X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fimport_ldap_fingerprints.py;h=504f597b2edd54194d7fde98283a9b87b2e076e9;hb=30413cf0ff7bc21b8d2b8b4346406357fe55dc19;hp=cb58049ab53bf04838dc9f8b27f9eaf2ef714945;hpb=a1692ffe13490541ddfa1a06318edee658bb8b17;p=dak.git diff --git a/dak/import_ldap_fingerprints.py b/dak/import_ldap_fingerprints.py index cb58049a..504f597b 100755 --- a/dak/import_ldap_fingerprints.py +++ b/dak/import_ldap_fingerprints.py @@ -45,17 +45,17 @@ ################################################################################ -import commands, ldap, pg, re, sys, time; -import apt_pkg; -import db_access, utils; +import commands, ldap, pg, re, sys, time +import apt_pkg +import db_access, utils ################################################################################ -Cnf = None; -projectB = None; +Cnf = None +projectB = None -re_gpg_fingerprint = re.compile(r"^\s+Key fingerprint = (.*)$", re.MULTILINE); -re_debian_address = re.compile(r"^.*<(.*)@debian\.org>$", re.MULTILINE); +re_gpg_fingerprint = re.compile(r"^\s+Key fingerprint = (.*)$", re.MULTILINE) +re_debian_address = re.compile(r"^.*<(.*)@debian\.org>$", re.MULTILINE) ################################################################################ @@ -69,148 +69,148 @@ Syncs fingerprint and uid tables with a debian.org LDAP DB ################################################################################ def get_ldap_value(entry, value): - ret = entry.get(value); + ret = entry.get(value) if not ret: - return ""; + return "" else: # FIXME: what about > 0 ? - return ret[0]; + return ret[0] def main(): - global Cnf, projectB; + global Cnf, projectB Cnf = utils.get_conf() - Arguments = [('h',"help","Emilie::Options::Help")]; + Arguments = [('h',"help","Emilie::Options::Help")] for i in [ "help" ]: if not Cnf.has_key("Emilie::Options::%s" % (i)): - Cnf["Emilie::Options::%s" % (i)] = ""; + Cnf["Emilie::Options::%s" % (i)] = "" - apt_pkg.ParseCommandLine(Cnf, Arguments, sys.argv); + apt_pkg.ParseCommandLine(Cnf, Arguments, sys.argv) Options = Cnf.SubTree("Emilie::Options") if Options["Help"]: - usage(); + usage() - projectB = pg.connect(Cnf["DB::Name"], Cnf["DB::Host"], int(Cnf["DB::Port"])); - db_access.init(Cnf, projectB); + projectB = pg.connect(Cnf["DB::Name"], Cnf["DB::Host"], int(Cnf["DB::Port"])) + db_access.init(Cnf, projectB) - #before = time.time(); - #sys.stderr.write("[Getting info from the LDAP server..."); - LDAPDn = Cnf["Emilie::LDAPDn"]; - LDAPServer = Cnf["Emilie::LDAPServer"]; - l = ldap.open(LDAPServer); - l.simple_bind_s("",""); + #before = time.time() + #sys.stderr.write("[Getting info from the LDAP server...") + LDAPDn = Cnf["Emilie::LDAPDn"] + LDAPServer = Cnf["Emilie::LDAPServer"] + l = ldap.open(LDAPServer) + l.simple_bind_s("","") Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL, "(&(keyfingerprint=*)(gidnumber=%s))" % (Cnf["Julia::ValidGID"]), - ["uid", "keyfingerprint"]); - #sys.stderr.write("done. (%d seconds)]\n" % (int(time.time()-before))); + ["uid", "keyfingerprint"]) + #sys.stderr.write("done. (%d seconds)]\n" % (int(time.time()-before))) - projectB.query("BEGIN WORK"); + projectB.query("BEGIN WORK") # Sync LDAP with DB - db_fin_uid = {}; - ldap_fin_uid_id = {}; + db_fin_uid = {} + ldap_fin_uid_id = {} q = projectB.query(""" SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id - UNION SELECT f.fingerprint, f.id, null FROM fingerprint f where f.uid is null"""); + UNION SELECT f.fingerprint, f.id, null FROM fingerprint f where f.uid is null""") for i in q.getresult(): - (fingerprint, fingerprint_id, uid) = i; - db_fin_uid[fingerprint] = (uid, fingerprint_id); + (fingerprint, fingerprint_id, uid) = i + db_fin_uid[fingerprint] = (uid, fingerprint_id) for i in Attrs: - entry = i[1]; - fingerprints = entry["keyFingerPrint"]; - uid = entry["uid"][0]; - uid_id = db_access.get_or_set_uid_id(uid); + entry = i[1] + fingerprints = entry["keyFingerPrint"] + uid = entry["uid"][0] + uid_id = db_access.get_or_set_uid_id(uid) for fingerprint in fingerprints: - ldap_fin_uid_id[fingerprint] = (uid, uid_id); + ldap_fin_uid_id[fingerprint] = (uid, uid_id) if db_fin_uid.has_key(fingerprint): - (existing_uid, fingerprint_id) = db_fin_uid[fingerprint]; + (existing_uid, fingerprint_id) = db_fin_uid[fingerprint] if not existing_uid: - q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)); - print "Assigning %s to 0x%s." % (uid, fingerprint); + q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)) + print "Assigning %s to 0x%s." % (uid, fingerprint) else: if existing_uid != uid: - utils.fubar("%s has %s in LDAP, but projectB says it should be %s." % (uid, fingerprint, existing_uid)); + utils.fubar("%s has %s in LDAP, but projectB says it should be %s." % (uid, fingerprint, existing_uid)) # Try to update people who sign with