical.com')
>> -    >>> view = create_initialized_view(cprov.archive, name="+subscriptions")
>> +    >>> view = create_initialized_view(cprov_private_ppa, name="+subscriptions")
>
> Long line. ;)

Done.

>
> [...]
>> === modified file 'lib/lp/soyuz/browser/tests/builder-views.txt'
> [...]
>> === modified file 'lib/lp/soyuz/doc/archive-dependencies.txt'
>> --- lib/lp/soyuz/doc/archive-dependencies.txt 2010-02-18 12:56:14 +0000
>> +++ lib/lp/soyuz/doc/archive-dependencies.txt 2010-02-22 13:52:24 +0000
>> @@ -225,11 +225,11 @@
>>
>>      >>> print_building_sources_list(a_build)
>>      deb http://ftpmaster.internal/ubuntu hoary
>> -     main restricted universe multiverse
>> +        main restricted universe multiverse
>>      deb http://ftpmaster.internal/ubuntu hoary-security
>> -     main restricted universe multiverse
>> +        main restricted universe multiverse
>>      deb http://ftpmaster.internal/ubuntu hoary-updates
>> -     main restricted universe multiverse
>> +        main restricted universe multiverse
>>
>>  Once we publish a test binary in Celso's PPA hoary/i386,
>>  this archive becomes relevant for building, and thus listed in the
>> @@ -242,11 +242,11 @@
>>      >>> print_building_sources_list(a_build)
>>      deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
>>      deb http://ftpmaster.internal/ubuntu hoary
>> -     main restricted universe multiverse
>> +        main restricted universe multiverse
>>      deb http://ftpmaster.internal/ubuntu hoary-security
>> -     main restricted universe multiverse
>> +        main restricted universe multiverse
>>      deb http://ftpmaster.internal/ubuntu hoary-updates
>> -     main restricted universe multiverse
>> +        main restricted universe multiverse
>>
>>  Similarly, populated PPA dependencies are listed in the building
>>  'sources_list'.
>> @@ -264,32 +264,42 @@
>>      deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
>>      deb http://ppa.launchpad.dev/mark/ppa/ubuntu hoary main
>>      deb http://ftpmaster.internal/ubuntu hoary
>> -     main restricted universe multiverse
>> +        main restricted universe multiverse
>>      deb http://ftpmaster.internal/ubuntu hoary-security
>>          main restricted universe multiverse
>>      deb http://ftpmaster.internal/ubuntu hoary-updates
>> -     main restricted universe multiverse
>> +        main restricted universe multiverse
>>
>>  The authentication information gets added for private PPA
>>  dependencies.
>>
>> -    >>> mark.archive.buildd_secret = "not-so-secret"
>> -    >>> mark.archive.private = True
>> -
>> -    >>> print_building_sources_list(a_build)
>> -    deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
>> -    deb http://buildd:not-so-secret@private-ppa.launchpad.dev/mark/ppa/ubuntu
>> -     hoary main
>> -    deb http://ftpmaster.internal/ubuntu hoary
>> -     main restricted universe multiverse
>> -    deb http://ftpmaster.internal/ubuntu hoary-security
>> -        main restricted universe multiverse
>> -    deb http://ftpmaster.internal/ubuntu hoary-updates
>> -     main restricted universe multiverse
>> -
>> -Good enough, let's delete the archive dependency on Mark's PPA.
>> -
>> +    >>> private_ppa = factory.makeArchive(
>> +    ...     owner=mark, name='p3a', private=True, distribution=ubuntu)
>> +    >>> pub_binaries = test_publisher.getPubBinaries(
>> +    ...     binaryname='dep-bin', archive=private_ppa,
>> +    ...     status=PackagePublishingStatus.PUBLISHED)
>> +
>> +    # Remove the dependency on mark's archive and add one for the
>> +    # private PPA.
>
> Again, I find comments in doctests strange.
>

Fixed.

>>      >>> cprov.archive.removeArchiveDependency(mark.archive)
>> +    >>> archive_dependency = cprov.archive.addArchiveDependency(
>> +    ...     private_ppa, PackagePublishingPocket.RELEASE,
>> +    ...     getUtility(IComponentSet)['main'])
>> +
>> +    >>> print_building_sources_list(a_build)
>> +    deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
>> +    deb http://buildd:sekrit@private-ppa.launchpad.dev/mark/p3a/ubuntu
>> +        hoary main
>> +    deb http://ftpmaster.internal/ubuntu hoary
>> +        main restricted universe multiverse
>> +    deb http://ftpmaster.internal/ubuntu hoary-security
>> +        main restricted universe multiverse
>> +    deb http://ftpmaster.internal/ubuntu hoary-updates
>> +        main restricted universe multiverse
>> +
>> +Remove the private PPA dependency before continuing.
>
> See, this isn't a comment, either.
>
>> +
>> +    >>> cprov.archive.removeArchiveDependency(private_ppa)
>>
>>
>>  == Overriding default primary archive dependencies ==
>>
>> === modified file 'lib/lp/soyuz/doc/buildd-slavescanner.txt'
>> --- lib/lp/soyuz/doc/buildd-slavescanner.txt  2010-01-29 17:15:31 +0000
>> +++ lib/lp/soyuz/doc/buildd-slavescanner.txt  2010-02-22 13:52:24 +0000
>> @@ -881,16 +881,19 @@
>>  published.  We need to tweak the status of the publishing record again
>>  to demonstrate this, and also make the archive private:
>>
>> -    >>> build = getUtility(IBuildSet).getByQueueEntry(new_candidate)
>> -    >>> source = build.sourcepackagerelease
>> -    >>> secure_pub = removeSecurityProxy(
>> -    ...     build).current_source_publication.secure_record
>> +XXX Michael Nelson 2010-02-19 bug=394276 Please let's put some time
>> +aside to convert these to unit-tests.
>> +
>> +    >>> naked_build = removeSecurityProxy(
>> +    ...     getUtility(IBuildSet).getByQueueEntry(new_candidate))
>> +    >>> original_archive = naked_build.archive
>> +    >>> secure_pub = naked_build.current_source_publication.secure_record
>>      >>> commit()
>>      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
>> +    >>> private_ppa = factory.makeArchive(private=True)
>> +    >>> naked_build.archive = private_ppa
>> +    >>> secure_pub.archive = private_ppa
>>      >>> secure_pub.status = PackagePublishingStatus.PENDING
>> -    >>> test_archive = secure_pub.archive
>> -    >>> test_archive.private = True
>> -    >>> test_archive.buildd_secret = "secret"
>>      >>> commit()
>>      >>> LaunchpadZopelessLayer.switchDbUser(config.builddmaster.dbuser)
>>
>> @@ -924,11 +927,9 @@
>>  making the build be superseded and no candidate is returned.
>>
>>      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
>> -    >>> secure_pub = removeSecurityProxy(
>> -    ...     build).current_source_publication.secure_record
>> +    >>> secure_pub = naked_build.current_source_publication.secure_record
>>      >>> secure_pub.status = PackagePublishingStatus.DELETED
>> -    >>> secure_pub = removeSecurityProxy(
>> -    ...     build).current_source_publication.secure_record
>> +    >>> secure_pub = naked_build.current_source_publication.secure_record
>>      >>> secure_pub.status = PackagePublishingStatus.SUPERSEDED
>>      >>> commit()
>>      >>> LaunchpadZopelessLayer.switchDbUser(config.builddmaster.dbuser)
>> @@ -949,7 +950,8 @@
>>
>>      >>> commit()
>>      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
>> -    >>> test_archive.private = False
>> +    >>> naked_build.archive = original_archive
>> +    >>> secure_pub.archive = original_archive
>>      >>> commit()
>>      >>> LaunchpadZopelessLayer.switchDbUser(config.builddmaster.dbuser)
>>
>> @@ -1162,19 +1164,23 @@
>>  If the build is for a private PPA, the slave scanner will pass a
>>  sources.list entry that contains a password to access the archive.
>>
>> -Making Celso's PPA private and set the buildd_secret (which is the
>> -password for the archive):
>> -
>>      >>> from canonical.testing import LaunchpadZopelessLayer
>>      >>> commit()
>>      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
>>      >>> login('foo.bar@canonical.com')
>> -    >>> cprov_archive.private = True
>> -    >>> cprov_archive.buildd_secret = "secret"
>> -    >>> cprov_archive.require_virtualized = False
>>      >>> build = getUtility(IBuildSet).getByQueueEntry(candidate)
>>      >>> for build_file in build.sourcepackagerelease.files:
>>      ...     removeSecurityProxy(build_file).libraryfile.restricted = True
>> +    >>> private_ppa = factory.makeArchive(
>> +    ...     owner=cprov_archive.owner, name='pppa', private=True,
>> +    ...     virtualized=False, distribution=ubuntu)
>> +
>> +    # We need to publish some binaries so that the dependencies will include
>> +    # this ppa itself below in the sources list.
>
> Again a comment. "With published binaries, the dependencies will ..."

