rejection mail, closes: #543960

we now also send a mail to the maintainer when we had trouble
verifying the signature due to key expire. closes: #543960
That is, provided we can still parse the changes file.

Signed-off-by: Joerg Jaspert <joerg@debian.org>

diff --git a/dak/process_upload.py b/dak/process_upload.py
index 4d1cbc2f6677da8d5ae58fe4c05ea2beef6b97f6..0f50137c8cbe98e7c45b3b2f3145f80b28660af1 100755 (executable)
--- a/dak/process_upload.py
+++ b/dak/process_upload.py
@@ -176,6 +176,7 @@ from daklib.urgencylog import UrgencyLog
 from daklib.summarystats import SummaryStats
 from daklib.holding import Holding
 from daklib.config import Config
+from daklib.regexes import re_match_expired
 
 ###############################################################################
 
@@ -378,6 +379,12 @@ def process_it(changes_file, session):
         if u.pkg.changes["fingerprint"]:
             valid_changes_p = u.load_changes(changespath)
         else:
+            for reason in rejects:
+                if re_match_expired.match(reason):
+                    # Hrm, key expired. Lets see if we can still parse the .changes before
+                    # we reject. Then we would be able to mail the maintainer, instead of
+                    # just silently dropping the upload.
+                    u.load_changes(changespath)
             valid_changes_p = False
             u.rejects.extend(rejects)
 

diff --git a/daklib/regexes.py b/daklib/regexes.py
old mode 100644 (file)
new mode 100755 (executable)
index 9040e21..daf16ff
--- a/daklib/regexes.py
+++ b/daklib/regexes.py
@@ -113,3 +113,6 @@ re_user_name = re.compile(r"^pub:.*:(.*)<.*$", re.MULTILINE);
 re_re_mark = re.compile(r'^RE:')
 
 re_parse_lintian = re.compile(r"^(?P<level>W|E|O): (?P<package>.*?): (?P<tag>[^ ]*) ?(?P<description>.*)$")
+
+# in process-upload
+re_match_expired = re.compile(r"^The key used to sign .+ has expired on .+$")