summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan McGee <dan@archlinux.org>2013-09-30 20:39:59 -0500
committerDan McGee <dan@archlinux.org>2013-09-30 20:45:10 -0500
commit92136757bfd20563999b0e1cf3f05685b60da6bd (patch)
treef74e0fa50f1e9b3cc5e403c991d2da66b9b33e16
parentb3321537d3ec91fd6f8d1123881a94a0490f1bdc (diff)
downloadarchweb-92136757bfd20563999b0e1cf3f05685b60da6bd.tar.gz
archweb-92136757bfd20563999b0e1cf3f05685b60da6bd.zip
Proper support for revoked signatures
The 'valid' column wasn't quite right. Add a new 'revoked' column that works similar to the one we have on keys and use it instead, properly parsing the output from `gpg` signature data and looking for the magic prefix string. Signed-off-by: Dan McGee <dan@archlinux.org>
-rw-r--r--devel/admin.py3
-rw-r--r--devel/management/commands/pgp_import.py38
-rw-r--r--devel/migrations/0011_auto__del_field_pgpsignature_valid__add_field_pgpsignature_revoked.py125
-rw-r--r--devel/models.py2
-rw-r--r--public/views.py8
5 files changed, 155 insertions, 21 deletions
diff --git a/devel/admin.py b/devel/admin.py
index 971933b7..c8f80f95 100644
--- a/devel/admin.py
+++ b/devel/admin.py
@@ -29,8 +29,7 @@ class DeveloperKeyAdmin(admin.ModelAdmin):
class PGPSignatureAdmin(admin.ModelAdmin):
- list_display = ('signer', 'signee', 'created', 'expires', 'valid')
- list_filter = ('valid',)
+ list_display = ('signer', 'signee', 'created', 'expires', 'revoked')
search_fields = ('signer', 'signee')
date_hierarchy = 'created'
diff --git a/devel/management/commands/pgp_import.py b/devel/management/commands/pgp_import.py
index b1f29d77..faa9ff5e 100644
--- a/devel/management/commands/pgp_import.py
+++ b/devel/management/commands/pgp_import.py
@@ -176,8 +176,13 @@ def import_keys(keyring):
logger.info("created %d, updated %d keys", created_ct, updated_ct)
-SignatureData = namedtuple('SignatureData',
- ('signer', 'signee', 'created', 'expires', 'valid'))
+class SignatureData(object):
+ def __init__(self, signer, signee, created):
+ self.signer = signer
+ self.signee = signee
+ self.created = created
+ self.expires = None
+ self.revoked = None
def parse_sigdata(data):
@@ -192,21 +197,26 @@ def parse_sigdata(data):
if parts[0] == 'pub':
current_pubkey = parts[4]
nodes[current_pubkey] = None
- if parts[0] == 'uid':
+ elif parts[0] == 'uid':
uid = parts[9]
# only set uid if this is the first one encountered
if nodes[current_pubkey] is None:
nodes[current_pubkey] = uid
- if parts[0] == 'sig':
+ elif parts[0] == 'sig':
signer = parts[4]
created = get_date(parts[5])
- expires = None
+ edge = SignatureData(signer, current_pubkey, created)
if parts[6]:
- expires = get_date(parts[6])
- valid = parts[1] != '-'
- edge = SignatureData(signer, current_pubkey,
- created, expires, valid)
+ edge.expires = get_date(parts[6])
edges.append(edge)
+ elif parts[0] == 'rev':
+ signer = parts[4]
+ revoked = get_date(parts[5])
+ # revoke any prior edges that match
+ matches = [e for e in edges if e.signer == signer
+ and e.signee == current_pubkey]
+ for edge in matches:
+ edge.revoked = revoked
return nodes, edges
@@ -220,18 +230,18 @@ def import_signatures(keyring):
pruned_edges = {edge for edge in edges
if edge.signer in nodes and edge.signer != edge.signee}
- logger.info("creating or finding %d signatures", len(pruned_edges))
+ logger.info("creating or finding up to %d signatures", len(pruned_edges))
created_ct = updated_ct = 0
with transaction.commit_on_success():
for edge in pruned_edges:
sig, created = PGPSignature.objects.get_or_create(
signer=edge.signer, signee=edge.signee,
created=edge.created, expires=edge.expires,
- defaults={ 'valid': edge.valid })
- if sig.valid != edge.valid:
- sig.valid = edge.valid
+ defaults={ 'revoked': edge.revoked })
+ if sig.revoked != edge.revoked:
+ sig.revoked = edge.revoked
sig.save()
- updated_ct = 1
+ updated_ct += 1
if created:
created_ct += 1
diff --git a/devel/migrations/0011_auto__del_field_pgpsignature_valid__add_field_pgpsignature_revoked.py b/devel/migrations/0011_auto__del_field_pgpsignature_valid__add_field_pgpsignature_revoked.py
new file mode 100644
index 00000000..a2df917f
--- /dev/null
+++ b/devel/migrations/0011_auto__del_field_pgpsignature_valid__add_field_pgpsignature_revoked.py
@@ -0,0 +1,125 @@
+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+ def forwards(self, orm):
+ db.delete_column(u'devel_pgpsignature', 'valid')
+ db.add_column(u'devel_pgpsignature', 'revoked',
+ self.gf('django.db.models.fields.DateField')(null=True, blank=True),
+ keep_default=False)
+
+
+ def backwards(self, orm):
+ db.add_column(u'devel_pgpsignature', 'valid',
+ self.gf('django.db.models.fields.BooleanField')(default=True),
+ keep_default=True)
+ db.delete_column(u'devel_pgpsignature', 'revoked')
+
+
+ models = {
+ u'auth.group': {
+ 'Meta': {'object_name': 'Group'},
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+ 'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+ },
+ u'auth.permission': {
+ 'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+ 'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+ 'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+ },
+ u'auth.user': {
+ 'Meta': {'object_name': 'User'},
+ 'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+ 'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+ 'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+ 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+ 'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+ 'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+ 'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+ 'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+ 'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+ },
+ u'contenttypes.contenttype': {
+ 'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+ 'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+ 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+ },
+ u'devel.developerkey': {
+ 'Meta': {'object_name': 'DeveloperKey'},
+ 'created': ('django.db.models.fields.DateTimeField', [], {}),
+ 'expires': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'key': ('devel.fields.PGPKeyField', [], {'unique': 'True', 'max_length': '40'}),
+ 'owner': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'all_keys'", 'null': 'True', 'to': u"orm['auth.User']"}),
+ 'parent': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['devel.DeveloperKey']", 'null': 'True', 'on_delete': 'models.SET_NULL'}),
+ 'revoked': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'})
+ },
+ u'devel.masterkey': {
+ 'Meta': {'ordering': "('created',)", 'object_name': 'MasterKey'},
+ 'created': ('django.db.models.fields.DateField', [], {}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'owner': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'masterkey_owner'", 'to': u"orm['auth.User']"}),
+ 'pgp_key': ('devel.fields.PGPKeyField', [], {'max_length': '40'}),
+ 'revoked': ('django.db.models.fields.DateField', [], {'null': 'True', 'blank': 'True'}),
+ 'revoker': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'masterkey_revoker'", 'to': u"orm['auth.User']"})
+ },
+ u'devel.pgpsignature': {
+ 'Meta': {'ordering': "('signer', 'signee')", 'object_name': 'PGPSignature'},
+ 'created': ('django.db.models.fields.DateField', [], {}),
+ 'expires': ('django.db.models.fields.DateField', [], {'null': 'True', 'blank': 'True'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'revoked': ('django.db.models.fields.DateField', [], {'null': 'True', 'blank': 'True'}),
+ 'signee': ('devel.fields.PGPKeyField', [], {'max_length': '40', 'db_index': 'True'}),
+ 'signer': ('devel.fields.PGPKeyField', [], {'max_length': '40', 'db_index': 'True'})
+ },
+ u'devel.userprofile': {
+ 'Meta': {'object_name': 'UserProfile', 'db_table': "'user_profiles'"},
+ 'alias': ('django.db.models.fields.CharField', [], {'max_length': '50'}),
+ 'allowed_repos': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['main.Repo']", 'symmetrical': 'False', 'blank': 'True'}),
+ 'country': ('django_countries.fields.CountryField', [], {'max_length': '2', 'blank': 'True'}),
+ 'favorite_distros': ('django.db.models.fields.CharField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'interests': ('django.db.models.fields.CharField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}),
