X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=utils.py;h=3bb751ebc5c22da794cda9e8e7ab68b210d5ca7e;hb=c5617d291dc17395a9d23c757d7dc815f6eed49e;hp=ce9f4f4a973af1b1559c93fadecc345b25cfb751;hpb=f92156d5ec5ea4aa65035a6835ec1b9e8c466230;p=dak.git diff --git a/utils.py b/utils.py index ce9f4f4a..3bb751eb 100644 --- a/utils.py +++ b/utils.py @@ -1,8 +1,8 @@ #!/usr/bin/env python # Utility functions -# Copyright (C) 2000, 2001, 2002 James Troup -# $Id: utils.py,v 1.52 2002-11-22 04:06:34 troup Exp $ +# Copyright (C) 2000, 2001, 2002, 2003 James Troup +# $Id: utils.py,v 1.57 2003-03-14 19:05:13 troup Exp $ # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -20,7 +20,7 @@ ################################################################################ -import commands, os, pwd, re, socket, shutil, string, sys, tempfile, traceback; +import commands, os, pwd, re, select, socket, shutil, string, sys, tempfile, traceback; import apt_pkg; import db_access; @@ -250,7 +250,7 @@ def build_file_list(changes, is_a_dsc=0): ###################################################################################### # Fix the `Maintainer:' field to be an RFC822 compatible address. -# cf. Packaging Manual (4.2.4) +# cf. Debian Policy Manual (D.2.4) # # 06:28| 'The standard sucks, but my tool is supposed to # interoperate with it. I know - I'll fix the suckage @@ -258,20 +258,20 @@ def build_file_list(changes, is_a_dsc=0): def fix_maintainer (maintainer): m = re_parse_maintainer.match(maintainer); - rfc822 = maintainer - name = "" - email = "" + rfc822 = maintainer; + name = ""; + email = ""; if m != None and len(m.groups()) == 2: - name = m.group(1) - email = m.group(2) + name = m.group(1); + email = m.group(2); if name.find(',') != -1 or name.find('.') != -1: - rfc822 = re_parse_maintainer.sub(r"\2 (\1)", maintainer) + rfc822 = "%s (%s)" % (email, name); return (rfc822, name, email) ###################################################################################### # sendmail wrapper, takes _either_ a message string or a file as arguments -def send_mail (message, filename): +def send_mail (message, filename=""): # Sanity check arguments if message != "" and filename != "": raise send_mail_invalid_args_exc; @@ -499,11 +499,11 @@ def result_join (original, sep = '\t'): ################################################################################ -def prefix_multi_line_string(str, prefix): +def prefix_multi_line_string(str, prefix, include_blank_lines=0): out = ""; for line in str.split('\n'): line = line.strip(); - if line: + if line or include_blank_lines: out += "%s%s\n" % (prefix, line); # Strip trailing new line if out: @@ -561,7 +561,7 @@ def parse_args(Options): # Process suite if Options["Suite"]: suite_ids_list = []; - for suite in Options["Suite"].split(): + for suite in split_args(Options["Suite"]): suite_id = db_access.get_suite_id(suite); if suite_id == -1: warn("suite '%s' not recognised." % (suite)); @@ -577,7 +577,7 @@ def parse_args(Options): # Process component if Options["Component"]: component_ids_list = []; - for component in Options["Component"].split(): + for component in split_args(Options["Component"]): component_id = db_access.get_component_id(component); if component_id == -1: warn("component '%s' not recognised." % (component)); @@ -595,7 +595,7 @@ def parse_args(Options): if Options["Architecture"]: arch_ids_list = []; check_source = 0; - for architecture in Options["Architecture"].split(): + for architecture in split_args(Options["Architecture"]): if architecture == "source": check_source = 1; else: @@ -643,6 +643,235 @@ def print_exc(): ################################################################################ +def try_with_debug(function): + try: + function(); + except SystemExit: + raise; + except: + print_exc(); + +################################################################################ + +# Function for use in sorting lists of architectures. +# Sorts normally except that 'source' dominates all others. + +def arch_compare_sw (a, b): + if a == "source" and b == "source": + return 0; + elif a == "source": + return -1; + elif b == "source": + return 1; + + return cmp (a, b); + +################################################################################ + +# Split command line arguments which can be separated by either commas +# or whitespace. If dwim is set, it will complain about string ending +# in comma since this usually means someone did 'madison -a i386, m68k +# foo' or something and the inevitable confusion resulting from 'm68k' +# being treated as an argument is undesirable. + +def split_args (s, dwim=1): + if s.find(",") == -1: + return s.split(); + else: + if s[-1:] == "," and dwim: + fubar("split_args: found trailing comma, spurious space maybe?"); + return s.split(","); + +################################################################################ + +def Dict(**dict): return dict + +######################################## + +# Our very own version of commands.getouputstatus(), hacked to support +# gpgv's status fd. +def gpgv_get_status_output(cmd, status_read, status_write): + cmd = ['/bin/sh', '-c', cmd]; + p2cread, p2cwrite = os.pipe(); + c2pread, c2pwrite = os.pipe(); + errout, errin = os.pipe(); + pid = os.fork(); + if pid == 0: + # Child + os.close(0); + os.close(1); + os.dup(p2cread); + os.dup(c2pwrite); + os.close(2); + os.dup(errin); + for i in range(3, 256): + if