[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

a potential patch for sigcheck waiting for db.d.o indefinitely


The signature checking script on lists.debian.org (for automatic posts to
debian-{security,devel}-announce) tends to hang indefinitely while db.d.o is
down, at the same time sitting on the CPU (!).

[joy@murphy:~list/.bin]% diff -u sigcheck{,-joy}|less
--- sigcheck    Tue May  6 03:23:09 2003
+++ sigcheck-joy        Sat Jul 19 11:26:36 2003
@@ -53,8 +53,16 @@
    ErrType = EX_TEMPFAIL;
    ErrMsg = "An error occurred while performing the LDAP lookup:";
    global l;
-   l = ldap.open(LDAPServer);
-   l.simple_bind_s("","");
+   try:
+       l = ldap.open(LDAPServer);
+   except SystemError:
+       print "Cannot connect to LDAP server.";
+       sys.exit(1);
+   try:
+       l.bind(LDAPDn, "", ldap.AUTH_SIMPLE);
+   except ldap.SERVER_DOWN:
+       print "Cannot connect to LDAP server.";
+       sys.exit(1);

    # Search for the matching key fingerprint
    verbmsg("Processing fingerprint %s" % FingerPrint)

How does that sound? This is basically guesswork, but it should make some
sense, judging by the patch I just saw tbm post for a similar script in the
qa CVS repo.

Those Err{Msg,Type} have some significance (it seems like a global error
handler of some sort, looking at the except: case below) but this failure
is apparently not an EX_TEMPFAIL and I don't know what it is. :)

(One may notice that I also changed the first attribute of the bind()
function to include the existing LDAPDn variable... I don't know why it
would work without it (possibly due to the old slapd on samosa), and it
seems cleaner with it.)

     2. That which causes joy or happiness.

Reply to: