From 92136757bfd20563999b0e1cf3f05685b60da6bd Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Mon, 30 Sep 2013 20:39:59 -0500 Subject: Proper support for revoked signatures The 'valid' column wasn't quite right. Add a new 'revoked' column that works similar to the one we have on keys and use it instead, properly parsing the output from `gpg` signature data and looking for the magic prefix string. Signed-off-by: Dan McGee --- devel/admin.py | 3 +- devel/management/commands/pgp_import.py | 38 ++++--- ...nature_valid__add_field_pgpsignature_revoked.py | 125 +++++++++++++++++++++ devel/models.py | 2 +- public/views.py | 8 +- 5 files changed, 155 insertions(+), 21 deletions(-) create mode 100644 devel/migrations/0011_auto__del_field_pgpsignature_valid__add_field_pgpsignature_revoked.py diff --git a/devel/admin.py b/devel/admin.py index 971933b7..c8f80f95 100644 --- a/devel/admin.py +++ b/devel/admin.py @@ -29,8 +29,7 @@ class DeveloperKeyAdmin(admin.ModelAdmin): class PGPSignatureAdmin(admin.ModelAdmin): - list_display = ('signer', 'signee', 'created', 'expires', 'valid') - list_filter = ('valid',) + list_display = ('signer', 'signee', 'created', 'expires', 'revoked') search_fields = ('signer', 'signee') date_hierarchy = 'created' diff --git a/devel/management/commands/pgp_import.py b/devel/management/commands/pgp_import.py index b1f29d77..faa9ff5e 100644 --- a/devel/management/commands/pgp_import.py +++ b/devel/management/commands/pgp_import.py @@ -176,8 +176,13 @@ def import_keys(keyring): logger.info("created %d, updated %d keys", created_ct, updated_ct) -SignatureData = namedtuple('SignatureData', - ('signer', 'signee', 'created', 'expires', 'valid')) +class SignatureData(object): + def __init__(self, signer, signee, created): + self.signer = signer + self.signee = signee + self.created = created + self.expires = None + self.revoked = None def parse_sigdata(data): @@ -192,21 +197,26 @@ def parse_sigdata(data): if parts[0] == 'pub': current_pubkey = parts[4] nodes[current_pubkey] = None - if parts[0] == 'uid': + elif parts[0] == 'uid': uid = parts[9] # only set uid if this is the first one encountered if nodes[current_pubkey] is None: nodes[current_pubkey] = uid - if parts[0] == 'sig': + elif parts[0] == 'sig': signer = parts[4] created = get_date(parts[5]) - expires = None + edge = SignatureData(signer, current_pubkey, created) if parts[6]: - expires = get_date(parts[6]) - valid = parts[1] != '-' - edge = SignatureData(signer, current_pubkey, - created, expires, valid) + edge.expires = get_date(parts[6]) edges.append(edge) + elif parts[0] == 'rev': + signer = parts[4] + revoked = get_date(parts[5]) + # revoke any prior edges that match + matches = [e for e in edges if e.signer == signer + and e.signee == current_pubkey] + for edge in matches: + edge.revoked = revoked return nodes, edges @@ -220,18 +230,18 @@ def import_signatures(keyring): pruned_edges = {edge for edge in edges if edge.signer in nodes and edge.signer != edge.signee} - logger.info("creating or finding %d signatures", len(pruned_edges)) + logger.info("creating or finding up to %d signatures", len(pruned_edges)) created_ct = updated_ct = 0 with transaction.commit_on_success(): for edge in pruned_edges: sig, created = PGPSignature.objects.get_or_create( signer=edge.signer, signee=edge.signee, created=edge.created, expires=edge.expires, - defaults={ 'valid': edge.valid }) - if sig.valid != edge.valid: - sig.valid = edge.valid + defaults={ 'revoked': edge.revoked }) + if sig.revoked != edge.revoked: + sig.revoked = edge.revoked sig.save() - updated_ct = 1 + updated_ct += 1 if created: created_ct += 1 diff --git a/devel/migrations/0011_auto__del_field_pgpsignature_valid__add_field_pgpsignature_revoked.py b/devel/migrations/0011_auto__del_field_pgpsignature_valid__add_field_pgpsignature_revoked.py new file mode 100644 index 00000000..a2df917f --- /dev/null +++ b/devel/migrations/0011_auto__del_field_pgpsignature_valid__add_field_pgpsignature_revoked.py @@ -0,0 +1,125 @@ +# -*- coding: utf-8 -*- +import datetime +from south.db import db +from south.v2 import SchemaMigration +from django.db import models + + +class Migration(SchemaMigration): + + def forwards(self, orm): + db.delete_column(u'devel_pgpsignature', 'valid') + db.add_column(u'devel_pgpsignature', 'revoked', + self.gf('django.db.models.fields.DateField')(null=True, blank=True), + keep_default=False) + + + def backwards(self, orm): + db.add_column(u'devel_pgpsignature', 'valid', + self.gf('django.db.models.fields.BooleanField')(default=True), + keep_default=True) + db.delete_column(u'devel_pgpsignature', 'revoked') + + + models = { + u'auth.group': { + 'Meta': {'object_name': 'Group'}, + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}), + 'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}) + }, + u'auth.permission': { + 'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'}, + 'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}) + }, + u'auth.user': { + 'Meta': {'object_name': 'User'}, + 'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), + 'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}), + 'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), + 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), + 'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), + 'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}), + 'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}), + 'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'}) + }, + u'contenttypes.contenttype': { + 'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"}, + 'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'}) + }, + u'devel.developerkey': { + 'Meta': {'object_name': 'DeveloperKey'}, + 'created': ('django.db.models.fields.DateTimeField', [], {}), + 'expires': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'key': ('devel.fields.PGPKeyField', [], {'unique': 'True', 'max_length': '40'}), + 'owner': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'all_keys'", 'null': 'True', 'to': u"orm['auth.User']"}), + 'parent': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['devel.DeveloperKey']", 'null': 'True', 'on_delete': 'models.SET_NULL'}), + 'revoked': ('django.db.models.fields.DateTimeField', [], {'null': 'True', 'blank': 'True'}) + }, + u'devel.masterkey': { + 'Meta': {'ordering': "('created',)", 'object_name': 'MasterKey'}, + 'created': ('django.db.models.fields.DateField', [], {}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'owner': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'masterkey_owner'", 'to': u"orm['auth.User']"}), + 'pgp_key': ('devel.fields.PGPKeyField', [], {'max_length': '40'}), + 'revoked': ('django.db.models.fields.DateField', [], {'null': 'True', 'blank': 'True'}), + 'revoker': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'masterkey_revoker'", 'to': u"orm['auth.User']"}) + }, + u'devel.pgpsignature': { + 'Meta': {'ordering': "('signer', 'signee')", 'object_name': 'PGPSignature'}, + 'created': ('django.db.models.fields.DateField', [], {}), + 'expires': ('django.db.models.fields.DateField', [], {'null': 'True', 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'revoked': ('django.db.models.fields.DateField', [], {'null': 'True', 'blank': 'True'}), + 'signee': ('devel.fields.PGPKeyField', [], {'max_length': '40', 'db_index': 'True'}), + 'signer': ('devel.fields.PGPKeyField', [], {'max_length': '40', 'db_index': 'True'}) + }, + u'devel.userprofile': { + 'Meta': {'object_name': 'UserProfile', 'db_table': "'user_profiles'"}, + 'alias': ('django.db.models.fields.CharField', [], {'max_length': '50'}), + 'allowed_repos': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['main.Repo']", 'symmetrical': 'False', 'blank': 'True'}), + 'country': ('django_countries.fields.CountryField', [], {'max_length': '2', 'blank': 'True'}), + 'favorite_distros': ('django.db.models.fields.CharField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'interests': ('django.db.models.fields.CharField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}), + 