Launchpad itself

Merge lp:~salgado/launchpad/remove-security-upload-policy into lp:launchpad

remove-security-upload-policy
Merge into devel

Proposed by Guilherme Salgado on 2010-08-24

Status:	Merged
Approved by:	Michael Nelson on 2010-08-26
Approved revision:	no longer in the source branch.
Merged at revision:	11450
Proposed branch:	lp:~salgado/launchpad/remove-security-upload-policy
Merge into:	lp:launchpad
Diff against target:	979 lines (+144/-722) 6 files modified lib/lp/archiveuploader/tests/nascentupload-announcements.txt (+8/-269) lib/lp/archiveuploader/tests/nascentupload-security-uploads.txt (+0/-144) lib/lp/archiveuploader/tests/test_buildduploads.py (+130/-4) lib/lp/archiveuploader/tests/test_securityuploads.py (+0/-263) lib/lp/archiveuploader/uploadpolicy.py (+1/-24) lib/lp/soyuz/doc/soyuz-set-of-uploads.txt (+5/-18)
To merge this branch:	bzr merge lp:~salgado/launchpad/remove-security-upload-policy
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Michael Nelson (community)	code		Approve on 2010-08-26
Jeroen T. Vermeulen (community)		2010-08-24	Approve on 2010-08-25
Review via email: mp+33581@code.launchpad.net

Description of the change

Remove SecurityUploadPolicy together with its tests as it's no longer used.

Revision history for this message

Jeroen T. Vermeulen (jtv) wrote on 2010-08-25:

Wow, that's a very red diff. Death to doctests!

Not much here to review, really. I'll have to trust that you're not bluffing on how an email to Daniel Silverstone turned into one to Celso Providelo in lines 286—307 of the diff. But then again, doctests have a tendency to invite bluffing and I can't help feeling it's their own fault.

review: Approve

Revision history for this message

Guilherme Salgado (salgado) wrote on 2010-08-25:

The change from an email do Daniel to one from Celso is in a test that
gets a random (in fact, the last one) upload and prints some details
about it. It changed because I removed the code that did an upload
right before that test.

I got back from ec2 test this morning and soyuz-set-of-uploads.txt is
failing because it uses the security policy in some parts, so I'm having
yet more fun with doctests. I'll let you know once I figure out a way to
fix it -- using one of the test-specific policies that accept anything
is not working.

Revision history for this message

Guilherme Salgado (salgado) wrote on 2010-08-25:

I've managed to get that test passing again, as well as fixing another one that I broke because it was importing its base class from a file that had been removed.

In the latter case I just had to copy the class from the removed file back.

For the former I removed a chunk of the test but to make sure we don't lose coverage I'll write a unit test on my vostok-upload-policy, which adds a test_uploadpolicy.py file. The rest should be self-explanatory.

Revision history for this message

Michael Nelson (michael.nelson) wrote on 2010-08-26:

Approving changes in r11428.

14:40 < salgado> noodles775, and I've added a new unit test (in the other MP) to exercise the same code that was exercised by the doctest chunk I've removed
14:40 < noodles775> salgado: The doctest snippet that you removed in r11428 (reject instead of fail for non-existent pocket), you mention that you'll cover it with a unit test in the following branch...
14:40 < noodles775> lol
14:40 < noodles775> but
14:40 < salgado> :)
14:41 < salgado> http://bazaar.launchpad.net/~salgado/launchpad/vostok-upload-policy/revision/11432
14:41 < noodles775> as far as I can see, the following branch tests that an assertion is raised, but not that a rejection is sent
14:41 * noodles775 double checks, guessing that he missed it.
14:41 < salgado> that's correct
14:42 < noodles775> Is there a test elsewhere that ensures when the assertion is raised an email is sent?
14:42 < salgado> I thought just checking for the exception was good enough, as we have plenty of tests showing a rejection is sent when there's an exception

review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Barki Mustapha

Celso Providelo

Christian Reis

Christy Awad

Colin Watson

Guilherme Salgado

Harpianto,ANDI

James Troup

John A Meinel

Kevin bush

Launchpad code reviewers

Launchpad code reviewers from Canonical

Matthew Tanner

Maximiliano Bertacchini

Oguz Ersoz

Simon Brakhane

Ubuntu-BR DevOps

William Grant

alhawiti

api.ng

pedro cavazos

todaioan

wenjingwen

to status/vote changes:

