Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
喜羊羊3508
Dak
提交
6c92853a
D
Dak
项目概览
喜羊羊3508
/
Dak
11 个月 前同步成功
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
Dak
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
6c92853a
编写于
3月 11, 2007
作者:
A
Anthony Towns
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Make GPGKeyring a list of keyrings; drop PGPKeyring.
This allows for more than two keyrings to be used.
上级
bf7e1ddf
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
37 addition
and
24 deletion
+37
-24
config/debian-non-US/dak.conf
config/debian-non-US/dak.conf
+4
-2
config/debian-security/dak.conf
config/debian-security/dak.conf
+4
-2
config/debian/dak.conf
config/debian/dak.conf
+4
-2
dak/import_archive.py
dak/import_archive.py
+2
-2
dak/import_ldap_fingerprints.py
dak/import_ldap_fingerprints.py
+4
-6
daklib/utils.py
daklib/utils.py
+13
-6
docs/README.config
docs/README.config
+6
-4
未找到文件。
config/debian-non-US/dak.conf
浏览文件 @
6c92853a
Dinstall
Dinstall
{
{
PGPKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
GPGKeyring
{
GPGKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
};
SigningKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
SigningKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
SigningPubKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg"
;
SigningPubKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg"
;
SigningKeyIds
"1DB114E0"
;
SigningKeyIds
"1DB114E0"
;
...
...
config/debian-security/dak.conf
浏览文件 @
6c92853a
Dinstall
Dinstall
{
{
PGPKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
GPGKeyring
{
GPGKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
};
SigningKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
SigningKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
SigningPubKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg"
;
SigningPubKeyring
"/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg"
;
SigningKeyIds
"2D230C5F"
;
SigningKeyIds
"2D230C5F"
;
...
...
config/debian/dak.conf
浏览文件 @
6c92853a
Dinstall
Dinstall
{
{
PGPKeyring
"/srv/keyring.debian.org/keyrings/debian-keyring.pgp"
;
GPGKeyrings
{
GPGKeyring
"/srv/keyring.debian.org/keyrings/debian-keyring.gpg"
;
"/srv/keyring.debian.org/keyrings/debian-keyring.gpg"
;
"/srv/keyring.debian.org/keyrings/debian-keyring.pgp"
;
};
SigningKeyring
"/srv/ftp.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
SigningKeyring
"/srv/ftp.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
SigningPubKeyring
"/srv/ftp.debian.org/s3kr1t/dot-gnupg/pubring.gpg"
;
SigningPubKeyring
"/srv/ftp.debian.org/s3kr1t/dot-gnupg/pubring.gpg"
;
SigningKeyIds
"6070D3A1"
;
SigningKeyIds
"6070D3A1"
;
...
...
dak/import_archive.py
浏览文件 @
6c92853a
...
@@ -98,8 +98,8 @@ def check_signature (filename):
...
@@ -98,8 +98,8 @@ def check_signature (filename):
return
None
return
None
status_read
,
status_write
=
os
.
pipe
()
status_read
,
status_write
=
os
.
pipe
()
cmd
=
"gpgv --status-fd %s
--keyring %s --keyring
%s %s"
\
cmd
=
"gpgv --status-fd %s %s %s"
\
%
(
status_write
,
Cnf
[
"Dinstall::PGPKeyring"
],
Cnf
[
"Dinstall::GPGKeyring"
]
,
filename
)
%
(
status_write
,
daklib
.
utils
.
gpg_keyring_args
()
,
filename
)
(
output
,
status
,
exit_status
)
=
daklib
.
utils
.
gpgv_get_status_output
(
cmd
,
status_read
,
status_write
)
(
output
,
status
,
exit_status
)
=
daklib
.
utils
.
gpgv_get_status_output
(
cmd
,
status_read
,
status_write
)
# Process the status-fd output
# Process the status-fd output
...
...
dak/import_ldap_fingerprints.py
浏览文件 @
6c92853a
...
@@ -136,9 +136,8 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
...
@@ -136,9 +136,8 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
q
=
projectB
.
query
(
"SELECT fingerprint, id FROM fingerprint WHERE uid is null"
)
q
=
projectB
.
query
(
"SELECT fingerprint, id FROM fingerprint WHERE uid is null"
)
for
i
in
q
.
getresult
():
for
i
in
q
.
getresult
():
(
fingerprint
,
fingerprint_id
)
=
i
(
fingerprint
,
fingerprint_id
)
=
i
cmd
=
"gpg --no-default-keyring --keyring=%s --keyring=%s --fingerprint %s"
\
cmd
=
"gpg --no-default-keyring %s --fingerprint %s"
\
%
(
Cnf
[
"Dinstall::PGPKeyring"
],
Cnf
[
"Dinstall::GPGKeyring"
],
%
(
gpg_keyring_args
(),
fingerprint
)
fingerprint
)
(
result
,
output
)
=
commands
.
getstatusoutput
(
cmd
)
(
result
,
output
)
=
commands
.
getstatusoutput
(
cmd
)
if
result
==
0
:
if
result
==
0
:
m
=
re_gpg_fingerprint
.
search
(
output
)
m
=
re_gpg_fingerprint
.
search
(
output
)
...
@@ -156,9 +155,8 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
...
@@ -156,9 +155,8 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
extra_keyrings
=
""
extra_keyrings
=
""
for
keyring
in
Cnf
.
ValueList
(
"Import-LDAP-Fingerprints::ExtraKeyrings"
):
for
keyring
in
Cnf
.
ValueList
(
"Import-LDAP-Fingerprints::ExtraKeyrings"
):
extra_keyrings
+=
" --keyring=%s"
%
(
keyring
)
extra_keyrings
+=
" --keyring=%s"
%
(
keyring
)
cmd
=
"gpg --keyring=%s --keyring=%s %s --list-key %s"
\
cmd
=
"gpg %s %s --list-key %s"
\
%
(
Cnf
[
"Dinstall::PGPKeyring"
],
Cnf
[
"Dinstall::GPGKeyring"
],
%
(
gpg_keyring_args
(),
extra_keyrings
,
fingerprint
)
extra_keyrings
,
fingerprint
)
(
result
,
output
)
=
commands
.
getstatusoutput
(
cmd
)
(
result
,
output
)
=
commands
.
getstatusoutput
(
cmd
)
if
result
!=
0
:
if
result
!=
0
:
cmd
=
"gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s"
%
(
Cnf
[
"Import-LDAP-Fingerprints::KeyServer"
],
fingerprint
)
cmd
=
"gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s"
%
(
Cnf
[
"Import-LDAP-Fingerprints::KeyServer"
],
fingerprint
)
...
...
daklib/utils.py
浏览文件 @
6c92853a
...
@@ -904,7 +904,7 @@ on error."""
...
@@ -904,7 +904,7 @@ on error."""
if
not
keyserver
:
if
not
keyserver
:
keyserver
=
Cnf
[
"Dinstall::KeyServer"
]
keyserver
=
Cnf
[
"Dinstall::KeyServer"
]
if
not
keyring
:
if
not
keyring
:
keyring
=
Cnf
[
"Dinstall::GPGKeyring"
]
keyring
=
Cnf
.
ValueList
(
"Dinstall::GPGKeyring"
)[
0
]
# Ensure the filename contains no shell meta-characters or other badness
# Ensure the filename contains no shell meta-characters or other badness
if
not
re_taint_free
.
match
(
filename
):
if
not
re_taint_free
.
match
(
filename
):
...
@@ -939,6 +939,14 @@ on error."""
...
@@ -939,6 +939,14 @@ on error."""
################################################################################
################################################################################
def
gpg_keyring_args
(
keyrings
=
None
)
if
not
keyrings
:
keyrings
=
Cnf
.
