X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=daklib%2Futils.py;h=8b80f2466065fcc38831793d103d9d7b6fb01b06;hb=195caf3ae4b2150a7234de64d0907d74f9a4c0be;hp=1e182958e3f7a06ae161f3a1f1abc710cd9820c8;hpb=e2110abd8654360401bd66eaf32b16e66a92d059;p=dak.git diff --git a/daklib/utils.py b/daklib/utils.py old mode 100644 new mode 100755 index 1e182958..8b80f246 --- a/daklib/utils.py +++ b/daklib/utils.py @@ -22,7 +22,7 @@ ################################################################################ import codecs, commands, email.Header, os, pwd, re, select, socket, shutil, \ - string, sys, tempfile, traceback + sys, tempfile, traceback import apt_pkg import database @@ -42,6 +42,8 @@ re_taint_free = re.compile(r"^[-+~/\.\w]+$") re_parse_maintainer = re.compile(r"^\s*(\S.*\S)\s*\<([^\>]+)\>") +re_srchasver = re.compile(r"^(\S+)\s+\((\S+)\)$") + changes_parse_error_exc = "Can't parse line in .changes file" invalid_dsc_format_exc = "Invalid .dsc file" nk_format_exc = "Unknown Format: in .changes file" @@ -97,30 +99,11 @@ def our_raw_input(prompt=""): ################################################################################ -def str_isnum (s): - for c in s: - if c not in string.digits: - return 0 - return 1 - -################################################################################ - def extract_component_from_section(section): component = "" if section.find('/') != -1: component = section.split('/')[0] - if component.lower() == "non-us" and section.find('/') != -1: - s = component + '/' + section.split('/')[1] - if Cnf.has_key("Component::%s" % s): # Avoid e.g. non-US/libs - component = s - - if section.lower() == "non-us": - component = "non-US/main" - - # non-US prefix is case insensitive - if component.lower()[:6] == "non-us": - component = "non-US"+component[6:] # Expand default component if component == "": @@ -128,8 +111,6 @@ def extract_component_from_section(section): component = section else: component = "main" - elif component == "non-US": - component = "non-US/main" return (section, component) @@ -231,6 +212,14 @@ The rules for (signing_rules == 1)-mode are: changes_in.close() changes["filecontents"] = "".join(lines) + if changes.has_key("source"): + # Strip the source version in brackets from the source field, + # put it in the "source-version" field instead. + srcver = re_srchasver.search(changes["source"]) + if srcver: + changes["source"] = srcver.group(1) + changes["source-version"] = srcver.group(2) + if error: raise changes_parse_error_exc, error @@ -240,31 +229,42 @@ The rules for (signing_rules == 1)-mode are: # Dropped support for 1.4 and ``buggy dchanges 3.4'' (?!) compared to di.pl -def build_file_list(changes, is_a_dsc=0): +def build_file_list(changes, is_a_dsc=0, field="files", hashname="md5sum"): files = {} # Make sure we have a Files: field to parse... - if not changes.has_key("files"): - raise no_files_exc + if not changes.has_key(field): + raise no_files_exc # Make sure we recognise the format of the Files: field - format = changes.get("format", "") - if format != "": - format = float(format) - if not is_a_dsc and (format < 1.5 or format > 2.0): - raise nk_format_exc, format + format = changes.get("format", "0.0").split(".",1) + if len(format) == 2: + format = int(format[0]), int(format[1]) + else: + format = int(float(format[0])), 0 + + if is_a_dsc: + if format != (1,0): + raise nk_format_exc, "%s" % (changes.get("format","0.0")) + else: + if (format < (1,5) or format > (1,8)): + raise nk_format_exc, "%s" % (changes.get("format","0.0")) + if field != "files" and format < (1,8): + raise nk_format_exc, "%s" % (changes.get("format","0.0")) + + includes_section = (not is_a_dsc) and field == "files" # Parse each entry/line: - for i in changes["files"].split('\n'): + for i in changes[field].split('\n'): if not i: break s = i.split() section = priority = "" try: - if is_a_dsc: - (md5, size, name) = s - else: + if includes_section: (md5, size, section, priority, name) = s + else: + (md5, size, name) = s except ValueError: