From: Mark Hymers Date: Wed, 8 Apr 2009 20:45:46 +0000 (+0100) Subject: Fix the is_dm check to deal with the fact we have typing in our DB layer X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=62a9fbf198995587478b98571db7601ff6449b8c;p=dak.git Fix the is_dm check to deal with the fact we have typing in our DB layer This code is still fundamentally wrong (assuming unknown UIDs are DDs is idiotic; of course we know that the keys have had to pass the sig check against the keyring so it's not a security issue thankfully; it just might give a one shot limited window for DMs to upload non-DM packages) Signed-off-by: Mark Hymers --- diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index 8f9857f4..403f1400 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -1014,7 +1014,7 @@ def lookup_uid_from_fingerprint(fpr): if qs: return qs else: - return (None, None, None) + return (None, None, False) def check_signed_by_key(): """Ensure the .changes is signed by an authorized uploader.""" @@ -1024,17 +1024,22 @@ def check_signed_by_key(): uid_name = "" # match claimed name with actual name: - if uid == None: + if uid is None: + # This is fundamentally broken but need us to refactor how we get + # the UIDs/Fingerprints in order for us to fix it properly uid, uid_email = changes["fingerprint"], uid may_nmu, may_sponsor = 1, 1 # XXX by default new dds don't have a fingerprint/uid in the db atm, # and can't get one in there if we don't allow nmu/sponsorship - elif is_dm is "t": - uid_email = uid - may_nmu, may_sponsor = 0, 0 - else: + elif is_dm is False: + # If is_dm is False, we allow full upload rights uid_email = "%s@debian.org" % (uid) may_nmu, may_sponsor = 1, 1 + else: + # Assume limited upload rights unless we've discovered otherwise + uid_email = uid + may_nmu, may_sponsor = 0, 0 + if uid_email in [changes["maintaineremail"], changes["changedbyemail"]]: sponsored = 0