+ 'languages': ('django.db.models.fields.CharField', [], {'max_length': '50', 'null': 'True', 'blank': 'True'}),
+ 'last_modified': ('django.db.models.fields.DateTimeField', [], {}),
+ 'latin_name': ('django.db.models.fields.CharField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}),
+ 'location': ('django.db.models.fields.CharField', [], {'max_length': '50', 'null': 'True', 'blank': 'True'}),
+ 'notify': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+ 'occupation': ('django.db.models.fields.CharField', [], {'max_length': '50', 'null': 'True', 'blank': 'True'}),
+ 'other_contact': ('django.db.models.fields.CharField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+ 'pgp_key': ('devel.fields.PGPKeyField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+ 'picture': ('django.db.models.fields.files.FileField', [], {'default': "'devs/silhouette.png'", 'max_length': '100'}),
+ 'public_email': ('django.db.models.fields.CharField', [], {'max_length': '50'}),
+ 'roles': ('django.db.models.fields.CharField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}),
+ 'time_zone': ('django.db.models.fields.CharField', [], {'default': "'UTC'", 'max_length': '100'}),
+ 'user': ('django.db.models.fields.related.OneToOneField', [], {'related_name': "'userprofile'", 'unique': 'True', 'to': u"orm['auth.User']"}),
+ 'website': ('django.db.models.fields.CharField', [], {'max_length': '200', 'null': 'True', 'blank': 'True'}),
+ 'yob': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'})
+ },
+ u'main.repo': {
+ 'Meta': {'ordering': "('name',)", 'object_name': 'Repo', 'db_table': "'repos'"},
+ 'bugs_category': ('django.db.models.fields.SmallIntegerField', [], {'default': '2'}),
+ 'bugs_project': ('django.db.models.fields.SmallIntegerField', [], {'default': '1'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+ 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '255'}),
+ 'staging': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'svn_root': ('django.db.models.fields.CharField', [], {'max_length': '64'}),
+ 'testing': ('django.db.models.fields.BooleanField', [], {'default': 'False'})
+ }
+ }
+
+ complete_apps = ['devel']
diff --git a/devel/models.py b/devel/models.py
index bf979338..44bbc66e 100644
--- a/devel/models.py
+++ b/devel/models.py
@@ -107,7 +107,7 @@ class PGPSignature(models.Model):
db_index=True)
created = models.DateField()
expires = models.DateField(null=True, blank=True)
- valid = models.BooleanField(default=True)
+ revoked = models.DateField(null=True, blank=True)
class Meta:
ordering = ('signer', 'signee')
diff --git a/public/views.py b/public/views.py
index 24edd044..f79c8f32 100644
--- a/public/views.py
+++ b/public/views.py
@@ -126,7 +126,7 @@ def keys(request):
'owner__userprofile', 'revoker__userprofile').filter(
revoked__isnull=True)
- sig_counts = PGPSignature.objects.filter(not_expired, valid=True,
+ sig_counts = PGPSignature.objects.filter(not_expired, revoked__isnull=True,
signee__in=user_key_ids).order_by().values_list('signer').annotate(
Count('signer'))
sig_counts = {key_id[-16:]: ct for key_id, ct in sig_counts}
@@ -136,11 +136,11 @@ def keys(request):
# frozenset because we are going to do lots of __contains__ lookups
signatures = frozenset(PGPSignature.objects.filter(
- not_expired, valid=True).values_list('signer', 'signee'))
+ not_expired, revoked__isnull=True).values_list('signer', 'signee'))
restrict = Q(signer__in=user_key_ids) & Q(signee__in=user_key_ids)
cross_signatures = PGPSignature.objects.filter(restrict,
- not_expired, valid=True).order_by('created')
+ not_expired, revoked__isnull=True).order_by('created')
context = {
'keys': master_keys,
@@ -183,7 +183,7 @@ def keys_json(request):
})
not_expired = Q(expires__gt=datetime.utcnow) | Q(expires__isnull=True)
- signatures = PGPSignature.objects.filter(not_expired, valid=True)
+ signatures = PGPSignature.objects.filter(not_expired, revoked__isnull=True)
edge_list = [{ 'signee': sig.signee, 'signer': sig.signer }
for sig in signatures]