daklib/extensions.py, dak/dak.py, config/debian/extensions.py: move

[dak.git] / config / debian / extensions.py

diff --git a/config/debian/extensions.py b/config/debian/extensions.py
index 44bd5c72b94bd28527706488b13b233d1917384f..9d6bef1c4c98674bda6b5fb9f865979465f91381 100644 (file)
--- a/config/debian/extensions.py
+++ b/config/debian/extensions.py
@@ -1,2 +1,24 @@
-import sys
+import sys, os
+
+import daklib.extensions
+from daklib.extensions import replace_dak_function
+
+@replace_dak_function("process-unchecked", "check_signed_by_key")
+def check_signed_by_key(oldfn):
+    changes = dak_module.changes
+    reject = dak_module.reject
+
+    if changes["source"] == "dpkg":
+        fpr = changes["fingerprint"]
+        (uid, uid_name) = dak_module.lookup_uid_from_fingerprint(fpr)
+        if fpr == "5906F687BD03ACAD0D8E602EFCF37657" or uid == "iwj":
+            reject("Upload blocked due to hijack attempt 2008/03/19")
+
+           # NB: 1.15.0, 1.15.2 signed by this key targetted at unstable
+           #     have been made available in the wild, and should remain
+           #     blocked until Debian's dpkg has revved past those version
+           #     numbers
+
+    oldfn()
+