X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fimport_keyring.py;h=ca325d0da290da53abf7e818ba8c047988461a9a;hb=b612f3da207fa0d75a5d3b204ac8f02bb244231a;hp=d6bdde9aecb4c6faaa2e676298c1c1ef2602a725;hpb=d80d1f9473ed63a08404a23c04a9d8eabedc76a6;p=dak.git

diff --git a/dak/import_keyring.py b/dak/import_keyring.py
index d6bdde9a..ca325d0d 100755
--- a/dak/import_keyring.py
+++ b/dak/import_keyring.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 
-# Imports a keyring into the database
+""" Imports a keyring into the database """
 # Copyright (C) 2007  Anthony Towns <aj@erisian.com.au>
 
 # This program is free software; you can redistribute it and/or modify
@@ -35,9 +35,9 @@ def get_uid_info():
     byname = {}
     byid = {}
     q = projectB.query("SELECT id, uid, name FROM uid")
-    for (id, uid, name) in q.getresult():
-        byname[uid] = (id, name)
-        byid[id] = (uid, name)
+    for (keyid, uid, name) in q.getresult():
+        byname[uid] = (keyid, name)
+        byid[keyid] = (uid, name)
     return (byname, byid)
 
 def get_fingerprint_info():
@@ -131,16 +131,16 @@ class Keyring:
             uid = entry["uid"][0]
             name = get_ldap_name(entry)
             fingerprints = entry["keyFingerPrint"]
-            id = None
+            keyid = None
             for f in fingerprints:
                 key = fpr_lookup.get(f, None)
                 if key not in keys: continue
                 keys[key]["uid"] = uid
 
-                if id != None: continue
-                id = database.get_or_set_uid_id(uid)
-                byuid[id] = (uid, name)
-                byname[uid] = (id, name)
+                if keyid != None: continue
+                keyid = database.get_or_set_uid_id(uid)
+                byuid[keyid] = (uid, name)
+                byname[uid] = (keyid, name)
 
         return (byname, byuid)
 
@@ -155,15 +155,15 @@ class Keyring:
                 keys[x]["uid"] = format % "invalid-uid"
             else:
                 uid = format % keys[x]["email"]
-                id = database.get_or_set_uid_id(uid)
-                byuid[id] = (uid, keys[x]["name"])
-                byname[uid] = (id, keys[x]["name"])
+                keyid = database.get_or_set_uid_id(uid)
+                byuid[keyid] = (uid, keys[x]["name"])
+                byname[uid] = (keyid, keys[x]["name"])
                 keys[x]["uid"] = uid
         if any_invalid:
             uid = format % "invalid-uid"
-            id = database.get_or_set_uid_id(uid)
-            byuid[id] = (uid, "ungeneratable user id")
-            byname[uid] = (id, "ungeneratable user id")
+            keyid = database.get_or_set_uid_id(uid)
+            byuid[keyid] = (uid, "ungeneratable user id")
+            byname[uid] = (keyid, "ungeneratable user id")
         return (byname, byuid)
 
 ################################################################################
@@ -173,7 +173,6 @@ def usage (exit_code=0):
   -h, --help                  show this help and exit.
   -L, --import-ldap-users     generate uid entries for keyring from LDAP
   -U, --generate-users FMT    generate uid entries from keyring as FMT"""
-  -d, --debian-maintainer     mark generated uids as debian-maintainers
     sys.exit(exit_code)
 
 
@@ -186,8 +185,7 @@ def main():
     Arguments = [('h',"help","Import-Keyring::Options::Help"),
                  ('L',"import-ldap-users","Import-Keyring::Options::Import-Ldap-Users"),
                  ('U',"generate-users","Import-Keyring::Options::Generate-Users", "HasArg"),
-                 ('D',"debian-maintainer","Import-Keyring::Options::Debian-Maintainer"),
-        ]
+                ]
 
     for i in [ "help", "report-changes", "generate-users", "import-ldap-users" ]:
         if not Cnf.has_key("Import-Keyring::Options::%s" % (i)):
@@ -224,6 +222,11 @@ def main():
     keyringname = keyring_names[0]
     keyring = Keyring(keyringname)
 
