-h, --help show this help and exit.
-L, --import-ldap-users generate uid entries for keyring from LDAP
-U, --generate-users FMT generate uid entries from keyring as FMT
- -l, --list-uids STRING list all uids matching *STRING*"""
+ -l, --list-uids STRING list all uids matching *STRING*
+ -n, --no-action don't change database"""
sys.exit(exit_code)
('L',"import-ldap-users","Import-Keyring::Options::Import-Ldap-Users"),
('U',"generate-users","Import-Keyring::Options::Generate-Users", "HasArg"),
('l',"list-uids","Import-Keyring::Options::List-UIDs", "HasArg"),
+ ('n',"no-action","Import-Keyring::Options::No-Action"),
]
- for i in [ "help", "report-changes", "generate-users", "import-ldap-users", "list-uids"]:
+ for i in [ "help", "report-changes", "generate-users",
+ "import-ldap-users", "list-uids", "no-action" ]:
if not cnf.has_key("Import-Keyring::Options::%s" % (i)):
cnf["Import-Keyring::Options::%s" % (i)] = ""
- keyring_names = apt_pkg.ParseCommandLine(cnf.Cnf, Arguments, sys.argv)
+ keyring_names = apt_pkg.parse_commandline(cnf.Cnf, Arguments, sys.argv)
### Parse options
- Options = cnf.SubTree("Import-Keyring::Options")
+ Options = cnf.subtree("Import-Keyring::Options")
if Options["Help"]:
usage()
changes.append((db_uid_byid.get(u, [None])[0], "Removed key: %s" % (f)))
session.execute("""UPDATE fingerprint
- SET keyring = NULL,
- source_acl_id = NULL,
- binary_acl_id = NULL,
- binary_reject = TRUE
+ SET keyring = NULL
WHERE id = :fprid""", {'fprid': fid})
- session.execute("""DELETE FROM binary_acl_map WHERE fingerprint_id = :fprid""", {'fprid': fid})
-
# For the keys in this keyring, add/update any fingerprints that've
# changed.
if newuid:
fp.uid_id = newuid
- fp.binary_acl_id = keyring.default_binary_acl_id
- fp.source_acl_id = keyring.default_source_acl_id
- fp.default_binary_reject = keyring.default_binary_reject
session.add(fp)
session.flush()
- for k in keyring.keyring_acl_map:
- ba = BinaryACLMap()
- ba.fingerprint_id = fp.fingerprint_id
- ba.architecture_id = k.architecture_id
- session.add(ba)
- session.flush()
-
else:
if newuid and olduid != newuid and olduid == -1:
changes.append((newuiduid, "Linked key: %s" % f))
# Only change the keyring if it won't result in a loss of permissions
if movekey:
- session.execute("""DELETE FROM binary_acl_map WHERE fingerprint_id = :fprid""", {'fprid': oldfid})
-
session.execute("""UPDATE fingerprint
- SET keyring = :keyring,
- source_acl_id = :source_acl_id,
- binary_acl_id = :binary_acl_id,
- binary_reject = :binary_reject
+ SET keyring = :keyring
WHERE id = :fpr""",
{'keyring': keyring.keyring_id,
- 'source_acl_id': keyring.default_source_acl_id,
- 'binary_acl_id': keyring.default_binary_acl_id,
- 'binary_reject': keyring.default_binary_reject,
'fpr': oldfid})
session.flush()
- for k in keyring.keyring_acl_map:
- ba = BinaryACLMap()
- ba.fingerprint_id = oldfid
- ba.architecture_id = k.architecture_id
- session.add(ba)
- session.flush()
-
else:
print "Key %s exists in both %s and %s keyrings. Not demoting." % (f,
oldkeyring.keyring_name,
keyring.keyring_name)
# All done!
- session.commit()
+ if Options["No-Action"]:
+ session.rollback()
+ else:
+ session.commit()
# Print a summary
changesd = {}