i != status_write: + try: + os.close(i); + except: + pass; + try: + os.execvp(cmd[0], cmd); + finally: + os._exit(1); + + # parent + os.close(p2cread) + os.dup2(c2pread, c2pwrite); + os.dup2(errout, errin); + + output = status = ""; + while 1: + i, o, e = select.select([c2pwrite, errin, status_read], [], []); + more_data = []; + for fd in i: + r = os.read(fd, 8196); + if len(r) > 0: + more_data.append(fd); + if fd == c2pwrite or fd == errin: + output += r; + elif fd == status_read: + status += r; + else: + fubar("Unexpected file descriptor [%s] returned from select\n" % (fd)); + if not more_data: + pid, exit_status = os.waitpid(pid, 0) + try: + os.close(status_write); + os.close(status_read); + os.close(c2pread); + os.close(c2pwrite); + os.close(p2cwrite); + os.close(errin); + os.close(errout); + except: + pass; + break; + + return output, status, exit_status; + +############################################################ + + +def check_signature (filename, reject): + """Check the signature of a file and return the fingerprint if the +signature is valid or 'None' if it's not. The first argument is the +filename whose signature should be checked. The second argument is a +reject function and is called when an error is found. The reject() +function must allow for two arguments: the first is the error message, +the second is an optional prefix string. It is possible that reject() +is called more than once during an invocation of check_signature().""" + + # Ensure the filename contains no shell meta-characters or other badness + if not re_taint_free.match(os.path.basename(filename)): + reject("!!WARNING!! tainted filename: '%s'." % (filename)); + return 0; + + # Invoke gpgv on the file + status_read, status_write = os.pipe(); + cmd = "gpgv --status-fd %s --keyring %s --keyring %s %s" \ + % (status_write, Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"], filename); + (output, status, exit_status) = gpgv_get_status_output(cmd, status_read, status_write); + + # Process the status-fd output + keywords = {}; + bad = internal_error = ""; + for line in status.split('\n'): + line = line.strip(); + if line == "": + continue; + split = line.split(); + if len(split) < 2: + internal_error += "gpgv status line is malformed (< 2 atoms) ['%s'].\n" % (line); + continue; + (gnupg, keyword) = split[:2]; + if gnupg != "[GNUPG:]": + internal_error += "gpgv status line is malformed (incorrect prefix '%s').\n" % (gnupg); + continue; + args = split[2:]; + if keywords.has_key(keyword) and (keyword != "NODATA" and keyword != "SIGEXPIRED"): + internal_error += "found duplicate status token ('%s').\n" % (keyword); + continue; + else: + keywords[keyword] = args; + + # If we failed to parse the status-fd output, let's just whine and bail now + if internal_error: + reject("internal error while performing signature check on %s." % (filename)); + reject(internal_error, ""); + reject("Please report the above errors to the Archive maintainers by replying to this mail.", ""); + return None; + + # Now check for obviously bad things in the processed output + if keywords.has_key("SIGEXPIRED"): + reject("key used to sign %s has expired." % (filename)); + bad = 1; + if keywords.has_key("KEYREVOKED"): + reject("key used to sign %s has been revoked." % (filename)); + bad = 1; + if keywords.has_key("BADSIG"): + reject("bad signature on %s." % (filename)); + bad = 1; + if keywords.has_key("ERRSIG") and not keywords.has_key("NO_PUBKEY"): + reject("failed to check signature on %s." % (filename)); + bad = 1; + if keywords.has_key("NO_PUBKEY"): + reject("key used to sign %s not found in keyring." % (filename)); + bad = 1; + if keywords.has_key("BADARMOR"): + reject("ascii armour of signature was corrupt in %s." % (filename)); + bad = 1; + if keywords.has_key("NODATA"): + reject("no signature found in %s." % (filename)); + bad = 1; + + if bad: + return None; + + # Next check gpgv exited with a zero return code + if exit_status: + reject("gpgv failed while checking %s." % (filename)); + if status.strip(): + reject(prefix_multi_line_string(status, " [GPG status-fd output:] "), ""); + else: + reject(prefix_multi_line_string(output, " [GPG output:] "), ""); + return None; + + # Sanity check the good stuff we expect + if not keywords.has_key("VALIDSIG"): + reject("signature on %s does not appear to be valid [No VALIDSIG]." % (filename)); + bad = 1; + else: + args = keywords["VALIDSIG"]; + if len(args) < 1: + reject("internal error while checking signature on %s." % (filename)); + bad = 1; + else: + fingerprint = args[0]; + if not keywords.has_key("GOODSIG"): + reject("signature on %s does not appear to be valid [No GOODSIG]." % (filename)); + bad = 1; + if not keywords.has_key("SIG_ID"): + reject("signature on %s does not appear to be valid [No SIG_ID]." % (filename)); + bad = 1; + + # Finally ensure there's not something we don't recognise + known_keywords = Dict(VALIDSIG="",SIG_ID="",GOODSIG="",BADSIG="",ERRSIG="", + SIGEXPIRED="",KEYREVOKED="",NO_PUBKEY="",BADARMOR="", + NODATA=""); + + for keyword in keywords.keys(): + if not known_keywords.has_key(keyword): + reject("found unknown status token '%s' from gpgv with args '%r' in %s." % (keyword, keywords[keyword], filename)); + bad = 1; + + if bad: + return None; + else: + return fingerprint; + +################################################################################ + apt_pkg.init() Cnf = apt_pkg.newConfiguration();