Tzaddi

Tzaddi Belding

 === modified file 'lib/lp/archiveuploader/tests/nascentupload-announcements.txt'
 --- lib/lp/archiveuploader/tests/nascentupload-announcements.txt	2010-08-20 12:11:30 +0000
 +++ lib/lp/archiveuploader/tests/nascentupload-announcements.txt	2010-08-25 19:32:53 +0000
@@ -17,13 +17,6 @@
   * AUTO-APPROVED to BACKPORTS (via sync): submitter set receives an
     'acceptance' warning ('announcement' is skipped).
-- * AUTO-APPROVED sources to SECURITY (via security): submitter set
--   receives an 'acceptance' warning and the target distroseries
--   changeslist address receives an 'announcement' message.
--
-- * AUTO-APPROVED binaries to SECURITY (via security): submitter set
--   receives only an 'acceptance' warning ('announcement' is skipped).
--
   * NEW, AUTO-APPROVED or UNAPPROVED source uploads targeted to section
     'translations' (all policies, all pockets) do not generate any
     messages. Remembering that NEW and UNAPPROVED messages are also
@@ -530,196 +523,6 @@
   >>> import os
   >>> os.remove(os.path.join(datadir('suite/bar_1.0-4'), 'bar_1.0.orig.tar.gz'))
--AUTO-APPROVED source upload to SECURITY pocket via 'security' policy:
--
--  >>> security_policy = getPolicy(
--  ...     name='security', distro='ubuntu', distroseries=None)
--  >>> security_policy.setDistroSeriesAndPocket('hoary-security')
--
--  >>> bar_src = NascentUpload.from_changesfile_path(
--  ...     datadir('suite/bar_1.0-2/bar_1.0-2_source.changes'),
--  ...     security_policy, mock_logger_quiet)
--  >>> bar_src.process()
--
--  >>> bar_src.logger = mock_logger
--  >>> result = bar_src.do_accept()
--  DEBUG: Creating queue entry
--  ...
--  DEBUG: Sent a mail:
--  DEBUG:     Subject: [ubuntu/hoary-security] bar 1.0-2 (Accepted)
--  DEBUG:     Recipients: Daniel Silverstone <daniel.silverstone@canonical.com>
--  DEBUG:     Body:
--  DEBUG: bar (1.0-2) breezy; urgency=low
--  DEBUG:
--  DEBUG:   * A second upload to ensure that binary overrides of _all work
--  DEBUG:
--  DEBUG:   * Also closes Launchpad bug #6
--  DEBUG:
--  DEBUG:
--  DEBUG: Date: Thu, 30 Mar 2006 01:36:14 +0100
--  DEBUG: Changed-By: Daniel Silverstone <daniel.silverstone@canonical.com>
--  DEBUG: Maintainer: Launchpad team <launchpad@lists.canonical.com>
--  DEBUG: http://launchpad.dev/ubuntu/hoary/+source/bar/1.0-2
--  DEBUG:
--  DEBUG: ==
--  DEBUG:
--  DEBUG: Announcing to hoary-announce@lists.ubuntu.com
--  DEBUG:
--  DEBUG: Thank you for your contribution to Ubuntu Linux.
--  DEBUG:
--  DEBUG: --
--  DEBUG: You are receiving this email because you are the uploader, maintainer or
--  DEBUG: signer of the above package.
--  DEBUG: Sent a mail:
--  DEBUG:     Subject: [ubuntu/hoary-security] bar 1.0-2 (Accepted)
--  DEBUG:     Recipients: hoary-announce@lists.ubuntu.com
--  DEBUG:     Body:
--  DEBUG: bar (1.0-2) breezy; urgency=low
--  DEBUG:
--  DEBUG:   * A second upload to ensure that binary overrides of _all work
--  DEBUG:
--  DEBUG:   * Also closes Launchpad bug #6
--  DEBUG:
--  DEBUG:
--  DEBUG: Date: Thu, 30 Mar 2006 01:36:14 +0100
--  DEBUG: Changed-By: Daniel Silverstone <daniel.silverstone@canonical.com>
--  DEBUG: Maintainer: Launchpad team <launchpad@lists.canonical.com>
--  DEBUG: http://launchpad.dev/ubuntu/hoary/+source/bar/1.0-2
--
--  >>> import operator
--  >>> msgs = pop_notifications(sort_key=operator.itemgetter('To'))
--  >>> len(msgs)
--  2
--
--  >>> [message['To'] for message in msgs]
--  ['Daniel Silverstone <daniel.silverstone@canonical.com>',
--   'hoary-announce@lists.ubuntu.com']
--
--  >>> [message['Subject'] for message in msgs]
--  ['[ubuntu/hoary-security] bar 1.0-2 (Accepted)',
--   '[ubuntu/hoary-security] bar 1.0-2 (Accepted)']
--
--  >>> [message['X-Katie'] for message in msgs]
--  ['Launchpad actually', 'Launchpad actually']
--
--The upload notification message has an attachment with the original changes
--file.
--
--  >>> announcement = msgs[0]
--  >>> attachment = announcement.get_payload()[1]
--  >>> attachment['Content-Disposition']
--  'attachment; filename="changesfile"'
--
--Here it is:
--
--  >>> print attachment.as_string() # doctest: -NORMALIZE_WHITESPACE
--  Content-Type: text/plain; charset="utf-8"
--  MIME-Version: 1.0
--  Content-Transfer-Encoding: quoted-printable
--  Content-Disposition: attachment; filename="changesfile"
--  <BLANKLINE>
--  -----BEGIN PGP SIGNED MESSAGE-----
--  Hash: SHA1
--  <BLANKLINE>
--  Format: 1.7
--  Date: Thu, 30 Mar 2006 01:36:14 +0100
--  Source: bar
--  Binary: bar
--  Architecture: source
--  Version: 1.0-2
--  Distribution: breezy
--  Urgency: low
--  Maintainer: Launchpad team <launchpad@lists.canonical.com>
--  Changed-By: Daniel Silverstone <daniel.silverstone@canonical.com>
--  Launchpad-bugs-fixed: 6
--  Description: =
--  <BLANKLINE>
--   bar        - Stuff for testing
--  Changes: =
--  <BLANKLINE>
--   bar (1.0-2) breezy; urgency=3Dlow
--   .
--     * A second upload to ensure that binary overrides of _all work
--   . =
--  <BLANKLINE>
--     * Also closes Launchpad bug #6
--   .
--  Files: =
--  <BLANKLINE>
--   bbaf6fbf41cdbbdd422b0382076f615a 512 devel optional bar_1.0-2.dsc
--   ac6b4efe44e31f47ec9f0d0fac6935f4 622 devel optional bar_1.0-2.diff.gz