raise changes_parse_error_exc, i @@ -275,8 +275,9 @@ def build_file_list(changes, is_a_dsc=0): (section, component) = extract_component_from_section(section) - files[name] = Dict(md5sum=md5, size=size, section=section, + files[name] = Dict(size=size, section=section, priority=priority, component=component) + files[name][hashname] = md5 return files @@ -384,8 +385,6 @@ def send_mail (message, filename=""): def poolify (source, component): if component: component += '/' - # FIXME: this is nasty - component = component.lower().replace("non-us/", "non-US/") if source[:3] == "lib": return component + source[:4] + '/' + source + '/' else: @@ -616,7 +615,7 @@ argument: orig_filename = filename if filename.endswith(".dak"): - filename = filename[:-6]+".changes" + filename = filename[:-4]+".changes" if not filename.endswith(".changes"): error = "invalid file type; not a changes file" @@ -883,7 +882,7 @@ def process_gpgv_output(status): internal_error += "gpgv status line is malformed (incorrect prefix '%s').\n" % (gnupg) continue args = split[2:] - if keywords.has_key(keyword) and (keyword != "NODATA" and keyword != "SIGEXPIRED"): + if keywords.has_key(keyword) and keyword not in [ "NODATA", "SIGEXPIRED", "KEYEXPIRED" ]: internal_error += "found duplicate status token ('%s').\n" % (keyword) continue else: @@ -902,7 +901,7 @@ on error.""" if not keyserver: keyserver = Cnf["Dinstall::KeyServer"] if not keyring: - keyring = Cnf["Dinstall::GPGKeyring"] + keyring = Cnf.ValueList("Dinstall::GPGKeyring")[0] # Ensure the filename contains no shell meta-characters or other badness if not re_taint_free.match(filename): @@ -937,6 +936,14 @@ on error.""" ################################################################################ +def gpg_keyring_args(keyrings=None): + if not keyrings: + keyrings = Cnf.ValueList("Dinstall::GPGKeyring") + + return " ".join(["--keyring %s" % x for x in keyrings]) + +################################################################################ + def check_signature (sig_filename, reject, data_filename="", keyrings=None, autofetch=None): """Check the signature of a file and return the fingerprint if the signature is valid or 'None' if it's not. The first argument is the @@ -961,7 +968,7 @@ used.""" return None if not keyrings: - keyrings = (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"]) + keyrings = Cnf.ValueList("Dinstall::GPGKeyring") # Autofetch the signing key if that's enabled if autofetch == None: @@ -974,10 +981,9 @@ used.""" # Build the command line status_read, status_write = os.pipe(); - cmd = "gpgv --status-fd %s" % (status_write) - for keyring in keyrings: - cmd += " --keyring %s" % (keyring) - cmd += " %s %s" % (sig_filename, data_filename) + cmd = "gpgv --status-fd %s %s %s %s" % ( + status_write, gpg_keyring_args(keyrings), sig_filename, data_filename) + # Invoke gpgv on the file (output, status, exit_status) = gpgv_get_status_output(cmd, status_read, status_write) @@ -993,9 +999,6 @@ used.""" bad = "" # Now check for obviously bad things in the processed output - if keywords.has_key("SIGEXPIRED"): - reject("The key used to sign %s has expired." % (sig_filename)) - bad = 1 if keywords.has_key("KEYREVOKED"): reject("The key used to sign %s has been revoked." % (sig_filename)) bad = 1 @@ -1017,6 +1020,12 @@ used.""" if keywords.has_key("NODATA"): reject("no signature found in %s." % (sig_filename)) bad = 1 + if keywords.has_key("KEYEXPIRED") and not keywords.has_key("GOODSIG"): + args = keywords["KEYEXPIRED"] + if len(args) >= 1: + key = args[0] + reject("The key (0x%s) used to sign %s has expired." % (key, sig_filename)) + bad = 1 if bad: return None @@ -1051,7 +1060,7 @@ used.""" # Finally ensure there's not something we don't recognise known_keywords = Dict(VALIDSIG="",SIG_ID="",GOODSIG="",BADSIG="",ERRSIG="", SIGEXPIRED="",KEYREVOKED="",NO_PUBKEY="",BADARMOR="", - NODATA="") + NODATA="",NOTATION_DATA="",NOTATION_NAME="",KEYEXPIRED="") for keyword in keywords.keys(): if not known_keywords.has_key(keyword):