]> git.decadent.org.uk Git - dak.git/blobdiff - dak/import_keyring.py
projects / dak.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge commit 'ncomm/dm_upload_allowed' into merge
[dak.git] / dak / import_keyring.py
diff --git a/dak/import_keyring.py b/dak/import_keyring.py
index 25f72e401d1450a17c3cd9834201180ae145b93b..602eb3744fb4334ad962a99007e347e271c517eb 100755 (executable)
--- a/dak/import_keyring.py
+++ b/dak/import_keyring.py
@@ -173,7 +173,6 @@ def usage (exit_code=0):
   -h, --help                  show this help and exit.
   -L, --import-ldap-users     generate uid entries for keyring from LDAP
   -U, --generate-users FMT    generate uid entries from keyring as FMT"""
-  -D, --debian-maintainer     mark generated uids as debian-maintainers
     sys.exit(exit_code)
 
 
@@ -186,8 +185,7 @@ def main():
     Arguments = [('h',"help","Import-Keyring::Options::Help"),
                  ('L',"import-ldap-users","Import-Keyring::Options::Import-Ldap-Users"),
                  ('U',"generate-users","Import-Keyring::Options::Generate-Users", "HasArg"),
-                 ('D',"debian-maintainer","Import-Keyring::Options::Debian-Maintainer"),
-        ]
+                ]
 
     for i in [ "help", "report-changes", "generate-users", "import-ldap-users" ]:
         if not Cnf.has_key("Import-Keyring::Options::%s" % (i)):
@@ -224,6 +222,11 @@ def main():
     keyringname = keyring_names[0]
     keyring = Keyring(keyringname)
 
+    is_dm = "false"
+    if Cnf.has_key("Import-Keyring::"+keyringname+"::Debian-Maintainer"):
+        projectB.query("UPDATE keyrings SET debian_maintainer = '%s' WHERE name = '%s'" % (Cnf["Import-Keyring::"+keyringname+"::Debian-Maintainer"], keyringname.split("/")[-1]))
+        is_dm = Cnf["Import-Keyring::"+keyringname+"::Debian-Maintainer"]
+
     keyring_id = database.get_or_set_keyring_id(
                         keyringname.split("/")[-1])
 
@@ -270,11 +273,6 @@ def main():
     # For the keys in this keyring, add/update any fingerprints that've
     # changed.
 
-    # Determine if we need to set the DM flag
-    is_dm = "no"
-    if Cnf("Import-Keyring::Options::Debian-Maintainer"):
-        is_dm = "yes"
-
     for f in fpr:
         newuid = fpr[f][0]
         newuiduid = db_uid_byid.get(newuid, [None])[0]
@@ -284,9 +282,9 @@ def main():
         if oldfid == -1:
             changes.append((newuiduid, "Added key: %s" % (f)))
             if newuid:
-                projectB.query("INSERT INTO fingerprint (fingerprint, uid, keyring, debian_maintainer) VALUES ('%s', %d, %d, %s)" % (f, newuid, keyring_id, is_dm))
+                projectB.query("INSERT INTO fingerprint (fingerprint, uid, keyring) VALUES ('%s', %d, %d)" % (f, newuid, keyring_id))
             else:
-                projectB.query("INSERT INTO fingerprint (fingerprint, keyring) VALUES ('%s', %d, %s)" % (f, keyring_id, is_dm))
+                projectB.query("INSERT INTO fingerprint (fingerprint, keyring) VALUES ('%s', %d)" % (f, keyring_id))
         else:
             if newuid and olduid != newuid:
                 if olduid != -1:
@@ -298,7 +296,12 @@ def main():
                 projectB.query("UPDATE fingerprint SET uid = %d WHERE id = %d" % (newuid, oldfid))
 
             if oldkid != keyring_id:
-                projectB.query("UPDATE fingerprint SET keyring = %d WHERE id = %d" % (keyring_id, oldfid))
+                # Only change the keyring if it won't result in a loss of permissions
+                q = projectB.query("SELECT debian_maintainer FROM keyrings WHERE id = '%d'" % (keyring_id))
+                if is_dm == "false" and q.getresult()[0][0] == 'f':
+                    projectB.query("UPDATE fingerprint SET keyring = %d WHERE id = %d" % (keyring_id, oldfid))
+                else:
+                    print "Key %s exists in both DM and DD keyrings. Not demoting." % (f)
 
     # All done!
 
dak changes to support and test code signing