Done.

>
>> +    >>> binaries = test_publisher.getPubBinaries(
>> +    ...     distroseries=ubuntu['hoary'], archive=private_ppa,
>> +    ...     status=PackagePublishingStatus.PUBLISHED)
>> +    >>> removeSecurityProxy(build).archive = private_ppa
>>      >>> commit()
>>      >>> LaunchpadZopelessLayer.switchDbUser(test_dbuser)
>>      >>> login(ANONYMOUS)
>> @@ -1204,11 +1210,11 @@
>>      >>> removeSecurityProxy(a_builder)._dispatchBuildCandidate(candidate)
>>      ensurepresent called, url=...
>>      ensurepresent called,
>> -        url=http://private-ppa.launchpad.dev/cprov/ppa/ubuntu/pool/main/m/mozilla-firefox/firefox_0.9.2.orig.tar.gz
>> -    URL authorisation with buildd/secret
>> +        url=http://private-ppa.launchpad.dev/cprov/pppa/ubuntu/pool/main/m/mozilla-firefox/firefox_0.9.2.orig.tar.gz
>
> Could you throw a ... in there somewhere, like in the host name, to make
> this line shorter?

Done.

>
>> +    URL authorisation with buildd/sekrit
>>      OkSlave BUILDING
>>      Archives:
>> -     deb http://buildd:secret@private-ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
>> +     deb http://buildd:sekrit@private-ppa.launchpad.dev/cprov/pppa/ubuntu hoary main
>
> This one can easily be broken to  make it shorter. Or add ... or di
> both.  ;)

Done.

>     deb http://buildd:sekrit@private-ppa..../cprov/pppa/ubuntu
>        hoary main
>>       deb http://ftpmaster.internal/ubuntu hoary
>>           main restricted universe multiverse
>>       deb http://ftpmaster.internal/ubuntu hoary-security
>> @@ -1295,7 +1301,9 @@
>>      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
>>      >>> login('foo.bar@canonical.com')
>>
>> -    >>> cprov_archive.private = False
>> +    # Switch the build's archive back to Celso's PPA and set it back
>> +    # to virtualized.
>
> And again a comment.

Done. Diff attached. Thanks!

>
>> +    >>> removeSecurityProxy(build).archive = cprov_archive
>>      >>> cprov_archive.require_virtualized = True
>>      >>> for build_file in a_build.sourcepackagerelease.files:
>>      ...     removeSecurityProxy(build_file).libraryfile.restricted = False
>>
>> === modified file 'lib/lp/testing/factory.py'
> [...]
> Thanks for adding to the factory. ;)
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkuDpu4ACgkQBT3oW1L17ihQKACgzWzshj/h15IYfZsGo0nIaGaG
> T2QAoMBS0eR88QV73CwX2GelfcmTW825
> =/4Tz
> -----END PGP SIGNATURE-----
> --
> https://code.launchpad.net/~michael.nelson/launchpad/ppa-privatisation-test-refactor3/+merge/19864
> You are the owner of lp:~michael.nelson/launchpad/ppa-privatisation-test-refactor3.
>

henninge.diff

Revision history for this message

Henning Eggers (henninge) wrote on 2010-02-23:

Thank you for the fixes! ;)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Barki Mustapha

Celso Providelo

Christian Reis

Christy Awad

Colin Watson

Harpianto,ANDI

James Troup

John A Meinel

Kevin bush

Launchpad code reviewers

Launchpad code reviewers from Canonical

Matthew Tanner

Maximiliano Bertacchini

Michael Nelson

Oguz Ersoz

Simon Brakhane

Ubuntu-BR DevOps

William Grant

alhawiti

api.ng

pedro cavazos

todaioan

wenjingwen

to status/vote changes:

Tzaddi

Tzaddi Belding

Launchpad itself

Merge lp:~michael.nelson/launchpad/ppa-privatisation-test-refactor3 into lp:launchpad

