check keyring uids for uploader address before adding presumed sponsor to recipient

df2a04bb · Thomas Viehmann · b295c903 · df2a04bb · df2a04bb · df2a04bb
隐藏空白更改
内联并排

Showing with 32 addition and 4 deletion

ChangeLog ChangeLog +7 -3

dak/process_unchecked.py dak/process_unchecked.py +4 -1

daklib/utils.py daklib/utils.py +21 -0

未找到文件。
--- a/ChangeLog
+++ b/ChangeLog
-2008-04-23  Thomas Viehmann  <tviehmann@ries.debian.org>
+2008-04-23  Thomas Viehmann  <tviehmann@debian.org>

 	* dak/process_unchecked.py: add changes["sponsoremail"]
 	  for sponsored uploads if desired
+	* daklib/queue.py: add changes["sponsoremail"] to
+	  Subst["__MAINTAINER_TO__"] if present
 	* daklib/utils.py: add functions
-	  is_email_alias to check which accounts allow email forwarding and
-	  which_alias_file to find the alias file
+	  is_email_alias to check which accounts allow email forwarding,
+	  which_alias_file to find the alias file, and
+	  gpg_get_key_addresses to find uid addresses for a given
+	    fingerprint

 2008-04-22  Joerg Jaspert  <joerg@debian.org>


--- a/dak/process_unchecked.py
+++ b/dak/process_unchecked.py
@@ -1073,7 +1073,10 @@ def check_signed_by_key():
    else:
        sponsored = 1
        if daklib.utils.is_email_alias(uid_email):
-            changes["sponsoremail"] = uid_email
+            sponsor_addresses = daklib.utils.gpg_get_key_addresses(changes["fingerprint"])
+            if (changes["maintaineremail"] not in sponsor_addresses and
+                changes["changedbyemail"] not in sponsor_addresses):
+                changes["sponsoremail"] = uid_email

    if sponsored and not may_sponsor: 
        reject("%s is not authorised to sponsor uploads" % (uid))

--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -41,6 +41,7 @@ re_multi_line_field = re.compile(r"^\s(.*)")
 re_taint_free = re.compile(r"^[-+~/\.\w]+$")

 re_parse_maintainer = re.compile(r"^\s*(\S.*\S)\s*\<([^\>]+)\>")
+re_gpg_uid = re.compile('^uid.*<([^>]*)>')

 re_srchasver = re.compile(r"^(\S+)\s+\((\S+)\)$")
 re_verwithext = re.compile(r"^(\d+)(?:\.(\d+))(?:\s+\((\S+)\))?$")
@@ -60,6 +61,7 @@ default_config = "/etc/dak/dak.conf"
 default_apt_config = "/etc/dak/apt.conf"

 alias_cache = None
+key_uid_email_cache = {}

 ################################################################################

@@ -1091,6 +1093,25 @@ used."""

 ################################################################################

+def gpg_get_key_addresses(fingerprint):
+  """retreive email addresses from gpg key uids for a given fingerprint"""
+  addresses = key_uid_email_cache.get(fingerprint)
+  if addresses != None:
+      return addresses
+  addresses = set()
+  cmd = "gpg --no-default-keyring %s --fingerprint %s" \
+              % (gpg_keyring_args(), fingerprint)
+  (result, output) = commands.getstatusoutput(cmd)
+  if result == 0:
+    for l in output.split('\n'):
+      m = re_gpg_uid.match(l)
+      if m:
+        addresses.add(m.group(1))
+  key_uid_email_cache[fingerprint] = addresses
+  return addresses
+
+################################################################################
+
 # Inspired(tm) by http://www.zopelabs.com/cookbook/1022242603

 def wrap(paragraph, max_length, prefix=""):