... |
... |
@@ -137,6 +137,8 @@ class SignatureAndHashesCheck(Check): |
137
|
137
|
"""
|
138
|
138
|
|
139
|
139
|
def check(self, upload):
|
|
140
|
+ allow_source_untrusted_sig_keys = Config().value_list('Dinstall::AllowSourceUntrustedSigKeys')
|
|
141
|
+
|
140
|
142
|
changes = upload.changes
|
141
|
143
|
if not changes.valid_signature:
|
142
|
144
|
raise Reject("Signature for .changes not valid.")
|
... |
... |
@@ -149,10 +151,11 @@ class SignatureAndHashesCheck(Check): |
149
|
151
|
except Exception as e:
|
150
|
152
|
raise Reject("Invalid dsc file: {0}".format(e))
|
151
|
153
|
if source is not None:
|
152
|
|
- if not source.valid_signature:
|
153
|
|
- raise Reject("Signature for .dsc not valid.")
|
154
|
|
- if source.primary_fingerprint != changes.primary_fingerprint:
|
155
|
|
- raise Reject(".changes and .dsc not signed by the same key.")
|
|
154
|
+ if changes.primary_fingerprint not in allow_source_untrusted_sig_keys:
|
|
155
|
+ if not source.valid_signature:
|
|
156
|
+ raise Reject("Signature for .dsc not valid.")
|
|
157
|
+ if source.primary_fingerprint != changes.primary_fingerprint:
|
|
158
|
+ raise Reject(".changes and .dsc not signed by the same key.")
|
156
|
159
|
self._check_hashes(upload, source.filename, source.files.itervalues())
|
157
|
160
|
|
158
|
161
|
if upload.fingerprint is None or upload.fingerprint.uid is None:
|
... |
... |
@@ -833,6 +836,22 @@ class NoSourceOnlyCheck(Check): |
833
|
836
|
return True
|
834
|
837
|
|
835
|
838
|
|
|
839
|
+class NewOverrideCheck(Check):
|
|
840
|
+ """Override NEW requirement
|
|
841
|
+ """
|
|
842
|
+ def check(self, upload):
|
|
843
|
+ if not upload.new:
|
|
844
|
+ return True
|
|
845
|
+
|
|
846
|
+ new_override_keys = Config().value_list('Dinstall::NewOverrideKeys')
|
|
847
|
+ changes = upload.changes
|
|
848
|
+
|
|
849
|
+ if changes.primary_fingerprint in new_override_keys:
|
|
850
|
+ upload.new = False
|
|
851
|
+
|
|
852
|
+ return True
|
|
853
|
+
|
|
854
|
+
|
836
|
855
|
class ArchAllBinNMUCheck(Check):
|
837
|
856
|
"""Check for arch:all binNMUs"""
|
838
|
857
|
|