bodhi/mail.py | 3 -
bodhi/masher.py | 54 +++++++++++++++++++++---
bodhi/model.py | 14 +++---
bodhi/tests/test_controllers.py | 90 ++++++++++++++++++++++++++++++++++++----
4 files changed, 138 insertions(+), 23 deletions(-)
New commits:
commit 10f0d4ecea3e2cfb2ee14df526b61e3807aed4ca
Author: Luke Macken <lmacken(a)redhat.com>
Date: Thu Sep 16 17:11:20 2010 -0400
Add a 'safe_to_resume' sanity check when resuming updates pushes
diff --git a/bodhi/masher.py b/bodhi/masher.py
index 6743a18..2fbde75 100644
--- a/bodhi/masher.py
+++ b/bodhi/masher.py
@@ -361,6 +361,34 @@ class MashTask(Thread):
del pending_nvrs, testing_nvrs, stable_nvrs
return self.safe
+ def safe_to_resume(self):
+ """
+ Check for bodhi/koji inconsistencies, and make sure it is safe to
+ perform actions against this set of updates
+ """
+ testing_nvrs = {}
+ stable_nvrs = {}
+ log.debug("Making sure builds are safe to resume")
+
+ # For each release, populate the lists of pending/testing/stable builds
+ for update in self.updates:
+ if not testing_nvrs.has_key(update.release.name):
+ testing_nvrs[update.release.name] = [build['nvr'] for build in
+ self.koji.listTagged(update.release.testing_tag)]
+ stable_nvrs[update.release.name] = [build['nvr'] for build in
+ self.koji.listTagged(update.release.stable_tag)]
+
+ for update in self.updates:
+ for build in update.builds:
+ if update.request == 'testing':
+ if build.nvr not in testing_nvrs[update.release.name]:
+ self.error_log("%s not tagged as testing" % build.nvr)
+ elif update.request == 'stable':
+ if build.nvr not in stable_nvrs[update.release.name]:
+ self.error_log("%s not tagged as stable" % build.nvr)
+
+ return self.safe
+
def _find_repos(self):
"""
Based on our updates, build a list of repositories that we need to
@@ -610,15 +638,23 @@ class MashTask(Thread):
"""
self.success = True
try:
- if not self.resume and not self.safe_to_move():
- log.error("safe_to_move failed! -- aborting")
- self._unlock()
- masher.done(self)
- return
+ if self.resume:
+ if not self.safe_to_resume():
+ log.error("safe_to_resume failed! -- aborting")
+ self._unlock()
+ masher.done(self)
+ return
else:
- log.debug("Builds look OK to me")
+ if not self.safe_to_move():
+ log.error("safe_to_move failed! -- aborting")
+ self._unlock()
+ masher.done(self)
+ return
+
+ log.debug("Builds look OK to me")
# Update all bug titles for security updates
+ log.info('Updating bug titles for security updates')
for update in self.updates:
if update.type == 'security':
for bug in update.bugs:
commit 5a485ec5ee273144535eea68d5a839844ce541da
Author: Luke Macken <lmacken(a)redhat.com>
Date: Thu Sep 16 16:53:40 2010 -0400
Update all bugzilla titles for security updates before pushing.
The security team puts a lot of effort into polishing up security bugs &
updates to make sure they have the appropriate data. A lot of security bugs
are altered after submission to bodhi (for example, to add the CVE to the title).
