diff options
author | Dan McGee <dan@archlinux.org> | 2012-03-23 23:33:55 +0100 |
---|---|---|
committer | Dan McGee <dan@archlinux.org> | 2012-04-07 21:53:08 +0200 |
commit | 1a2f117037fd8b01ec1e1e3cce5186d7bfac1a78 (patch) | |
tree | e47e83bc34af9ca22705f9d073f6cc36524edfa9 /devel | |
parent | 84f98e3e0b9ef319f501795099cc32bce1bf6a81 (diff) | |
download | archweb-1a2f117037fd8b01ec1e1e3cce5186d7bfac1a78.tar.gz archweb-1a2f117037fd8b01ec1e1e3cce5186d7bfac1a78.tar.xz |
Add a mismatched signatures developer report
This finds odd signatures in our repositories, which includes signature
times not matching with build dates, different signer and packager, etc.
We enhance our user lookup helper class to look up users by PGP key.
Signed-off-by: Dan McGee <dan@archlinux.org>
Diffstat (limited to 'devel')
-rw-r--r-- | devel/utils.py | 17 | ||||
-rw-r--r-- | devel/views.py | 23 |
2 files changed, 38 insertions, 2 deletions
diff --git a/devel/utils.py b/devel/utils.py index ec035d1..85b4e42 100644 --- a/devel/utils.py +++ b/devel/utils.py @@ -49,6 +49,7 @@ class UserFinder(object): self.cache = {} self.username_cache = {} self.email_cache = {} + self.pgp_cache = {} @staticmethod def user_email(name, email): @@ -146,9 +147,25 @@ class UserFinder(object): self.email_cache[email] = user return user + def find_by_pgp_key(self, pgp_key): + if not pgp_key: + return None + if pgp_key in self.pgp_cache: + return self.pgp_cache[pgp_key] + + try: + user = User.objects.get( + userprofile__pgp_key__endswith=pgp_key) + except User.DoesNotExist: + user = None + + self.pgp_cache[pgp_key] = user + return user + def clear_cache(self): self.cache = {} self.username_cache = {} self.email_cache = {} + self.pgp_cache = {} # vim: set ts=4 sw=4 et: diff --git a/devel/views.py b/devel/views.py index 3a9be75..3ede54a 100644 --- a/devel/views.py +++ b/devel/views.py @@ -1,4 +1,4 @@ -from datetime import datetime, timedelta +from datetime import date, datetime, timedelta import operator import pytz import random @@ -28,7 +28,7 @@ from main.utils import utc_now from packages.models import PackageRelation from packages.utils import get_signoff_groups from todolists.utils import get_annotated_todolists -from .utils import get_annotated_maintainers +from .utils import get_annotated_maintainers, UserFinder @login_required @@ -232,6 +232,25 @@ def report(request, report_name, username=None): # The two separate calls to exclude is required to do the right thing packages = packages.exclude(pkgbase__in=owned).exclude( pkgname__in=required) + elif report_name == 'mismatched-signature': + title = 'Packages with mismatched signatures' + names = [ 'Signature Date', 'Signed By', 'Packager' ] + attrs = [ 'sig_date', 'sig_by', 'packager' ] + cutoff = timedelta(hours=24) + finder = UserFinder() + filtered = [] + packages = packages.filter(pgp_signature__isnull=False) + for package in packages: + sig_date = package.signature.datetime.replace(tzinfo=pytz.utc) + package.sig_date = sig_date.date() + key_id = package.signature.key_id + signer = finder.find_by_pgp_key(key_id) + package.sig_by = signer or key_id + if signer is None or signer.id != package.packager_id: + filtered.append(package) + elif sig_date > package.build_date + cutoff: + filtered.append(package) + packages = filtered else: raise Http404 |