X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Futils.py;h=0fa3eaa602153db6dc832a4795de7c055de0823b;hb=6fc6e6646071c736803bd1b5f41cb1367fd1bc31;hp=8e06cf35cc6dbbc795b008865c64991b2d9dbfc3;hpb=3d51abd3797e49e0edfe26fe4702d29220b9dcdb;p=dak.git diff --git a/daklib/utils.py b/daklib/utils.py index 8e06cf35..0fa3eaa6 100755 --- a/daklib/utils.py +++ b/daklib/utils.py @@ -26,6 +26,7 @@ import codecs, commands, email.Header, os, pwd, re, select, socket, shutil, \ sys, tempfile, traceback, stat import apt_pkg import database +import time from dak_exceptions import * ################################################################################ @@ -50,6 +51,9 @@ re_verwithext = re.compile(r"^(\d+)(?:\.(\d+))(?:\s+\((\S+)\))?$") re_srchasver = re.compile(r"^(\S+)\s+\((\S+)\)$") +html_escaping = {'"':'"', '&':'&', '<':'<', '>':'>'} +re_html_escaping = re.compile('|'.join(map(re.escape, html_escaping.keys()))) + default_config = "/etc/dak/dak.conf" default_apt_config = "/etc/dak/apt.conf" @@ -62,6 +66,11 @@ known_hashes = [("sha1", apt_pkg.sha1sum, (1, 8)), ################################################################################ +def html_escape(s): + return re_html_escaping.sub(lambda x: html_escaping.get(x.group(0)), s) + +################################################################################ + def open_file(filename, mode='r'): try: f = open(filename, mode) @@ -252,22 +261,23 @@ def check_hash(where, files, hashname, hashfunc): for f in files.keys(): file_handle = None try: - file_handle = open_file(f) - - # Check for the hash entry, to not trigger a KeyError. - if not files[f].has_key(hash_key(hashname)): - rejmsg.append("%s: misses %s checksum in %s" % (f, hashname, - where)) + try: + file_handle = open_file(f) + + # Check for the hash entry, to not trigger a KeyError. + if not files[f].has_key(hash_key(hashname)): + rejmsg.append("%s: misses %s checksum in %s" % (f, hashname, + where)) + continue + + # Actually check the hash for correctness. + if hashfunc(file_handle) != files[f][hash_key(hashname)]: + rejmsg.append("%s: %s check failed in %s" % (f, hashname, + where)) + except CantOpenError: + # TODO: This happens when the file is in the pool. + # warn("Cannot open file %s" % f) continue - - # Actually check the hash for correctness. - if hashfunc(file_handle) != files[f][hash_key(hashname)]: - rejmsg.append("%s: %s check failed in %s" % (f, hashname, - where)) - except CantOpenError: - # TODO: This happens when the file is in the pool. - warn("Cannot open file %s" % f) - continue finally: if file_handle: file_handle.close() @@ -388,21 +398,24 @@ def parse_checksums(where, files, manifest, hashname): field = 'checksums-%s' % hashname if not field in manifest: return rejmsg - input = manifest[field] - for line in input.split('\n'): + for line in manifest[field].split('\n'): if not line: break - hash, size, file = line.strip().split(' ') - if not files.has_key(file): - rejmsg.append("%s: not present in files but in checksums-%s in %s" % - (file, hashname, where)) - if not files[file]["size"] == size: + checksum, size, checkfile = line.strip().split(' ') + if not files.has_key(checkfile): + # TODO: check for the file's entry in the original files dict, not + # the one modified by (auto)byhand and other weird stuff + # rejmsg.append("%s: not present in files but in checksums-%s in %s" % + # (file, hashname, where)) + continue + if not files[checkfile]["size"] == size: rejmsg.append("%s: size differs for files and checksums-%s entry "\ - "in %s" % (file, hashname, where)) - files[file][hash_key(hashname)] = hash + "in %s" % (checkfile, hashname, where)) + continue + files[checkfile][hash_key(hashname)] = checksum for f in files.keys(): if not files[f].has_key(hash_key(hashname)): - rejmsg.append("%s: no entry in checksums-%s in %s" % (file, + rejmsg.append("%s: no entry in checksums-%s in %s" % (checkfile, hashname, where)) return rejmsg @@ -431,7 +444,10 @@ def build_file_list(changes, is_a_dsc=0, field="files", hashname="md5sum"): format = format[:2] if is_a_dsc: - if format != (1,0): + # format = (1,0) are the only formats we currently accept, + # format = (0,0) are missing format headers of which we still + # have some in the archive. + if format != (1,0) and format != (0,0): raise UnknownFormatError, "%s" % (changes.get("format","0.0")) else: if (format < (1,5) or format > (1,8)): @@ -553,8 +569,7 @@ switched to 'email (name)' format.""" def send_mail (message, filename=""): # If we've been passed a string dump it into a temporary file if message: - filename = tempfile.mktemp() - fd = os.open(filename, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0700) + (fd, filename) = tempfile.mkstemp() os.write (fd, message) os.close (fd) @@ -1215,11 +1230,22 @@ used.""" if keywords.has_key("NODATA"): reject("no signature found in %s." % (sig_filename)) bad = 1 + if keywords.has_key("EXPKEYSIG"): + args = keywords["EXPKEYSIG"] + if len(args) >= 1: + key = args[0] + reject("Signature made by expired key 0x%s" % (key)) + bad = 1 if keywords.has_key("KEYEXPIRED") and not keywords.has_key("GOODSIG"): args = keywords["KEYEXPIRED"] + expiredate="" if len(args) >= 1: - key = args[0] - reject("The key (0x%s) used to sign %s has expired." % (key, sig_filename)) + timestamp = args[0] + if timestamp.count("T") == 0: + expiredate = time.strftime("%Y-%m-%d", time.gmtime(timestamp)) + else: + expiredate = timestamp + reject("The key used to sign %s has expired on %s" % (sig_filename, expiredate)) bad = 1 if bad: