Launchpad itself

Merge lp:~apw/launchpad/generify-uefi-signing into lp:launchpad

  1. generify-uefi-signing
  2. Merge into devel
Proposed by Andy Whitcroft
Status: Merged
Merged at revision: 18029
Proposed branch: lp:~apw/launchpad/generify-uefi-signing
Merge into: lp:launchpad
Diff against target: 853 lines (+244/-105)
15 files modified
lib/lp/archivepublisher/config.py (+12/-7)
lib/lp/archivepublisher/signing.py (+44/-25)
lib/lp/archivepublisher/tests/test_config.py (+42/-12)
lib/lp/archivepublisher/tests/test_ftparchive.py (+6/-2)
lib/lp/archivepublisher/tests/test_signing.py (+71/-26)
lib/lp/archiveuploader/nascentuploadfile.py (+8/-6)
lib/lp/archiveuploader/tests/test_nascentuploadfile.py (+7/-1)
lib/lp/archiveuploader/tests/test_uploadpolicy.py (+22/-1)
lib/lp/soyuz/browser/queue.py (+2/-2)
lib/lp/soyuz/configure.zcml (+1/-0)
lib/lp/soyuz/enums.py (+3/-3)
lib/lp/soyuz/interfaces/queue.py (+5/-2)
lib/lp/soyuz/model/queue.py (+8/-6)
lib/lp/soyuz/scripts/custom_uploads_copier.py (+6/-5)
lib/lp/soyuz/scripts/tests/test_custom_uploads_copier.py (+7/-7)
To merge this branch: bzr merge lp:~apw/launchpad/generify-uefi-signing
Reviewer Review Type Date Requested Status
Colin Watson (community) Approve
Review via email: mp+293802@code.launchpad.net

Commit message

Generify the UEFI signing custom upload. Switch it to be a signing upload initially only supporting UEFI signing as before. Include backwards compatibility such that raw-uefi and raw-signing are both supported.

Description of the change

Generify the UEFI signing custom upload. Switch it to be a signing upload initially only supporting UEFI signing as before. Include backwards compatibility such that raw-uefi and raw-signing are both supported. Publication is into dists in the "signed" directory. Where existing configuration exists under "uefi" we will continue to use that. We also expose dists "signed" as dists "uefi" for compatibility with existing *-signed packages.

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) :
review: Needs Fixing
Revision history for this message
Andy Whitcroft (apw) wrote :

Ok, I have pushed up a further set of changes. These include making the signing dists directory primary and adding tests for it actually being linked correctly. I have also addresed the naming issues you pointed out.

Revision history for this message
Colin Watson (cjwatson) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'lib/lp/archivepublisher/config.py'
--- lib/lp/archivepublisher/config.py 2016-04-27 10:39:03 +0000
+++ lib/lp/archivepublisher/config.py 2016-05-11 15:32:04 +0000
@@ -78,16 +78,21 @@
78 pubconf.miscroot = None78 pubconf.miscroot = None
7979
80 if archive.is_main:80 if archive.is_main:
81 pubconf.uefiroot = pubconf.archiveroot + '-uefi'81 pubconf.signingroot = pubconf.archiveroot + '-uefi'
82 pubconf.uefiautokey = False82 if not os.path.exists(pubconf.signingroot):
83 pubconf.signingroot = pubconf.archiveroot + '-signing'
84 pubconf.signingautokey = False
83 elif archive.is_ppa:85 elif archive.is_ppa:
84 pubconf.uefiroot = os.path.join(86 signing_keys_root = os.path.join(ppa_config.signing_keys_root, "uefi")
85 ppa_config.signing_keys_root, "uefi",87 if not os.path.exists(signing_keys_root):
88 signing_keys_root = os.path.join(
89 ppa_config.signing_keys_root, "signing")
90 pubconf.signingroot = os.path.join(signing_keys_root,
86 archive.owner.name, archive.name)91 archive.owner.name, archive.name)
87 pubconf.uefiautokey = True92 pubconf.signingautokey = True
88 else:93 else:
89 pubconf.uefiroot = None94 pubconf.signingroot = None
90 pubconf.uefiautokey = False95 pubconf.signingautokey = False
9196
92 pubconf.poolroot = os.path.join(pubconf.archiveroot, 'pool')97 pubconf.poolroot = os.path.join(pubconf.archiveroot, 'pool')
93 pubconf.distsroot = os.path.join(pubconf.archiveroot, 'dists')98 pubconf.distsroot = os.path.join(pubconf.archiveroot, 'dists')
9499
=== renamed file 'lib/lp/archivepublisher/uefi.py' => 'lib/lp/archivepublisher/signing.py'
--- lib/lp/archivepublisher/uefi.py 2016-05-03 09:30:51 +0000
+++ lib/lp/archivepublisher/signing.py 2016-05-11 15:32:04 +0000
@@ -1,7 +1,7 @@
1# Copyright 2012-2013 Canonical Ltd. This software is licensed under the1# Copyright 2012-2016 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).2# GNU Affero General Public License version 3 (see the file LICENSE).
33
4"""The processing of UEFI boot loader images.4"""The processing of Signing tarballs.
55
6UEFI Secure Boot requires boot loader images to be signed, and we want to6UEFI Secure Boot requires boot loader images to be signed, and we want to
7have signed images in the archive so that they can be used for upgrades.7have signed images in the archive so that they can be used for upgrades.
@@ -12,8 +12,8 @@
12__metaclass__ = type12__metaclass__ = type
1313
14__all__ = [14__all__ = [
15 "process_uefi",15 "process_signing",
16 "UefiUpload",16 "SigningUpload",
17 ]17 ]
1818
19import os19import os
@@ -23,32 +23,32 @@
23from lp.services.osutils import remove_if_exists23from lp.services.osutils import remove_if_exists
2424
2525
26class UefiUpload(CustomUpload):26class SigningUpload(CustomUpload):
27 """UEFI boot loader custom upload.27 """Signing custom upload.
2828
29 The filename must be of the form:29 The filename must be of the form:
3030
31 <TYPE>_<VERSION>_<ARCH>.tar.gz31 <PACKAGE>_<VERSION>_<ARCH>.tar.gz
3232
33 where:33 where:
3434
35 * TYPE: loader type (e.g. 'efilinux');35 * PACKAGE: source package of the contents;
36 * VERSION: encoded version;36 * VERSION: encoded version;
37 * ARCH: targeted architecture tag (e.g. 'amd64').37 * ARCH: targeted architecture tag (e.g. 'amd64').
3838
39 The contents are extracted in the archive in the following path:39 The contents are extracted in the archive in the following path:
4040
41 <ARCHIVE>/dists/<SUITE>/main/uefi/<TYPE>-<ARCH>/<VERSION>41 <ARCHIVE>/dists/<SUITE>/main/signed/<PACKAGE>-<ARCH>/<VERSION>
4242
43 A 'current' symbolic link points to the most recent version. The43 A 'current' symbolic link points to the most recent version. The
44 tarfile must contain at least one file matching the wildcard *.efi, and44 tarfile must contain at least one file matching the wildcard *.efi, and
45 any such files are signed using the archive's UEFI signing key.45 any such files are signed using the archive's UEFI signing key.