ValueList
(
"Dinstall::GPGKeyring"
)
return
" "
.
join
([
"--keyring %s"
%
x
for
x
in
keyrings
])
################################################################################
def
check_signature
(
sig_filename
,
reject
,
data_filename
=
""
,
keyrings
=
None
,
autofetch
=
None
):
def
check_signature
(
sig_filename
,
reject
,
data_filename
=
""
,
keyrings
=
None
,
autofetch
=
None
):
"""Check the signature of a file and return the fingerprint if the
"""Check the signature of a file and return the fingerprint if the
signature is valid or 'None' if it's not. The first argument is the
signature is valid or 'None' if it's not. The first argument is the
...
@@ -963,7 +971,7 @@ used."""
...
@@ -963,7 +971,7 @@ used."""
return
None
return
None
if
not
keyrings
:
if
not
keyrings
:
keyrings
=
(
Cnf
[
"Dinstall::PGPKeyring"
],
Cnf
[
"Dinstall::GPGKeyring"
]
)
keyrings
=
Cnf
.
ValueList
(
"Dinstall::GPGKeyring"
)
# Autofetch the signing key if that's enabled
# Autofetch the signing key if that's enabled
if
autofetch
==
None
:
if
autofetch
==
None
:
...
@@ -976,10 +984,9 @@ used."""
...
@@ -976,10 +984,9 @@ used."""
# Build the command line
# Build the command line
status_read
,
status_write
=
os
.
pipe
();
status_read
,
status_write
=
os
.
pipe
();
cmd
=
"gpgv --status-fd %s"
%
(
status_write
)
cmd
=
"gpgv --status-fd %s %s %s %s"
%
(
for
keyring
in
keyrings
:
status_write
,
gpg_keyring_args
(
keyrings
),
sig_filename
,
data_filename
)
cmd
+=
" --keyring %s"
%
(
keyring
)
cmd
+=
" %s %s"
%
(
sig_filename
,
data_filename
)
# Invoke gpgv on the file
# Invoke gpgv on the file
(
output
,
status
,
exit_status
)
=
gpgv_get_status_output
(
cmd
,
status_read
,
status_write
)
(
output
,
status
,
exit_status
)
=
gpgv_get_status_output
(
cmd
,
status_read
,
status_write
)
...
...
docs/README.config
浏览文件 @
6c92853a
...
@@ -200,8 +200,10 @@ Mandatory. List of dinstall options, e.g.:
...
@@ -200,8 +200,10 @@ Mandatory. List of dinstall options, e.g.:
|
Dinstall
|
Dinstall
| {
| {
|
PGPKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
|
GPGKeyring
{
|
GPGKeyring
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
|
"/org/keyring.debian.org/keyrings/debian-keyring.gpg"
;
|
"/org/keyring.debian.org/keyrings/debian-keyring.pgp"
;
| };
|
SigningKeyring
"/org/ftp.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
|
SigningKeyring
"/org/ftp.debian.org/s3kr1t/dot-gnupg/secring.gpg"
;
|
SendmailCommand
"/usr/sbin/sendmail -odq -oi -t"
;
|
SendmailCommand
"/usr/sbin/sendmail -odq -oi -t"
;
|
MyEmailAddress
"Debian Installer <installer@ftp-master.debian.org>"
;
|
MyEmailAddress
"Debian Installer <installer@ftp-master.debian.org>"
;
...
@@ -222,8 +224,8 @@ Mandatory. List of dinstall options, e.g.:
...
@@ -222,8 +224,8 @@ Mandatory. List of dinstall options, e.g.:
| };
| };
| };
| };
PGPKeyring
and
GPGKeyring
(
required
):
filenames
of
the
PGP
and
GnuPG
GPGKeyring
(
required
):
filenames
of
the
PGP
and
GnuPG
keyrings
to
be
used
by
dak
respectively
.
keyrings
to
be
used
by
dak
.
SigningKeyring
(
optional
):
this
is
the
private
keyring
used
by
'
dak
SigningKeyring
(
optional
):
this
is
the
private
keyring
used
by
'
dak
generate
-
releases
'
.
generate
-
releases
'
.
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录