Merge commit 'ncomm/dm_upload_allowed' into merge

[dak.git] / dak / import_keyring.py

diff --git a/dak/import_keyring.py b/dak/import_keyring.py
old mode 100644 (file)
new mode 100755 (executable)
index 63c0724..602eb37
--- a/dak/import_keyring.py
+++ b/dak/import_keyring.py
@@ -19,7 +19,8 @@
 
 ################################################################################
 
-import daklib.database, daklib.logging
+from daklib import database
+from daklib import utils
 import sys, os, re
 import apt_pkg, pg, ldap, email.Utils
 
@@ -27,7 +28,6 @@ import apt_pkg, pg, ldap, email.Utils
 Cnf = None
 Options = None
 projectB = None
-Logger = None
 
 ################################################################################
 
@@ -138,7 +138,7 @@ class Keyring:
                 keys[key]["uid"] = uid
 
                 if id != None: continue
-                id = daklib.database.get_or_set_uid_id(uid)
+                id = database.get_or_set_uid_id(uid)
                 byuid[id] = (uid, name)
                 byname[uid] = (id, name)
 
@@ -155,13 +155,13 @@ class Keyring:
                 keys[x]["uid"] = format % "invalid-uid"
             else:
                 uid = format % keys[x]["email"]
-                id = daklib.database.get_or_set_uid_id(uid)
+                id = database.get_or_set_uid_id(uid)
                 byuid[id] = (uid, keys[x]["name"])
                 byname[uid] = (id, keys[x]["name"])
                 keys[x]["uid"] = uid
         if any_invalid:
             uid = format % "invalid-uid"
-            id = daklib.database.get_or_set_uid_id(uid)
+            id = database.get_or_set_uid_id(uid)
             byuid[id] = (uid, "ungeneratable user id")
             byname[uid] = (id, "ungeneratable user id")
         return (byname, byuid)
@@ -181,7 +181,7 @@ def usage (exit_code=0):
 def main():
     global Cnf, projectB, Options
 
-    Cnf = daklib.utils.get_conf()
+    Cnf = utils.get_conf()
     Arguments = [('h',"help","Import-Keyring::Options::Help"),
                  ('L',"import-ldap-users","Import-Keyring::Options::Import-Ldap-Users"),
                  ('U',"generate-users","Import-Keyring::Options::Generate-Users", "HasArg"),
@@ -209,7 +209,7 @@ def main():
     ### Initialise
 
     projectB = pg.connect(Cnf["DB::Name"], Cnf["DB::Host"], int(Cnf["DB::Port"]))
-    daklib.database.init(Cnf, projectB)
+    database.init(Cnf, projectB)
 
     projectB.query("BEGIN WORK")
 
@@ -222,7 +222,12 @@ def main():
     keyringname = keyring_names[0]
     keyring = Keyring(keyringname)
 
-    keyring_id = daklib.database.get_or_set_keyring_id(
+    is_dm = "false"
+    if Cnf.has_key("Import-Keyring::"+keyringname+"::Debian-Maintainer"):
+        projectB.query("UPDATE keyrings SET debian_maintainer = '%s' WHERE name = '%s'" % (Cnf["Import-Keyring::"+keyringname+"::Debian-Maintainer"], keyringname.split("/")[-1]))
+        is_dm = Cnf["Import-Keyring::"+keyringname+"::Debian-Maintainer"]
+
+    keyring_id = database.get_or_set_keyring_id(
                         keyringname.split("/")[-1])
 
     ### Generate new uid entries if they're needed (from LDAP or the keyring)
@@ -291,7 +296,12 @@ def main():
                 projectB.query("UPDATE fingerprint SET uid = %d WHERE id = %d" % (newuid, oldfid))
 
             if oldkid != keyring_id:
-                projectB.query("UPDATE fingerprint SET keyring = %d WHERE id = %d" % (keyring_id, oldfid))
+                # Only change the keyring if it won't result in a loss of permissions
+                q = projectB.query("SELECT debian_maintainer FROM keyrings WHERE id = '%d'" % (keyring_id))
+                if is_dm == "false" and q.getresult()[0][0] == 'f':
+                    projectB.query("UPDATE fingerprint SET keyring = %d WHERE id = %d" % (keyring_id, oldfid))
+                else:
+                    print "Key %s exists in both DM and DD keyrings. Not demoting." % (f)
 
     # All done!