From df2a04bb5eb1f3398f61fef7139f267e430dc188 Mon Sep 17 00:00:00 2001 From: Thomas Viehmann Date: Thu, 24 Apr 2008 16:15:05 +0000 Subject: [PATCH] check keyring uids for uploader address before adding presumed sponsor to recipient --- ChangeLog | 10 +++++++--- dak/process_unchecked.py | 5 ++++- daklib/utils.py | 21 +++++++++++++++++++++ 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 76f68664..c4298b10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,10 +1,14 @@ -2008-04-23 Thomas Viehmann +2008-04-23 Thomas Viehmann * dak/process_unchecked.py: add changes["sponsoremail"] for sponsored uploads if desired + * daklib/queue.py: add changes["sponsoremail"] to + Subst["__MAINTAINER_TO__"] if present * daklib/utils.py: add functions - is_email_alias to check which accounts allow email forwarding and - which_alias_file to find the alias file + is_email_alias to check which accounts allow email forwarding, + which_alias_file to find the alias file, and + gpg_get_key_addresses to find uid addresses for a given + fingerprint 2008-04-22 Joerg Jaspert diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py index d33408cf..82133068 100755 --- a/dak/process_unchecked.py +++ b/dak/process_unchecked.py @@ -1073,7 +1073,10 @@ def check_signed_by_key(): else: sponsored = 1 if daklib.utils.is_email_alias(uid_email): - changes["sponsoremail"] = uid_email + sponsor_addresses = daklib.utils.gpg_get_key_addresses(changes["fingerprint"]) + if (changes["maintaineremail"] not in sponsor_addresses and + changes["changedbyemail"] not in sponsor_addresses): + changes["sponsoremail"] = uid_email if sponsored and not may_sponsor: reject("%s is not authorised to sponsor uploads" % (uid)) diff --git a/daklib/utils.py b/daklib/utils.py index c4c55723..0d22bd1d 100755 --- a/daklib/utils.py +++ b/daklib/utils.py @@ -41,6 +41,7 @@ re_multi_line_field = re.compile(r"^\s(.*)") re_taint_free = re.compile(r"^[-+~/\.\w]+$") re_parse_maintainer = re.compile(r"^\s*(\S.*\S)\s*\<([^\>]+)\>") +re_gpg_uid = re.compile('^uid.*<([^>]*)>') re_srchasver = re.compile(r"^(\S+)\s+\((\S+)\)$") re_verwithext = re.compile(r"^(\d+)(?:\.(\d+))(?:\s+\((\S+)\))?$") @@ -60,6 +61,7 @@ default_config = "/etc/dak/dak.conf" default_apt_config = "/etc/dak/apt.conf" alias_cache = None +key_uid_email_cache = {} ################################################################################ @@ -1091,6 +1093,25 @@ used.""" ################################################################################ +def gpg_get_key_addresses(fingerprint): + """retreive email addresses from gpg key uids for a given fingerprint""" + addresses = key_uid_email_cache.get(fingerprint) + if addresses != None: + return addresses + addresses = set() + cmd = "gpg --no-default-keyring %s --fingerprint %s" \ + % (gpg_keyring_args(), fingerprint) + (result, output) = commands.getstatusoutput(cmd) + if result == 0: + for l in output.split('\n'): + m = re_gpg_uid.match(l) + if m: + addresses.add(m.group(1)) + key_uid_email_cache[fingerprint] = addresses + return addresses + +################################################################################ + # Inspired(tm) by http://www.zopelabs.com/cookbook/1022242603 def wrap(paragraph, max_length, prefix=""): -- 2.39.5