--  <BLANKLINE>
--  -----BEGIN PGP SIGNATURE-----
--  Version: GnuPG v1.4.6 (GNU/Linux)
--  <BLANKLINE>
--  iD8DBQFGe+Yjjn63CGxkqMURAuPGAJ9ub5UHjrzKnEGmUK1oCoRuOrdligCePKxt
--  QRCBMda2V9lNtxldkGRtc88=3D
--  =3DgtPz
--  -----END PGP SIGNATURE-----
--  <BLANKLINE>
--
--The upload announcement email also has the attachment with the original
--changes file.
--
--  >>> announcement = msgs[1]
--  >>> attachment = announcement.get_payload()[1]
--  >>> attachment['Content-Disposition']
--  'attachment; filename="changesfile"'
--
--It has the same contents as the attachment of the upload notification
--email.
--
--  >>> print attachment.as_string() # doctest: -NORMALIZE_WHITESPACE
--  Content-Type: text/plain; charset="utf-8"
--  MIME-Version: 1.0
--  Content-Transfer-Encoding: quoted-printable
--  Content-Disposition: attachment; filename="changesfile"
--  <BLANKLINE>
--  -----BEGIN PGP SIGNED MESSAGE-----
--  Hash: SHA1
--  <BLANKLINE>
--  Format: 1.7
--  Date: Thu, 30 Mar 2006 01:36:14 +0100
--  Source: bar
--  Binary: bar
--  Architecture: source
--  Version: 1.0-2
--  Distribution: breezy
--  Urgency: low
--  Maintainer: Launchpad team <launchpad@lists.canonical.com>
--  Changed-By: Daniel Silverstone <daniel.silverstone@canonical.com>
--  Launchpad-bugs-fixed: 6
--  Description: =
--  <BLANKLINE>
--   bar        - Stuff for testing
--  Changes: =
--  <BLANKLINE>
--   bar (1.0-2) breezy; urgency=3Dlow
--   .
--     * A second upload to ensure that binary overrides of _all work
--   . =
--  <BLANKLINE>
--     * Also closes Launchpad bug #6
--   .
--  Files: =
--  <BLANKLINE>
--   bbaf6fbf41cdbbdd422b0382076f615a 512 devel optional bar_1.0-2.dsc
--   ac6b4efe44e31f47ec9f0d0fac6935f4 622 devel optional bar_1.0-2.diff.gz
--  <BLANKLINE>
--  -----BEGIN PGP SIGNATURE-----
--  Version: GnuPG v1.4.6 (GNU/Linux)
--  <BLANKLINE>
--  iD8DBQFGe+Yjjn63CGxkqMURAuPGAJ9ub5UHjrzKnEGmUK1oCoRuOrdligCePKxt
--  QRCBMda2V9lNtxldkGRtc88=3D
--  =3DgtPz
--  -----END PGP SIGNATURE-----
--  <BLANKLINE>
--
--Remove orig.tar.gz pumped from librarian to disk during the upload
--checks:
--
-- >>> os.remove(os.path.join(datadir('suite/bar_1.0-2'), 'bar_1.0.orig.tar.gz'))
--
  DEBIAN SYNC upload of a source via the 'sync' policy.
  These uploads do not generate any announcement emails for auto-accepted
  packages, just the upload notification.
@@ -762,6 +565,7 @@
  Two emails generated:
++  >>> import operator
    >>> msgs = pop_notifications(sort_key=operator.itemgetter('To'))
    >>> len(msgs)
@@ -782,58 +586,6 @@
    >>> os.remove(os.path.join(datadir('suite/bar_1.0-6'),
    ...     'bar_1.0.orig.tar.gz'))
--
--AUTO-APPROVED binary upload to SECURITY pocket via 'security' policy:
--
--  >>> security_policy = getPolicy(
--  ...     name='security', distro='ubuntu', distroseries=None)
--  >>> security_policy.setDistroSeriesAndPocket('hoary-security')
--
--  >>> bar_bin = NascentUpload.from_changesfile_path(
--  ...     datadir('suite/bar_1.0-2_binary/bar_1.0-2_i386.changes'),
--  ...     security_policy, mock_logger_quiet)
--  >>> bar_bin.process()
--
--  >>> bar_bin.logger = mock_logger
--  >>> result = bar_bin.do_accept()
--  DEBUG: Creating queue entry
--  ...
--  DEBUG: Sent a mail:
--  DEBUG:     Subject: [ubuntu/hoary-security] bar 1.0-2 (Accepted)
--  DEBUG:     Recipients: Daniel Silverstone <daniel.silverstone@canonical.com>
--  DEBUG:     Body:
--  DEBUG: bar (1.0-2) breezy; urgency=low
--  DEBUG:
--  DEBUG:   * A second upload to ensure that binary overrides of _all work
--  DEBUG:
--  DEBUG: Date: Thu, 30 Mar 2006 01:36:14 +0100
--  DEBUG: Changed-By: Daniel Silverstone <daniel.silverstone@canonical.com>
--  DEBUG: Maintainer: Launchpad team <launchpad@lists.canonical.com>
--  DEBUG: http://launchpad.dev/ubuntu/hoary/+source/bar/1.0-2
--  DEBUG:
--  DEBUG: ==
--  DEBUG:
--  DEBUG: Announcing to hoary-announce@lists.ubuntu.com
--  DEBUG:
--  DEBUG: Thank you for your contribution to Ubuntu Linux.
--  DEBUG:
--  DEBUG: --
--  DEBUG: You are receiving this email because you are the uploader, maintainer or
--  DEBUG: signer of the above package.
--
--One email generated:
--
--  >>> [notification] = pop_notifications()
--
--  >>> notification['X-Katie']
--  'Launchpad actually'
--
--  >>> notification['To']
--  'Daniel Silverstone <daniel.silverstone@canonical.com>'
--
--  >>> notification['Subject']
--  '[ubuntu/hoary-security] bar 1.0-2 (Accepted)'
--
  Dry run uploads should not generate any emails.  Call do_accept with
  notify=False:
@@ -873,27 +625,14 @@
    DEBUG: Building recipients list.
    ...
    INFO: Would have sent a mail:
--  INFO:   Subject: [ubuntu/hoary-security] bar 1.0-2 (Accepted)
--  INFO:   Sender: Root <root@localhost>
--  INFO:   Recipients: Daniel Silverstone <daniel.silverstone@canonical.com>
--  INFO:   Bcc: Root <root@localhost>
--  INFO:   Body:
--  INFO: bar (1.0-2) breezy; urgency=low
--  INFO:
--  INFO:   * A second upload to ensure that binary overrides of _all work
--  INFO:
--  INFO: Date: Thu, 30 Mar 2006 01:36:14 +0100
--  INFO: Changed-By: Daniel Silverstone <daniel.silverstone@canonical.com>
--  INFO: Maintainer: Launchpad team <launchpad@lists.canonical.com>
