From c1d61400bda8949c58a1cc80ac97c2f462e74a88 Mon Sep 17 00:00:00 2001 From: James Troup Date: Tue, 11 Feb 2003 18:09:38 +0000 Subject: [PATCH] Add emilie --- docs/README.first | 1 + docs/README.names | 15 ++-- emilie | 193 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 202 insertions(+), 7 deletions(-) create mode 100755 emilie diff --git a/docs/README.first b/docs/README.first index 07a1e3f9..ce19bb12 100644 --- a/docs/README.first +++ b/docs/README.first @@ -75,6 +75,7 @@ Mostly Debian(.org) specific o amber - wrapper for Debian security team o halle - removes obsolete .changes files from proposed-updates o jeri - basic dependency checking for proposed-updates +o emilie - syncs fingerprint and uid information with a debian.org LDAP DB Very Incomplete or otherwise not generally useful ------------------------------------------------- diff --git a/docs/README.names b/docs/README.names index 8485707e..7a571ac3 100644 --- a/docs/README.names +++ b/docs/README.names @@ -7,6 +7,7 @@ charisma - generates Maintainers files used by e.g. the Debian BTS cindy - override cruft checker claire - generates compatability symlink tree for legacy dists/ locations denise - outputs the override tables to text files +emilie - syncs fingerprint and uid tables with a Debian LDAP DB fernanda - checker script for new packages in incoming halle - removes obsolete .changes files from proposed-updates heidi - manipulates suite tags; i.e. removes/adds packages from any given suite @@ -32,12 +33,12 @@ ziyi - creates Release files With apologies to Alyson Hannigan, Amber Benson, Andrea Corr, Ashley Judd, Catherine Zeta Jones, Charisma Carpenter, Cindy Crawford, - Claire Forlani, Denise Richards, Fernanda Tavares, Halle Berry, Heidi - Klum, Helena Christensen, Jenna Elfman, Jennifer Lopez, Jeri Ryan, - Julia Roberts, Katie Holmes, Kelly Brook, Lisa Falkner, Madison - Michele, Melanie Sykes, Natalie Portman, Neve Campbell, Rene - O'Connor, Rose McGowan, Rhona Mitra, Saffron Burrows, Shania Twain, - Tea Leoni and Ziyi Zhang. + Claire Forlani, Denise Richards, Emilie de Ravin, Fernanda Tavares, + Halle Berry, Heidi Klum, Helena Christensen, Jenna Elfman, Jennifer + Lopez, Jeri Ryan, Julia Roberts, Katie Holmes, Kelly Brook, Lisa + Falkner, Madison Michele, Melanie Sykes, Natalie Portman, Neve + Campbell, Rene O'Connor, Rose McGowan, Rhona Mitra, Saffron Burrows, + Shania Twain, Tea Leoni and Ziyi Zhang. In Use Elsewhere: ----------------- @@ -83,7 +84,7 @@ Gillian (Anderson) Gina (Gershon) Gwyneth (Paltrow) Heather (Graham) -Holly (Valance) +Holly (Marie Combs) Janel (Moloney) Jessica (Alba) Jewel (Kilcher) diff --git a/emilie b/emilie new file mode 100755 index 00000000..7000fce2 --- /dev/null +++ b/emilie @@ -0,0 +1,193 @@ +#!/usr/bin/env python + +# Sync fingerprint and uid tables with a debian.org LDAP DB +# Copyright (C) 2003 James Troup +# $Id: emilie,v 1.1 2003-02-11 18:09:38 troup Exp $ + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +################################################################################ + +import commands, ldap, pg, re, sys, time; +import apt_pkg; +import db_access, utils; + +################################################################################ + +Cnf = None; +projectB = None; + +re_gpg_fingerprint = re.compile(r"^\s+Key fingerprint = (.*)$", re.MULTILINE); +re_debian_address = re.compile(r"^.*<(.*)@debian\.org>$", re.MULTILINE); + +################################################################################ + +def usage(exit_code=0): + print """Usage: emilie +Syncs fingerprint and uid tables with a debian.org LDAP DB + + -h, --help show this help and exit.""" + sys.exit(exit_code) + +################################################################################ + +def get_ldap_value(entry, value): + ret = entry.get(value); + if not ret: + return ""; + else: + # FIXME: what about > 0 ? + return ret[0]; + +def main(): + global Cnf, projectB; + + Cnf = utils.get_conf() + Arguments = [('h',"help","Emilie::Options::Help")]; + for i in [ "help" ]: + if not Cnf.has_key("Emilie::Options::%s" % (i)): + Cnf["Emilie::Options::%s" % (i)] = ""; + + apt_pkg.ParseCommandLine(Cnf, Arguments, sys.argv); + + Options = Cnf.SubTree("Emilie::Options") + if Options["Help"]: + usage(); + + projectB = pg.connect(Cnf["DB::Name"], Cnf["DB::Host"], int(Cnf["DB::Port"])); + db_access.init(Cnf, projectB); + + #before = time.time(); + #sys.stderr.write("[Getting info