-h, --help show this help and exit.
-L, --import-ldap-users generate uid entries for keyring from LDAP
-U, --generate-users FMT generate uid entries from keyring as FMT"""
- -D, --debian-maintainer mark generated uids as debian-maintainers
sys.exit(exit_code)
Arguments = [('h',"help","Import-Keyring::Options::Help"),
('L',"import-ldap-users","Import-Keyring::Options::Import-Ldap-Users"),
('U',"generate-users","Import-Keyring::Options::Generate-Users", "HasArg"),
- ('D',"debian-maintainer","Import-Keyring::Options::Debian-Maintainer"),
- ]
+ ]
for i in [ "help", "report-changes", "generate-users", "import-ldap-users" ]:
if not Cnf.has_key("Import-Keyring::Options::%s" % (i)):
keyringname = keyring_names[0]
keyring = Keyring(keyringname)
+ is_dm = "false"
+ if Cnf.has_key("Import-Keyring::"+keyringname+"::Debian-Maintainer"):
+ projectB.query("UPDATE keyrings SET debian_maintainer = '%s' WHERE name = '%s'" % (Cnf["Import-Keyring::"+keyringname+"::Debian-Maintainer"], keyringname.split("/")[-1]))
+ is_dm = Cnf["Import-Keyring::"+keyringname+"::Debian-Maintainer"]
+
keyring_id = database.get_or_set_keyring_id(
keyringname.split("/")[-1])
# For the keys in this keyring, add/update any fingerprints that've
# changed.
- # Determine if we need to set the DM flag
- is_dm = "no"
- if Cnf("Import-Keyring::Options::Debian-Maintainer"):
- is_dm = "yes"
-
for f in fpr:
newuid = fpr[f][0]
newuiduid = db_uid_byid.get(newuid, [None])[0]
if oldfid == -1:
changes.append((newuiduid, "Added key: %s" % (f)))
if newuid:
- projectB.query("INSERT INTO fingerprint (fingerprint, uid, keyring, debian_maintainer) VALUES ('%s', %d, %d, %s)" % (f, newuid, keyring_id, is_dm))
+ projectB.query("INSERT INTO fingerprint (fingerprint, uid, keyring) VALUES ('%s', %d, %d)" % (f, newuid, keyring_id))
else:
- projectB.query("INSERT INTO fingerprint (fingerprint, keyring) VALUES ('%s', %d, %s)" % (f, keyring_id, is_dm))
+ projectB.query("INSERT INTO fingerprint (fingerprint, keyring) VALUES ('%s', %d)" % (f, keyring_id))
else:
if newuid and olduid != newuid:
if olduid != -1:
projectB.query("UPDATE fingerprint SET uid = %d WHERE id = %d" % (newuid, oldfid))
if oldkid != keyring_id:
- projectB.query("UPDATE fingerprint SET keyring = %d WHERE id = %d" % (keyring_id, oldfid))
+ # Only change the keyring if it won't result in a loss of permissions
+ q = projectB.query("SELECT debian_maintainer FROM keyrings WHERE id = '%d'" % (keyring_id))
+ if is_dm == "false" and q.getresult()[0][0] == 'f':
+ projectB.query("UPDATE fingerprint SET keyring = %d WHERE id = %d" % (keyring_id, oldfid))
+ else:
+ print "Key %s exists in both DM and DD keyrings. Not demoting." % (f)
# All done!