From 92136757bfd20563999b0e1cf3f05685b60da6bd Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Mon, 30 Sep 2013 20:39:59 -0500 Subject: Proper support for revoked signatures The 'valid' column wasn't quite right. Add a new 'revoked' column that works similar to the one we have on keys and use it instead, properly parsing the output from `gpg` signature data and looking for the magic prefix string. Signed-off-by: Dan McGee --- devel/management/commands/pgp_import.py | 38 +++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 14 deletions(-) (limited to 'devel/management/commands/pgp_import.py') diff --git a/devel/management/commands/pgp_import.py b/devel/management/commands/pgp_import.py index b1f29d7..faa9ff5 100644 --- a/devel/management/commands/pgp_import.py +++ b/devel/management/commands/pgp_import.py @@ -176,8 +176,13 @@ def import_keys(keyring): logger.info("created %d, updated %d keys", created_ct, updated_ct) -SignatureData = namedtuple('SignatureData', - ('signer', 'signee', 'created', 'expires', 'valid')) +class SignatureData(object): + def __init__(self, signer, signee, created): + self.signer = signer + self.signee = signee + self.created = created + self.expires = None + self.revoked = None def parse_sigdata(data): @@ -192,21 +197,26 @@ def parse_sigdata(data): if parts[0] == 'pub': current_pubkey = parts[4] nodes[current_pubkey] = None - if parts[0] == 'uid': + elif parts[0] == 'uid': uid = parts[9] # only set uid if this is the first one encountered if nodes[current_pubkey] is None: nodes[current_pubkey] = uid - if parts[0] == 'sig': + elif parts[0] == 'sig': signer = parts[4] created = get_date(parts[5]) - expires = None + edge = SignatureData(signer, current_pubkey, created) if parts[6]: - expires = get_date(parts[6]) - valid = parts[1] != '-' - edge = SignatureData(signer, current_pubkey, - created, expires, valid) + edge.expires = get_date(parts[6]) edges.append(edge) + elif parts[0] == 'rev': + signer = parts[4] + revoked = get_date(parts[5]) + # revoke any prior edges that match + matches = [e for e in edges if e.signer == signer + and e.signee == current_pubkey] + for edge in matches: + edge.revoked = revoked return nodes, edges @@ -220,18 +230,18 @@ def import_signatures(keyring): pruned_edges = {edge for edge in edges if edge.signer in nodes and edge.signer != edge.signee} - logger.info("creating or finding %d signatures", len(pruned_edges)) + logger.info("creating or finding up to %d signatures", len(pruned_edges)) created_ct = updated_ct = 0 with transaction.commit_on_success(): for edge in pruned_edges: sig, created = PGPSignature.objects.get_or_create( signer=edge.signer, signee=edge.signee, created=edge.created, expires=edge.expires, - defaults={ 'valid': edge.valid }) - if sig.valid != edge.valid: - sig.valid = edge.valid + defaults={ 'revoked': edge.revoked }) + if sig.revoked != edge.revoked: + sig.revoked = edge.revoked sig.save() - updated_ct = 1 + updated_ct += 1 if created: created_ct += 1 -- cgit v1.2.3-24-g4f1b