[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[dak/bpo] key expire

catch a case where the key is expired and no not-expired-subkey is
used to sign the .changes, ie. no GOODSIG token available. The
timestamp we get back from the command is unixtime, but type string,
so we should cast it to float or time.gmtime will complain.

And if that doesnt work, for whatever reason, issue a more generic
reject message.

Signed-off-by: Joerg Jaspert <joerg@debian.org>
 daklib/utils.py |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/daklib/utils.py b/daklib/utils.py
index cb5df31..b20a063 100755
--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -1345,7 +1345,10 @@ def check_signature (sig_filename, reject, data_filename="", keyrings=None, auto
         if len(args) >= 1:
             timestamp = args[0]
             if timestamp.count("T") == 0:
-                expiredate = time.strftime("%Y-%m-%d", time.gmtime(timestamp))
+                try:
+                    expiredate = time.strftime("%Y-%m-%d", time.gmtime(float(timestamp)))
+                except ValueError:
+                    expiredate = "unknown (%s)" % (timestamp)
                 expiredate = timestamp
         reject("The key used to sign %s has expired on %s" % (sig_filename, expiredate))

Reply to: