3 # Imports a keyring into the database
4 # Copyright (C) 2007 Anthony Towns <aj@erisian.com.au>
6 # This program is free software; you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 2 of the License, or
9 # (at your option) any later version.
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 ################################################################################
22 import daklib.database, daklib.logging
24 import sys, os, email.Utils, re
32 ################################################################################
34 # These could possibly be daklib.db functions, and reused by
35 # import-ldap-fingerprints
40 q = projectB.query("SELECT id, uid, name FROM uid")
41 for (id, uid, name) in q.getresult():
42 byname[uid] = (id, name)
43 byid[id] = (uid, name)
46 def get_fingerprint_info():
48 q = projectB.query("SELECT f.fingerprint, f.id, f.uid, f.keyring FROM fingerprint f")
49 for (fingerprint, fingerprint_id, uid, keyring) in q.getresult():
50 fins[fingerprint] = (uid, fingerprint_id, keyring)
53 ################################################################################
56 gpg_invocation = "gpg --no-default-keyring --keyring %s" +\
57 " --with-colons --fingerprint --fingerprint"
60 def de_escape_str(self, str):
61 esclist = re.split(r'(\\x..)', str)
62 for x in range(1,len(esclist),2):
63 esclist[x] = "%c" % (int(esclist[x][2:],16))
64 return "".join(esclist)
66 def __init__(self, keyring):
67 k = os.popen(self.gpg_invocation % keyring, "r")
71 for line in k.xreadlines():
72 field = line.split(":")
75 (name, addr) = email.Utils.parseaddr(field[9])
76 name = re.sub(r"\s*[(].*[)]", "", name)
77 if name == "" or addr == "" or "@" not in addr:
80 name = self.de_escape_str(name)
81 keys[key] = {"email": addr}
82 if name != "": keys[key]["name"] = name
83 keys[key]["aliases"] = [name]
84 keys[key]["fingerprints"] = []
86 elif key and field[0] == "sub" and len(field) >= 12:
87 signingkey = ("s" in field[11])
88 elif key and field[0] == "uid":
89 (name, addr) = email.Utils.parseaddr(field[9])
90 if name and name not in keys[key]["aliases"]:
91 keys[key]["aliases"].append(name)
92 elif signingkey and field[0] == "fpr":
93 keys[key]["fingerprints"].append(field[9])
95 def desired_users(self, format="%s"):
96 if not Options["Generate-Users"]:
103 for x in keys.keys():
104 if keys[x]["email"] == "invalid-uid":
107 uid = format % keys[x]["email"]
108 id = daklib.database.get_or_set_uid_id(uid)
109 byuid[id] = (uid, keys[x]["name"])
110 byname[uid] = (id, keys[x]["name"])
112 uid = format % "invalid-uid"
113 id = daklib.database.get_or_set_uid_id(uid)
114 byuid[id] = (uid, "ungeneratable user id")
115 byname[uid] = (id, "ungeneratable user id")
116 return (byname, byuid)
118 ################################################################################
120 def usage (exit_code=0):
121 print """Usage: dak import-keyring [OPTION]... [KEYRING]
122 -h, --help show this help and exit.