--  INFO: http://launchpad.dev/ubuntu/hoary/+source/bar/1.0-2
--  INFO:
--  INFO: ==
--  INFO:
++  INFO:   Subject: [ubuntu/hoary] bar 1.0-6 (Accepted)
++  ...
++  INFO:   Recipients: Celso Providelo <celso.providelo@canonical.com>
++  ...
++  INFO: bar (1.0-6) breezy; urgency=low
++  ...
    INFO: No announcement sent
--  INFO:
--  INFO: Thank you for your contribution to Ubuntu Linux.
--  INFO:
--  INFO: --
++  ...
    INFO: You are receiving this email because you are the uploader, maintainer or
    INFO: signer of the above package.
 === removed file 'lib/lp/archiveuploader/tests/nascentupload-security-uploads.txt'
 --- lib/lp/archiveuploader/tests/nascentupload-security-uploads.txt	2010-08-04 00:16:44 +0000
 +++ lib/lp/archiveuploader/tests/nascentupload-security-uploads.txt	1970-01-01 00:00:00 +0000
@@ -1,144 +0,0 @@
--= Fully Transactional Security Uploads =
--
--In order to allow security uploads to be transactional, i.e., either
--get published entirely, source and binaries, or get fully rejected; we
--have to allow the security uploads to produce a changesfile that
--includes the source and all binaries for the task in question.
--
--This is an extension of the already implemented mixed_mode upload,
--which previously allow the user to upload the source and one
--respective binary.
--
--While we don't have Security-in-Soyuz (s-i-s) implemented, this will
--be a more secure way to perform security uploads of binaires built in
--dak, since it guarantee that the interactions will be atomic.
--
--We need to be logged into the security framework in order to get any further
--
--  >>> login('foo.bar@canonical.com')
--
--A NascentUpload is a collection of files in a directory. They
--represent what may turn out to be an acceptable upload to a launchpad
--managed archive.
--
--  >>> from lp.archiveuploader.nascentupload import NascentUpload
--  >>> from lp.archiveuploader.tests import (
--  ...    datadir, getPolicy, mock_logger, mock_logger_quiet)
--
--  >>> security_policy = getPolicy(name='security', distro='ubuntu')
--
--We are going to use 'warty/powerpc' distroarchseries and its
--respective processorfamily and processor. Let's create them
--on-the-fly:
--
--  >>> from canonical.testing.layers import LaunchpadZopelessLayer
--  >>> LaunchpadZopelessLayer.switchDbUser('launchpad')
--  >>> from canonical.launchpad.interfaces import IDistributionSet
--  >>> from canonical.launchpad.database import (
--  ...    Processor, ProcessorFamily)
--
--  >>> powerpc_family = ProcessorFamily.selectOneBy(name='powerpc')
--  >>> powerpc_proc = Processor(
--  ...     family=powerpc_family, name='G4', title='foo', description='nahh')
--
--  >>> ubuntu = getUtility(IDistributionSet)['ubuntu']
--  >>> warty = ubuntu['warty']
--  >>> warty_powerpc = warty.newArch('powerpc', powerpc_family, True, warty.owner)
--
--  >>> import transaction
--  >>> transaction.commit()
--  >>> LaunchpadZopelessLayer.switchDbUser('uploader')
--
--
--== Mixed Security Upload ==
--
--The upload in question contains a source and its 2 builds for i386 and
--powerpc:
--
--  >>> foo_mixed_upload = NascentUpload.from_changesfile_path(
--  ...     datadir('suite/foo_1.0-1_multi_binary/foo_1.0-1_multi.changes'),
--  ...     security_policy, mock_logger_quiet)
--  >>> foo_mixed_upload.process()
--
--Inspecting the files processed:
--
--  >>> for file in foo_mixed_upload.changes.files:
--  ...    print file.filename
--  foo_1.0-1.dsc
--  foo_1.0.orig.tar.gz
--  foo_1.0-1.diff.gz
--  foo_1.0-1_i386.deb
--  foo_1.0-1_powerpc.deb
--
--Perform acceptance, creating the respective PackageUpload item and children.
--Please note how the package name appears only one time in the subject line
--(although the upload has one source and two builds associated with it).
--
--  >>> foo_mixed_upload.logger = mock_logger
--  >>> success = foo_mixed_upload.do_accept()
--  DEBUG: ...
--  DEBUG:     Subject: [ubuntu/warty-security] foo 1.0-1 (New)
--  ...
--
--  >>> foo_mixed_queue = foo_mixed_upload.queue_root
--  >>> foo_mixed_queue.status.name
--  'NEW'
--
--Ensure we have only one source attaches to the PackageUpload record:
--
--  >>> foo_mixed_queue.sources.count()
--  1
--
--And it is the right one:
--
--  >>> for source in foo_mixed_queue.sources:
--  ...     source.sourcepackagerelease.name
--  u'foo'
--
--Ensure we have the two expected builds attached to the PackageUpload record:
--
--  >>> foo_mixed_queue.builds.count()
--  2
--
--And they are the correct ones:
--
--  >>> for build in foo_mixed_queue.builds:
--  ...     build.build.title
--  u'i386 build of foo 1.0-1 in ubuntu warty SECURITY'
--  u'powerpc build of foo 1.0-1 in ubuntu warty SECURITY'
--
--Including the uploaded binaries
--
--  >>> for build in foo_mixed_queue.builds:
--  ...     [(bin.name, bin.version) for bin in build.build.binarypackages]
--  [(u'foo', u'1.0-1')]
--  [(u'foo', u'1.0-1')]
--
--
--== Detecting Inconsistencies ==
--
--NascentUpload code will be able to detect inconsistencies in a
--security upload, for example, detecting that the source and the
--binaries sent do not match.
--
--  >>> bar_mixed_upload = NascentUpload.from_changesfile_path(