4646
47 Signing keys may be installed in the "uefiroot" directory specified in47 Signing keys may be installed in the "signingroot" directory specified in
48 publisher configuration. In this directory, the private key is48 publisher configuration. In this directory, the private key is
49 "uefi.key" and the certificate is "uefi.crt".49 "uefi.key" and the certificate is "uefi.crt".
50 """50 """
51 custom_type = "UEFI"51 custom_type = "signing"
5252
53 @staticmethod53 @staticmethod
54 def parsePath(tarfile_path):54 def parsePath(tarfile_path):
@@ -59,32 +59,51 @@
59 return bits[0], bits[1], bits[2].split(".")[0]59 return bits[0], bits[1], bits[2].split(".")[0]
6060
61 def setComponents(self, tarfile_path):61 def setComponents(self, tarfile_path):
62 self.loader_type, self.version, self.arch = self.parsePath(62 self.package, self.version, self.arch = self.parsePath(
63 tarfile_path)63 tarfile_path)
6464
65 def setTargetDirectory(self, pubconf, tarfile_path, distroseries):65 def setTargetDirectory(self, pubconf, tarfile_path, distroseries):
66 if pubconf.uefiroot is None:66 if pubconf.signingroot is None:
67 if self.logger is not None:67 if self.logger is not None:
68 self.logger.warning("No UEFI root configured for this archive")68 self.logger.warning(
69 "No signing root configured for this archive")
69 self.key = None70 self.key = None
70 self.cert = None71 self.cert = None
71 self.autokey = False72 self.autokey = False
72 else:73 else:
73 self.key = os.path.join(pubconf.uefiroot, "uefi.key")74 self.key = os.path.join(pubconf.signingroot, "uefi.key")
74 self.cert = os.path.join(pubconf.uefiroot, "uefi.crt")75 self.cert = os.path.join(pubconf.signingroot, "uefi.crt")
75 self.autokey = pubconf.uefiautokey76 self.autokey = pubconf.signingautokey
7677
77 self.setComponents(tarfile_path)78 self.setComponents(tarfile_path)
79
80 # Ensure we expose the results via uefi and signed in dists.
81 # If we already have a uefi directory move it to signed else
82 # make a new signed. For compatibility ensure we have uefi
83 # symlink to signed.
84 # NOTE: we rely on "signed" and "uefi" being in the same directory.
85 dists_signed = os.path.join(
86 pubconf.archiveroot, "dists", distroseries, "main", "signed")
87 dists_uefi = os.path.join(
88 pubconf.archiveroot, "dists", distroseries, "main", "uefi")
89 if not os.path.exists(dists_signed):
90 if os.path.isdir(dists_uefi):
91 os.rename(dists_uefi, dists_signed)
92 else:
93 os.makedirs(dists_signed, 0o755)
94 if not os.path.exists(dists_uefi):
95 os.symlink("signed", dists_uefi)
96
97 # Extract into the "signed" path regardless of linking.
78 self.targetdir = os.path.join(98 self.targetdir = os.path.join(
79 pubconf.archiveroot, "dists", distroseries, "main", "uefi",99 dists_signed, "%s-%s" % (self.package, self.arch))
80 "%s-%s" % (self.loader_type, self.arch))
81 self.archiveroot = pubconf.archiveroot100 self.archiveroot = pubconf.archiveroot
82101
83 @classmethod102 @classmethod
84 def getSeriesKey(cls, tarfile_path):103 def getSeriesKey(cls, tarfile_path):
85 try:104 try:
86 loader_type, _, arch = cls.parsePath(tarfile_path)105 package, _, arch = cls.parsePath(tarfile_path)
87 return loader_type, arch106 return package, arch
88 except ValueError:107 except ValueError:
89 return None108 return None
90109
@@ -169,7 +188,7 @@
169188
170 No actual extraction is required.189 No actual extraction is required.
171 """190 """
172 super(UefiUpload, self).extract()191 super(SigningUpload, self).extract()
173 efi_filenames = list(self.findEfiFilenames())192 efi_filenames = list(self.findEfiFilenames())
174 for efi_filename in efi_filenames:193 for efi_filename in efi_filenames:
175 remove_if_exists("%s.signed" % efi_filename)194 remove_if_exists("%s.signed" % efi_filename)
@@ -179,12 +198,12 @@
179 return filename.startswith("%s/" % self.version)198 return filename.startswith("%s/" % self.version)
180199
181200
182def process_uefi(pubconf, tarfile_path, distroseries, logger=None):201def process_signing(pubconf, tarfile_path, distroseries, logger=None):
183 """Process a raw-uefi tarfile.202 """Process a raw-uefi/raw-signing tarfile.
184203
185 Unpacking it into the given archive for the given distroseries.204 Unpacking it into the given archive for the given distroseries.
186 Raises CustomUploadError (or some subclass thereof) if anything goes205 Raises CustomUploadError (or some subclass thereof) if anything goes
187 wrong.206 wrong.
188 """207 """
189 upload = UefiUpload(logger=logger)208 upload = SigningUpload(logger=logger)
190 upload.process(pubconf, tarfile_path, distroseries)209 upload.process(pubconf, tarfile_path, distroseries)
191210
=== modified file 'lib/lp/archivepublisher/tests/test_config.py'
--- lib/lp/archivepublisher/tests/test_config.py 2016-05-03 11:11:39 +0000
+++ lib/lp/archivepublisher/tests/test_config.py 2016-05-11 15:32:04 +0000
@@ -8,6 +8,8 @@
88
9__metaclass__ = type9__metaclass__ = type
1010
11import os
12
11from zope.component import getUtility13from zope.component import getUtility
1214
13from lp.archivepublisher.config import getPubConfig15from lp.archivepublisher.config import getPubConfig
@@ -46,11 +48,19 @@
46 self.assertEqual(archiveroot + "-misc", primary_config.miscroot)48 self.assertEqual(archiveroot + "-misc", primary_config.miscroot)
47 self.assertEqual(49 self.assertEqual(
48 self.root + "/ubuntutest-temp", primary_config.temproot)50 self.root + "/ubuntutest-temp", primary_config.temproot)
49 self.assertEqual(archiveroot + "-uefi", primary_config.uefiroot)51 self.assertEqual(archiveroot + "-signing", primary_config.signingroot)
50 self.assertFalse(primary_config.uefiautokey)52 self.assertFalse(primary_config.signingautokey)
51 self.assertIs(None, primary_config.metaroot)53 self.assertIs(None, primary_config.metaroot)
52 self.assertEqual(archiveroot + "-staging", primary_config.stagingroot)54 self.assertEqual(archiveroot + "-staging", primary_config.stagingroot)
5355
56 def test_primary_config_compat(self):
57 # Primary archive configuration is correct.
58 archiveroot = self.root + "/ubuntutest"
59 self.addCleanup(os.rmdir, archiveroot + "-uefi")
60 os.makedirs(archiveroot + "-uefi")
61 primary_config = getPubConfig(self.ubuntutest.main_archive)
62 self.assertEqual(archiveroot + "-uefi", primary_config.signingroot)
63
54 def test_partner_config(self):64 def test_partner_config(self):
55 # Partner archive configuration is correct.65 # Partner archive configuration is correct.
56 # The publisher config for PARTNER contains only 'partner' in its66 # The publisher config for PARTNER contains only 'partner' in its
@@ -70,8 +80,8 @@
70 self.assertIsNone(partner_config.miscroot)80 self.assertIsNone(partner_config.miscroot)
71 self.assertEqual(81 self.assertEqual(
72 self.root + "/ubuntutest-temp", partner_config.temproot)82 self.root + "/ubuntutest-temp", partner_config.temproot)
73 self.assertEqual(archiveroot + "-uefi", partner_config.uefiroot)83 self.assertEqual(archiveroot + "-signing", partner_config.signingroot)
74 self.assertFalse(partner_config.uefiautokey)84 self.assertFalse(partner_config.signingautokey)
75 self.assertIs(None, partner_config.metaroot)85 self.assertIs(None, partner_config.metaroot)
76 self.assertEqual(archiveroot + "-staging", partner_config.stagingroot)86 self.assertEqual(archiveroot + "-staging", partner_config.stagingroot)
7787
@@ -93,8 +103,8 @@
93 self.assertEqual(archiveroot + "-cache", copy_config.cacheroot)103 self.assertEqual(archiveroot + "-cache", copy_config.cacheroot)
94 self.assertEqual(archiveroot + "-misc", copy_config.miscroot)104 self.assertEqual(archiveroot + "-misc", copy_config.miscroot)
95 self.assertEqual(archiveroot + "-temp", copy_config.temproot)105 self.assertEqual(archiveroot + "-temp", copy_config.temproot)
96 self.assertIsNone(copy_config.uefiroot)106 self.assertIsNone(copy_config.signingroot)
97 self.assertFalse(copy_config.uefiautokey)107 self.assertFalse(copy_config.signingautokey)
98 self.assertIs(None, copy_config.metaroot)108 self.assertIs(None, copy_config.metaroot)
99 self.assertIs(None, copy_config.stagingroot)109 self.assertIs(None, copy_config.stagingroot)
100110
@@ -131,10 +141,10 @@
131 self.assertIsNone(self.ppa_config.miscroot)141 self.assertIsNone(self.ppa_config.miscroot)
132 self.assertEqual(142 self.assertEqual(
133 "/var/tmp/archive/ubuntutest-temp", self.ppa_config.temproot)143 "/var/tmp/archive/ubuntutest-temp", self.ppa_config.temproot)
134 uefiroot = "/var/tmp/ppa-signing-keys.test/uefi/%s/%s" % (144 signingroot = "/var/tmp/ppa-signing-keys.test/signing/%s/%s" % (
135 self.ppa.owner.name, self.ppa.name)145 self.ppa.owner.name, self.ppa.name)
136 self.assertEqual(uefiroot, self.ppa_config.uefiroot)146 self.assertEqual(signingroot, self.ppa_config.signingroot)
137 self.assertTrue(self.ppa_config.uefiautokey)147 self.assertTrue(self.ppa_config.signingautokey)
138 self.assertIs(None, self.ppa_config.metaroot)148 self.assertIs(None, self.ppa_config.metaroot)
139 self.assertIs(None, self.ppa_config.stagingroot)149 self.assertIs(None, self.ppa_config.stagingroot)
140150
@@ -166,10 +176,10 @@
166 "/var/tmp/archive/ubuntutest-temp", p3a_config.temproot)176 "/var/tmp/archive/ubuntutest-temp", p3a_config.temproot)
167 # It's OK for the signing keys to be in the same location as for177 # It's OK for the signing keys to be in the same location as for
168 # public PPAs, as the owner/name namespace is shared.178 # public PPAs, as the owner/name namespace is shared.
169 uefiroot = "/var/tmp/ppa-signing-keys.test/uefi/%s/%s" % (179 signingroot = "/var/tmp/ppa-signing-keys.test/signing/%s/%s" % (
170 p3a.owner.name, p3a.name)180 p3a.owner.name, p3a.name)
171 self.assertEqual(uefiroot, p3a_config.uefiroot)181 self.assertEqual(signingroot, p3a_config.signingroot)
172 self.assertTrue(self.ppa_config.uefiautokey)182 self.assertTrue(self.ppa_config.signingautokey)
173 self.assertIs(None, p3a_config.metaroot)183 self.assertIs(None, p3a_config.metaroot)
174 self.assertIs(None, p3a_config.stagingroot)184 self.assertIs(None, p3a_config.stagingroot)
175185
@@ -186,3 +196,23 @@
186 ubuntu_ppa.owner.name, ubuntu_ppa.name),196 ubuntu_ppa.owner.name, ubuntu_ppa.name),
187 getPubConfig(ubuntu_ppa).metaroot)197 getPubConfig(ubuntu_ppa).metaroot)
188 self.assertIs(None, getPubConfig(test_ppa).metaroot)198 self.assertIs(None, getPubConfig(test_ppa).metaroot)
199
200
201class TestGetPubConfigPPACompatUefi(TestCaseWithFactory):
202
203 layer = ZopelessDatabaseLayer
204
205 def setUp(self):
206 super(TestGetPubConfigPPACompatUefi, self).setUp()
207 self.ubuntutest = getUtility(IDistributionSet)['ubuntutest']
208 self.ppa = self.factory.makeArchive(
209 distribution=self.ubuntutest, purpose=ArchivePurpose.PPA)
210 signingroot = "/var/tmp/ppa-signing-keys.test/uefi"
211 self.addCleanup(os.rmdir, signingroot)
212 os.makedirs(signingroot)
213 self.ppa_config = getPubConfig(self.ppa)
214
215 def test_ppa_uefi_config(self):
216 signingroot = "/var/tmp/ppa-signing-keys.test/uefi/%s/%s" % (
217 self.ppa.owner.name, self.ppa.name)
218 self.assertEqual(signingroot, self.ppa_config.signingroot)
189219
=== modified file 'lib/lp/archivepublisher/tests/test_ftparchive.py'
--- lib/lp/archivepublisher/tests/test_ftparchive.py 2016-04-05 02:07:48 +0000
+++ lib/lp/archivepublisher/tests/test_ftparchive.py 2016-05-11 15:32:04 +0000
@@ -552,9 +552,10 @@
552 self._addRepositoryFile("main", "tiny", "tiny_0.1.tar.gz")552 self._addRepositoryFile("main", "tiny", "tiny_0.1.tar.gz")
553 self._addRepositoryFile("main", "tiny", "tiny_0.1_i386.deb")553 self._addRepositoryFile("main", "tiny", "tiny_0.1_i386.deb")
554 comp_dir = os.path.join(self._distsdir, "hoary-test", "main")554 comp_dir = os.path.join(self._distsdir, "hoary-test", "main")
555 os.makedirs(os.path.join(comp_dir, "uefi"))555 os.makedirs(os.path.join(comp_dir, "signed"))
556 with open(os.path.join(comp_dir, "uefi", "stuff"), "w"):556 with open(os.path.join(comp_dir, "signed", "stuff"), "w"):
557 pass557 pass
558 os.symlink("signed", os.path.join(comp_dir, "uefi"))
558 os.makedirs(os.path.join(comp_dir, "i18n"))559 os.makedirs(os.path.join(comp_dir, "i18n"))
559 for name in ("Translation-de", "Translation-de.gz", "Translation-en",560 for name in ("Translation-de", "Translation-de.gz", "Translation-en",
560 "Translation-en.Z"):561 "Translation-en.Z"):
@@ -602,6 +603,9 @@
602 self.assertContentEqual(603 self.assertContentEqual(
603 ["Sources.gz", "Sources.xz"],604 ["Sources.gz", "Sources.xz"],
604 os.listdir(os.path.join(comp_dir, "source")))605 os.listdir(os.path.join(comp_dir, "source")))
