fins[fingerprint] = (uid, fingerprint_id, keyring)
return fins
+def list_uids(session, pattern):
+ sql_pattern = "%%%s%%" % pattern
+ message = "List UIDs matching pattern %s" % sql_pattern
+ message += "\n" + ("=" * len(message))
+ print message
+ uid_query = session.query(Uid).filter(Uid.uid.ilike(sql_pattern))
+ for uid in uid_query.all():
+ print "\nuid %s" % uid.uid
+ for fp in uid.fingerprint:
+ print " fingerprint %s" % fp.fingerprint
+ keyring = "unknown"
+ if fp.keyring:
+ keyring = fp.keyring.keyring_name
+ print " keyring %s" % keyring
+
################################################################################
def usage (exit_code=0):
print """Usage: dak import-keyring [OPTION]... [KEYRING]
-h, --help show this help and exit.
-L, --import-ldap-users generate uid entries for keyring from LDAP
- -U, --generate-users FMT generate uid entries from keyring as FMT"""
+ -U, --generate-users FMT generate uid entries from keyring as FMT
+ -l, --list-uids STRING list all uids matching *STRING*
+ -n, --no-action don't change database"""
sys.exit(exit_code)
Arguments = [('h',"help","Import-Keyring::Options::Help"),
('L',"import-ldap-users","Import-Keyring::Options::Import-Ldap-Users"),
('U',"generate-users","Import-Keyring::Options::Generate-Users", "HasArg"),
+ ('l',"list-uids","Import-Keyring::Options::List-UIDs", "HasArg"),
+ ('n',"no-action","Import-Keyring::Options::No-Action"),
]
- for i in [ "help", "report-changes", "generate-users", "import-ldap-users" ]:
+ for i in [ "help", "report-changes", "generate-users",
+ "import-ldap-users", "list-uids", "no-action" ]:
if not cnf.has_key("Import-Keyring::Options::%s" % (i)):
cnf["Import-Keyring::Options::%s" % (i)] = ""
- keyring_names = apt_pkg.ParseCommandLine(cnf.Cnf, Arguments, sys.argv)
+ keyring_names = apt_pkg.parse_commandline(cnf.Cnf, Arguments, sys.argv)
### Parse options
- Options = cnf.SubTree("Import-Keyring::Options")
+ Options = cnf.subtree("Import-Keyring::Options")
if Options["Help"]:
usage()
+ ### Initialise
+ session = DBConn().session()
+
+ if Options["List-UIDs"]:
+ list_uids(session, Options["List-UIDs"])
+ sys.exit(0)
+
if len(keyring_names) != 1:
usage(1)
### Keep track of changes made
changes = [] # (uid, changes strings)
- ### Initialise
- session = DBConn().session()
-
### Cache all the existing fingerprint entries
db_fin_info = get_fingerprint_info(session)
changes.append((db_uid_byid.get(u, [None])[0], "Removed key: %s" % (f)))
session.execute("""UPDATE fingerprint
- SET keyring = NULL,
- source_acl_id = NULL,
- binary_acl_id = NULL,
- binary_reject = TRUE
+ SET keyring = NULL
WHERE id = :fprid""", {'fprid': fid})
- session.execute("""DELETE FROM binary_acl_map WHERE fingerprint_id = :fprid""", {'fprid': fid})
-
# For the keys in this keyring, add/update any fingerprints that've
# changed.
if newuid:
fp.uid_id = newuid
- fp.binary_acl_id = keyring.default_binary_acl_id
- fp.source_acl_id = keyring.default_source_acl_id
- fp.default_binary_reject = keyring.default_binary_reject
session.add(fp)
session.flush()
- for k in keyring.keyring_acl_map:
- ba = BinaryACLMap()
- ba.fingerprint_id = fp.fingerprint_id
- ba.architecture_id = k.architecture_id
- session.add(ba)
- session.flush()
-
else:
if newuid and olduid != newuid and olduid == -1:
changes.append((newuiduid, "Linked key: %s" % f))
# Only change the keyring if it won't result in a loss of permissions
if movekey:
- session.execute("""DELETE FROM binary_acl_map WHERE fingerprint_id = :fprid""", {'fprid': oldfid})
-
session.execute("""UPDATE fingerprint
- SET keyring = :keyring,
- source_acl_id = :source_acl_id,
- binary_acl_id = :binary_acl_id,
- binary_reject = :binary_reject
+ SET keyring = :keyring
WHERE id = :fpr""",
{'keyring': keyring.keyring_id,
- 'source_acl_id': keyring.default_source_acl_id,
- 'binary_acl_id': keyring.default_binary_acl_id,
- 'binary_reject': keyring.default_binary_reject,
'fpr': oldfid})
session.flush()
- for k in keyring.keyring_acl_map:
- ba = BinaryACLMap()
- ba.fingerprint_id = oldfid
- ba.architecture_id = k.architecture_id
- session.add(ba)
- session.flush()
-
else:
- print "Key %s exists in both %s and %s keyrings. Not demoting." % (oldkeyring.keyring_name,
+ print "Key %s exists in both %s and %s keyrings. Not demoting." % (f,
+ oldkeyring.keyring_name,
keyring.keyring_name)
# All done!
- session.commit()
+ if Options["No-Action"]:
+ session.rollback()
+ else:
+ session.commit()
# Print a summary
changesd = {}