[Debian-ports-devel] [PATCH mini-dak] archive-queue: Send mail to the maintainer if it's one of the signing key's uids

James Clarke jrtc27 at debian.org
Thu Mar 2 21:02:46 UTC 2017 

---
Hi Aurelien,
Instead of ignoring the Maintainer field, this patch will see if there's
a corresponding valid uid for the signing key and use that instead of
the primary uid. This will allow a buildd to have one shared GPG key
between all its local users (with a uid for each), whilst still stopping
unwanted messages going to the package maintainers. This also has a
noticeable affect for porters doing uploads, too, since it will go to
their preferred email address for Debian work, rather than whatever
their primary uid is.

I've tested it locally and it seems to do the right thing, but it's
always possible I've missed unusual cases. The `sort -u` is in case GPG
ends up looking at any default keyrings, in which case the uid may
appear twice in the output. Given there's a `grep -Fx` to select only
lines which are the same as `$maintainer`, these should already be
identical, so that could be a `head -n 1` instead.

Regards,
James

 bin/archive-queue | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/bin/archive-queue b/bin/archive-queue
index f5eff0d..7532fe5 100755
--- a/bin/archive-queue
+++ b/bin/archive-queue
@@ -53,12 +53,37 @@ verify_gpg_signature_keyring ()
   local changes_file=$1
   local archive_file=$2
   local keyring_file=$3
+  local maintainer=`strip_gpg < $changes_file | fetch_maintainer`
   local verify_result="`gpg --keyring $keyring_file --no-tty --status-fd=2 --verify $changes_file 2>&1`"
 
   if wrong=`echo "$verify_result" | grep '^\[GNUPG:\] BADSIG '`; then
     return 1
   elif good=`echo "$verify_result" | grep '^\[GNUPG:\] GOODSIG '`; then
-    local signed_by="`echo "$good" | cut -d\  -f4-`"
+    local keyid=`echo "$good" | cut -d\  -f3`
+    # Field 2 is uid validity; from the docs:
+    #     - = Unknown validity (i.e. no value assigned)
+    #     q = Undefined validity
+    #         '-' and 'q' may safely be treated as the same
+    #         value for most purposes
+    #     n = The key is valid
+    #     m = The key is marginal valid.
+    #     f = The key is fully valid
+    #     u = The key is ultimately valid.
+    # plus others which we shouldn't accept (expired, revoked etc.). Note
+    # that we should accept unknown/undefined validity, since our trust comes
+    # from being in the keyring, not trustdb.
+    #
+    # Control characters (0x00-0x19 and DEL, 0x7F) in the uid are escaped as
+    # \x12. Additionally, ':' and '\' are also hex-escaped, since they are the
+    # delimeter and escape characters.
+    local signed_by=$(gpg --keyring $keyring_file --no-tty --with-colons --list-key $keyid \
+                       | awk 'BEGIN{FS=":"} $1=="uid" && $2 ~ /^[-qnmfu]$/{print $10}' \
+                       | sed 's/\\x3[Aa]/:/g;s/\\x[5Cc]/\\/g' \
+                       | grep -Fx "$maintainer" | sort -u)
+
+    if [ -z "${signed_by:-}" ]; then
+      signed_by="`echo "$good" | cut -d\  -f4-`"
+    fi
     strip_gpg < $changes_file \
       | formail -a"Signed-By: $signed_by" > $archive_file
     return 0
-- 
2.11.0

More information about the Debian-ports-devel mailing list