606 self.assertEqual(
607 ["stuff"],
608 os.listdir(os.path.join(comp_dir, "signed")))
605 self.assertEqual(["stuff"], os.listdir(os.path.join(comp_dir, "uefi")))609 self.assertEqual(["stuff"], os.listdir(os.path.join(comp_dir, "uefi")))
606 self.assertContentEqual(610 self.assertContentEqual(
607 ["Translation-de", "Translation-de.gz", "Translation-en.gz",611 ["Translation-de", "Translation-de.gz", "Translation-en.gz",
608612
=== renamed file 'lib/lp/archivepublisher/tests/test_uefi.py' => 'lib/lp/archivepublisher/tests/test_signing.py'
--- lib/lp/archivepublisher/tests/test_uefi.py 2016-05-03 13:35:16 +0000
+++ lib/lp/archivepublisher/tests/test_signing.py 2016-05-11 15:32:04 +0000
@@ -13,7 +13,7 @@
13 CustomUploadAlreadyExists,13 CustomUploadAlreadyExists,
14 CustomUploadBadUmask,14 CustomUploadBadUmask,
15 )15 )
16from lp.archivepublisher.uefi import UefiUpload16from lp.archivepublisher.signing import SigningUpload
17from lp.services.osutils import write_file17from lp.services.osutils import write_file
18from lp.services.tarfile_helpers import LaunchpadWriteTarFile18from lp.services.tarfile_helpers import LaunchpadWriteTarFile
19from lp.testing import TestCase19from lp.testing import TestCase
@@ -35,42 +35,42 @@
3535
36class FakeConfig:36class FakeConfig:
37 """A fake publisher configuration for the main archive."""37 """A fake publisher configuration for the main archive."""
38 def __init__(self, distroroot, uefiroot):38 def __init__(self, distroroot, signingroot):
39 self.distroroot = distroroot39 self.distroroot = distroroot
40 self.uefiroot = uefiroot40 self.signingroot = signingroot
41 self.archiveroot = os.path.join(self.distroroot, 'ubuntu')41 self.archiveroot = os.path.join(self.distroroot, 'ubuntu')
42 self.uefiautokey = False42 self.signingautokey = False
4343
4444
45class FakeConfigPPA:45class FakeConfigPPA:
46 """A fake publisher configuration for a PPA."""46 """A fake publisher configuration for a PPA."""
47 def __init__(self, distroroot, uefiroot, owner, ppa):47 def __init__(self, distroroot, signingroot, owner, ppa):
48 self.distroroot = distroroot48 self.distroroot = distroroot
49 self.uefiroot = uefiroot49 self.signingroot = signingroot
50 self.archiveroot = os.path.join(self.distroroot, owner, ppa, 'ubuntu')50 self.archiveroot = os.path.join(self.distroroot, owner, ppa, 'ubuntu')
51 self.uefiautokey = True51 self.signingautokey = True
5252
5353
54class TestUefi(TestCase):54class TestSigning(TestCase):
5555
56 def setUp(self):56 def setUp(self):
57 super(TestUefi, self).setUp()57 super(TestSigning, self).setUp()
58 self.temp_dir = self.makeTemporaryDirectory()58 self.temp_dir = self.makeTemporaryDirectory()
59 self.uefi_dir = self.makeTemporaryDirectory()59 self.signing_dir = self.makeTemporaryDirectory()
60 self.pubconf = FakeConfig(self.temp_dir, self.uefi_dir)60 self.pubconf = FakeConfig(self.temp_dir, self.signing_dir)
61 self.suite = "distroseries"61 self.suite = "distroseries"
62 # CustomUpload.installFiles requires a umask of 0o022.62 # CustomUpload.installFiles requires a umask of 0o022.
63 old_umask = os.umask(0o022)63 old_umask = os.umask(0o022)
64 self.addCleanup(os.umask, old_umask)64 self.addCleanup(os.umask, old_umask)
6565
66 def setUpPPA(self):66 def setUpPPA(self):
67 self.pubconf = FakeConfigPPA(self.temp_dir, self.uefi_dir,67 self.pubconf = FakeConfigPPA(self.temp_dir, self.signing_dir,
68 'ubuntu-archive', 'testing')68 'ubuntu-archive', 'testing')
69 self.testcase_cn = '/CN=PPA ubuntu-archive testing/'69 self.testcase_cn = '/CN=PPA ubuntu-archive testing/'
7070
71 def setUpKeyAndCert(self, create=True):71 def setUpKeyAndCert(self, create=True):
72 self.key = os.path.join(self.uefi_dir, "uefi.key")72 self.key = os.path.join(self.signing_dir, "uefi.key")
73 self.cert = os.path.join(self.uefi_dir, "uefi.crt")73 self.cert = os.path.join(self.signing_dir, "uefi.crt")
74 if create:74 if create:
75 write_file(self.key, "")75 write_file(self.key, "")
76 write_file(self.cert, "")76 write_file(self.cert, "")
@@ -85,7 +85,7 @@
85 self.archive.close()85 self.archive.close()
86 self.buffer.close()86 self.buffer.close()
87 fake_call = FakeMethod()87 fake_call = FakeMethod()
88 upload = UefiUpload()88 upload = SigningUpload()
89 upload.signUefi = FakeMethod()89 upload.signUefi = FakeMethod()
90 self.useFixture(MonkeyPatch("subprocess.call", fake_call))90 self.useFixture(MonkeyPatch("subprocess.call", fake_call))
91 upload.process(self.pubconf, self.path, self.suite)91 upload.process(self.pubconf, self.path, self.suite)
@@ -94,9 +94,16 @@
9494
95 return upload95 return upload
9696
97 def getDistsPath(self):
98 return os.path.join(self.pubconf.archiveroot, "dists",
99 self.suite, "main")
100
101 def getSignedPath(self, loader_type, arch):
102 return os.path.join(self.getDistsPath(), "signed",
103 "%s-%s" % (loader_type, arch))
104
97 def getUefiPath(self, loader_type, arch):105 def getUefiPath(self, loader_type, arch):
98 return os.path.join(106 return os.path.join(self.getDistsPath(), "uefi",
99 self.pubconf.archiveroot, "dists", self.suite, "main", "uefi",
100 "%s-%s" % (loader_type, arch))107 "%s-%s" % (loader_type, arch))
101108
102 def test_unconfigured(self):109 def test_unconfigured(self):
@@ -124,7 +131,7 @@
124 self.archive.add_file("1.0/hello", "world")131 self.archive.add_file("1.0/hello", "world")
125 upload = self.process()132 upload = self.process()
126 self.assertTrue(os.path.exists(os.path.join(133 self.assertTrue(os.path.exists(os.path.join(
127 self.getUefiPath("empty", "amd64"), "1.0", "hello")))134 self.getSignedPath("empty", "amd64"), "1.0", "hello")))
128 self.assertEqual(0, upload.signUefi.call_count)135 self.assertEqual(0, upload.signUefi.call_count)
129136
130 def test_already_exists(self):137 def test_already_exists(self):
@@ -132,7 +139,7 @@
132 self.setUpKeyAndCert()139 self.setUpKeyAndCert()
133 self.openArchive("test", "1.0", "amd64")140 self.openArchive("test", "1.0", "amd64")
134 self.archive.add_file("1.0/empty.efi", "")141 self.archive.add_file("1.0/empty.efi", "")
135 os.makedirs(os.path.join(self.getUefiPath("test", "amd64"), "1.0"))142 os.makedirs(os.path.join(self.getSignedPath("test", "amd64"), "1.0"))
136 self.assertRaises(CustomUploadAlreadyExists, self.process)143 self.assertRaises(CustomUploadAlreadyExists, self.process)
137144
138 def test_bad_umask(self):145 def test_bad_umask(self):
@@ -149,7 +156,7 @@
149 self.setUpKeyAndCert()156 self.setUpKeyAndCert()
150 fake_call = FakeMethod()157 fake_call = FakeMethod()
151 self.useFixture(MonkeyPatch("subprocess.call", fake_call))158 self.useFixture(MonkeyPatch("subprocess.call", fake_call))
152 upload = UefiUpload()159 upload = SigningUpload()
153 upload.generateUefiKeys = FakeMethod()160 upload.generateUefiKeys = FakeMethod()
154 upload.setTargetDirectory(161 upload.setTargetDirectory(
155 self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")162 self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")
@@ -169,7 +176,7 @@
169 self.setUpKeyAndCert(create=False)176 self.setUpKeyAndCert(create=False)
170 fake_call = FakeMethod()177 fake_call = FakeMethod()
171 self.useFixture(MonkeyPatch("subprocess.call", fake_call))178 self.useFixture(MonkeyPatch("subprocess.call", fake_call))
172 upload = UefiUpload()179 upload = SigningUpload()
173 upload.generateUefiKeys = FakeMethod()180 upload.generateUefiKeys = FakeMethod()
174 upload.setTargetDirectory(181 upload.setTargetDirectory(
175 self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")182 self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")
@@ -184,7 +191,7 @@
184 self.setUpKeyAndCert(create=False)191 self.setUpKeyAndCert(create=False)
185 fake_call = FakeMethod()192 fake_call = FakeMethod()
186 self.useFixture(MonkeyPatch("subprocess.call", fake_call))193 self.useFixture(MonkeyPatch("subprocess.call", fake_call))
187 upload = UefiUpload()194 upload = SigningUpload()
188 upload.setTargetDirectory(195 upload.setTargetDirectory(
189 self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")196 self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")
190 upload.generateUefiKeys()197 upload.generateUefiKeys()
@@ -212,6 +219,44 @@
212 self.openArchive("test", "1.0", "amd64")219 self.openArchive("test", "1.0", "amd64")
213 self.archive.add_file("1.0/empty.efi", "")220 self.archive.add_file("1.0/empty.efi", "")
214 self.process()221 self.process()
222 self.assertTrue(os.path.isdir(os.path.join(
223 self.getDistsPath(), "signed")))
224 self.assertTrue(os.path.islink(os.path.join(
225 self.getDistsPath(), "uefi")))
226 self.assertTrue(os.path.exists(os.path.join(
227 self.getSignedPath("test", "amd64"), "1.0", "empty.efi")))
228 self.assertTrue(os.path.exists(os.path.join(
229 self.getUefiPath("test", "amd64"), "1.0", "empty.efi")))
230
231 def test_installed_existing_uefi(self):
232 # Files in the tarball are installed correctly.
233 os.makedirs(os.path.join(self.getDistsPath(), "uefi"))
234 self.setUpKeyAndCert()
235 self.openArchive("test", "1.0", "amd64")
236 self.archive.add_file("1.0/empty.efi", "")
237 self.process()
238 self.assertTrue(os.path.isdir(os.path.join(
239 self.getDistsPath(), "signed")))
240 self.assertTrue(os.path.islink(os.path.join(
241 self.getDistsPath(), "uefi")))
242 self.assertTrue(os.path.exists(os.path.join(
243 self.getSignedPath("test", "amd64"), "1.0", "empty.efi")))
244 self.assertTrue(os.path.exists(os.path.join(
245 self.getUefiPath("test", "amd64"), "1.0", "empty.efi")))
246
247 def test_installed_existing_signing(self):
248 # Files in the tarball are installed correctly.
249 os.makedirs(os.path.join(self.getDistsPath(), "signing"))
250 self.setUpKeyAndCert()
251 self.openArchive("test", "1.0", "amd64")
252 self.archive.add_file("1.0/empty.efi", "")
253 self.process()
254 self.assertTrue(os.path.isdir(os.path.join(
255 self.getDistsPath(), "signed")))
256 self.assertTrue(os.path.islink(os.path.join(
257 self.getDistsPath(), "uefi")))
258 self.assertTrue(os.path.exists(os.path.join(
259 self.getSignedPath("test", "amd64"), "1.0", "empty.efi")))
215 self.assertTrue(os.path.exists(os.path.join(260 self.assertTrue(os.path.exists(os.path.join(
216 self.getUefiPath("test", "amd64"), "1.0", "empty.efi")))261 self.getUefiPath("test", "amd64"), "1.0", "empty.efi")))
217262
@@ -222,7 +267,7 @@
222 self.assertFalse(os.path.exists(self.cert))267 self.assertFalse(os.path.exists(self.cert))
223 fake_call = FakeMethod()268 fake_call = FakeMethod()
224 self.useFixture(MonkeyPatch("subprocess.call", fake_call))269 self.useFixture(MonkeyPatch("subprocess.call", fake_call))
225 upload = UefiUpload()270 upload = SigningUpload()
226 upload.generateUefiKeys = FakeMethodGenUefiKeys(upload=upload)271 upload.generateUefiKeys = FakeMethodGenUefiKeys(upload=upload)
227 upload.setTargetDirectory(272 upload.setTargetDirectory(
228 self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")273 self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")
@@ -239,7 +284,7 @@
239 self.assertFalse(os.path.exists(self.cert))284 self.assertFalse(os.path.exists(self.cert))
240 fake_call = FakeMethod()285 fake_call = FakeMethod()
241 self.useFixture(MonkeyPatch("subprocess.call", fake_call))286 self.useFixture(MonkeyPatch("subprocess.call", fake_call))
242 upload = UefiUpload()287 upload = SigningUpload()
243 upload.generateUefiKeys = FakeMethodGenUefiKeys(upload=upload)288 upload.generateUefiKeys = FakeMethodGenUefiKeys(upload=upload)
244 upload.setTargetDirectory(289 upload.setTargetDirectory(
245 self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")290 self.pubconf, "test_1.0_amd64.tar.gz", "distroseries")
246291
=== modified file 'lib/lp/archiveuploader/nascentuploadfile.py'
--- lib/lp/archiveuploader/nascentuploadfile.py 2015-01-28 17:54:34 +0000
+++ lib/lp/archiveuploader/nascentuploadfile.py 2016-05-11 15:32:04 +0000
@@ -1,4 +1,4 @@
1# Copyright 2009-2015 Canonical Ltd. This software is licensed under the1# Copyright 2009-2016 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).2# GNU Affero General Public License version 3 (see the file LICENSE).
33
4"""Specific models for uploaded files"""4"""Specific models for uploaded files"""
@@ -33,7 +33,7 @@
33from lp.archivepublisher.debian_installer import DebianInstallerUpload33from lp.archivepublisher.debian_installer import DebianInstallerUpload
34from lp.archivepublisher.dist_upgrader import DistUpgraderUpload34from lp.archivepublisher.dist_upgrader import DistUpgraderUpload
35from lp.archivepublisher.rosetta_translations import RosettaTranslationsUpload35from lp.archivepublisher.rosetta_translations import RosettaTranslationsUpload
36from lp.archivepublisher.uefi import UefiUpload36from lp.archivepublisher.signing import SigningUpload
37from lp.archiveuploader.utils import (37from lp.archiveuploader.utils import (
38 determine_source_file_type,38 determine_source_file_type,
39 prefix_multi_line_string,39 prefix_multi_line_string,
@@ -258,7 +258,8 @@
258 PackageUploadCustomFormat.STATIC_TRANSLATIONS,258 PackageUploadCustomFormat.STATIC_TRANSLATIONS,
259 'raw-meta-data':259 'raw-meta-data':
260 PackageUploadCustomFormat.META_DATA,260 PackageUploadCustomFormat.META_DATA,
261 'raw-uefi': PackageUploadCustomFormat.UEFI,261 'raw-signing': PackageUploadCustomFormat.SIGNING,
262 'raw-uefi': PackageUploadCustomFormat.SIGNING, # Compatibility
262 }263 }
263264
264 custom_handlers = {265 custom_handlers = {
@@ -267,7 +268,7 @@
267 PackageUploadCustomFormat.DDTP_TARBALL: DdtpTarballUpload,268 PackageUploadCustomFormat.DDTP_TARBALL: DdtpTarballUpload,
268 PackageUploadCustomFormat.ROSETTA_TRANSLATIONS:269 PackageUploadCustomFormat.ROSETTA_TRANSLATIONS:
269 RosettaTranslationsUpload,270 RosettaTranslationsUpload,
270 PackageUploadCustomFormat.UEFI: UefiUpload,271 PackageUploadCustomFormat.SIGNING: SigningUpload,
271 }272 }
272273
273 @property274 @property
@@ -306,8 +307,9 @@
306307
307 def autoApprove(self):308 def autoApprove(self):
308 """Return whether this custom upload can be automatically approved."""309 """Return whether this custom upload can be automatically approved."""
309 # UEFI uploads are signed, and must therefore be approved by a human.310 # Signing uploads will be signed, and must therefore be approved
310 if self.custom_type == PackageUploadCustomFormat.UEFI:311 # by a human.
312 if self.custom_type == PackageUploadCustomFormat.SIGNING:
311 return False313 return False
312 return True314 return True
313315
314316
=== modified file 'lib/lp/archiveuploader/tests/test_nascentuploadfile.py'
--- lib/lp/archiveuploader/tests/test_nascentuploadfile.py 2015-03-04 13:06:02 +0000
+++ lib/lp/archiveuploader/tests/test_nascentuploadfile.py 2016-05-11 15:32:04 +0000
@@ -1,4 +1,4 @@
1# Copyright 2010-2015 Canonical Ltd. This software is licensed under the1# Copyright 2010-2016 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).2# GNU Affero General Public License version 3 (see the file LICENSE).
33
4"""Test NascentUploadFile functionality."""4"""Test NascentUploadFile functionality."""
@@ -167,6 +167,12 @@
167 "bla.txt", "data", "main/raw-uefi", "extra")167 "bla.txt", "data", "main/raw-uefi", "extra")
168 self.assertFalse(uploadfile.autoApprove())168 self.assertFalse(uploadfile.autoApprove())
169169
170 def test_signing_not_auto_approved(self):
171 # UEFI uploads are auto-approved.
172 uploadfile = self.createCustomUploadFile(
173 "bla.txt", "data", "main/raw-signing", "extra")
174 self.assertFalse(uploadfile.autoApprove())
175
170176
171class PackageUploadFileTestCase(NascentUploadFileTestCase):177class PackageUploadFileTestCase(NascentUploadFileTestCase):
172 """Base class for all tests of classes deriving from PackageUploadFile."""178 """Base class for all tests of classes deriving from PackageUploadFile."""
173179
=== modified file 'lib/lp/archiveuploader/tests/test_uploadpolicy.py'
--- lib/lp/archiveuploader/tests/test_uploadpolicy.py 2013-08-01 14:09:45 +0000
+++ lib/lp/archiveuploader/tests/test_uploadpolicy.py 2016-05-11 15:32:04 +0000
@@ -1,6 +1,6 @@
1#!/usr/bin/python1#!/usr/bin/python
2#2#
3# Copyright 2010-2013 Canonical Ltd. This software is licensed under the3# Copyright 2010-2016 Canonical Ltd. This software is licensed under the
4# GNU Affero General Public License version 3 (see the file LICENSE).4# GNU Affero General Public License version 3 (see the file LICENSE).
55
6from zope.component import getUtility6from zope.component import getUtility
@@ -304,6 +304,17 @@
304 upload.changes = FakeChangesFile(custom_files=[uploadfile])304 upload.changes = FakeChangesFile(custom_files=[uploadfile])
305 self.assertFalse(buildd_policy.autoApprove(upload))305 self.assertFalse(buildd_policy.autoApprove(upload))
306306
307 def test_buildd_does_not_approve_signing(self):
308 # Uploads to the primary archive containing files for signing are
309 # not approved.
310 buildd_policy = findPolicyByName("buildd")
311 uploadfile = CustomUploadFile(
312 "uefi.tar.gz", None, 0, "main/raw-signing", "extra", buildd_policy,
313 None)
314 upload = make_fake_upload(binaryful=True)
315 upload.changes = FakeChangesFile(custom_files=[uploadfile])
316 self.assertFalse(buildd_policy.autoApprove(upload))
317
307 def test_buildd_approves_uefi_ppa(self):318 def test_buildd_approves_uefi_ppa(self):
308 # Uploads to PPAs containing UEFI custom files are auto-approved.319 # Uploads to PPAs containing UEFI custom files are auto-approved.
309 buildd_policy = findPolicyByName("buildd")320 buildd_policy = findPolicyByName("buildd")
@@ -313,3 +324,13 @@
313 upload = make_fake_upload(binaryful=True, is_ppa=True)324 upload = make_fake_upload(binaryful=True, is_ppa=True)
314 upload.changes = FakeChangesFile(custom_files=[uploadfile])325 upload.changes = FakeChangesFile(custom_files=[uploadfile])
315 self.assertTrue(buildd_policy.autoApprove(upload))326 self.assertTrue(buildd_policy.autoApprove(upload))
327
328 def test_buildd_approves_signing_ppa(self):
329 # Uploads to PPAs containing UEFI custom files are auto-approved.