--  ...     datadir('suite/foo_1.0-1_broken_binary/bar_1.0-1_multi.changes'),
--  ...     security_policy, mock_logger_quiet)
--  >>> bar_mixed_upload.process()
--
--Inspecting the files processed:
--
--  >>> for file in bar_mixed_upload.changes.files:
--  ...    print file.filename
--  bar_1.0-1.dsc
--  bar_1.0.orig.tar.gz
--  bar_1.0-1.diff.gz
--  foo_1.0-1_i386.deb
--  foo_1.0-1_powerpc.deb
--
--  >>> bar_mixed_upload.is_rejected
--  True
--
--  >>> print bar_mixed_upload.rejection_message
--  foo_1.0-1_i386.deb: control file lists name as 'foo', which isn't in changes file.
--  foo_1.0-1_powerpc.deb: control file lists name as 'foo', which isn't in changes file.
 === modified file 'lib/lp/archiveuploader/tests/test_buildduploads.py'
 --- lib/lp/archiveuploader/tests/test_buildduploads.py	2010-08-20 20:31:18 +0000
 +++ lib/lp/archiveuploader/tests/test_buildduploads.py	2010-08-25 19:32:53 +0000
@@ -5,13 +5,139 @@
  __metaclass__ = type
++import os
++
++from zope.component import getUtility
++
  from canonical.database.constants import UTC_NOW
  from canonical.launchpad.ftests import import_public_test_keys
--from canonical.launchpad.interfaces import PackagePublishingStatus
--from lp.archiveuploader.tests.test_securityuploads import (
--    TestStagedBinaryUploadBase,
--    )
++from canonical.launchpad.interfaces import (
++    PackagePublishingStatus,
++    PackageUploadStatus,
++    )
++
++from lp.archiveuploader.tests.test_uploadprocessor import (
++    TestUploadProcessorBase,
++    )
++from lp.registry.interfaces.distribution import IDistributionSet
  from lp.registry.interfaces.pocket import PackagePublishingPocket
++from lp.soyuz.model.binarypackagebuild import BinaryPackageBuild
++
++
++class TestStagedBinaryUploadBase(TestUploadProcessorBase):
++    name = 'baz'
++    version = '1.0-1'
++    distribution_name = None
++    distroseries_name = None
++    pocket = None
++    policy = 'buildd'
++    no_mails = True
++
++    @property
++    def distribution(self):
++        return getUtility(IDistributionSet)[self.distribution_name]
++
++    @property
++    def distroseries(self):
++        return self.distribution[self.distroseries_name]
++
++    @property
++    def package_name(self):
++        return "%s_%s" % (self.name, self.version)
++
++    @property
++    def source_dir(self):
++        return self.package_name
++
++    @property
++    def source_changesfile(self):
++        return "%s_source.changes" % self.package_name
++
++    @property
++    def binary_dir(self):
++        return "%s_binary" % self.package_name
++
++    def getBinaryChangesfileFor(self, archtag):
++        return "%s_%s.changes" % (self.package_name, archtag)
++
++    def setUp(self):
++        """Setup environment for staged binaries upload via security policy.
++
++        1. Setup queue directory and other basic attributes
++        2. Override policy options to get security policy and not send emails
++        3. Setup a common UploadProcessor with the overridden options
++        4. Store number of build present before issuing any upload
++        5. Upload the source package via security policy
++        6. Clean log messages.
++        7. Commit transaction, so the upload source can be seen.
++        """
++        super(TestStagedBinaryUploadBase, self).setUp()
++        self.options.context = self.policy
++        self.options.nomails = self.no_mails
++        # Set up the uploadprocessor with appropriate options and logger
++        self.uploadprocessor = self.getUploadProcessor(self.layer.txn)
++        self.builds_before_upload = BinaryPackageBuild.select().count()
++        self.source_queue = None
++        self._uploadSource()
++        self.log.lines = []
++        self.layer.txn.commit()
++
++    def assertBuildsCreated(self, amount):
++        """Assert that a given 'amount' of build records was created."""
++        builds_count = BinaryPackageBuild.select().count()
++        self.assertEqual(
++            self.builds_before_upload + amount, builds_count)
++
++    def _prepareUpload(self, upload_dir):
++        """Place a copy of the upload directory into incoming queue."""
++        os.system("cp -a %s %s" %
++            (os.path.join(self.test_files_dir, upload_dir),
++             os.path.join(self.queue_folder, "incoming")))
++
++    def _uploadSource(self):
++        """Upload and Accept (if necessary) the base source."""
++        self._prepareUpload(self.source_dir)
++        self.uploadprocessor.processChangesFile(
++            os.path.join(self.queue_folder, "incoming", self.source_dir),
++            self.source_changesfile)
++        queue_item = self.uploadprocessor.last_processed_upload.queue_root
++        self.assertTrue(
++            queue_item is not None,
++            "Source Upload Failed\nGot: %s" % "\n".join(self.log.lines))
++        acceptable_statuses = [
++            PackageUploadStatus.NEW,
++            PackageUploadStatus.UNAPPROVED,
++            ]
++        if queue_item.status in acceptable_statuses:
++            queue_item.setAccepted()
++        # Store source queue item for future use.
++        self.source_queue = queue_item
++
++    def _uploadBinary(self, archtag):
++        """Upload the base binary.