diff --git a/bodhi/masher.py b/bodhi/masher.py
index 59f4033..6743a18 100644
--- a/bodhi/masher.py
+++ b/bodhi/masher.py
@@ -618,6 +618,12 @@ class MashTask(Thread):
else:
log.debug("Builds look OK to me")
+ # Update all bug titles for security updates
+ for update in self.updates:
+ if update.type == 'security':
+ for bug in update.bugs:
+ bug.fetch_details()
+
# Move koji build tags
if not self.resume and len(self.updates):
self.move_builds()
commit 5aa810d1939c5ed9af321811ba96b2cae0199de6
Author: Luke Macken <lmacken(a)redhat.com>
Date: Thu Sep 16 16:28:53 2010 -0400
Add a new unit test to make sure a batch of builds can't obsolete an update that
only has a single build
diff --git a/bodhi/tests/test_controllers.py b/bodhi/tests/test_controllers.py
index 6f9d6ba..5d2276e 100644
--- a/bodhi/tests/test_controllers.py
+++ b/bodhi/tests/test_controllers.py
@@ -2546,3 +2546,47 @@ class TestControllers(testutil.DBTest):
method='POST', headers=session)
update = PackageUpdate.byTitle(params['builds'])
assert update.request == 'stable'
+
+ def test_obsoleting_different_batches_of_updates(self):
+ """
+ Make sure a batch of builds can't obsolete an update that only has a
+ single build
+ """
+ session = login()
+ create_release()
+ params = {
+ 'builds' : 'nethack-2.6.31-1.fc7',
+ 'release' : 'Fedora 7',
+ 'type_' : 'bugfix',
+ 'bugs' : '',
+ 'notes' : '',
+ 'autokarma': True,
+ 'stable_karma' : 3,
+ 'request': 'stable',
+ 'unstable_karma' : -3,
+ }
+
+ self.save_update(params, session)
+ update = PackageUpdate.byTitle(params['builds'])
+ assert update.request != 'stable', update.request
+ update.status = 'testing'
+ update.pushed = True
+ update.request = None
+ update.pushed = True
+
+ new_params = {
+ 'builds' :
'kernel-2.6.40-1.fc7,nethack-2.6.32-1.fc7,TurboGears-1.2.0-1.fc7',
+ 'release' : 'Fedora 7',
+ 'type_' : 'bugfix',
+ 'bugs' : '',
+ 'notes' : '',
+ 'autokarma': True,
+ 'stable_karma' : 3,
+ 'request': 'stable',
+ 'unstable_karma' : -3,
+ }
+ self.save_update(new_params, session)
+
+ # Make sure it doesn't obsolete the older one
+ assert PackageUpdate.byTitle(new_params['builds']).status ==
'pending'
+ assert PackageUpdate.byTitle(params['builds']).status ==
'testing'
commit aaf104e1c2c6fe1b7bd5cf54fc713471f47d176a
Author: Luke Macken <lmacken(a)redhat.com>
Date: Thu Sep 16 16:07:09 2010 -0400
Get the rest of our test suite working again
diff --git a/bodhi/tests/test_controllers.py b/bodhi/tests/test_controllers.py
index 4dc42cb..6f9d6ba 100644
--- a/bodhi/tests/test_controllers.py
+++ b/bodhi/tests/test_controllers.py
@@ -691,7 +691,7 @@ class TestControllers(testutil.DBTest):
testutil.create_request('/updates/request/stable/%s' %
params['builds'],
method='POST', headers=session)
update = PackageUpdate.byTitle(params['builds'])
- assert update.request == 'stable'
+ assert update.request == 'testing'
def test_unauthorized_request(self):
session = login()
@@ -1001,7 +1001,7 @@ class TestControllers(testutil.DBTest):
}
self.save_update(params, session)
update = PackageUpdate.byTitle(params['builds'])
- assert update.request == 'stable'
+ assert update.request == 'testing'
params = {
'builds' : 'nethack-2.10-3.20070831cvs.fc7',
'release' : 'Fedora 7',
@@ -1224,7 +1224,7 @@ class TestControllers(testutil.DBTest):
self.save_update(params, session)
assert PackageUpdate.select().count() == 1
- assert PackageUpdate.select()[0].request == 'stable'
+ assert PackageUpdate.select()[0].request == 'testing'
testutil.create_request('/updates/admin/push', headers=session)
# Make sure security updates do not slip in unapproved
@@ -1244,7 +1244,7 @@ class TestControllers(testutil.DBTest):
#testutil.print_log()
assert '1 pending request' in cherrypy.response.body[0],
cherrypy.response.body[0]
- # Revoke the stable request from the update
+ # Revoke the testingrequest from the update
testutil.create_request('/updates/revoke/%s' % params['builds'],
headers=session)
@@ -1284,15 +1284,15 @@ class TestControllers(testutil.DBTest):
params['builds'], method='POST',
headers=session)
update = PackageUpdate.byTitle(params['builds'])
- assert update.request == 'stable'
- assert len(update.comments) == 2
- assert update.get_comments()[-1].text == 'This update has been submitted for
stable by guest. '
+ assert update.request == 'testing'
+ assert len(update.comments) == 1
+ assert update.get_comments()[-1].text == 'This update has been submitted for
testing by guest. '
testutil.create_request('/updates/request/obsolete/%s' %
params['builds'], method='POST',
headers=session)
update = PackageUpdate.byTitle(params['builds'])
print update
- assert len(update.comments) == 3
+ assert len(update.comments) == 2
assert update.get_comments()[-1].text == 'This update has been
obsoleted'
assert update.get_comments()[-1].author == 'bodhi'
@@ -2356,7 +2356,7 @@ class TestControllers(testutil.DBTest):
}
self.save_update(params, session)
update = PackageUpdate.byTitle(params['builds'])
- assert update.request == 'stable', update.request
+ assert update.request == 'testing', update.request
def test_duplicate_packages_for_same_release(self):
"""
commit bd757b4997bcff99a8028a49efdf3b4a65f470fc
Author: Luke Macken <lmacken(a)redhat.com>
Date: Thu Sep 16 16:06:41 2010 -0400
Add a test_security_approval_to_stable unit test.