330 buildd_policy = findPolicyByName("buildd")
331 uploadfile = CustomUploadFile(
332 "uefi.tar.gz", None, 0, "main/raw-signing", "extra", buildd_policy,
333 None)
334 upload = make_fake_upload(binaryful=True, is_ppa=True)
335 upload.changes = FakeChangesFile(custom_files=[uploadfile])
336 self.assertTrue(buildd_policy.autoApprove(upload))
316337
=== modified file 'lib/lp/soyuz/browser/queue.py'
--- lib/lp/soyuz/browser/queue.py 2015-07-09 20:06:17 +0000
+++ lib/lp/soyuz/browser/queue.py 2016-05-11 15:32:04 +0000
@@ -1,4 +1,4 @@
1# Copyright 2009-2013 Canonical Ltd. This software is licensed under the1# Copyright 2009-2016 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).2# GNU Affero General Public License version 3 (see the file LICENSE).
33
4"""Browser views for package queue."""4"""Browser views for package queue."""
@@ -574,7 +574,7 @@
574 (self.contains_installer, ("Installer", 'ubuntu-icon')),574 (self.contains_installer, ("Installer", 'ubuntu-icon')),
575 (self.contains_upgrader, ("Upgrader", 'ubuntu-icon')),575 (self.contains_upgrader, ("Upgrader", 'ubuntu-icon')),
576 (self.contains_ddtp, (ddtp, 'ubuntu-icon')),576 (self.contains_ddtp, (ddtp, 'ubuntu-icon')),
577 (self.contains_uefi, ("Signed UEFI boot loader", 'ubuntu-icon')),577 (self.contains_signing, ("Objects for Signing", 'ubuntu-icon')),
578 ]578 ]
579 return [579 return [
580 self.composeIcon(*details)580 self.composeIcon(*details)
581581
=== modified file 'lib/lp/soyuz/configure.zcml'
--- lib/lp/soyuz/configure.zcml 2016-03-22 12:51:03 +0000
+++ lib/lp/soyuz/configure.zcml 2016-05-11 15:32:04 +0000
@@ -168,6 +168,7 @@
168 contains_installer168 contains_installer
169 contains_upgrader169 contains_upgrader
170 contains_ddtp170 contains_ddtp
171 contains_signing
171 contains_uefi172 contains_uefi
172 displayname173 displayname
173 displayarchs174 displayarchs
174175
=== modified file 'lib/lp/soyuz/enums.py'
--- lib/lp/soyuz/enums.py 2016-02-05 20:28:29 +0000
+++ lib/lp/soyuz/enums.py 2016-05-11 15:32:04 +0000
@@ -481,10 +481,10 @@
481 the Software Center.481 the Software Center.
482 """)482 """)
483483
484 UEFI = DBItem(6, """484 SIGNING = DBItem(6, """
485 uefi485 signing
486486
487 A UEFI boot loader image to be signed.487 A tarball containing images to be signed.
488 """)488 """)
489489
490490
491491
=== modified file 'lib/lp/soyuz/interfaces/queue.py'
--- lib/lp/soyuz/interfaces/queue.py 2015-09-03 15:14:07 +0000
+++ lib/lp/soyuz/interfaces/queue.py 2016-05-11 15:32:04 +0000
@@ -1,4 +1,4 @@
1# Copyright 2009-2015 Canonical Ltd. This software is licensed under the1# Copyright 2009-2016 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).2# GNU Affero General Public License version 3 (see the file LICENSE).
33
4"""Queue interfaces."""4"""Queue interfaces."""
@@ -264,8 +264,11 @@
264 "whether or not this upload contains upgrader images")264 "whether or not this upload contains upgrader images")
265 contains_ddtp = Attribute(265 contains_ddtp = Attribute(
266 "whether or not this upload contains DDTP images")266 "whether or not this upload contains DDTP images")
267 contains_signing = Attribute(
268 "whether or not this upload contains signing images")
267 contains_uefi = Attribute(269 contains_uefi = Attribute(
268 "whether or not this upload contains a signed UEFI boot loader image")270 "whether or not this upload contains a signed UEFI boot loader image"
271 " (deprecated)")
269 isPPA = Attribute(272 isPPA = Attribute(
270 "Return True if this PackageUpload is a PPA upload.")273 "Return True if this PackageUpload is a PPA upload.")
271274
272275
=== modified file 'lib/lp/soyuz/model/queue.py'
--- lib/lp/soyuz/model/queue.py 2016-03-14 23:42:45 +0000
+++ lib/lp/soyuz/model/queue.py 2016-05-11 15:32:04 +0000
@@ -665,9 +665,11 @@
665 return PackageUploadCustomFormat.DDTP_TARBALL in self._customFormats665 return PackageUploadCustomFormat.DDTP_TARBALL in self._customFormats
666666
667 @cachedproperty667 @cachedproperty
668 def contains_uefi(self):668 def contains_signing(self):
669 """See `IPackageUpload`."""669 """See `IPackageUpload`."""
670 return PackageUploadCustomFormat.UEFI in self._customFormats670 return PackageUploadCustomFormat.SIGNING in self._customFormats
671
672 contains_uefi = contains_signing
671673
672 @property674 @property
673 def package_name(self):675 def package_name(self):
@@ -1462,13 +1464,13 @@
1462 self.libraryfilealias.open()1464 self.libraryfilealias.open()
1463 copy_and_close(self.libraryfilealias, file_obj)1465 copy_and_close(self.libraryfilealias, file_obj)
14641466
1465 def publishUefi(self, logger=None):1467 def publishSigning(self, logger=None):
1466 """See `IPackageUploadCustom`."""1468 """See `IPackageUploadCustom`."""
1467 # XXX cprov 2005-03-03: We need to use the Zope Component Lookup1469 # XXX cprov 2005-03-03: We need to use the Zope Component Lookup
1468 # to instantiate the object in question and avoid circular imports1470 # to instantiate the object in question and avoid circular imports
1469 from lp.archivepublisher.uefi import process_uefi1471 from lp.archivepublisher.signing import process_signing
14701472
1471 self._publishCustom(process_uefi, logger=logger)1473 self._publishCustom(process_signing, logger=logger)
14721474
1473 publisher_dispatch = {1475 publisher_dispatch = {
1474 PackageUploadCustomFormat.DEBIAN_INSTALLER: publishDebianInstaller,1476 PackageUploadCustomFormat.DEBIAN_INSTALLER: publishDebianInstaller,
@@ -1479,7 +1481,7 @@
1479 PackageUploadCustomFormat.STATIC_TRANSLATIONS:1481 PackageUploadCustomFormat.STATIC_TRANSLATIONS:
1480 publishStaticTranslations,1482 publishStaticTranslations,
1481 PackageUploadCustomFormat.META_DATA: publishMetaData,1483 PackageUploadCustomFormat.META_DATA: publishMetaData,
1482 PackageUploadCustomFormat.UEFI: publishUefi,1484 PackageUploadCustomFormat.SIGNING: publishSigning,
1483 }1485 }
14841486
1485 # publisher_dispatch must have an entry for each value of1487 # publisher_dispatch must have an entry for each value of
14861488
=== modified file 'lib/lp/soyuz/scripts/custom_uploads_copier.py'
--- lib/lp/soyuz/scripts/custom_uploads_copier.py 2013-10-10 18:47:16 +0000
+++ lib/lp/soyuz/scripts/custom_uploads_copier.py 2016-05-11 15:32:04 +0000
@@ -1,4 +1,4 @@
1# Copyright 2011-2013 Canonical Ltd. This software is licensed under the1# Copyright 2011-2016 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).2# GNU Affero General Public License version 3 (see the file LICENSE).