Commit message

Description of the change

Preview Diff

Subscribers

1	=== modified file 'lib/canonical/launchpad/doc/publishing-security.txt'
2	--- lib/canonical/launchpad/doc/publishing-security.txt 2010-02-22 09:38:40 +0000
3	+++ lib/canonical/launchpad/doc/publishing-security.txt 2010-02-23 15:07:20 +0000
4	@@ -8,7 +8,9 @@
5	are no restrictions. For those attached to a private archive, only those able
6	to view the archive, or admins, can see the publication.
7
8	- # Create two ppas, one public and one private and publish to both.
9	+We create two PPAs, one public and one private. Both PPAs are populated
10	+with some source and binary publishings.
11	+
12	>>> login('admin@canonical.com')
13	>>> public_ppa = factory.makeArchive(private=False)
14	>>> private_ppa = factory.makeArchive(private=True)
15
16	=== modified file 'lib/canonical/launchpad/doc/tales.txt'
17	--- lib/canonical/launchpad/doc/tales.txt 2010-02-22 10:30:09 +0000
18	+++ lib/canonical/launchpad/doc/tales.txt 2010-02-23 12:43:46 +0000
19	@@ -170,18 +170,19 @@
20	Similarly, references to private PPAs are not rendered unless the user has
21	a subscription to the PPA.
22
23	- >>> login('foo.bar@canonical.com')
24	+ >>> ppa_user = factory.makePerson(name="jake", displayname="Jake Smith")
25	+ >>> login_person(ppa_user)
26	>>> print test_tales("ppa/fmt:reference", ppa=private_ppa)
27
28	>>> login_person(owner)
29	- >>> foo = getUtility(IPersonSet).getByName('name16')
30	- >>> ignore = private_ppa.newSubscription(foo, owner)
31	- >>> login('foo.bar@canonical.com')
32	+ >>> ignore = private_ppa.newSubscription(ppa_user, owner)
33	+ >>> login_person(ppa_user)
34	>>> print test_tales("ppa/fmt:reference", ppa=private_ppa)
35	ppa:joe/ppa
36
37	We also have icons for builds which may have different dimensions.
38
39	+ >>> login('admin@canonical.com')
40	>>> from lp.soyuz.tests.test_publishing import SoyuzTestPublisher
41	>>> stp = SoyuzTestPublisher()
42	>>> stp.prepareBreezyAutotest()
43
44	=== modified file 'lib/lp/soyuz/browser/tests/archive-views.txt'
45	--- lib/lp/soyuz/browser/tests/archive-views.txt 2010-02-22 11:11:52 +0000
46	+++ lib/lp/soyuz/browser/tests/archive-views.txt 2010-02-23 14:47:03 +0000
47	@@ -1008,8 +1008,8 @@
48	... print dependency.value.displayname
49	PPA for Pirulito Team
50
51	-Remove Celso's membership on the new team and disable subsequent tests
52	-unaffected.
53	+Remove Celso's membership on the new team and disable his PPA so we don't
54	+affect the following tests.
55
56	>>> cprov.leave(a_team)
57	>>> cprov_private_ppa.disable()
58
59	=== modified file 'lib/lp/soyuz/browser/tests/archivesubscription-views.txt'
60	--- lib/lp/soyuz/browser/tests/archivesubscription-views.txt 2010-02-22 12:55:58 +0000
61	+++ lib/lp/soyuz/browser/tests/archivesubscription-views.txt 2010-02-23 14:49:47 +0000
62	@@ -33,7 +33,8 @@
63	The view includes a label property.
64
65	>>> login('celso.providelo@canonical.com')
66	- >>> view = create_initialized_view(cprov_private_ppa, name="+subscriptions")
67	+ >>> view = create_initialized_view(
68	+ ... cprov_private_ppa, name="+subscriptions")
69	>>> print view.label
70	Manage access to PPA for Celso Providelo
71
72
73	=== modified file 'lib/lp/soyuz/doc/archive-dependencies.txt'
74	--- lib/lp/soyuz/doc/archive-dependencies.txt 2010-02-22 13:46:34 +0000
75	+++ lib/lp/soyuz/doc/archive-dependencies.txt 2010-02-23 14:53:45 +0000
76	@@ -271,16 +271,15 @@
77	main restricted universe multiverse
78
79	The authentication information gets added for private PPA
80	-dependencies.
81	+dependencies. We'll create a private PPA and then update cprov's PPA,
82	+removing the dependency on Mark's public PPA and adding one for the
83	+new private PPA.
84
85	>>> private_ppa = factory.makeArchive(
86	... owner=mark, name='p3a', private=True, distribution=ubuntu)
87	>>> pub_binaries = test_publisher.getPubBinaries(
88	... binaryname='dep-bin', archive=private_ppa,
89	... status=PackagePublishingStatus.PUBLISHED)
90	-
91	- # Remove the dependency on mark's archive and add one for the
92	- # private PPA.
93	>>> cprov.archive.removeArchiveDependency(mark.archive)
94	>>> archive_dependency = cprov.archive.addArchiveDependency(
95	... private_ppa, PackagePublishingPocket.RELEASE,
96
97	=== modified file 'lib/lp/soyuz/doc/buildd-slavescanner.txt'
98	--- lib/lp/soyuz/doc/buildd-slavescanner.txt 2010-02-19 16:29:30 +0000
99	+++ lib/lp/soyuz/doc/buildd-slavescanner.txt 2010-02-23 15:09:43 +0000
100	@@ -1175,8 +1175,9 @@
101	... owner=cprov_archive.owner, name='pppa', private=True,
102	... virtualized=False, distribution=ubuntu)
103
104	- # We need to publish some binaries so that the dependencies will include
105	- # this ppa itself below in the sources list.
106	+It's necessary to publish some binaries into the private PPA, otherwise
107	+the PPA won't be included as a dependency in the sources list below.
108	+
109	>>> binaries = test_publisher.getPubBinaries(
110	... distroseries=ubuntu['hoary'], archive=private_ppa,
111	... status=PackagePublishingStatus.PUBLISHED)
112	@@ -1210,11 +1211,11 @@
113	>>> removeSecurityProxy(a_builder)._dispatchBuildCandidate(candidate)
114	ensurepresent called, url=...
115	ensurepresent called,
116	- url=http://private-ppa.launchpad.dev/cprov/pppa/ubuntu/pool/main/m/mozilla-firefox/firefox_0.9.2.orig.tar.gz
117	+ url=http://private-ppa.../cprov/pppa/.../firefox_0.9.2.orig.tar.gz
118	URL authorisation with buildd/sekrit
119	OkSlave BUILDING
120	Archives:
121	- deb http://buildd:sekrit@private-ppa.launchpad.dev/cprov/pppa/ubuntu hoary main
122	+ deb http://buildd:sekrit@private-ppa.../cprov/pppa/ubuntu hoary main
123	deb http://ftpmaster.internal/ubuntu hoary
124	main restricted universe multiverse
125	deb http://ftpmaster.internal/ubuntu hoary-security
126	@@ -1301,8 +1302,9 @@
127	>>> LaunchpadZopelessLayer.switchDbUser('launchpad')
128	>>> login('foo.bar@canonical.com')
129
130	- # Switch the build's archive back to Celso's PPA and set it back
131	- # to virtualized.
132	+We'll switch the build's archive back to Celso's PPA and set the PPA to
133	+virtualized before adding the dependency on Mark's PPA.
134	+
135	>>> removeSecurityProxy(build).archive = cprov_archive
136	>>> cprov_archive.require_virtualized = True
137	>>> for build_file in a_build.sourcepackagerelease.files:

