Lp never forgets a tarfile. A new orig file was not uploaded. Instead, Lp accepted the tarfile because its hash is identical to the one previously uploaded. Anything tarfile that claims to have the same name, btu a different hash will be rejected because it could be a man in the middle attack. When release-juju-create-source-packages-daily creates juju-core_2.0-beta6.orig.tar.gz, the next version (juju-core_2.0-beta7.orig.tar.gz) we will never be able to release 2.0-beta7.
I think a single rule in build_source() will suffice to avoid this problem. Before we create the SourceFile, we get the version from the tarfile. We can rename the tarfile. Maybe we can change these lines
tarfile_name = os.path.basename(tarfile_path)
version = tarfile_name.split('_')[-1].replace('.tar.gz', '')
^ I typed that really fast. It probably has errors. Maybe we want the orig to have the date and build id too. Maybe this should be extracted to a helper function that is easy to test.
tarfile_name = os.path.basename(tarfile_path)
version = tarfile_name.split('_')[-1].replace('.tar.gz', '')
if revid: tarfile_path = rename_daily_tarfile(tarfile_path, version, revid)
Your change looks good, but I believe something is incomplete. Looking at juju-ci. vapour. ws:8080/ job/release- juju-create- source- packages- daily/ core_2. 0-beta6. orig.tar. gz
http://
I see a orig.tar.gz that is identical to what we have uploaded before:
juju-
The orig.tar.gz name is identical to the official package we released at juju-ci. vapour. ws:8080/ job/release- juju-create- source- packages/
http://
Lp never forgets a tarfile. A new orig file was not uploaded. Instead, Lp accepted the tarfile because its hash is identical to the one previously uploaded. Anything tarfile that claims to have the same name, btu a different hash will be rejected because it could be a man in the middle attack. When release- juju-create- source- packages- daily creates juju-core_ 2.0-beta6. orig.tar. gz, the next version (juju-core_ 2.0-beta7. orig.tar. gz) we will never be able to release 2.0-beta7.
I think a single rule in build_source() will suffice to avoid this problem. Before we create the SourceFile, we get the version from the tarfile. We can rename the tarfile. Maybe we can change these lines
tarfile_name = os.path. basename( tarfile_ path) name.split( '_')[-1] .replace( '.tar.gz' , '')
version = tarfile_
to something like:
tarfile_name = os.path. basename( tarfile_ path) name.split( '_')[-1] .replace( '.tar.gz' , '')
daily_ version = {}~{}'. format( version, revid)
daily_ tarfile_ name = tarfile_ name.replace( version, daily_version) dirname( tarfile_ path)
daily_ tarfile_ path = os.path. join(tarfile_ dir, daily_tarfile_name)
os.rename( tarfile_ path, daily_tarfile_path)
tarfile_ path = daily_tarfile_path
version = tarfile_
if revid:
tarfile_dir = os.path.
^ I typed that really fast. It probably has errors. Maybe we want the orig to have the date and build id too. Maybe this should be extracted to a helper function that is easy to test.
tarfile_name = os.path. basename( tarfile_ path) name.split( '_')[-1] .replace( '.tar.gz' , '')
tarfile_ path = rename_ daily_tarfile( tarfile_ path, version, revid)
version = tarfile_
if revid: