X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Futils.py;h=41aa3198990f1f56bffd0af4006346cc29559cfe;hb=9583602d5fa14f016ddf3f09b3ddf2d515e19768;hp=83b507a89062504b43840c51d257ea908757d82a;hpb=567c91b57f1e6af8da3e9e0ab5eeffa14796a256;p=dak.git diff --git a/daklib/utils.py b/daklib/utils.py index 83b507a8..41aa3198 100644 --- a/daklib/utils.py +++ b/daklib/utils.py @@ -42,6 +42,8 @@ re_taint_free = re.compile(r"^[-+~/\.\w]+$") re_parse_maintainer = re.compile(r"^\s*(\S.*\S)\s*\<([^\>]+)\>") +re_srchasver = re.compile(r"^(\S+)\s+\((\S+)\)$") + changes_parse_error_exc = "Can't parse line in .changes file" invalid_dsc_format_exc = "Invalid .dsc file" nk_format_exc = "Unknown Format: in .changes file" @@ -223,6 +225,14 @@ The rules for (signing_rules == 1)-mode are: changes_in.close() changes["filecontents"] = "".join(lines) + if changes.has_key("source"): + # Strip the source version in brackets from the source field, + # put it in the "source-version" field instead. + srcver = re_srchasver.search(changes["source"]) + if srcver: + changes["source"] = srcver.group(1) + changes["source-version"] = srcver.group(2) + if error: raise changes_parse_error_exc, error @@ -608,7 +618,7 @@ argument: orig_filename = filename if filename.endswith(".dak"): - filename = filename[:-6]+".changes" + filename = filename[:-4]+".changes" if not filename.endswith(".changes"): error = "invalid file type; not a changes file" @@ -875,7 +885,7 @@ def process_gpgv_output(status): internal_error += "gpgv status line is malformed (incorrect prefix '%s').\n" % (gnupg) continue args = split[2:] - if keywords.has_key(keyword) and (keyword != "NODATA" and keyword != "SIGEXPIRED"): + if keywords.has_key(keyword) and keyword not in [ "NODATA", "SIGEXPIRED", "KEYEXPIRED" ]: internal_error += "found duplicate status token ('%s').\n" % (keyword) continue else: @@ -894,7 +904,7 @@ on error.""" if not keyserver: keyserver = Cnf["Dinstall::KeyServer"] if not keyring: - keyring = Cnf["Dinstall::GPGKeyring"] + keyring = Cnf.ValueList("Dinstall::GPGKeyring")[0] # Ensure the filename contains no shell meta-characters or other badness if not re_taint_free.match(filename): @@ -929,6 +939,14 @@ on error.""" ################################################################################ +def gpg_keyring_args(keyrings=None): + if not keyrings: + keyrings = Cnf.ValueList("Dinstall::GPGKeyring") + + return " ".join(["--keyring %s" % x for x in keyrings]) + +################################################################################ + def check_signature (sig_filename, reject, data_filename="", keyrings=None, autofetch=None): """Check the signature of a file and return the fingerprint if the signature is valid or 'None' if it's not. The first argument is the @@ -953,7 +971,7 @@ used.""" return None if not keyrings: - keyrings = (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"]) + keyrings = Cnf.ValueList("Dinstall::GPGKeyring") # Autofetch the signing key if that's enabled if autofetch == None: @@ -966,10 +984,9 @@ used.""" # Build the command line status_read, status_write = os.pipe(); - cmd = "gpgv --status-fd %s" % (status_write) - for keyring in keyrings: - cmd += " --keyring %s" % (keyring) - cmd += " %s %s" % (sig_filename, data_filename) + cmd = "gpgv --status-fd %s %s %s %s" % ( + status_write, gpg_keyring_args(keyrings), sig_filename, data_filename) + # Invoke gpgv on the file (output, status, exit_status) = gpgv_get_status_output(cmd, status_read, status_write) @@ -985,9 +1002,6 @@ used.""" bad = "" # Now check for obviously bad things in the processed output - if keywords.has_key("SIGEXPIRED"): - reject("The key used to sign %s has expired." % (sig_filename)) - bad = 1 if keywords.has_key("KEYREVOKED"): reject("The key used to sign %s has been revoked." % (sig_filename)) bad = 1 @@ -1009,6 +1023,9 @@ used.""" if keywords.has_key("NODATA"): reject("no signature found in %s." % (sig_filename)) bad = 1 + if keywords.has_key("KEYEXPIRED") and not keywords.has_key("GOODSIG"): + reject("The key (0x%s) used to sign %s has expired." % (key, sig_filename)) + bad = 1 if bad: return None