 === modified file 'lib/canonical/launchpad/doc/publishing-security.txt'
 --- lib/canonical/launchpad/doc/publishing-security.txt	2009-04-16 16:05:48 +0000
 +++ lib/canonical/launchpad/doc/publishing-security.txt	2010-02-26 15:36:26 +0000
@@ -8,50 +8,51 @@
  are no restrictions.  For those attached to a private archive, only those able
  to view the archive, or admins, can see the publication.
--As an anonymous user get the first published source and binary out of cprov's
--public PPA:
++We create two PPAs, one public and one private. Both PPAs are populated
++with some source and binary publishings.
++
++    >>> login('admin@canonical.com')
++    >>> public_ppa = factory.makeArchive(private=False)
++    >>> private_ppa = factory.makeArchive(private=True)
++    >>> from lp.soyuz.tests.test_publishing import SoyuzTestPublisher
++    >>> test_publisher = SoyuzTestPublisher()
++    >>> test_publisher.prepareBreezyAutotest()
++    >>> ignore = test_publisher.getPubBinaries(archive=public_ppa)
++    >>> ignore = test_publisher.getPubBinaries(archive=private_ppa)
++
++
++As an anonymous user we can get the first published source and binary out
++the public PPA:
      >>> login(ANONYMOUS)
--
--    >>> from canonical.launchpad.interfaces import IPersonSet
--    >>> cprov_ppa = getUtility(IPersonSet).getByName('cprov').archive
--    >>> cprov_ppa.private
--    False
--
--    >>> source_pub = cprov_ppa.getPublishedSources()[0]
++    >>> source_pub = public_ppa.getPublishedSources()[0]
      >>> print source_pub.displayname
--    cdrkit 1.0 in breezy-autotest
++    foo 666 in breezy-autotest
--    >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
++    >>> binary_pub = public_ppa.getAllPublishedBinaries()[0]
      >>> print binary_pub.displayname
--    mozilla-firefox 1.0 in warty hppa
++    foo-bin 666 in breezy-autotest i386
  A regular user can see them too:
      >>> login('no-priv@canonical.com')
--    >>> source_pub = cprov_ppa.getPublishedSources()[0]
++    >>> source_pub = public_ppa.getPublishedSources()[0]
      >>> print source_pub.displayname
--    cdrkit 1.0 in breezy-autotest
++    foo 666 in breezy-autotest
--    >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
++    >>> binary_pub = public_ppa.getAllPublishedBinaries()[0]
      >>> print binary_pub.displayname
--    mozilla-firefox 1.0 in warty hppa
--
--Now, we'll make cprov's PPA private:
--
--    >>> login('admin@canonical.com')
--    >>> cprov_ppa.private = True
--    >>> cprov_ppa.buildd_secret = "blah"
--
--Anonymous access will now be refused:
++    foo-bin 666 in breezy-autotest i386
++
++But when querying the private PPA, anonymous access will be refused:
      >>> login(ANONYMOUS)
--    >>> source_pub = cprov_ppa.getPublishedSources()[0]
++    >>> source_pub = private_ppa.getPublishedSources()[0]
      Traceback (most recent call last):
      ...
      Unauthorized:...
--    >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
++    >>> binary_pub = private_ppa.getAllPublishedBinaries()[0]
      Traceback (most recent call last):
      ...
      Unauthorized:...
@@ -59,35 +60,35 @@
  As is for a regular user.
      >>> login('no-priv@canonical.com')
--    >>> source_pub = cprov_ppa.getPublishedSources()[0]
--    Traceback (most recent call last):
--    ...
--    Unauthorized:...
--
--    >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
--    Traceback (most recent call last):
--    ...
--    Unauthorized:...
--
--But cprov himself can see them:
--
--    >>> login('celso.providelo@canonical.com')
--    >>> source_pub = cprov_ppa.getPublishedSources()[0]
++    >>> source_pub = private_ppa.getPublishedSources()[0]
++    Traceback (most recent call last):
++    ...
++    Unauthorized:...
++
++    >>> binary_pub = private_ppa.getAllPublishedBinaries()[0]
++    Traceback (most recent call last):
++    ...
++    Unauthorized:...
++
++But the owner can see them.
++
++    >>> login_person(private_ppa.owner)
++    >>> source_pub = private_ppa.getPublishedSources()[0]
      >>> print source_pub.displayname
--    cdrkit 1.0 in breezy-autotest
++    foo 666 in breezy-autotest
--    >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
++    >>> binary_pub = private_ppa.getAllPublishedBinaries()[0]
      >>> print binary_pub.displayname
--    mozilla-firefox 1.0 in warty hppa
++    foo-bin 666 in breezy-autotest i386
  As can an administrator.
      >>> login('admin@canonical.com')
--    >>> source_pub = cprov_ppa.getPublishedSources()[0]
++    >>> source_pub = private_ppa.getPublishedSources()[0]
      >>> print source_pub.displayname
--    cdrkit 1.0 in breezy-autotest
++    foo 666 in breezy-autotest
--    >>> binary_pub = cprov_ppa.getAllPublishedBinaries()[0]
++    >>> binary_pub = private_ppa.getAllPublishedBinaries()[0]
      >>> print binary_pub.displayname
--    mozilla-firefox 1.0 in warty hppa
++    foo-bin 666 in breezy-autotest i386
 === modified file 'lib/canonical/launchpad/doc/tales.txt'
 --- lib/canonical/launchpad/doc/tales.txt	2010-02-16 16:31:24 +0000
 +++ lib/canonical/launchpad/doc/tales.txt	2010-02-26 15:36:26 +0000
@@ -126,58 +126,63 @@
  for referring to them in other pages and a 'reference' formatter which
  displays the unique ppa reference.
--    >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
--    <a href="/~mark/+archive/ppa"
--       class="sprite ppa-icon">PPA for Mark Shuttleworth</a>
--    >>> print test_tales("ppa/fmt:reference", ppa=mark.archive)
--    ppa:mark/ppa
++    >>> login('admin@canonical.com')
++    >>> owner = factory.makePerson(name="joe", displayname="Joe Smith")
++    >>> public_ppa = factory.makeArchive(
++    ...     name='ppa', private=False, owner=owner)
++    >>> login(ANONYMOUS)
++    >>> print test_tales("ppa/fmt:link", ppa=public_ppa)
++    <a href="/~joe/+archive/ppa"
++       class="sprite ppa-icon">PPA for Joe Smith</a>
++    >>> print test_tales("ppa/fmt:reference", ppa=public_ppa)
++    ppa:joe/ppa
  Disabled PPAs links use a different icon and are only linkified for
  users with launchpad.View on them.
