X-Git-Url: https://git.tld-linux.org/?p=TLD.git;a=blobdiff_plain;f=pld-builder.new%2FPLD_Builder%2Frequest_handler.py;fp=pld-builder.new%2FPLD_Builder%2Frequest_handler.py;h=0000000000000000000000000000000000000000;hp=2c38e83069b7863046a11ba95908617ba93f1994;hb=3dc53b6865f716904ad4d02e934e04b3d4855c32;hpb=b235722fd546915a60800f2660d76f684d6f1445 diff --git a/pld-builder.new/PLD_Builder/request_handler.py b/pld-builder.new/PLD_Builder/request_handler.py deleted file mode 100644 index 2c38e83..0000000 --- a/pld-builder.new/PLD_Builder/request_handler.py +++ /dev/null @@ -1,203 +0,0 @@ -# vi: encoding=utf-8 ts=8 sts=4 sw=4 et - -import email -import string -import time -import os -import StringIO -import sys -import fnmatch - -import gpg -import request -import log -import path -import util -import wrap -import status -from acl import acl -from lock import lock -from bqueue import B_Queue -from config import config, init_conf - -def check_double_id(id): - id_nl = id + "\n" - - ids = open(path.processed_ids_file) - for i in ids.xreadlines(): - if i == id_nl: - # FIXME: security email here? - log.alert("request %s already processed" % id) - return 1 - ids.close() - - ids = open(path.processed_ids_file, "a") - ids.write(id_nl) - ids.close() - - return 0 - -def handle_group(r, user): - lockf = None - def fail_mail(msg): - if len(r.batches) >= 1: - spec = r.batches[0].spec - else: - spec = "None.spec" - log.error("%s: %s" % (spec, msg)) - m = user.message_to() - m.set_headers(subject = "building %s failed" % spec) - m.write_line(msg) - m.send() - - lockf = lock("request") - if check_double_id(r.id): - lockf.close() - return - - for batch in r.batches: - - if not user.can_do("src", config.builder, batch.branch): - fail_mail("user %s is not allowed to src:%s:%s" \ - % (user.get_login(), config.builder, batch.branch)) - lockf.close() - return - - if 'test-build' in r.flags and 'upgrade' in r.flags: - fail_mail("it's forbidden to upgrade from a test build") - lockf.close() - return - - if "upgrade" in r.flags and not user.can_do("upgrade", config.builder, batch.branch): - fail_mail("user %s is not allowed to upgrade:%s:%s" \ - % (user.get_login(), config.builder, batch.branch)) - lockf.close() - return - - # src builder handles only special commands - if batch.is_command() and (batch.command in ["git pull"] or batch.command[:5] == "skip:" or config.builder in batch.builders): - batch.expand_builders(config.binary_builders + [config.src_builder]) - else: - batch.expand_builders(config.binary_builders) - - if not batch.is_command() and config.builder in batch.builders: - batch.builders.remove(config.builder) - - for bld in batch.builders: - batch.builders_status[bld] = '?' - batch.builders_status_time[bld] = time.time() - if bld not in config.binary_builders and bld != config.builder: - fail_mail("I (src rpm builder '%s') do not handle binary builder '%s', only '%s'" % \ - (config.builder, bld, string.join(config.binary_builders))) - lockf.close() - return - if batch.is_command(): - if "no-chroot" in batch.command_flags: - if not user.can_do("command-no-chroot", bld): - fail_mail("user %s is not allowed to command-no-chroot:%s" \ - % (user.get_login(), bld)) - lockf.close() - return - if not user.can_do("command", bld): - fail_mail("user %s is not allowed to command:%s" \ - % (user.get_login(), bld)) - lockf.close() - return - elif not user.can_do("binary", bld, batch.branch): - pkg = batch.spec - if pkg.endswith(".spec"): - pkg = pkg[:-5] - if not user.can_do("binary-" + pkg, bld, batch.branch): - fail_mail("user %s is not allowed to binary-%s:%s:%s" \ - % (user.get_login(), pkg, bld, batch.branch)) - lockf.close() - return - - r.priority = user.check_priority(r.priority,config.builder) - r.requester = user.get_login() - r.requester_email = user.mail_to() - r.time = time.time() - log.notice("queued %s from %s" % (r.id, user.get_login())) - q = B_Queue(path.queue_file) - q.lock(0) - q.read() - q.add(r) - q.write() - q.unlock() - lockf.close() - -def handle_notification(r, user): - if not user.can_do("notify", r.builder): - log.alert("user %s is not allowed to notify:%s" % (user.login, r.builder)) - q = B_Queue(path.req_queue_file) - q.lock(0) - q.read() - not_fin = filter(lambda (r): not r.is_done(), q.requests) - r.apply_to(q) - for r in not_fin: - if r.is_done(): - util.clean_tmp(path.srpms_dir + '/' + r.id) - now = time.time() - def leave_it(r): - # for ,,done'' set timeout to 4d - if r.is_done() and r.time + 4 * 24 * 60 * 60 < now: - return False - # and for not ,,done'' set it to 20d - if r.time + 20 * 24 * 60 * 60 < now: - util.clean_tmp(path.srpms_dir + '/' + r.id) - return False - return True - q.requests = filter(leave_it, q.requests) - q.write() - q.dump(path.queue_stats_file) - q.dump_html(path.queue_html_stats_file) - q.write_signed(path.req_queue_signed_file) - q.unlock() - -def handle_request(req, filename = None): - if req == '': - log.alert('Empty body received. Filename: %s' % filename) - return False - - keys = gpg.get_keys(req) - (em, body) = gpg.verify_sig(req) - if not em: - log.alert("Invalid signature, missing/untrusted key. Keys in gpg batch: '%s'" % keys) - return False - user = acl.user_by_email(em) - if user == None: - # FIXME: security email here - log.alert("'%s' not in acl. Keys in gpg batch: '%s'" % (em, keys)) - return False - - acl.set_current_user(user) - status.push("request from %s" % user.login) - r = request.parse_request(body) - if r.kind == 'group': - handle_group(r, user) - elif r.kind == 'notification': - handle_notification(r, user) - else: - msg = "%s: don't know how to handle requests of this kind '%s'" \ - % (user.get_login(), r.kind) - log.alert(msg) - m = user.message_to() - m.set_headers(subject = "unknown request") - m.write_line(msg) - m.send() - status.pop() - return True - -def handle_request_main(req, filename = None): - acl.try_reload() - init_conf("src") - status.push("handling email request") - ret = handle_request(req, filename = filename) - status.pop() - return ret - -def main(): - sys.exit(not handle_request_main(sys.stdin.read())) - -if __name__ == '__main__': - wrap.wrap(main)