externalsignature.py 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
  1. """external signature requests
  2. @contact: Debian FTP Master <ftpmaster@debian.org>
  3. @copyright: 2018 Ansgar Burchardt <ansgar@debian.org>
  4. @license: GNU General Public License version 2 or later
  5. """
  6. # This program is free software; you can redistribute it and/or modify
  7. # it under the terms of the GNU General Public License as published by
  8. # the Free Software Foundation; either version 2 of the License, or
  9. # (at your option) any later version.
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU General Public License for more details.
  14. # You should have received a copy of the GNU General Public License
  15. # along with this program; if not, write to the Free Software
  16. # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  17. import json
  18. import sqlalchemy.sql as sql
  19. import sqlalchemy.dialects.postgresql as pgsql
  20. import daklib.gpg
  21. from daklib.config import Config
  22. from daklib.dbconn import DBConn
  23. def export_external_signature_requests(session, path):
  24. tbl_arch = DBConn().tbl_architecture
  25. tbl_ba = DBConn().tbl_bin_associations
  26. tbl_bin = DBConn().tbl_binaries
  27. tbl_esr = DBConn().tbl_external_signature_requests
  28. tbl_suite = DBConn().tbl_suite
  29. query = sql.select([tbl_bin.c.package, tbl_suite.c.suite_name, tbl_suite.c.codename, tbl_arch.c.arch_string, sql.func.max(tbl_bin.c.version)]) \
  30. .select_from(tbl_esr.join(tbl_suite).join(tbl_ba, tbl_ba.c.id == tbl_esr.c.association_id).join(tbl_bin).join(tbl_arch)) \
  31. .group_by(tbl_bin.c.package, tbl_suite.c.suite_name, tbl_suite.c.codename, tbl_arch.c.arch_string)
  32. requests = session.execute(query)
  33. data = {
  34. 'packages': [
  35. {
  36. 'package': row[0],
  37. 'suite': row[1],
  38. 'codename': row[2],
  39. 'architecture': row[3],
  40. 'version': row[4],
  41. }
  42. for row in requests],
  43. }
  44. with open(path, 'w') as fh:
  45. json.dump(data, fh, indent=2)
  46. def sign_external_signature_requests(session, path, keyids, args={}):
  47. outpath = '{}.gpg'.format(path)
  48. with open(path, 'r') as infile, open(outpath, 'w') as outfile:
  49. daklib.gpg.sign(infile, outfile, keyids, inline=False, **args)
  50. def add_external_signature_request(session, target_suite, suite, binary):
  51. tbl_ba = DBConn().tbl_bin_associations
  52. tbl_esr = DBConn().tbl_external_signature_requests
  53. select = sql.select([tbl_ba.c.id, target_suite.suite_id]).where((tbl_ba.c.suite == suite.suite_id) & (tbl_ba.c.bin == binary.binary_id))
  54. insert = pgsql.insert(tbl_esr).from_select([tbl_esr.c.association_id, tbl_esr.c.suite_id], select).on_conflict_do_nothing()
  55. session.execute(insert)
  56. def check_upload_for_external_signature_request(session, target_suite, suite, binary):
  57. if 'External-Signature-Requests' not in Config():
  58. return
  59. config = Config().subtree('External-Signature-Requests')
  60. config_sources = config.subtree('Sources')
  61. source = binary.source
  62. if source.source not in config_sources:
  63. return
  64. src_config = config_sources.subtree(source.source)
  65. if binary.package not in src_config.value_list('Packages'):
  66. return
  67. suites = config.value_list('Default-Suites')
  68. if 'Suites' in src_config:
  69. suites = src_config.value_list('Suites')
  70. if target_suite.suite_name not in suites:
  71. return
  72. archs = config.value_list('Default-Architectures')
  73. if 'Architectures' in src_config:
  74. archs = src_config.value_list('Architectures')
  75. if binary.architecture.arch_string not in archs:
  76. return
  77. add_external_signature_request(session, target_suite, suite, binary)