From: Anthony Towns <aj@azure.humbug.org.au>
Date: Fri, 21 Mar 2008 11:34:50 +0000 (+0000)
Subject: * config/debian/extensions.py: Add infrastructure for replacing
X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=71c1d8b083313bceda4f38a07ce1b276ab2996cb;p=dak.git

* config/debian/extensions.py: Add infrastructure for replacing
functions in dak modules; add upload blocking for dpkg.
---

diff --git a/ChangeLog b/ChangeLog
index 79a893b3..59daedac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2008-03-21  Anthony Towns <ajt@debian.org>
+
+	* config/debian/extensions.py: Add infrastructure for replacing
+	functions in dak modules; add upload blocking for dpkg.
+
 2008-02-06  Joerg Jaspert  <joerg@debian.org>
 
 	* daklib/utils.py (check_signature): Make variable key available,
diff --git a/config/debian/extensions.py b/config/debian/extensions.py
index 44bd5c72..7e418db3 100644
--- a/config/debian/extensions.py
+++ b/config/debian/extensions.py
@@ -1,2 +1,40 @@
-import sys
+import sys, os
+
+# This function and its data should move into daklib/extensions.py
+# or something.
+replaced_funcs = {}
+replace_funcs = {}
+def replace_dak_function(module,name):
+    def x(f):
+        replace_funcs["%s:%s" % (module,name)] = f
+    return x
+
+@replace_dak_function("process-unchecked", "check_signed_by_key")
+def check_signed_by_key():
+    changes = dak_module.changes
+    reject = dak_module.reject
+
+    if changes["source"] == "dpkg":
+        fpr = changes["fingerprint"]
+        (uid, uid_name) = dak_module.lookup_uid_from_fingerprint(fpr)
+        if fpr == "5906F687BD03ACAD0D8E602EFCF37657" or uid == "iwj":
+            reject("Upload blocked due to hijack attempt 2008/03/19")
+
+	    # NB: 1.15.0, 1.15.2 signed by this key targetted at unstable
+	    #     have been made available in the wild, and should not be
+	    #     blocked until Debian's dpkg has revved past those version
+	    #     numbers
+
+    replaced_funcs["check_signed_by_key"]()
+
+def init(name):
+    global replaced_funcs
+
+    # This bit should be done automatically too
+    replaced_funcs = {}
+    for f,newfunc in replace_funcs.iteritems():
+        m,f = f.split(":",1)
+        if len(f) > 0 and m == name:
+	    replaced_funcs[f] = dak_module.__dict__[f]
+	    dak_module.__dict__[f] = newfunc