1 # vi: encoding=utf-8 ts=8 sts=4 sw=4 et
8 if sys.version_info[0] == 2:
11 from io import StringIO
22 from blacklist import blacklist
24 from bqueue import B_Queue
25 from config import config, init_conf
26 from mailer import Message
29 def check_double_id(id):
32 ids = open(path.processed_ids_file)
35 # FIXME: security email here?
36 log.alert("request %s already processed" % id)
40 ids = open(path.processed_ids_file, "a")
46 def handle_group(r, user):
49 if len(r.batches) >= 1:
50 spec = r.batches[0].spec
53 log.error("%s: %s" % (spec, msg))
55 m.set_headers(to = r.requester_email, cc = config.builder_list)
56 m.set_headers(subject = "building %s failed" % spec)
60 lockf = lock("request")
61 if check_double_id(r.id):
66 if (user.change_requester and r.requester):
67 user = acl.user_by_login(r.requester)
69 r.requester += '/' + user.get_login()
71 r.requester = user.get_login()
72 r.requester_email = user.mail_to()
74 for batch in r.batches:
76 if not user.can_do("src", config.builder, batch.branch):
77 fail_mail("user %s is not allowed to src:%s:%s" \
78 % (user.get_login(), config.builder, batch.branch))
82 if 'test-build' in r.flags and 'upgrade' in r.flags:
83 fail_mail("it's forbidden to upgrade from a test build")
87 if "upgrade" in r.flags and not user.can_do("upgrade", config.builder, batch.branch):
88 fail_mail("user %s is not allowed to upgrade:%s:%s" \
89 % (user.get_login(), config.builder, batch.branch))
93 # src builder handles only special commands
94 if batch.is_command() and (batch.command in ["git pull"] or batch.command[:5] == "skip:" or config.builder in batch.builders):
95 batch.expand_builders(config.binary_builders + [config.src_builder])
97 batch.expand_builders(config.binary_builders)
99 if not batch.is_command() and config.builder in batch.builders:
100 batch.builders.remove(config.builder)
102 for bld in batch.builders:
103 batch.builders_status[bld] = '?'
104 batch.builders_status_time[bld] = time.time()
105 if bld not in config.binary_builders and bld != config.builder:
106 fail_mail("I (src rpm builder '%s') do not handle binary builder '%s', only '%s'" % \
107 (config.builder, bld, string.join(config.binary_builders)))
110 if batch.is_command():
111 if "no-chroot" in batch.command_flags:
112 if not user.can_do("command-no-chroot", bld):
113 fail_mail("user %s is not allowed to command-no-chroot:%s" \
114 % (user.get_login(), bld))
117 if not user.can_do("command", bld):
118 fail_mail("user %s is not allowed to command:%s" \
119 % (user.get_login(), bld))
122 elif not user.can_do("binary", bld, batch.branch):
124 if pkg.endswith(".spec"):
126 if not user.can_do("binary-" + pkg, bld, batch.branch):
127 fail_mail("user %s is not allowed to binary-%s:%s:%s" \
128 % (user.get_login(), pkg, bld, batch.branch))
131 if not "test-build" in r.flags and not user.can_do("ready", bld, batch.branch):
132 fail_mail("user %s is not allowed to send ready builds (ready:%s:%s)" \
133 % (user.get_login(), bld, batch.branch))
138 if pkg.endswith(".spec"):
140 if not "test-build" in r.flags and blacklist.package(pkg):
141 fail_mail("package '%s' is blacklisted, only test-builds allowed" % pkg)
145 r.priority = user.check_priority(r.priority,config.builder)
147 log.notice("queued %s from %s" % (r.id, user.get_login()))
148 q = B_Queue(path.queue_file)
156 def handle_notification(r, user):
157 if not user.can_do("notify", r.builder):
158 log.alert("user %s is not allowed to notify:%s" % (user.login, r.builder))
159 q = B_Queue(path.req_queue_file)
162 not_fin = list(filter(lambda r: not r.is_done(), q.requests))
166 util.clean_tmp(path.srpms_dir + '/' + r.id)
169 # for ,,done'' set timeout to 4d
170 if r.is_done() and r.time + 4 * 24 * 60 * 60 < now:
172 # and for not ,,done'' set it to 20d
173 if r.time + 20 * 24 * 60 * 60 < now:
174 util.clean_tmp(path.srpms_dir + '/' + r.id)
177 q.requests = list(filter(leave_it, q.requests))
179 q.dump(path.queue_stats_file)
180 q.dump_html(path.queue_html_stats_file)
181 q.write_signed(path.req_queue_signed_file)
184 def handle_request(req, filename = None):
186 log.alert('Empty body received. Filename: %s' % filename)
189 keys = gpg.get_keys(req)
190 (em, body) = gpg.verify_sig(req)
192 log.alert("Invalid signature, missing/untrusted key. Keys in gpg batch: '%s'" % keys)
194 user = acl.user_by_email(em)
196 # FIXME: security email here
197 log.alert("'%s' not in acl. Keys in gpg batch: '%s'" % (em, keys))
200 acl.set_current_user(user)
201 status.push("request from %s" % user.login)
202 r = request.parse_request(body)
203 if r.kind == 'group':
204 # messagebus.notify(topic="request.group", user=user.login, **r.dump_json())
205 handle_group(r, user)
206 elif r.kind == 'notification':
207 # messagebus.notify(topic="request.notify", user=user.login, **r.dump_json())
208 handle_notification(r, user)
210 msg = "%s: don't know how to handle requests of this kind '%s'" \
211 % (user.get_login(), r.kind)
213 m = user.message_to()
214 m.set_headers(subject = "unknown request")
220 def handle_request_main(req, filename = None):
222 blacklist.try_reload()
224 status.push("handling email request")
225 ret = handle_request(req, filename = filename)
230 sys.exit(not handle_request_main(sys.stdin.read()))
232 if __name__ == '__main__':