X-Git-Url: https://git.decadent.org.uk/gitweb/?p=dak.git;a=blobdiff_plain;f=dak%2Fimport_keyring.py;h=3b53bff39f5973a496be04d730b3e34f1e601b7b;hp=e26eb7e54d390d46641a506fba310427262267ee;hb=5a61a05250b1bf5d54661103e8999eb7c7fc9207;hpb=0872b2e0b78670c91fd2bf0bda52e5761e079820 diff --git a/dak/import_keyring.py b/dak/import_keyring.py index e26eb7e5..3b53bff3 100755 --- a/dak/import_keyring.py +++ b/dak/import_keyring.py @@ -48,13 +48,30 @@ def get_fingerprint_info(session): fins[fingerprint] = (uid, fingerprint_id, keyring) return fins +def list_uids(session, pattern): + sql_pattern = "%%%s%%" % pattern + message = "List UIDs matching pattern %s" % sql_pattern + message += "\n" + ("=" * len(message)) + print message + uid_query = session.query(Uid).filter(Uid.uid.ilike(sql_pattern)) + for uid in uid_query.all(): + print "\nuid %s" % uid.uid + for fp in uid.fingerprint: + print " fingerprint %s" % fp.fingerprint + keyring = "unknown" + if fp.keyring: + keyring = fp.keyring.keyring_name + print " keyring %s" % keyring + ################################################################################ def usage (exit_code=0): print """Usage: dak import-keyring [OPTION]... [KEYRING] -h, --help show this help and exit. -L, --import-ldap-users generate uid entries for keyring from LDAP - -U, --generate-users FMT generate uid entries from keyring as FMT""" + -U, --generate-users FMT generate uid entries from keyring as FMT + -l, --list-uids STRING list all uids matching *STRING* + -n, --no-action don't change database""" sys.exit(exit_code) @@ -67,30 +84,37 @@ def main(): Arguments = [('h',"help","Import-Keyring::Options::Help"), ('L',"import-ldap-users","Import-Keyring::Options::Import-Ldap-Users"), ('U',"generate-users","Import-Keyring::Options::Generate-Users", "HasArg"), + ('l',"list-uids","Import-Keyring::Options::List-UIDs", "HasArg"), + ('n',"no-action","Import-Keyring::Options::No-Action"), ] - for i in [ "help", "report-changes", "generate-users", "import-ldap-users" ]: + for i in [ "help", "report-changes", "generate-users", + "import-ldap-users", "list-uids", "no-action" ]: if not cnf.has_key("Import-Keyring::Options::%s" % (i)): cnf["Import-Keyring::Options::%s" % (i)] = "" - keyring_names = apt_pkg.ParseCommandLine(cnf.Cnf, Arguments, sys.argv) + keyring_names = apt_pkg.parse_commandline(cnf.Cnf, Arguments, sys.argv) ### Parse options - Options = cnf.SubTree("Import-Keyring::Options") + Options = cnf.subtree("Import-Keyring::Options") if Options["Help"]: usage() + ### Initialise + session = DBConn().session() + + if Options["List-UIDs"]: + list_uids(session, Options["List-UIDs"]) + sys.exit(0) + if len(keyring_names) != 1: usage(1) ### Keep track of changes made changes = [] # (uid, changes strings) - ### Initialise - session = DBConn().session() - ### Cache all the existing fingerprint entries db_fin_info = get_fingerprint_info(session) @@ -153,14 +177,9 @@ def main(): changes.append((db_uid_byid.get(u, [None])[0], "Removed key: %s" % (f))) session.execute("""UPDATE fingerprint - SET keyring = NULL, - source_acl_id = NULL, - binary_acl_id = NULL, - binary_reject = TRUE + SET keyring = NULL WHERE id = :fprid""", {'fprid': fid}) - session.execute("""DELETE FROM binary_acl_map WHERE fingerprint_id = :fprid""", {'fprid': fid}) - # For the keys in this keyring, add/update any fingerprints that've # changed. @@ -184,28 +203,13 @@ def main(): if newuid: fp.uid_id = newuid - fp.binary_acl_id = keyring.default_binary_acl_id - fp.source_acl_id = keyring.default_source_acl_id - fp.default_binary_reject = keyring.default_binary_reject session.add(fp) session.flush() - for k in keyring.keyring_acl_map: - ba = BinaryACLMap() - ba.fingerprint_id = fp.fingerprint_id - ba.architecture_id = k.architecture_id - session.add(ba) - session.flush() - else: - if newuid and olduid != newuid: - if olduid != -1: - changes.append((newuiduid, "Linked key: %s" % f)) - changes.append((newuiduid, " (formerly belonging to %s)" % (db_uid_byid[olduid][0]))) - else: - changes.append((newuiduid, "Linked key: %s" % f)) - changes.append((newuiduid, " (formerly unowned)")) - + if newuid and olduid != newuid and olduid == -1: + changes.append((newuiduid, "Linked key: %s" % f)) + changes.append((newuiduid, " (formerly unowned)")) session.execute("UPDATE fingerprint SET uid = :uid WHERE id = :fpr", {'uid': newuid, 'fpr': oldfid}) @@ -226,35 +230,24 @@ def main(): # Only change the keyring if it won't result in a loss of permissions if movekey: - session.execute("""DELETE FROM binary_acl_map WHERE fingerprint_id = :fprid""", {'fprid': oldfid}) - session.execute("""UPDATE fingerprint - SET keyring = :keyring, - source_acl_id = :source_acl_id, - binary_acl_id = :binary_acl_id, - binary_reject = :binary_reject + SET keyring = :keyring WHERE id = :fpr""", {'keyring': keyring.keyring_id, - 'source_acl_id': keyring.default_source_acl_id, - 'binary_acl_id': keyring.default_binary_acl_id, - 'binary_reject': keyring.default_binary_reject, 'fpr': oldfid}) session.flush() - for k in keyring.keyring_acl_map: - ba = BinaryACLMap() - ba.fingerprint_id = oldfid - ba.architecture_id = k.architecture_id - session.add(ba) - session.flush() - else: - print "Key %s exists in both %s and %s keyrings. Not demoting." % (oldkeyring.keyring_name, + print "Key %s exists in both %s and %s keyrings. Not demoting." % (f, + oldkeyring.keyring_name, keyring.keyring_name) # All done! - session.commit() + if Options["No-Action"]: + session.rollback() + else: + session.commit() # Print a summary changesd = {}