This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-release.git
The following commit(s) were added to refs/heads/main by this push:
new d03095b Remove the old unused path checking code
d03095b is described below
commit d03095bc2a73357c7fa11cbdc3ce52ad1b9730d6
Author: Sean B. Palmer <[email protected]>
AuthorDate: Tue Apr 1 16:41:45 2025 +0100
Remove the old unused path checking code
---
atr/routes/draft.py | 92 -----------------------------------------------------
1 file changed, 92 deletions(-)
diff --git a/atr/routes/draft.py b/atr/routes/draft.py
index 19f015a..af37889 100644
--- a/atr/routes/draft.py
+++ b/atr/routes/draft.py
@@ -104,98 +104,6 @@ async def _number_of_release_files(release:
models.Release) -> int:
return len(await util.paths_recursive(path))
-def _path_warnings_errors(
- paths: set[pathlib.Path], path: pathlib.Path, ext_artifact: str | None,
ext_metadata: str | None
-) -> tuple[list[str], list[str]]:
- # NOTE: This is important institutional logic
- # TODO: We should probably move this to somewhere more important than a
routes module
- warnings = []
- errors = []
-
- # The Release Distribution Policy specifically allows README and CHANGES,
etc.
- # We assume that LICENSE and NOTICE are permitted also
- if path.name == "KEYS":
- errors.append("Please upload KEYS to ATR directly instead of using
rsync")
- elif any(part.startswith(".") for part in path.parts):
- # TODO: There is not a a policy for this
- # We should enquire as to whether such a policy should be instituted
- # We're forbidding dotfiles to catch accidental uploads of e.g. .git
or .htaccess
- # Such cases are likely to be in error, and could carry security risks
- errors.append("Dotfiles are forbidden")
-
- if ext_artifact:
- updated_warnings, updated_errors =
_path_warnings_errors_artifact(paths, path, ext_artifact)
- warnings.extend(updated_warnings)
- errors.extend(updated_errors)
-
- if ext_metadata:
- updated_warnings, updated_errors =
_path_warnings_errors_metadata(paths, path, ext_metadata)
- warnings.extend(updated_warnings)
- errors.extend(updated_errors)
-
- return warnings, errors
-
-
-def _path_warnings_errors_artifact(
- paths: set[pathlib.Path], path: pathlib.Path, ext_artifact: str
-) -> tuple[list[str], list[str]]:
- # We refer to the following authoritative policies:
- # - Release Creation Process (RCP)
- # - Release Distribution Policy (RDP)
-
- warnings: list[str] = []
- errors: list[str] = []
-
- # RDP says that .asc is required and one of .sha256 or .sha512
- if path.with_suffix(path.suffix + ".asc") not in paths:
- errors.append("Missing an .asc counterpart")
- no_sha256 = path.with_suffix(path.suffix + ".sha256") not in paths
- no_sha512 = path.with_suffix(path.suffix + ".sha512") not in paths
- if no_sha256 and no_sha512:
- errors.append("Missing a .sha256 or .sha512 counterpart")
-
- return warnings, errors
-
-
-def _path_warnings_errors_metadata(
- paths: set[pathlib.Path], path: pathlib.Path, ext_metadata: str
-) -> tuple[list[str], list[str]]:
- # We refer to the following authoritative policies:
- # - Release Creation Process (RCP)
- # - Release Distribution Policy (RDP)
-
- warnings: list[str] = []
- errors: list[str] = []
- suffixes = set(path.suffixes)
-
- if ".md5" in suffixes:
- # Forbidden by RCP, deprecated by RDP
- errors.append("The use of .md5 is forbidden, please use .sha512")
- if ".sha1" in suffixes:
- # Deprecated by RDP
- warnings.append("The use of .sha1 is deprecated, please use .sha512")
- if ".sha" in suffixes:
- # Discouraged by RDP
- warnings.append("The use of .sha is discouraged, please use .sha512")
- if ".sig" in suffixes:
- # Forbidden by RCP, forbidden by RDP
- errors.append("Binary signature files are forbidden, please use .asc")
-
- # "Signature and checksum files for verifying distributed artifacts should
- # not be provided, unless named as indicated above." (RDP)
- # Also .mds is allowed, but we'll ignore that for now
- # TODO: Is .mds supported in analysis.METADATA_SUFFIXES?
- if ext_metadata not in {".asc", ".sha256", ".sha512", ".md5", ".sha",
".sha1"}:
- warnings.append("The use of this metadata file is discouraged")
-
- # If a metadata file is present, it must have an artifact counterpart
- artifact_path = path.with_name(path.name.removesuffix(ext_metadata))
- if artifact_path not in paths:
- errors.append("Missing an artifact counterpart")
-
- return warnings, errors
-
-
@routes.committer("/draft/add", methods=["GET", "POST"])
async def add(session: routes.CommitterSession) -> response.Response | str:
"""Show a page to allow the user to rsync files to candidate drafts."""
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
