Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
喜羊羊3508
Dak
提交
6c92853a
D
Dak
项目概览
喜羊羊3508
/
Dak
11 个月 前同步成功
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
Dak
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
6c92853a
编写于
3月 11, 2007
作者:
A
Anthony Towns
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Make GPGKeyring a list of keyrings; drop PGPKeyring.
This allows for more than two keyrings to be used.
上级
bf7e1ddf
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
37 addition
and
24 deletion
+37
-24
config/debian-non-US/dak.conf
config/debian-non-US/dak.conf
+4
-2
config/debian-security/dak.conf
config/debian-security/dak.conf
+4
-2
config/debian/dak.conf
config/debian/dak.conf
+4
-2
dak/import_archive.py
dak/import_archive.py
+2
-2
dak/import_ldap_fingerprints.py
dak/import_ldap_fingerprints.py
+4
-6
daklib/utils.py
daklib/utils.py
+13
-6
docs/README.config
docs/README.config
+6
-4
未找到文件。
config/debian-non-US/dak.conf
浏览文件 @
6c92853a
Dinstall
{
PGPKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
GPGKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
GPGKeyring
{
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
};
SigningKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
SigningPubKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg"
;
SigningKeyIds
"1DB114E0"
;
...
...
config/debian-security/dak.conf
浏览文件 @
6c92853a
Dinstall
{
PGPKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
GPGKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
GPGKeyring
{
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
};
SigningKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
SigningPubKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg"
;
SigningKeyIds
"2D230C5F"
;
...
...
config/debian/dak.conf
浏览文件 @
6c92853a
Dinstall
{
PGPKeyring
"/srv/keyring.debian.org/keyrings/debian-keyring.pgp"
;
GPGKeyring
"/srv/keyring.debian.org/keyrings/debian-keyring.gpg"
;
GPGKeyrings
{
"/srv/keyring.debian.org/keyrings/debian-keyring.gpg"
;
"/srv/keyring.debian.org/keyrings/debian-keyring.pgp"
;
};
SigningKeyring
"/srv/ftp.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
SigningPubKeyring
"/srv/ftp.debian.org/s3kr1t/dot-gnupg/pubring.gpg"
;
SigningKeyIds
"6070D3A1"
;
...
...
dak/import_archive.py
浏览文件 @
6c92853a
...
...
@@ -98,8 +98,8 @@ def check_signature (filename):
return
None
status_read
,
status_write
=
os
.
pipe
()
cmd
=
"gpgv --status-fd %s
--keyring %s --keyring
%s %s"
\
%
(
status_write
,
Cnf
[
"Dinstall::PGPKeyring"
],
Cnf
[
"Dinstall::GPGKeyring"
]
,
filename
)
cmd
=
"gpgv --status-fd %s %s %s"
\
%
(
status_write
,
daklib
.
utils
.
gpg_keyring_args
()
,
filename
)
(
output
,
status
,
exit_status
)
=
daklib
.
utils
.
gpgv_get_status_output
(
cmd
,
status_read
,
status_write
)
# Process the status-fd output
...
...
dak/import_ldap_fingerprints.py
浏览文件 @
6c92853a
...
...
@@ -136,9 +136,8 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
q
=
projectB
.
query
(
"SELECT fingerprint, id FROM fingerprint WHERE uid is null"
)
for
i
in
q
.
getresult
():
(
fingerprint
,
fingerprint_id
)
=
i
cmd
=
"gpg --no-default-keyring --keyring=%s --keyring=%s --fingerprint %s"
\
%
(
Cnf
[
"Dinstall::PGPKeyring"
],
Cnf
[
"Dinstall::GPGKeyring"
],
fingerprint
)
cmd
=
"gpg --no-default-keyring %s --fingerprint %s"
\
%
(
gpg_keyring_args
(),
fingerprint
)
(
result
,
output
)
=
commands
.
getstatusoutput
(
cmd
)
if
result
==
0
:
m
=
re_gpg_fingerprint
.
search
(
output
)
...
...
@@ -156,9 +155,8 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
extra_keyrings
=
""
for
keyring
in
Cnf
.