non-primary key - q = projectB.query("SELECT fingerprint, id FROM fingerprint WHERE uid is null"); + q = projectB.query("SELECT fingerprint, id FROM fingerprint WHERE uid is null") for i in q.getresult(): - (fingerprint, fingerprint_id) = i; + (fingerprint, fingerprint_id) = i cmd = "gpg --no-default-keyring --keyring=%s --keyring=%s --fingerprint %s" \ % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"], - fingerprint); - (result, output) = commands.getstatusoutput(cmd); + fingerprint) + (result, output) = commands.getstatusoutput(cmd) if result == 0: - m = re_gpg_fingerprint.search(output); + m = re_gpg_fingerprint.search(output) if not m: print output - utils.fubar("0x%s: No fingerprint found in gpg output but it returned 0?\n%s" % (fingerprint, utils.prefix_multi_line_string(output, " [GPG output:] "))); - primary_key = m.group(1); - primary_key = primary_key.replace(" ",""); + utils.fubar("0x%s: No fingerprint found in gpg output but it returned 0?\n%s" % (fingerprint, utils.prefix_multi_line_string(output, " [GPG output:] "))) + primary_key = m.group(1) + primary_key = primary_key.replace(" ","") if not ldap_fin_uid_id.has_key(primary_key): - utils.fubar("0x%s (from 0x%s): no UID found in LDAP" % (primary_key, fingerprint)); - (uid, uid_id) = ldap_fin_uid_id[primary_key]; - q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)); - print "Assigning %s to 0x%s." % (uid, fingerprint); + utils.fubar("0x%s (from 0x%s): no UID found in LDAP" % (primary_key, fingerprint)) + (uid, uid_id) = ldap_fin_uid_id[primary_key] + q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)) + print "Assigning %s to 0x%s." % (uid, fingerprint) else: - extra_keyrings = ""; + extra_keyrings = "" for keyring in Cnf.ValueList("Emilie::ExtraKeyrings"): - extra_keyrings += " --keyring=%s" % (keyring); + extra_keyrings += " --keyring=%s" % (keyring) cmd = "gpg --keyring=%s --keyring=%s %s --list-key %s" \ % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"], - extra_keyrings, fingerprint); - (result, output) = commands.getstatusoutput(cmd); + extra_keyrings, fingerprint) + (result, output) = commands.getstatusoutput(cmd) if result != 0: - cmd = "gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s" % (Cnf["Emilie::KeyServer"], fingerprint); - (result, output) = commands.getstatusoutput(cmd); + cmd = "gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s" % (Cnf["Emilie::KeyServer"], fingerprint) + (result, output) = commands.getstatusoutput(cmd) if result != 0: - print "0x%s: NOT found on keyserver." % (fingerprint); + print "0x%s: NOT found on keyserver." % (fingerprint) print cmd print result print output - continue; + continue else: - cmd = "gpg --list-key %s" % (fingerprint); - (result, output) = commands.getstatusoutput(cmd); + cmd = "gpg --list-key %s" % (fingerprint) + (result, output) = commands.getstatusoutput(cmd) if result != 0: - print "0x%s: --list-key returned error after --recv-key didn't." % (fingerprint); + print "0x%s: --list-key returned error after --recv-key didn't." % (fingerprint) print cmd print result print output - continue; - m = re_debian_address.search(output); + continue + m = re_debian_address.search(output) if m: - guess_uid = m.group(1); + guess_uid = m.group(1) else: - guess_uid = "???"; - name = " ".join(output.split('\n')[0].split()[3:]); - print "0x%s -> %s -> %s" % (fingerprint, name, guess_uid); + guess_uid = "???" + name = " ".join(output.split('\n')[0].split()[3:]) + print "0x%s -> %s -> %s" % (fingerprint, name, guess_uid) # FIXME: make me optionally non-interactive # FIXME: default to the guessed ID - uid = None; + uid = None while not uid: - uid = utils.our_raw_input("Map to which UID ? "); + uid = utils.our_raw_input("Map to which UID ? ") Attrs = l.search_s(LDAPDn,ldap.SCOPE_ONELEVEL,"(uid=%s)" % (uid), ["cn","mn","sn"]) if not Attrs: print "That UID doesn't exist in LDAP!" - uid = None; + uid = None else: - entry = Attrs[0][1]; + entry = Attrs[0][1] name = " ".join([get_ldap_value(entry, "cn"), get_ldap_value(entry, "mn"), - get_ldap_value(entry, "sn")]); - prompt = "Map to %s - %s (y/N) ? " % (uid, name.replace(" "," ")); - yn = utils.our_raw_input(prompt).lower(); + get_ldap_value(entry, "sn")]) + prompt = "Map to %s - %s (y/N) ? " % (uid, name.replace(" "," ")) + yn = utils.our_raw_input(prompt).lower() if yn == "y": - uid_id = db_access.get_or_set_uid_id(uid); - projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)); - print "Assigning %s to 0x%s." % (uid, fingerprint); + uid_id = db_access.get_or_set_uid_id(uid) + projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)) + print "Assigning %s to 0x%s." % (uid, fingerprint) else: - uid = None; - projectB.query("COMMIT WORK"); + uid = None + projectB.query("COMMIT WORK") ############################################################