++
++        Ensure it got processed and has a respective queue record.
++        Return the IBuild attached to upload.
++        """
++        self._prepareUpload(self.binary_dir)
++        self.uploadprocessor.processChangesFile(
++            os.path.join(self.queue_folder, "incoming", self.binary_dir),
++            self.getBinaryChangesfileFor(archtag))
++        queue_item = self.uploadprocessor.last_processed_upload.queue_root
++        self.assertTrue(
++            queue_item is not None,
++            "Binary Upload Failed\nGot: %s" % "\n".join(self.log.lines))
++        self.assertEqual(queue_item.builds.count(), 1)
++        return queue_item.builds[0].build
++
++    def _createBuild(self, archtag):
++        """Create a build record attached to the base source."""
++        spr = self.source_queue.sources[0].sourcepackagerelease
++        build = spr.createBuild(
++            distro_arch_series=self.distroseries[archtag],
++            pocket=self.pocket, archive=self.distroseries.main_archive)
++        self.layer.txn.commit()
++        return build
  class TestBuilddUploads(TestStagedBinaryUploadBase):
 === removed file 'lib/lp/archiveuploader/tests/test_securityuploads.py'
 --- lib/lp/archiveuploader/tests/test_securityuploads.py	2010-08-20 20:31:18 +0000
 +++ lib/lp/archiveuploader/tests/test_securityuploads.py	1970-01-01 00:00:00 +0000
@@ -1,263 +0,0 @@
--# Copyright 2009-2010 Canonical Ltd.  This software is licensed under the
--# GNU Affero General Public License version 3 (see the file LICENSE).
--
--"""Test security uploads use-cases."""
--
--__metaclass__ = type
--
--import os
--
--from zope.component import getUtility
--
--from canonical.launchpad.interfaces import (
--    IDistributionSet,
--    PackageUploadStatus,
--    )
--from lp.archiveuploader.tests.test_uploadprocessor import (
--    TestUploadProcessorBase,
--    )
--from lp.registry.interfaces.pocket import PackagePublishingPocket
--from lp.soyuz.model.binarypackagebuild import BinaryPackageBuild
--from lp.soyuz.model.processor import ProcessorFamily
--
--
--class TestStagedBinaryUploadBase(TestUploadProcessorBase):
--    name = 'baz'
--    version = '1.0-1'
--    distribution_name = None
--    distroseries_name = None
--    pocket = None
--    policy = 'buildd'
--    no_mails = True
--
--    @property
--    def distribution(self):
--        return getUtility(IDistributionSet)[self.distribution_name]
--
--    @property
--    def distroseries(self):
--        return self.distribution[self.distroseries_name]
--
--    @property
--    def package_name(self):
--        return "%s_%s" % (self.name, self.version)
--
--    @property
--    def source_dir(self):
--        return self.package_name
--
--    @property
--    def source_changesfile(self):
--        return "%s_source.changes" % self.package_name
--
--    @property
--    def binary_dir(self):
--        return "%s_binary" % self.package_name
--
--    def getBinaryChangesfileFor(self, archtag):
--        return "%s_%s.changes" % (self.package_name, archtag)
--
--    def setUp(self):
--        """Setup environment for staged binaries upload via security policy.
--
--        1. Setup queue directory and other basic attributes
--        2. Override policy options to get security policy and not send emails
--        3. Setup a common UploadProcessor with the overridden options
--        4. Store number of build present before issuing any upload
--        5. Upload the source package via security policy
--        6. Clean log messages.
--        7. Commit transaction, so the upload source can be seen.
--        """
--        super(TestStagedBinaryUploadBase, self).setUp()
--        self.options.context = self.policy
--        self.options.nomails = self.no_mails
--        # Set up the uploadprocessor with appropriate options and logger
--        self.uploadprocessor = self.getUploadProcessor(self.layer.txn)
--        self.builds_before_upload = BinaryPackageBuild.select().count()
--        self.source_queue = None
--        self._uploadSource()
--        self.log.lines = []
--        self.layer.txn.commit()
--
--    def assertBuildsCreated(self, amount):
--        """Assert that a given 'amount' of build records was created."""
--        builds_count = BinaryPackageBuild.select().count()
--        self.assertEqual(
--            self.builds_before_upload + amount, builds_count)
--
--    def _prepareUpload(self, upload_dir):
--        """Place a copy of the upload directory into incoming queue."""
--        os.system("cp -a %s %s" %
--            (os.path.join(self.test_files_dir, upload_dir),
--             os.path.join(self.queue_folder, "incoming")))
--
--    def _uploadSource(self):
--        """Upload and Accept (if necessary) the base source."""
--        self._prepareUpload(self.source_dir)
--        self.uploadprocessor.processChangesFile(
--            os.path.join(self.queue_folder, "incoming", self.source_dir),
--            self.source_changesfile)
--        queue_item = self.uploadprocessor.last_processed_upload.queue_root
--        self.assertTrue(
--            queue_item is not None,
--            "Source Upload Failed\nGot: %s" % "\n".join(self.log.lines))
