summaryrefslogtreecommitdiff
path: root/devel/management/commands
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2013-09-30 20:39:59 -0500
committerDan McGee <dan@archlinux.org>2013-09-30 20:45:10 -0500
commit92136757bfd20563999b0e1cf3f05685b60da6bd (patch)
treef74e0fa50f1e9b3cc5e403c991d2da66b9b33e16 /devel/management/commands
parentb3321537d3ec91fd6f8d1123881a94a0490f1bdc (diff)
Proper support for revoked signatures
The 'valid' column wasn't quite right. Add a new 'revoked' column that works similar to the one we have on keys and use it instead, properly parsing the output from `gpg` signature data and looking for the magic prefix string. Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'devel/management/commands')
-rw-r--r--devel/management/commands/pgp_import.py38
1 files changed, 24 insertions, 14 deletions
diff --git a/devel/management/commands/pgp_import.py b/devel/management/commands/pgp_import.py
index b1f29d77..faa9ff5e 100644
--- a/devel/management/commands/pgp_import.py
+++ b/devel/management/commands/pgp_import.py
@@ -176,8 +176,13 @@ def import_keys(keyring):
logger.info("created %d, updated %d keys", created_ct, updated_ct)
-SignatureData = namedtuple('SignatureData',
- ('signer', 'signee', 'created', 'expires', 'valid'))
+class SignatureData(object):
+ def __init__(self, signer, signee, created):
+ self.signer = signer
+ self.signee = signee
+ self.created = created
+ self.expires = None
+ self.revoked = None
def parse_sigdata(data):
@@ -192,21 +197,26 @@ def parse_sigdata(data):
if parts[0] == 'pub':
current_pubkey = parts[4]
nodes[current_pubkey] = None
- if parts[0] == 'uid':
+ elif parts[0] == 'uid':
uid = parts[9]
# only set uid if this is the first one encountered
if nodes[current_pubkey] is None:
nodes[current_pubkey] = uid
- if parts[0] == 'sig':
+ elif parts[0] == 'sig':
signer = parts[4]
created = get_date(parts[5])
- expires = None
+ edge = SignatureData(signer, current_pubkey, created)
if parts[6]:
- expires = get_date(parts[6])
- valid = parts[1] != '-'
- edge = SignatureData(signer, current_pubkey,
- created, expires, valid)
+ edge.expires = get_date(parts[6])
edges.append(edge)
+ elif parts[0] == 'rev':
+ signer = parts[4]
+ revoked = get_date(parts[5])
+ # revoke any prior edges that match
+ matches = [e for e in edges if e.signer == signer
+ and e.signee == current_pubkey]
+ for edge in matches:
+ edge.revoked = revoked
return nodes, edges
@@ -220,18 +230,18 @@ def import_signatures(keyring):
pruned_edges = {edge for edge in edges
if edge.signer in nodes and edge.signer != edge.signee}
- logger.info("creating or finding %d signatures", len(pruned_edges))
+ logger.info("creating or finding up to %d signatures", len(pruned_edges))
created_ct = updated_ct = 0
with transaction.commit_on_success():
for edge in pruned_edges:
sig, created = PGPSignature.objects.get_or_create(
signer=edge.signer, signee=edge.signee,
created=edge.created, expires=edge.expires,
- defaults={ 'valid': edge.valid })
- if sig.valid != edge.valid:
- sig.valid = edge.valid
+ defaults={ 'revoked': edge.revoked })
+ if sig.revoked != edge.revoked:
+ sig.revoked = edge.revoked
sig.save()
- updated_ct = 1
+ updated_ct += 1
if created:
created_ct += 1