33
4"""Copy latest custom uploads into a distribution release series.4"""Copy latest custom uploads into a distribution release series.
@@ -18,7 +18,7 @@
18from lp.archivepublisher.debian_installer import DebianInstallerUpload18from lp.archivepublisher.debian_installer import DebianInstallerUpload
19from lp.archivepublisher.dist_upgrader import DistUpgraderUpload19from lp.archivepublisher.dist_upgrader import DistUpgraderUpload
20from lp.archivepublisher.rosetta_translations import RosettaTranslationsUpload20from lp.archivepublisher.rosetta_translations import RosettaTranslationsUpload
21from lp.archivepublisher.uefi import UefiUpload21from lp.archivepublisher.signing import SigningUpload
22from lp.registry.interfaces.pocket import PackagePublishingPocket22from lp.registry.interfaces.pocket import PackagePublishingPocket
23from lp.services.database.bulk import load_referencing23from lp.services.database.bulk import load_referencing
24from lp.soyuz.enums import PackageUploadCustomFormat24from lp.soyuz.enums import PackageUploadCustomFormat
@@ -40,7 +40,7 @@
40 PackageUploadCustomFormat.DDTP_TARBALL: DdtpTarballUpload,40 PackageUploadCustomFormat.DDTP_TARBALL: DdtpTarballUpload,
41 PackageUploadCustomFormat.ROSETTA_TRANSLATIONS:41 PackageUploadCustomFormat.ROSETTA_TRANSLATIONS:
42 RosettaTranslationsUpload,42 RosettaTranslationsUpload,
43 PackageUploadCustomFormat.UEFI: UefiUpload,43 PackageUploadCustomFormat.SIGNING: SigningUpload,
44 }44 }
4545
46 def __init__(self, target_series,46 def __init__(self, target_series,
@@ -61,8 +61,9 @@
61 if (custom.packageupload.archive.is_ppa or61 if (custom.packageupload.archive.is_ppa or
62 custom.packageupload.archive == source_archive):62 custom.packageupload.archive == source_archive):
63 return True63 return True
64 # UEFI uploads are signed, and must therefore be approved by a human.64 # Signing uploads will be signed, and must therefore be approved
65 if custom.customformat == PackageUploadCustomFormat.UEFI:65 # by a human.
66 if custom.customformat == PackageUploadCustomFormat.SIGNING:
66 return False67 return False
67 return True68 return True
6869
6970
=== modified file 'lib/lp/soyuz/scripts/tests/test_custom_uploads_copier.py'
--- lib/lp/soyuz/scripts/tests/test_custom_uploads_copier.py 2013-10-10 18:47:16 +0000
+++ lib/lp/soyuz/scripts/tests/test_custom_uploads_copier.py 2016-05-11 15:32:04 +0000
@@ -1,4 +1,4 @@
1# Copyright 2011-2013 Canonical Ltd. This software is licensed under the1# Copyright 2011-2016 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).2# GNU Affero General Public License version 3 (see the file LICENSE).
33
4"""Test copying of custom package uploads for a new `DistroSeries`."""4"""Test copying of custom package uploads for a new `DistroSeries`."""
@@ -408,36 +408,36 @@
408 copied_pu = copier.copyUpload(original_upload).packageupload408 copied_pu = copier.copyUpload(original_upload).packageupload
409 self.assertEqual(PackageUploadStatus.ACCEPTED, copied_pu.status)409 self.assertEqual(PackageUploadStatus.ACCEPTED, copied_pu.status)
410410
411 def test_copyUpload_unapproves_uefi_from_different_archive(self):411 def test_copyUpload_unapproves_signing_from_different_archive(self):
412 # Copies of UEFI custom uploads to a primary archive are set to412 # Copies of UEFI custom uploads to a primary archive are set to
413 # UNAPPROVED, since they will normally end up being signed.413 # UNAPPROVED, since they will normally end up being signed.
414 target_series = self.factory.makeDistroSeries()414 target_series = self.factory.makeDistroSeries()
415 archive = self.factory.makeArchive(415 archive = self.factory.makeArchive(
416 distribution=target_series.distribution)416 distribution=target_series.distribution)
417 original_upload = self.makeUpload(417 original_upload = self.makeUpload(
418 archive=archive, custom_type=PackageUploadCustomFormat.UEFI)418 archive=archive, custom_type=PackageUploadCustomFormat.SIGNING)
419 copier = CustomUploadsCopier(419 copier = CustomUploadsCopier(
420 target_series, target_archive=target_series.main_archive)420 target_series, target_archive=target_series.main_archive)
421 copied_pu = copier.copyUpload(original_upload).packageupload421 copied_pu = copier.copyUpload(original_upload).packageupload
422 self.assertEqual(PackageUploadStatus.UNAPPROVED, copied_pu.status)422 self.assertEqual(PackageUploadStatus.UNAPPROVED, copied_pu.status)
423423
424 def test_copyUpload_approves_uefi_from_same_archive(self):424 def test_copyUpload_approves_signing_from_same_archive(self):
425 # Copies of UEFI custom uploads within the same archive are425 # Copies of UEFI custom uploads within the same archive are
426 # automatically accepted, since they have already been signed.426 # automatically accepted, since they have already been signed.
427 original_upload = self.makeUpload(427 original_upload = self.makeUpload(
428 custom_type=PackageUploadCustomFormat.UEFI)428 custom_type=PackageUploadCustomFormat.SIGNING)
429 target_series = self.factory.makeDistroSeries()429 target_series = self.factory.makeDistroSeries()
430 copier = CustomUploadsCopier(target_series)430 copier = CustomUploadsCopier(target_series)
431 copied_pu = copier.copyUpload(original_upload).packageupload431 copied_pu = copier.copyUpload(original_upload).packageupload
432 self.assertEqual(PackageUploadStatus.ACCEPTED, copied_pu.status)432 self.assertEqual(PackageUploadStatus.ACCEPTED, copied_pu.status)
433433
434 def test_copyUpload_approves_uefi_to_ppa(self):434 def test_copyUpload_approves_signing_to_ppa(self):
435 # Copies of UEFI custom uploads to a PPA are automatically accepted,435 # Copies of UEFI custom uploads to a PPA are automatically accepted,
436 # since PPAs have much more limited upload permissions than the main436 # since PPAs have much more limited upload permissions than the main
437 # archive, and in any case PPAs do not have an upload approval437 # archive, and in any case PPAs do not have an upload approval
438 # workflow.438 # workflow.
439 original_upload = self.makeUpload(439 original_upload = self.makeUpload(
440 custom_type=PackageUploadCustomFormat.UEFI)440 custom_type=PackageUploadCustomFormat.SIGNING)
441 target_series = self.factory.makeDistroSeries()441 target_series = self.factory.makeDistroSeries()
442 target_archive = self.factory.makeArchive(442 target_archive = self.factory.makeArchive(
443 distribution=target_series.distribution)443 distribution=target_series.distribution)