################################################################################
import codecs, commands, email.Header, os, pwd, re, select, socket, shutil, \
- string, sys, tempfile, traceback
+ sys, tempfile, traceback
import apt_pkg
import database
re_parse_maintainer = re.compile(r"^\s*(\S.*\S)\s*\<([^\>]+)\>")
+re_srchasver = re.compile(r"^(\S+)\s+\((\S+)\)$")
+
changes_parse_error_exc = "Can't parse line in .changes file"
invalid_dsc_format_exc = "Invalid .dsc file"
nk_format_exc = "Unknown Format: in .changes file"
################################################################################
-def str_isnum (s):
- for c in s:
- if c not in string.digits:
- return 0
- return 1
-
-################################################################################
-
def extract_component_from_section(section):
component = ""
changes_in.close()
changes["filecontents"] = "".join(lines)
+ if changes.has_key("source"):
+ # Strip the source version in brackets from the source field,
+ # put it in the "source-version" field instead.
+ srcver = re_srchasver.search(changes["source"])
+ if srcver:
+ changes["source"] = srcver.group(1)
+ changes["source-version"] = srcver.group(2)
+
if error:
raise changes_parse_error_exc, error
orig_filename = filename
if filename.endswith(".dak"):
- filename = filename[:-6]+".changes"
+ filename = filename[:-4]+".changes"
if not filename.endswith(".changes"):
error = "invalid file type; not a changes file"
internal_error += "gpgv status line is malformed (incorrect prefix '%s').\n" % (gnupg)
continue
args = split[2:]
- if keywords.has_key(keyword) and (keyword != "NODATA" and keyword != "SIGEXPIRED"):
+ if keywords.has_key(keyword) and keyword not in [ "NODATA", "SIGEXPIRED", "KEYEXPIRED" ]:
internal_error += "found duplicate status token ('%s').\n" % (keyword)
continue
else:
if not keyserver:
keyserver = Cnf["Dinstall::KeyServer"]
if not keyring:
- keyring = Cnf["Dinstall::GPGKeyring"]
+ keyring = Cnf.ValueList("Dinstall::GPGKeyring")[0]
# Ensure the filename contains no shell meta-characters or other badness
if not re_taint_free.match(filename):
################################################################################
+def gpg_keyring_args(keyrings=None):
+ if not keyrings:
+ keyrings = Cnf.ValueList("Dinstall::GPGKeyring")
+
+ return " ".join(["--keyring %s" % x for x in keyrings])
+
+################################################################################
+
def check_signature (sig_filename, reject, data_filename="", keyrings=None, autofetch=None):
"""Check the signature of a file and return the fingerprint if the
signature is valid or 'None' if it's not. The first argument is the
return None
if not keyrings:
- keyrings = (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"])
+ keyrings = Cnf.ValueList("Dinstall::GPGKeyring")
# Autofetch the signing key if that's enabled
if autofetch == None:
# Build the command line
status_read, status_write = os.pipe();
- cmd = "gpgv --status-fd %s" % (status_write)
- for keyring in keyrings:
- cmd += " --keyring %s" % (keyring)
- cmd += " %s %s" % (sig_filename, data_filename)
+ cmd = "gpgv --status-fd %s %s %s %s" % (
+ status_write, gpg_keyring_args(keyrings), sig_filename, data_filename)
+
# Invoke gpgv on the file
(output, status, exit_status) = gpgv_get_status_output(cmd, status_read, status_write)
bad = ""
# Now check for obviously bad things in the processed output
- if keywords.has_key("SIGEXPIRED"):
- reject("The key used to sign %s has expired." % (sig_filename))
- bad = 1
if keywords.has_key("KEYREVOKED"):
reject("The key used to sign %s has been revoked." % (sig_filename))
bad = 1
if keywords.has_key("NODATA"):
reject("no signature found in %s." % (sig_filename))
bad = 1
+ if keywords.has_key("KEYEXPIRED") and not keywords.has_key("GOODSIG"):
+ reject("The key (0x%s) used to sign %s has expired." % (key, sig_filename))
+ bad = 1
if bad:
return None