--        acceptable_statuses = [
--            PackageUploadStatus.NEW,
--            PackageUploadStatus.UNAPPROVED,
--            ]
--        if queue_item.status in acceptable_statuses:
--            queue_item.setAccepted()
--        # Store source queue item for future use.
--        self.source_queue = queue_item
--
--    def _uploadBinary(self, archtag):
--        """Upload the base binary.
--
--        Ensure it got processed and has a respective queue record.
--        Return the IBuild attached to upload.
--        """
--        self._prepareUpload(self.binary_dir)
--        self.uploadprocessor.processChangesFile(
--            os.path.join(self.queue_folder, "incoming", self.binary_dir),
--            self.getBinaryChangesfileFor(archtag))
--        queue_item = self.uploadprocessor.last_processed_upload.queue_root
--        self.assertTrue(
--            queue_item is not None,
--            "Binary Upload Failed\nGot: %s" % "\n".join(self.log.lines))
--        self.assertEqual(queue_item.builds.count(), 1)
--        return queue_item.builds[0].build
--
--    def _createBuild(self, archtag):
--        """Create a build record attached to the base source."""
--        spr = self.source_queue.sources[0].sourcepackagerelease
--        build = spr.createBuild(
--            distro_arch_series=self.distroseries[archtag],
--            pocket=self.pocket, archive=self.distroseries.main_archive)
--        self.layer.txn.commit()
--        return build
--
--
--class TestStagedSecurityUploads(TestStagedBinaryUploadBase):
--    """Test how security uploads behave inside Soyuz.
--
--    Security uploads still coming from dak system, we have special upload
--    policy which allows source and binary uploads.
--
--    An upload of a source and its binaries does not necessary need
--    to happen in the same batch, and Soyuz is prepared to cope with it.
--
--    The only mandatory condition is to process the sources first.
--
--    This class will start to tests all known/possible cases using a test
--    (empty) upload and its binary.
--
--     * 'lib/lp/archivepublisher/tests/data/suite/baz_1.0-1/'
--     * 'lib/lp/archivepublisher/tests/data/suite/baz_1.0-1_binary/'
--    """
--    name = 'baz'
--    version = '1.0-1'
--    distribution_name = 'ubuntu'
--    distroseries_name = 'warty'
--    pocket = PackagePublishingPocket.SECURITY
--    policy = 'security'
--    no_mails = True
--
--    def setUp(self):
--        """Setup base class and create the required new distroarchseries."""
--        super(TestStagedSecurityUploads, self).setUp()
--        distribution = getUtility(IDistributionSet).getByName(
--            self.distribution_name)
--        distroseries = distribution[self.distroseries.name]
--        proc_family = ProcessorFamily.selectOneBy(name='amd64')
--        distroseries.newArch(
--            'amd64', proc_family, True, distribution.owner)
--
--    def testBuildCreation(self):
--        """Check if the builds get created for a binary security uploads.
--
--        That is the usual case, security binary uploads come after the
--        not published (accepted) source but in the same batch.
--
--        NascentUpload should create appropriate builds attached to the
--        correct source for the incoming binaries.
--        """
--        build_used = self._uploadBinary('i386')
--
--        self.assertBuildsCreated(1)
--        self.assertEqual(
--            u'i386 build of baz 1.0-1 in ubuntu warty SECURITY',
--            build_used.title)
--        self.assertEqual('FULLYBUILT', build_used.status.name)
--
--        build_used = self._uploadBinary('amd64')
--
--        self.assertBuildsCreated(2)
--        self.assertEqual(
--            u'amd64 build of baz 1.0-1 in ubuntu warty SECURITY',
--            build_used.title)
--
--        self.assertEqual('FULLYBUILT', build_used.status.name)
--
--    def testBuildLookup(self):
--        """Check if an available build gets used when it is appropriate.
--
--        It happens when the security source upload got already published
--        when the binary uploads arrive.
--        The queue-build has already created build records for it and
--        NascentUpload should identify this condition and used them instead
--        of creating new ones.
--        Also verify that builds for another architecture does not got
--        erroneously attached.
--        """
--        build_right_candidate = self._createBuild('i386')
--        build_wrong_candidate = self._createBuild('hppa')
--        build_used = self._uploadBinary('i386')
--
--        self.assertEqual(build_right_candidate.id, build_used.id)
--        self.assertNotEqual(build_wrong_candidate.id, build_used.id)
--        self.assertBuildsCreated(2)
--        self.assertEqual(
--            u'i386 build of baz 1.0-1 in ubuntu warty SECURITY',
--            build_used.title)
--        self.assertEqual('FULLYBUILT', build_used.status.name)
--
--    def testCorrectBuildPassedViaCommandLine(self):
--        """Check if command-line build argument gets attached correctly.
--
--        It's also possible to pass an specific buildid via the command-line
