check keyring uids for uploader address before adding presumed sponsor to recipient

diff --git a/ChangeLog b/ChangeLog
index 76f68664701b7a2b09752b362f89fd70e61f4a7c..c4298b10e67a42b1b9f56708c4c1a9a37e038c65 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,14 @@
-2008-04-23  Thomas Viehmann  <tviehmann@ries.debian.org>
+2008-04-23  Thomas Viehmann  <tviehmann@debian.org>
 
        * dak/process_unchecked.py: add changes["sponsoremail"]
          for sponsored uploads if desired
+       * daklib/queue.py: add changes["sponsoremail"] to
+         Subst["__MAINTAINER_TO__"] if present
        * daklib/utils.py: add functions
-         is_email_alias to check which accounts allow email forwarding and
-         which_alias_file to find the alias file
+         is_email_alias to check which accounts allow email forwarding,
+         which_alias_file to find the alias file, and
+         gpg_get_key_addresses to find uid addresses for a given
+           fingerprint
 
 2008-04-22  Joerg Jaspert  <joerg@debian.org>
 

diff --git a/dak/process_unchecked.py b/dak/process_unchecked.py
index d33408cfa229d1829a6a91694d8bb1943a11cd61..82133068be56c33fb4d4b96b6908467eaafb14b5 100755 (executable)
--- a/dak/process_unchecked.py
+++ b/dak/process_unchecked.py
@@ -1073,7 +1073,10 @@ def check_signed_by_key():
     else:
         sponsored = 1
         if daklib.utils.is_email_alias(uid_email):
-            changes["sponsoremail"] = uid_email
+            sponsor_addresses = daklib.utils.gpg_get_key_addresses(changes["fingerprint"])
+            if (changes["maintaineremail"] not in sponsor_addresses and
+                changes["changedbyemail"] not in sponsor_addresses):
+                changes["sponsoremail"] = uid_email
 
     if sponsored and not may_sponsor: 
         reject("%s is not authorised to sponsor uploads" % (uid))

diff --git a/daklib/utils.py b/daklib/utils.py
index c4c55723ddee9f87fc64e3fab805ed4e56688c95..0d22bd1d236ec11b6ccf88c9632f5dd72d95bd68 100755 (executable)
--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -41,6 +41,7 @@ re_multi_line_field = re.compile(r"^\s(.*)")
 re_taint_free = re.compile(r"^[-+~/\.\w]+$")
 
 re_parse_maintainer = re.compile(r"^\s*(\S.*\S)\s*\<([^\>]+)\>")
+re_gpg_uid = re.compile('^uid.*<([^>]*)>')
 
 re_srchasver = re.compile(r"^(\S+)\s+\((\S+)\)$")
 re_verwithext = re.compile(r"^(\d+)(?:\.(\d+))(?:\s+\((\S+)\))?$")
@@ -60,6 +61,7 @@ default_config = "/etc/dak/dak.conf"
 default_apt_config = "/etc/dak/apt.conf"
 
 alias_cache = None
+key_uid_email_cache = {}
 
 ################################################################################
 
@@ -1091,6 +1093,25 @@ used."""
 
 ################################################################################
 
+def gpg_get_key_addresses(fingerprint):
+  """retreive email addresses from gpg key uids for a given fingerprint"""
+  addresses = key_uid_email_cache.get(fingerprint)
+  if addresses != None:
+      return addresses
+  addresses = set()
+  cmd = "gpg --no-default-keyring %s --fingerprint %s" \
+              % (gpg_keyring_args(), fingerprint)
+  (result, output) = commands.getstatusoutput(cmd)
+  if result == 0:
+    for l in output.split('\n'):
+      m = re_gpg_uid.match(l)
+      if m:
+        addresses.add(m.group(1))
+  key_uid_email_cache[fingerprint] = addresses
+  return addresses
+
+################################################################################
+
 # Inspired(tm) by http://www.zopelabs.com/cookbook/1022242603
 
 def wrap(paragraph, max_length, prefix=""):