This ensures that security updates that try to go to stable hit testing first.
diff --git a/bodhi/tests/test_controllers.py b/bodhi/tests/test_controllers.py
index e29b15a..4dc42cb 100644
--- a/bodhi/tests/test_controllers.py
+++ b/bodhi/tests/test_controllers.py
@@ -1053,6 +1053,34 @@ class TestControllers(testutil.DBTest):
assert update.approved
assert update.request == 'testing'
+ def test_security_approval_to_stable(self):
+ """
+ Make sure we disallow pushing directly to stable after security approval
+ """
+ session = login(group='security_respons')
+ create_release()
+ params = {
+ 'builds' : 'TurboGears-2.6.23.1-21.fc7',
+ 'release' : 'Fedora 7',
+ 'type_' : 'security',
+ 'bugs' : '',
+ 'notes' : 'foobar',
+ 'request' : 'stable',
+ 'autokarma': False,
+ }
+ #testutil.capture_log(['bodhi.model', 'bodhi.controllers',
'bodhi.admin', 'bodhi.masher', 'bodhi.util'])
+ self.save_update(params, session)
+ update = PackageUpdate.byTitle(params['builds'])
+ #assert False, testutil.get_log()
+ assert update.request == 'testing', update.request
+ assert not update.approved
+
+ url = '/updates/approve?update=' + params['builds']
+ testutil.create_request(url, headers=session, method='POST')
+ update = PackageUpdate.byTitle(params['builds'])
+ assert update.approved
+ assert update.request == 'testing', update.request
+
def test_cached_acls(self):
"""
Make sure that the list of committers for this package is getting
commit bc17e0e5f67aa44bd1166db5b8d607f471b74bdb
Author: Luke Macken <lmacken(a)redhat.com>
Date: Thu Sep 16 16:06:15 2010 -0400
Update our karma update requirement check to make sure autokarma is enabled
diff --git a/bodhi/model.py b/bodhi/model.py
index ebd6b4a..af8c138 100644
--- a/bodhi/model.py
+++ b/bodhi/model.py
@@ -467,7 +467,8 @@ class PackageUpdate(SQLObject):
flash_notes = ''
if action == 'stable' and not self.critpath:
# Check if we've met the karma requirements
- if self.karma >= self.stable_karma or self.critpath_approved:
+ if (self.stable_karma != 0 and self.karma >= self.stable_karma) or \
+ self.critpath_approved:
pass
else:
# If we haven't met the stable karma requirements, check if it has
met
commit 81cd8f3bbf7826ba8e2306434952b63a840762ee
Author: Luke Macken <lmacken(a)redhat.com>
Date: Thu Sep 16 16:05:56 2010 -0400
Disable the need for security update approval for updates to hit testing
diff --git a/bodhi/model.py b/bodhi/model.py
index 580a453..ebd6b4a 100644
--- a/bodhi/model.py
+++ b/bodhi/model.py
@@ -404,11 +404,12 @@ class PackageUpdate(SQLObject):
self.obsolete()
flash_log("%s has been obsoleted" % self.title)
return
- elif self.type == 'security' and not self.approved:
- flash_log("%s is awaiting approval of the Security Team" %
- self.title)
- self.request = action
- return
+ #elif self.type == 'security' and not self.approved:
+ # flash_log("%s is awaiting approval of the Security Team" %
+ # self.title)
+ # # FIXME: Disallow direct to stable pushes of stable
+ # self.request = action
+ # return
elif action == 'stable' and pathcheck:
# Make sure we don't break update paths by trying to push out
# an update that is older than than the latest.
commit 650c85b818289a9892e950055efb840fb4b1270a
Author: Luke Macken <lmacken(a)redhat.com>
Date: Thu Sep 16 14:18:59 2010 -0400
Stop butchering the update notes in our announcement mails (#426)
diff --git a/bodhi/mail.py b/bodhi/mail.py
index 2016691..f387b58 100644
--- a/bodhi/mail.py
+++ b/bodhi/mail.py
@@ -355,8 +355,7 @@ def get_template(update,
use_template='fedora_errata_template'):
info['product'] = update.release.long_name
info['notes'] = ""
if update.notes and len(update.notes):
- info['notes'] = u"Update Information:\n\n%s\n" % \
- '\n'.join(wrap(update.notes, width=80))
+ info['notes'] = u"Update Information:\n\n%s\n" %
update.notes
info['notes'] += line
# Add this updates referenced Bugzillas and CVEs