--    >>> login('foo.bar@canonical.com')
--    >>> mark.archive.disable()
++    >>> login('admin@canonical.com')
++    >>> public_ppa.disable()
--    >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
--    <a href="/~mark/+archive/ppa" class="sprite ppa-icon-inactive">PPA
--    for Mark Shuttleworth</a>
++    >>> print test_tales("ppa/fmt:link", ppa=public_ppa)
++    <a href="/~joe/+archive/ppa" class="sprite ppa-icon-inactive">PPA
++    for Joe Smith</a>
      >>> login(ANONYMOUS)
--    >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
--    <span class="sprite ppa-icon-inactive">PPA for Mark Shuttleworth</span>
++    >>> print test_tales("ppa/fmt:link", ppa=public_ppa)
++    <span class="sprite ppa-icon-inactive">PPA for Joe Smith</span>
  Private PPAs links are not rendered for users without launchpad.View on
  them.
--    >>> login('foo.bar@canonical.com')
--    >>> mark.archive.enable()
--    >>> mark.archive.buildd_secret = 'x'
--    >>> mark.archive.private = True
++    >>> login('admin@canonical.com')
++    >>> private_ppa = factory.makeArchive(
++    ...     name='ppa', private=True, owner=owner)
--    >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
--    <a href="/~mark/+archive/ppa" class="sprite ppa-icon">PPA
--    for Mark Shuttleworth</a>
++    >>> print test_tales("ppa/fmt:link", ppa=private_ppa)
++    <a href="/~joe/+archive/ppa" class="sprite ppa-icon">PPA
++    for Joe Smith</a>
      >>> login(ANONYMOUS)
--    >>> print test_tales("ppa/fmt:link", ppa=mark.archive)
++    >>> print test_tales("ppa/fmt:link", ppa=private_ppa)
  Similarly, references to private PPAs are not rendered unless the user has
  a subscription to the PPA.
--    >>> login('foo.bar@canonical.com')
--    >>> print test_tales("ppa/fmt:reference", ppa=mark.archive)
++    >>> ppa_user = factory.makePerson(name="jake", displayname="Jake Smith")
++    >>> login_person(ppa_user)
++    >>> print test_tales("ppa/fmt:reference", ppa=private_ppa)
--    >>> login('mark@example.com')
--    >>> foo = getUtility(IPersonSet).getByName('name16')
--    >>> ignore = mark.archive.newSubscription(foo, mark)
--    >>> login('foo.bar@canonical.com')
--    >>> print test_tales("ppa/fmt:reference", ppa=mark.archive)
--    ppa:mark/ppa
++    >>> login_person(owner)
++    >>> ignore = private_ppa.newSubscription(ppa_user, owner)
++    >>> login_person(ppa_user)
++    >>> print test_tales("ppa/fmt:reference", ppa=private_ppa)
++    ppa:joe/ppa
  We also have icons for builds which may have different dimensions.
++    >>> login('admin@canonical.com')
      >>> from lp.soyuz.tests.test_publishing import SoyuzTestPublisher
      >>> stp = SoyuzTestPublisher()
      >>> stp.prepareBreezyAutotest()
 === modified file 'lib/lp/registry/browser/tests/person-views.txt'
 --- lib/lp/registry/browser/tests/person-views.txt	2010-02-02 21:28:50 +0000
 +++ lib/lp/registry/browser/tests/person-views.txt	2010-02-26 15:36:26 +0000
@@ -868,20 +868,18 @@
      >>> view.should_show_ppa_section
      True
--If we make the PPA private, only cprov will see the section.
++If the PPA is private, only the owner will see the section.
      >>> login("admin@canonical.com")
--    >>> cprov.archive.buildd_secret = "secret"
--    >>> cprov.archive.private = True
--    >>> transaction.commit()
++    >>> private_ppa = factory.makeArchive(private=True)
--    >>> login("celso.providelo@canonical.com")
--    >>> view = create_initialized_view(cprov, "+index")
++    >>> login_person(private_ppa.owner)
++    >>> view = create_initialized_view(private_ppa.owner, "+index")
      >>> view.should_show_ppa_section
      True
      >>> login(ANONYMOUS)
--    >>> view = create_initialized_view(cprov, "+index")
++    >>> view = create_initialized_view(private_ppa.owner, "+index")
      >>> view.should_show_ppa_section
      False
 === modified file 'lib/lp/soyuz/browser/tests/archive-views.txt'
 --- lib/lp/soyuz/browser/tests/archive-views.txt	2010-02-11 13:26:21 +0000
 +++ lib/lp/soyuz/browser/tests/archive-views.txt	2010-02-26 15:36:26 +0000
@@ -945,9 +945,7 @@
      >>> login('foo.bar@canonical.com')
      >>> a_team = factory.makeTeam(mark, name="pirulito-team")
      >>> team_ppa = factory.makeArchive(
--    ...     distribution=ubuntu, name='ppa', owner=a_team)
--    >>> team_ppa.buildd_secret = 'boing'
--    >>> team_ppa.private = True
++    ...     distribution=ubuntu, name='ppa', owner=a_team, private=True)
      >>> transaction.commit()
      >>> login('celso.providelo@canonical.com')
@@ -987,38 +985,34 @@
      ...     print error
      Public PPAs cannot depend on private ones.
--Finally, we make Celso's PPA private. That's enough for allowing Celso
--to set PPA for Pirulito Team as dependency of his PPA.
++Finally, we try with a private PPA of Celso's. That's enough for
++allowing Celso to set PPA for Pirulito Team as dependency of his PPA.
      >>> login('foo.bar@canonical.com')
--    >>> cprov.archive.buildd_secret = 'boing'
--    >>> cprov.archive.private = True
++    >>> cprov_private_ppa = factory.makeArchive(
++    ...     owner=cprov, private=True, name='p3a')
      >>> login('celso.providelo@canonical.com')
      >>> view = create_initialized_view(
--    ...     cprov.archive, name="+edit-dependencies",
++    ...     cprov_private_ppa, name="+edit-dependencies",
      ...     form=add_private_form)
      >>> len(view.errors)
      >>> view = create_initialized_view(
--    ...     cprov.archive, name="+edit-dependencies")
++    ...     cprov_private_ppa, name="+edit-dependencies")
      >>> dependencies = view.widgets.get('selected_dependencies').vocabulary
      >>> for dependency in dependencies:
      ...     print dependency.value.displayname
      PPA for Pirulito Team
--Remove Celso's membership on the new team and made his PPA public
--again to not affect subsequent tests.
++Remove Celso's membership on the new team and disable his PPA so we don't
++affect the following tests.
      >>> cprov.leave(a_team)
--
--    >>> login('foo.bar@canonical.com')
--    >>> cprov.archive.private = False
--    >>> cprov.archive.buildd_secret = ''
