Ansgar · Ansgar · fb910f3b · fb910f3b · fb910f3b · fb910f3b
--- a/config/debian-security/dak.conf
+++ b/config/debian-security/dak.conf
@@ -176,6 +176,7 @@ Urgency
 };

 Include {
+  "/srv/security-master.debian.org/dak/config/debian/common.conf";
  "/srv/security-master.debian.org/dak/config/debian/external-signatures.conf";
 };


--- a/config/debian/common.conf
+++ b/config/debian/common.conf
+// DAK configuration common between main and security archives
+
+Dinstall::AllowSourceOnlyNewSources {
+  "linux";
+};
--- a/config/debian/dak.conf
+++ b/config/debian/dak.conf
@@ -298,6 +298,7 @@ Command::DM-Admin {
 };

 Include {
+  "/srv/ftp-master.debian.org/dak/config/debian/common.conf";
  "/srv/ftp-master.debian.org/dak/config/debian/external-signatures.conf";
 };


--- a/daklib/checks.py
+++ b/daklib/checks.py
@@ -821,6 +821,7 @@ class NoSourceOnlyCheck(Check):
        allow_source_only_uploads_without_package_list = Config().find_b('Dinstall::AllowSourceOnlyUploadsWithoutPackageList')
        allow_source_only_new = Config().find_b('Dinstall::AllowSourceOnlyNew')
        allow_source_only_new_keys = Config().value_list('Dinstall::AllowSourceOnlyNewKeys')
+        allow_source_only_new_sources = Config().value_list('Dinstall::AllowSourceOnlyNewSources')
        allow_no_arch_indep_uploads = Config().find_b('Dinstall::AllowNoArchIndepUploads', True)
        changes = upload.changes

@@ -829,7 +830,9 @@ class NoSourceOnlyCheck(Check):
        if not allow_source_only_uploads_without_package_list \
           and changes.source.package_list.fallback:
            raise Reject('Source-only uploads are only allowed if a Package-List field that also list architectures is included in the source package. dpkg (>= 1.17.7) includes this information.')
-        if not allow_source_only_new and changes.primary_fingerprint not in allow_source_only_new_keys and upload.new:
+        if not allow_source_only_new and upload.new \
+           and changes.primary_fingerprint not in allow_source_only_new_keys \
+           and changes.source_name not in allow_source_only_new_sources:
            raise Reject('Source-only uploads to NEW are not allowed.')

        if 'all' not in changes.architectures and changes.source.package_list.has_arch_indep_packages():