ValueList
(
"Import-LDAP-Fingerprints::ExtraKeyrings"
):
extra_keyrings
+=
" --keyring=%s"
%
(
keyring
)
cmd
=
"gpg --keyring=%s --keyring=%s %s --list-key %s"
\
%
(
Cnf
[
"Dinstall::PGPKeyring"
],
Cnf
[
"Dinstall::GPGKeyring"
],
extra_keyrings
,
fingerprint
)
cmd
=
"gpg %s %s --list-key %s"
\
%
(
gpg_keyring_args
(),
extra_keyrings
,
fingerprint
)
(
result
,
output
)
=
commands
.
getstatusoutput
(
cmd
)
if
result
!=
0
:
cmd
=
"gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s"
%
(
Cnf
[
"Import-LDAP-Fingerprints::KeyServer"
],
fingerprint
)
...
...
daklib/utils.py
浏览文件 @
6c92853a
...
...
@@ -904,7 +904,7 @@ on error."""
if
not
keyserver
:
keyserver
=
Cnf
[
"Dinstall::KeyServer"
]
if
not
keyring
:
keyring
=
Cnf
[
"Dinstall::GPGKeyring"
]
keyring
=
Cnf
.
ValueList
(
"Dinstall::GPGKeyring"
)[
0
]
# Ensure the filename contains no shell meta-characters or other badness
if
not
re_taint_free
.
match
(
filename
):
...
...
@@ -939,6 +939,14 @@ on error."""
################################################################################
def
gpg_keyring_args
(
keyrings
=
None
)
if
not
keyrings
:
keyrings
=
Cnf
.
ValueList
(
"Dinstall::GPGKeyring"
)
return
" "
.
join
([
"--keyring %s"
%
x
for
x
in
keyrings
])
################################################################################
def
check_signature
(
sig_filename
,
reject
,
data_filename
=
""
,
keyrings
=
None
,
autofetch
=
None
):
"""Check the signature of a file and return the fingerprint if the
signature is valid or 'None' if it's not. The first argument is the
...
...
@@ -963,7 +971,7 @@ used."""
return
None
if
not
keyrings
:
keyrings
=
(
Cnf
[
"Dinstall::PGPKeyring"
],
Cnf
[
"Dinstall::GPGKeyring"
]
)
keyrings
=
Cnf
.
ValueList
(
"Dinstall::GPGKeyring"
)
# Autofetch the signing key if that's enabled
if
autofetch
==
None
:
...
...
@@ -976,10 +984,9 @@ used."""
# Build the command line
status_read
,
status_write
=
os
.
pipe
();
cmd
=
"gpgv --status-fd %s"
%
(
status_write
)
for
keyring
in
keyrings
:
cmd
+=
" --keyring %s"
%
(
keyring
)
cmd
+=
" %s %s"
%
(
sig_filename
,
data_filename
)
cmd
=
"gpgv --status-fd %s %s %s %s"
%
(
status_write
,
gpg_keyring_args
(
keyrings
),
sig_filename
,
data_filename
)
# Invoke gpgv on the file
(
output
,
status
,
exit_status
)
=
gpgv_get_status_output
(
cmd
,
status_read
,
status_write
)
...
...
docs/README.config
浏览文件 @
6c92853a
...
...
@@ -200,8 +200,10 @@ Mandatory. List of dinstall options, e.g.:
|
Dinstall
| {
|
PGPKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
|
GPGKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
|
GPGKeyring
{
|
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
|
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
| };
|
SigningKeyring
"/org/ftp.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
|
SendmailCommand
"/usr/sbin/sendmail -odq -oi -t"
;
|
MyEmailAddress
"Debian Installer <installer@ftp-master.debian.org>"
;
...
...
@@ -222,8 +224,8 @@ Mandatory. List of dinstall options, e.g.:
| };
| };
PGPKeyring
and
GPGKeyring
(
required
):
filenames
of
the
PGP
and
GnuPG
keyrings
to
be
used
by
dak
respectively
.
GPGKeyring
(
required
):
filenames
of
the
PGP
and
GnuPG
keyrings
to
be
used
by
dak
.
SigningKeyring
(
optional
):
this
is
the
private
keyring
used
by
'
dak
generate
-
releases
'
.
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录