--    >>> login('celso.providelo@canonical.com')
++    >>> cprov_private_ppa.disable()
  == ArchivePackageCopyingView ==
@@ -1304,12 +1298,10 @@
  it happens via 'delayed-copies' not the usual direct copying method.
  See more information in scripts/packagecopier.py
--First we will make Celso's PPA private.
++First we will enable Celso's private PPA.
      >>> login('foo.bar@canonical.com')
--
--    >>> cprov.archive.buildd_secret = 'boing'
--    >>> cprov.archive.private = True
++    >>> cprov_private_ppa.enable()
  Then we will create a testing publication, that will be restricted.
@@ -1320,7 +1312,7 @@
      >>> test_publisher.addFakeChroots(hoary)
      >>> unused = test_publisher.setUpDefaultDistroSeries(hoary)
      >>> private_source = test_publisher.createSource(
--    ...     cprov.archive, 'foocomm', '1.0-1', new_version='2.0-1')
++    ...     cprov_private_ppa, 'foocomm', '1.0-1', new_version='2.0-1')
      >>> transaction.commit()
  Now, as Celso we will try to copy the just created 'private' source to
@@ -1334,7 +1326,7 @@
      >>> login('celso.providelo@canonical.com')
      >>> view = create_initialized_view(
--    ...     cprov.archive, name="+copy-packages",
++    ...     cprov_private_ppa, name="+copy-packages",
      ...     form={
      ...         'field.selected_sources': [str(private_source.id)],
      ...         'field.destination_archive': 'ubuntu-team/ppa',
 === modified file 'lib/lp/soyuz/browser/tests/archivesubscription-views.txt'
 --- lib/lp/soyuz/browser/tests/archivesubscription-views.txt	2009-09-14 08:08:51 +0000
 +++ lib/lp/soyuz/browser/tests/archivesubscription-views.txt	2010-02-26 15:36:26 +0000
@@ -22,18 +22,19 @@
      >>> login('foo.bar@canonical.com')
      >>> from lp.registry.interfaces.person import IPersonSet
      >>> cprov = getUtility(IPersonSet).getByName("cprov")
--    >>> cprov.archive.buildd_secret = 'boing'
--    >>> cprov.archive.private = True
++    >>> cprov_private_ppa = factory.makeArchive(
++    ...     owner=cprov, private=True)
      >>> mark = getUtility(IPersonSet).getByName("mark")
--    >>> mark.archive.buildd_secret = 'boing'
--    >>> mark.archive.private = True
++    >>> mark_private_ppa = factory.makeArchive(
++    ...     owner=mark, private=True)
      >>> transaction.commit()
      >>> logout()
  The view includes a label property.
      >>> login('celso.providelo@canonical.com')
--    >>> view = create_initialized_view(cprov.archive, name="+subscriptions")
++    >>> view = create_initialized_view(
++    ...     cprov_private_ppa, name="+subscriptions")
      >>> print view.label
      Manage access to PPA for Celso Providelo
@@ -46,7 +47,7 @@
  POSTing with out data just causes the validation to display:
      >>> view = create_initialized_view(
--    ...     cprov.archive, name="+subscriptions",
++    ...     cprov_private_ppa, name="+subscriptions",
      ...     server_url=
      ...         "https://launchpad.dev/~cprov/+archive/ppa/+subscriptions",
      ...     form={
@@ -60,7 +61,7 @@
  The view can be used to add a new subscriber:
      >>> view = create_initialized_view(
--    ...     cprov.archive, name="+subscriptions",
++    ...     cprov_private_ppa, name="+subscriptions",
      ...     server_url=
      ...         "https://launchpad.dev/~cprov/+archive/ppa/+subscriptions",
      ...     form={
@@ -100,7 +101,7 @@
  The same subscriber cannot be added a second time:
      >>> view = create_initialized_view(
--    ...     cprov.archive, name="+subscriptions",
++    ...     cprov_private_ppa, name="+subscriptions",
      ...     form={
      ...         'field.subscriber': 'spiv',
      ...         'field.description': "spiv's still my friend",
@@ -118,7 +119,7 @@
      >>> login('mark@example.com')
      >>> view = create_initialized_view(
--    ...     mark.archive, name="+subscriptions",
++    ...     mark_private_ppa, name="+subscriptions",
      ...     form={
      ...         'field.subscriber': 'spiv',
      ...         'field.description': "spiv's still my friend",
@@ -135,7 +136,7 @@
      >>> transaction.commit()
      >>> view = create_initialized_view(
--    ...     mark.archive, name="+subscriptions",
++    ...     mark_private_ppa, name="+subscriptions",
      ...     server_url=
      ...         "https://launchpad.dev/~cprov/+archive/ppa/+subscriptions",
      ...     form={
@@ -153,7 +154,7 @@
      >>> import datetime
      >>> future_date = datetime.date.today() + datetime.timedelta(30)
      >>> view = create_initialized_view(
--    ...     mark.archive, name="+subscriptions",
++    ...     mark_private_ppa, name="+subscriptions",
      ...     server_url=
      ...         "https://launchpad.dev/~cprov/+archive/ppa/+subscriptions",
      ...     form={
@@ -178,7 +179,7 @@
      >>> from lp.soyuz.interfaces.archivesubscriber import (
      ...     IArchiveSubscriberSet)
      >>> spiv_subscription = getUtility(IArchiveSubscriberSet).getByArchive(
--    ...     cprov.archive).one()
++    ...     cprov_private_ppa).one()
      >>> view = create_initialized_view(spiv_subscription, name="+edit")
      >>> print view.label
      Edit Andrew Bennetts's access to PPA for Celso Providelo
@@ -280,7 +281,7 @@
  The subscriptions_with_tokens property returns all the current archive
--subscriptions for the person, with the corresponding token for each -
++subscriptions for the person, with the corresponding token for each -
  if one exists:
      >>> def print_subscriptions_with_tokens():
@@ -301,7 +302,7 @@
  subscriptions_with_tokens property:
      >>> spiv = getUtility(IPersonSet).getByName('spiv')
--    >>> new_token = cprov.archive.newAuthToken(spiv)
++    >>> new_token = cprov_private_ppa.newAuthToken(spiv)
      >>> view = create_initialized_view(spiv, name="+archivesubscriptions")
      >>> print_subscriptions_with_tokens()
      PPA for Mark Shuttleworth       None
@@ -352,7 +353,7 @@
      Andrew Bennetts
      >>> print view.sources_list_entries.context.archive_url
--    http://spiv:...@private-ppa.launchpad.dev/cprov/ppa/ubuntu