--        to be attached to the current upload.
--
--        This is only used in 'buildd' policy and does not produce very useful
--        results in 'security', however we want to check if it, at least,
--        does not 'break the system' entirely.
--        """
--        build_candidate = self._createBuild('i386')
--        self.options.buildid = str(build_candidate.id)
--        self.uploadprocessor = self.getUploadProcessor(self.layer.txn)
--
--        build_used = self._uploadBinary('i386')
--
--        self.assertEqual(build_candidate.id, build_used.id)
--        self.assertBuildsCreated(1)
--        self.assertEqual(
--            u'i386 build of baz 1.0-1 in ubuntu warty SECURITY',
--            build_used.title)
--
--        self.assertEqual('FULLYBUILT', build_used.status.name)
--
--    def testWrongBuildPassedViaCommandLine(self):
--        """Check if a misapplied passed buildid is correctly identified.
--
--        When we identify misapplied build, either by getting it from command
--        line or by a failure in lookup methods the upload is rejected before
--        anything wrong gets into the DB.
--        """
--        build_candidate = self._createBuild('hppa')
--        self.options.buildid = str(build_candidate.id)
--        self.uploadprocessor = self.getUploadProcessor(self.layer.txn)
--
--        self.assertRaises(AssertionError, self._uploadBinary, 'i386')
--
--        self.assertLogContains(
--            "UploadError: Attempt to upload binaries specifying build %d, "
--            "where they don't fit.\n" % (build_candidate.id, ))
 === modified file 'lib/lp/archiveuploader/uploadpolicy.py'
 --- lib/lp/archiveuploader/uploadpolicy.py	2010-08-20 20:31:18 +0000
 +++ lib/lp/archiveuploader/uploadpolicy.py	2010-08-25 19:32:53 +0000
@@ -331,28 +331,6 @@
          pass
--class SecurityUploadPolicy(AbstractUploadPolicy):
--    """The security-upload policy.
--
--    It allows unsigned changes and binary uploads.
--    """
--
--    name = 'security'
--
--    def __init__(self):
--        AbstractUploadPolicy.__init__(self)
--        self.unsigned_dsc_ok = True
--        self.unsigned_changes_ok = True
--        self.can_upload_mixed = True
--        self.can_upload_binaries = True
--
--    def policySpecificChecks(self, upload):
--        """Deny uploads to any pocket other than the security pocket."""
--        if self.pocket != PackagePublishingPocket.SECURITY:
--            upload.reject(
--                "Not permitted to do security upload to non SECURITY pocket")
--
--
  def findPolicyByName(policy_name):
      """Return a new policy instance for the given policy name."""
      return getUtility(IArchiveUploadPolicy, policy_name)()
@@ -362,8 +340,7 @@
      policies = [
          BuildDaemonUploadPolicy,
          InsecureUploadPolicy,
--        SyncUploadPolicy,
--        SecurityUploadPolicy]
++        SyncUploadPolicy]
      sm = getGlobalSiteManager()
      for policy in policies:
          sm.registerUtility(
 === modified file 'lib/lp/soyuz/doc/soyuz-set-of-uploads.txt'
 --- lib/lp/soyuz/doc/soyuz-set-of-uploads.txt	2010-08-06 14:29:36 +0000
 +++ lib/lp/soyuz/doc/soyuz-set-of-uploads.txt	2010-08-25 19:32:53 +0000
@@ -319,22 +319,6 @@
    Subject: bar_1.0-3_source.changes rejected
    ...
--Check the rejection (instead of failure) of an upload to a series or
--pocket which does not exist. We use the security upload policy for easier
--testing, as unsigned uploads are allowed.
--
--  >>> simulate_upload(
--  ...     'unstable_1.0-1', upload_policy="security", loglevel=logging.ERROR)
--  Rejected uploads: ['unstable_1.0-1']
--
--  >>> read_email()
--  To: Celso Providelo <celso.providelo@canonical.com>
--  Subject: unstable_1.0-1_source.changes rejected
--  ...
--  Rejected:
--  Unable to find distroseries: unstable
--  ...
--
  Force weird behavior with rfc2047 sentences containing '.' on
  bar_1.0-4, which caused bug # 41102.
@@ -605,6 +589,9 @@
  == Staged Security Uploads ==
++XXX: Salgado, 2010-08-25, bug=624078: This entire section should be removed
++but if you do so publish-distro.py (called further down) will hang.
++
  Perform a staged (source-first) security upload, simulating a run of
  the buildd-queuebuilder inbetween, to verify fix for bug 53437. To be
  allowed a security upload, we need to use a released distroseries,
@@ -617,7 +604,7 @@
    >>> ss = SectionSelection(distroseries=warty, section=devel)
    >>> simulate_upload(
--  ...     'baz_1.0-1', is_new=True, upload_policy="security",
++  ...     'baz_1.0-1', is_new=True, upload_policy="anything",
    ...     series="warty-security", distro="ubuntu")
  Check there's a SourcePackageRelease with no build.
@@ -650,7 +637,7 @@
  Upload the i386 binary:
    >>> simulate_upload(
--  ...     'baz_1.0-1_single_binary', is_new=True, upload_policy="security",
++  ...     'baz_1.0-1_single_binary', is_new=True, upload_policy="anything",
    ...     distro="ubuntu", series="warty-security")
  Should still just have one build, and it should now be FULLYBUILT.

Launchpad itself

Merge lp:~salgado/launchpad/remove-security-upload-policy into lp:launchpad

Commit message

Description of the change

Preview Diff

Subscribers