X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=config%2Fdebian%2Fextensions.py;h=9d6bef1c4c98674bda6b5fb9f865979465f91381;hb=01f8d59474ed7614812ad0bed72ce9f24d6df72a;hp=44bd5c72b94bd28527706488b13b233d1917384f;hpb=593fe6d4fceaa3c86db77e00a1df3d9639587134;p=dak.git

diff --git a/config/debian/extensions.py b/config/debian/extensions.py
index 44bd5c72..9d6bef1c 100644
--- a/config/debian/extensions.py
+++ b/config/debian/extensions.py
@@ -1,2 +1,24 @@
-import sys
+import sys, os
+
+import daklib.extensions
+from daklib.extensions import replace_dak_function
+
+@replace_dak_function("process-unchecked", "check_signed_by_key")
+def check_signed_by_key(oldfn):
+    changes = dak_module.changes
+    reject = dak_module.reject
+
+    if changes["source"] == "dpkg":
+        fpr = changes["fingerprint"]
+        (uid, uid_name) = dak_module.lookup_uid_from_fingerprint(fpr)
+        if fpr == "5906F687BD03ACAD0D8E602EFCF37657" or uid == "iwj":
+            reject("Upload blocked due to hijack attempt 2008/03/19")
+
+	    # NB: 1.15.0, 1.15.2 signed by this key targetted at unstable
+	    #     have been made available in the wild, and should remain
+	    #     blocked until Debian's dpkg has revved past those version
+	    #     numbers
+
+    oldfn()
+