++    http://spiv:...@private-ppa.launchpad.dev/cprov/ppa/...
  The view can also be used to regenerate the source.list entries.
 === modified file 'lib/lp/soyuz/browser/tests/builder-views.txt'
 --- lib/lp/soyuz/browser/tests/builder-views.txt	2010-01-14 02:15:08 +0000
 +++ lib/lp/soyuz/browser/tests/builder-views.txt	2010-02-26 15:36:26 +0000
@@ -134,11 +134,11 @@
      ...    IBuilderSet, IPersonSet)
      >>> cprov = getUtility(IPersonSet).getByName("cprov")
--    >>> cprov.archive.buildd_secret = "secret"
--    >>> cprov.archive.private = True
++    >>> cprov_private_ppa = factory.makeArchive(
++    ...     owner=cprov, private=True)
  SoyuzTestPublisher is used to make a new publication only in Celso's
--PPA.
++private PPA.
      >>> from lp.soyuz.tests.test_publishing import (
      ...      SoyuzTestPublisher)
@@ -151,7 +151,7 @@
      >>> private_source_pub = test_publisher.getPubSource(
      ...     status=PackagePublishingStatus.PUBLISHED,
      ...     sourcename='privacy-test',
--    ...     archive=cprov.archive)
++    ...     archive=cprov_private_ppa)
      >>> [private_build] = private_source_pub.createMissingBuilds()
  Assign the build to the 'frog' builder:
 === modified file 'lib/lp/soyuz/doc/archive-dependencies.txt'
 --- lib/lp/soyuz/doc/archive-dependencies.txt	2010-02-26 13:42:51 +0000
 +++ lib/lp/soyuz/doc/archive-dependencies.txt	2010-02-26 15:36:26 +0000
@@ -225,11 +225,11 @@
      >>> print_building_sources_list(a_build)
      deb http://ftpmaster.internal/ubuntu hoary
--    	main restricted universe multiverse
++        main restricted universe multiverse
      deb http://ftpmaster.internal/ubuntu hoary-security
--    	main restricted universe multiverse
++        main restricted universe multiverse
      deb http://ftpmaster.internal/ubuntu hoary-updates
--    	main restricted universe multiverse
++        main restricted universe multiverse
  Once we publish a test binary in Celso's PPA hoary/i386,
  this archive becomes relevant for building, and thus listed in the
@@ -242,11 +242,11 @@
      >>> print_building_sources_list(a_build)
      deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
      deb http://ftpmaster.internal/ubuntu hoary
--    	main restricted universe multiverse
++        main restricted universe multiverse
      deb http://ftpmaster.internal/ubuntu hoary-security
--    	main restricted universe multiverse
++        main restricted universe multiverse
      deb http://ftpmaster.internal/ubuntu hoary-updates
--    	main restricted universe multiverse
++        main restricted universe multiverse
  Similarly, populated PPA dependencies are listed in the building
  'sources_list'.
@@ -264,32 +264,41 @@
      deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
      deb http://ppa.launchpad.dev/mark/ppa/ubuntu hoary main
      deb http://ftpmaster.internal/ubuntu hoary
--    	main restricted universe multiverse
++        main restricted universe multiverse
      deb http://ftpmaster.internal/ubuntu hoary-security
          main restricted universe multiverse
      deb http://ftpmaster.internal/ubuntu hoary-updates
--    	main restricted universe multiverse
++        main restricted universe multiverse
  The authentication information gets added for private PPA
--dependencies.
--
--    >>> mark.archive.buildd_secret = "not-so-secret"
--    >>> mark.archive.private = True
--
--    >>> print_building_sources_list(a_build)
--    deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
--    deb http://buildd:not-so-secret@private-ppa.launchpad.dev/mark/ppa/ubuntu
--    	hoary main
--    deb http://ftpmaster.internal/ubuntu hoary
--    	main restricted universe multiverse
--    deb http://ftpmaster.internal/ubuntu hoary-security
--        main restricted universe multiverse
--    deb http://ftpmaster.internal/ubuntu hoary-updates
--    	main restricted universe multiverse
--
--Good enough, let's delete the archive dependency on Mark's PPA.
--
++dependencies. We'll create a private PPA and then update cprov's PPA,
++removing the dependency on Mark's public PPA and adding one for the
++new private PPA.
++
++    >>> private_ppa = factory.makeArchive(
++    ...     owner=mark, name='p3a', private=True, distribution=ubuntu)
++    >>> pub_binaries = test_publisher.getPubBinaries(
++    ...     binaryname='dep-bin', archive=private_ppa,
++    ...     status=PackagePublishingStatus.PUBLISHED)
      >>> cprov.archive.removeArchiveDependency(mark.archive)
++    >>> archive_dependency = cprov.archive.addArchiveDependency(
++    ...     private_ppa, PackagePublishingPocket.RELEASE,
++    ...     getUtility(IComponentSet)['main'])
++
++    >>> print_building_sources_list(a_build)
++    deb http://ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
++    deb http://buildd:sekrit@private-ppa.launchpad.dev/mark/p3a/ubuntu
++        hoary main
++    deb http://ftpmaster.internal/ubuntu hoary
++        main restricted universe multiverse
++    deb http://ftpmaster.internal/ubuntu hoary-security
++        main restricted universe multiverse
++    deb http://ftpmaster.internal/ubuntu hoary-updates
++        main restricted universe multiverse
++
++Remove the private PPA dependency before continuing.
++
++    >>> cprov.archive.removeArchiveDependency(private_ppa)
      >>> cprov.archive.external_dependencies is None
      True
 === modified file 'lib/lp/soyuz/doc/buildd-slavescanner.txt'
 --- lib/lp/soyuz/doc/buildd-slavescanner.txt	2010-01-29 17:15:31 +0000
 +++ lib/lp/soyuz/doc/buildd-slavescanner.txt	2010-02-26 15:36:26 +0000
@@ -881,16 +881,19 @@
  published.  We need to tweak the status of the publishing record again
  to demonstrate this, and also make the archive private:
--    >>> build = getUtility(IBuildSet).getByQueueEntry(new_candidate)
--    >>> source = build.sourcepackagerelease
--    >>> secure_pub = removeSecurityProxy(
--    ...     build).current_source_publication.secure_record
++XXX Michael Nelson 2010-02-19 bug=394276 Please let's put some time
++aside to convert these to unit-tests.
++
++    >>> naked_build = removeSecurityProxy(