from the LDAP server..."); + LDAPDn = Cnf["Emilie::LDAPDn"]; + LDAPServer = Cnf["Emilie::LDAPServer"]; + l = ldap.open(LDAPServer); + l.simple_bind_s("",""); + Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL, + "(&(keyfingerprint=*)(gidnumber=%s))" % (Cnf["Julia::ValidGID"]), + ["uid", "keyfingerprint"]); + #sys.stderr.write("done. (%d seconds)]\n" % (int(time.time()-before))); + + + projectB.query("BEGIN WORK"); + + + # Sync LDAP with DB + db_fin_uid = {}; + ldap_fin_uid_id = {}; + q = projectB.query(""" +SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id + UNION SELECT f.fingerprint, f.id, null FROM fingerprint f where f.uid is null"""); + for i in q.getresult(): + (fingerprint, fingerprint_id, uid) = i; + db_fin_uid[fingerprint] = (uid, fingerprint_id); + + for i in Attrs: + entry = i[1]; + fingerprints = entry["keyfingerprint"]; + uid = entry["uid"][0]; + uid_id = db_access.get_or_set_uid_id(uid); + for fingerprint in fingerprints: + ldap_fin_uid_id[fingerprint] = (uid, uid_id); + if db_fin_uid.has_key(fingerprint): + (existing_uid, fingerprint_id) = db_fin_uid[fingerprint]; + if not existing_uid: + q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)); + print "Assigning %s to 0x%s." % (uid, fingerprint); + else: + if existing_uid != uid: + utils.fubar("%s has %s in LDAP, but projectB says it should be %s." % (uid, fingerprint, existing_uid)); + + # Try to update people who sign with non-primary key + q = projectB.query("SELECT fingerprint, id FROM fingerprint WHERE uid is null"); + for i in q.getresult(): + (fingerprint, fingerprint_id) = i; + cmd = "gpg --no-default-keyring --keyring=%s --keyring=%s --fingerprint %s" \ + % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"], + fingerprint); + (result, output) = commands.getstatusoutput(cmd); + if result == 0: + m = re_gpg_fingerprint.search(output); + if not m: + print output + utils.fubar("0x%s: No fingerprint found in gpg output but it returned 0?\n%s" % (fingerprint, utils.prefix_multi_line_string(output, " [GPG output:] "))); + primary_key = m.group(1); + primary_key = primary_key.replace(" ",""); + if not ldap_fin_uid_id.has_key(primary_key): + utils.fubar("0x%s (from 0x%s): no UID found in LDAP" % (primary_key, fingerprint)); + (uid, uid_id) = ldap_fin_uid_id[primary_key]; + q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)); + print "Assigning %s to 0x%s." % (uid, fingerprint); + else: + extra_keyrings = ""; + for keyring in Cnf.ValueList("Emilie::ExtraKeyrings"): + extra_keyrings += " --keyring=%s" % (keyring); + cmd = "gpg --keyring=%s --keyring=%s %s --list-key %s" \ + % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"], + extra_keyrings, fingerprint); + (result, output) = commands.getstatusoutput(cmd); + if result != 0: + cmd = "gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s" % (Cnf["Emilie::KeyServer"], fingerprint); + (result, output) = commands.getstatusoutput(cmd); + if result != 0: + print "0x%s: NOT found on keyserver." % (fingerprint); + print cmd + print result + print output + continue; + else: + cmd = "gpg --list-key %s" % (fingerprint); + (result, output) = commands.getstatusoutput(cmd); + if result != 0: + print "0x%s: --list-key returned error after --recv-key didn't." % (fingerprint); + print cmd + print result + print output + continue; + m = re_debian_address.search(output); + if m: + guess_uid = m.group(1); + else: + guess_uid = "???"; + name = " ".join(output.split('\n')[0].split()[3:]); + print "0x%s -> %s -> %s" % (fingerprint, name, guess_uid); + # FIXME: make me optionally non-interactive + # FIXME: default to the guessed ID + uid = None; + while not uid: + uid = utils.our_raw_input("Map to which UID ? "); + Attrs = l.search_s(LDAPDn,ldap.SCOPE_ONELEVEL,"(uid=%s)" % (uid), ["cn","mn","sn"]) + if not Attrs: + print "That UID doesn't exist in LDAP!" + uid = None; + else: + entry = Attrs[0][1]; + name = " ".join([get_ldap_value(entry, "cn"), + get_ldap_value(entry, "mn"), + get_ldap_value(entry, "sn")]); + prompt = "Map to %s - %s (y/N) ? " % (uid, name.replace(" "," ")); + yn = utils.our_raw_input(prompt).lower(); + if yn == "y": + uid_id = db_access.get_or_set_uid_id(uid); + projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)); + print "Assigning %s to 0x%s." % (uid, fingerprint); + else: + uid = None; + projectB.query("COMMIT WORK"); + +############################################################ + +if __name__ == '__main__': + main() -- 2.39.5