123 -U, --generate-users FMT generate uid entries from keyring as FMT"""
127 ################################################################################
130 global Cnf, projectB, Options
132 Cnf = daklib.utils.get_conf()
133 Arguments = [('h',"help","Import-Keyring::Options::Help"),
134 ('U',"generate-users","Import-Keyring::Options::Generate-Users", "HasArg"),
137 for i in [ "help", "report-changes", "generate-users" ]:
138 if not Cnf.has_key("Import-Keyring::Options::%s" % (i)):
139 Cnf["Import-Keyring::Options::%s" % (i)] = ""
141 keyring_names = apt_pkg.ParseCommandLine(Cnf, Arguments, sys.argv)
143 Options = Cnf.SubTree("Import-Keyring::Options")
148 if Options["Generate-Users"]:
149 uid_format = Options["Generate-Users"]
151 changes = [] # (uid, changes strings)
153 projectB = pg.connect(Cnf["DB::Name"], Cnf["DB::Host"], int(Cnf["DB::Port"]))
154 daklib.database.init(Cnf, projectB)
156 projectB.query("BEGIN WORK")
158 if len(keyring_names) != 1:
162 keyringname = keyring_names[0]
163 keyring = Keyring(keyringname)
165 keyring_id = daklib.database.get_or_set_keyring_id(
166 keyringname.split("/")[-1])
168 # If we're generating uids, make sure we have entries in the uid
169 # table for every uid
170 (desuid_byname, desuid_byid) = keyring.desired_users(uid_format)
172 # Cache all the existing fingerprint and uid entries
173 db_fin_info = get_fingerprint_info()
174 (db_uid_byname, db_uid_byid) = get_uid_info()
176 # Update full names of uids
178 for id in desuid_byid.keys():
179 uid = (id, desuid_byid[id][0])
180 name = desuid_byid[id][1]
181 oname = db_uid_byid[id][1]
182 if name and oname != name:
183 changes.append((uid[1], "Full name: %s\n" % (name)))
184 projectB.query("UPDATE uid SET name = '%s' WHERE id = %s" %
185 (pg.escape_string(name), id))
187 # Work out what the fingerprint table should look like for the keys
190 for z in keyring.keys.keys():
191 id = db_uid_byname.get(uid_format % keyring.keys[z]["email"], [None])[0]
193 id = db_fin_info.get(keyring.keys[z]["fingerprints"][0], [None])[0]
194 for y in keyring.keys[z]["fingerprints"]:
195 fpr[y] = (id,keyring_id)
197 # For any keys that used to be in this keyring, disassociate them.
198 # We don't change the uid, leaving that to for historical info; if
199 # the id should change, it'll be set when importing another keyring
200 # or importing ldap fingerprints.
202 for f,(u,fid,kr) in db_fin_info.iteritems():
203 if kr != keyring_id: continue
204 if f in fpr: continue
205 changes.append((db_uid_byid.get(u, [None])[0], "Removed key: %s\n" % (f)))
206 projectB.query("UPDATE fingerprint SET keyring = NULL WHERE id = %d" % (fid))
208 # For the keys in this keyring, add/update any fingerprints that've
213 newuiduid = db_uid_byid.get(newuid, [None])[0]
214 (olduid, oldfid, oldkid) = db_fin_info.get(f, [-1,-1,-1])
215 if olduid == None: olduid = -1
216 if oldkid == None: oldkid = -1
218 changes.append((newuiduid, "Added key: %s\n" % (f)))
220 projectB.query("INSERT INTO fingerprint (fingerprint, uid, keyring) VALUES ('%s', %d, %d)" % (f, newuid, keyring_id))
222 projectB.query("INSERT INTO fingerprint (fingerprint, keyring) VALUES ('%s', %d)" % (f, keyring_id))
224 if newuid and olduid != newuid:
226 changes.append((newuiduid, "Linked key: %s (formerly belonging to %s)" % (f, db_uid_byid[olduid][0])))
228 changes.append((newuiduid, "Linked key: %s (formerly unowned)\n" % (f)))
229 projectB.query("UPDATE fingerprint SET uid = %d WHERE id = %d" % (newuid, oldfid))
231 if oldkid != keyring_id:
232 projectB.query("UPDATE fingerprint SET keyring = %d WHERE id = %d" % (keyring_id, oldfid))
236 projectB.query("COMMIT WORK")
239 for (k, v) in changes:
240 if k not in changesd: changesd[k] = ""
241 changesd[k] += " " + v
243 keys = changesd.keys()
246 print "%s\n%s" % (k, changesd[k])
248 ################################################################################
250 if __name__ == '__main__':