++    ...     getUtility(IBuildSet).getByQueueEntry(new_candidate))
++    >>> original_archive = naked_build.archive
++    >>> secure_pub = naked_build.current_source_publication.secure_record
      >>> commit()
      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
++    >>> private_ppa = factory.makeArchive(private=True)
++    >>> naked_build.archive = private_ppa
++    >>> secure_pub.archive = private_ppa
      >>> secure_pub.status = PackagePublishingStatus.PENDING
--    >>> test_archive = secure_pub.archive
--    >>> test_archive.private = True
--    >>> test_archive.buildd_secret = "secret"
      >>> commit()
      >>> LaunchpadZopelessLayer.switchDbUser(config.builddmaster.dbuser)
@@ -924,11 +927,9 @@
  making the build be superseded and no candidate is returned.
      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
--    >>> secure_pub = removeSecurityProxy(
--    ...     build).current_source_publication.secure_record
++    >>> secure_pub = naked_build.current_source_publication.secure_record
      >>> secure_pub.status = PackagePublishingStatus.DELETED
--    >>> secure_pub = removeSecurityProxy(
--    ...     build).current_source_publication.secure_record
++    >>> secure_pub = naked_build.current_source_publication.secure_record
      >>> secure_pub.status = PackagePublishingStatus.SUPERSEDED
      >>> commit()
      >>> LaunchpadZopelessLayer.switchDbUser(config.builddmaster.dbuser)
@@ -949,7 +950,8 @@
      >>> commit()
      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
--    >>> test_archive.private = False
++    >>> naked_build.archive = original_archive
++    >>> secure_pub.archive = original_archive
      >>> commit()
      >>> LaunchpadZopelessLayer.switchDbUser(config.builddmaster.dbuser)
@@ -1162,19 +1164,24 @@
  If the build is for a private PPA, the slave scanner will pass a
  sources.list entry that contains a password to access the archive.
--Making Celso's PPA private and set the buildd_secret (which is the
--password for the archive):
--
      >>> from canonical.testing import LaunchpadZopelessLayer
      >>> commit()
      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
      >>> login('foo.bar@canonical.com')
--    >>> cprov_archive.private = True
--    >>> cprov_archive.buildd_secret = "secret"
--    >>> cprov_archive.require_virtualized = False
      >>> build = getUtility(IBuildSet).getByQueueEntry(candidate)
      >>> for build_file in build.sourcepackagerelease.files:
      ...     removeSecurityProxy(build_file).libraryfile.restricted = True
++    >>> private_ppa = factory.makeArchive(
++    ...     owner=cprov_archive.owner, name='pppa', private=True,
++    ...     virtualized=False, distribution=ubuntu)
++
++It's necessary to publish some binaries into the private PPA, otherwise
++the PPA won't be included as a dependency in the sources list below.
++
++    >>> binaries = test_publisher.getPubBinaries(
++    ...     distroseries=ubuntu['hoary'], archive=private_ppa,
++    ...     status=PackagePublishingStatus.PUBLISHED)
++    >>> removeSecurityProxy(build).archive = private_ppa
      >>> commit()
      >>> LaunchpadZopelessLayer.switchDbUser(test_dbuser)
      >>> login(ANONYMOUS)
@@ -1204,11 +1211,11 @@
      >>> removeSecurityProxy(a_builder)._dispatchBuildCandidate(candidate)
      ensurepresent called, url=...
      ensurepresent called,
--        url=http://private-ppa.launchpad.dev/cprov/ppa/ubuntu/pool/main/m/mozilla-firefox/firefox_0.9.2.orig.tar.gz
--    URL authorisation with buildd/secret
++     url=http://private-ppa.../cprov/pppa/.../firefox_0.9.2.orig.tar.gz
++    URL authorisation with buildd/sekrit
      OkSlave BUILDING
      Archives:
--     deb http://buildd:secret@private-ppa.launchpad.dev/cprov/ppa/ubuntu hoary main
++     deb http://buildd:sekrit@private-ppa.../cprov/pppa/ubuntu hoary main
       deb http://ftpmaster.internal/ubuntu hoary
           main restricted universe multiverse
       deb http://ftpmaster.internal/ubuntu hoary-security
@@ -1295,7 +1302,10 @@
      >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
      >>> login('foo.bar@canonical.com')
--    >>> cprov_archive.private = False
++We'll switch the build's archive back to Celso's PPA and set the PPA to
++virtualized before adding the dependency on Mark's PPA.
++
++    >>> removeSecurityProxy(build).archive = cprov_archive
      >>> cprov_archive.require_virtualized = True
      >>> for build_file in a_build.sourcepackagerelease.files:
      ...     removeSecurityProxy(build_file).libraryfile.restricted = False
 === modified file 'lib/lp/testing/factory.py'
 --- lib/lp/testing/factory.py	2010-02-26 15:36:25 +0000
 +++ lib/lp/testing/factory.py	2010-02-26 15:36:26 +0000
@@ -1558,7 +1558,8 @@
          return getUtility(IComponentSet).ensure(name)
      def makeArchive(self, distribution=None, owner=None, name=None,
--                    purpose=None, enabled=True, private=False):
++                    purpose=None, enabled=True, private=False,
++                    virtualized=True):
          """Create and return a new arbitrary archive.
          :param distribution: Supply IDistribution, defaults to a new one
@@ -1567,7 +1568,9 @@
              makePerson().
          :param name: Name of the archive, defaults to a random string.
          :param purpose: Supply ArchivePurpose, defaults to PPA.
--        :param enabled: Whether the archive should be enabled.
++        :param enabled: Whether the archive is enabled.
++        :param private: Whether the archive is created private.
++        :param virtualized: Whether the archive is virtualized.
          """
          if distribution is None:
              distribution = self.makeDistribution()
@@ -1588,7 +1591,8 @@
          archive = getUtility(IArchiveSet).new(
              owner=owner, purpose=purpose,
--            distribution=distribution, name=name, enabled=enabled)
++            distribution=distribution, name=name, enabled=enabled,
++            require_virtualized=virtualized)
          if private:
              archive.private = True