+    is_dm = "false"
+    if Cnf.has_key("Import-Keyring::"+keyringname+"::Debian-Maintainer"):
+        projectB.query("UPDATE keyrings SET debian_maintainer = '%s' WHERE name = '%s'" % (Cnf["Import-Keyring::"+keyringname+"::Debian-Maintainer"], keyringname.split("/")[-1]))
+        is_dm = Cnf["Import-Keyring::"+keyringname+"::Debian-Maintainer"]
+
     keyring_id = database.get_or_set_keyring_id(
                         keyringname.split("/")[-1])
 
@@ -234,14 +237,14 @@ def main():
     (db_uid_byname, db_uid_byid) = get_uid_info()
 
     ### Update full names of applicable users
-    for id in desuid_byid.keys():
-        uid = (id, desuid_byid[id][0])
-        name = desuid_byid[id][1]
-        oname = db_uid_byid[id][1]
+    for keyid in desuid_byid.keys():
+        uid = (keyid, desuid_byid[keyid][0])
+        name = desuid_byid[keyid][1]
+        oname = db_uid_byid[keyid][1]
         if name and oname != name:
             changes.append((uid[1], "Full name: %s" % (name)))
             projectB.query("UPDATE uid SET name = '%s' WHERE id = %s" %
-                (pg.escape_string(name), id))
+                (pg.escape_string(name), keyid))
 
     # The fingerprint table (fpr) points to a uid and a keyring.
     #   If the uid is being decided here (ldap/generate) we set it to it.
@@ -251,11 +254,11 @@ def main():
 
     fpr = {}
     for z in keyring.keys.keys():
-        id = db_uid_byname.get(keyring.keys[z].get("uid", None), [None])[0]
-        if id == None:
-            id = db_fin_info.get(keyring.keys[z]["fingerprints"][0], [None])[0]
+        keyid = db_uid_byname.get(keyring.keys[z].get("uid", None), [None])[0]
+        if keyid == None:
+            keyid = db_fin_info.get(keyring.keys[z]["fingerprints"][0], [None])[0]
         for y in keyring.keys[z]["fingerprints"]:
-            fpr[y] = (id,keyring_id)
+            fpr[y] = (keyid,keyring_id)
 
     # For any keys that used to be in this keyring, disassociate them.
     # We don't change the uid, leaving that for historical info; if
@@ -270,11 +273,6 @@ def main():
     # For the keys in this keyring, add/update any fingerprints that've
     # changed.
 
-    # Determine if we need to set the DM flag
-    is_dm = "no"
-    if Cnf("Import-Keyring::Options::Debian-Maintainer"):
-        is_dm = "yes"
-
     for f in fpr:
         newuid = fpr[f][0]
         newuiduid = db_uid_byid.get(newuid, [None])[0]
@@ -284,9 +282,9 @@ def main():
         if oldfid == -1:
             changes.append((newuiduid, "Added key: %s" % (f)))
             if newuid:
-                projectB.query("INSERT INTO fingerprint (fingerprint, uid, keyring, debian_maintainer) VALUES ('%s', %d, %d, %s)" % (f, newuid, keyring_id, is_dm))
+                projectB.query("INSERT INTO fingerprint (fingerprint, uid, keyring) VALUES ('%s', %d, %d)" % (f, newuid, keyring_id))
             else:
-                projectB.query("INSERT INTO fingerprint (fingerprint, keyring) VALUES ('%s', %d, %s)" % (f, keyring_id, is_dm))
+                projectB.query("INSERT INTO fingerprint (fingerprint, keyring) VALUES ('%s', %d)" % (f, keyring_id))
         else:
             if newuid and olduid != newuid:
                 if olduid != -1:
@@ -298,7 +296,12 @@ def main():
                 projectB.query("UPDATE fingerprint SET uid = %d WHERE id = %d" % (newuid, oldfid))
 
             if oldkid != keyring_id:
-                projectB.query("UPDATE fingerprint SET keyring = %d WHERE id = %d" % (keyring_id, oldfid))
+                # Only change the keyring if it won't result in a loss of permissions
+                q = projectB.query("SELECT debian_maintainer FROM keyrings WHERE id = '%d'" % (keyring_id))
+                if is_dm == "false" and q.getresult()[0][0] == 'f':
+                    projectB.query("UPDATE fingerprint SET keyring = %d WHERE id = %d" % (keyring_id, oldfid))
+                else:
+                    print "Key %s exists in both DM and DD keyrings. Not demoting." % (f)
 
     # All done!