'languages': ('django.db.models.fields.CharField', [], {'max_length': '50', 'null': 'True', 'blank': 'True'}), + 'last_modified': ('django.db.models.fields.DateTimeField', [], {}), + 'latin_name': ('django.db.models.fields.CharField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}), + 'location': ('django.db.models.fields.CharField', [], {'max_length': '50', 'null': 'True', 'blank': 'True'}), + 'notify': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'occupation': ('django.db.models.fields.CharField', [], {'max_length': '50', 'null': 'True', 'blank': 'True'}), + 'other_contact': ('django.db.models.fields.CharField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}), + 'pgp_key': ('devel.fields.PGPKeyField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}), + 'picture': ('django.db.models.fields.files.FileField', [], {'default': "'devs/silhouette.png'", 'max_length': '100'}), + 'public_email': ('django.db.models.fields.CharField', [], {'max_length': '50'}), + 'roles': ('django.db.models.fields.CharField', [], {'max_length': '255', 'null': 'True', 'blank': 'True'}), + 'time_zone': ('django.db.models.fields.CharField', [], {'default': "'UTC'", 'max_length': '100'}), + 'user': ('django.db.models.fields.related.OneToOneField', [], {'related_name': "'userprofile'", 'unique': 'True', 'to': u"orm['auth.User']"}), + 'website': ('django.db.models.fields.CharField', [], {'max_length': '200', 'null': 'True', 'blank': 'True'}), + 'yob': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}) + }, + u'main.repo': { + 'Meta': {'ordering': "('name',)", 'object_name': 'Repo', 'db_table': "'repos'"}, + 'bugs_category': ('django.db.models.fields.SmallIntegerField', [], {'default': '2'}), + 'bugs_project': ('django.db.models.fields.SmallIntegerField', [], {'default': '1'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '255'}), + 'staging': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'svn_root': ('django.db.models.fields.CharField', [], {'max_length': '64'}), + 'testing': ('django.db.models.fields.BooleanField', [], {'default': 'False'}) + } + } + + complete_apps = ['devel'] diff --git a/devel/models.py b/devel/models.py index bf979338..44bbc66e 100644 --- a/devel/models.py +++ b/devel/models.py @@ -107,7 +107,7 @@ class PGPSignature(models.Model): db_index=True) created = models.DateField() expires = models.DateField(null=True, blank=True) - valid = models.BooleanField(default=True) + revoked = models.DateField(null=True, blank=True) class Meta: ordering = ('signer', 'signee') diff --git a/public/views.py b/public/views.py index 24edd044..f79c8f32 100644 --- a/public/views.py +++ b/public/views.py @@ -126,7 +126,7 @@ def keys(request): 'owner__userprofile', 'revoker__userprofile').filter( revoked__isnull=True) - sig_counts = PGPSignature.objects.filter(not_expired, valid=True, + sig_counts = PGPSignature.objects.filter(not_expired, revoked__isnull=True, signee__in=user_key_ids).order_by().values_list('signer').annotate( Count('signer')) sig_counts = {key_id[-16:]: ct for key_id, ct in sig_counts} @@ -136,11 +136,11 @@ def keys(request): # frozenset because we are going to do lots of __contains__ lookups signatures = frozenset(PGPSignature.objects.filter( - not_expired, valid=True).values_list('signer', 'signee')) + not_expired, revoked__isnull=True).values_list('signer', 'signee')) restrict = Q(signer__in=user_key_ids) & Q(signee__in=user_key_ids) cross_signatures = PGPSignature.objects.filter(restrict, - not_expired, valid=True).order_by('created') + not_expired, revoked__isnull=True).order_by('created') context = { 'keys': master_keys, @@ -183,7 +183,7 @@ def keys_json(request): }) not_expired = Q(expires__gt=datetime.utcnow) | Q(expires__isnull=True) - signatures = PGPSignature.objects.filter(not_expired, valid=True) + signatures = PGPSignature.objects.filter(not_expired, revoked__isnull=True) edge_list = [{ 'signee': sig.signee, 'signer': sig.signer } for sig in signatures] -- cgit v1.2.3-55-g3dc8