← Back to team overview

launchpad-reviewers team mailing list archive

[Merge] lp:~wgrant/launchpad/gpgkey-fks-read into lp:launchpad

 

William Grant has proposed merging lp:~wgrant/launchpad/gpgkey-fks-read into lp:launchpad with lp:~wgrant/launchpad/gpgkey-fks-no-garbo as a prerequisite.

Commit message:
Read GPGKey fingerprint columns rather than the integer FK.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~wgrant/launchpad/gpgkey-fks-read/+merge/287804

Read GPGKey fingerprint columns rather than the integer FK.

Still setting the old columns until everything reads from the new.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~wgrant/launchpad/gpgkey-fks-read into lp:launchpad.
=== modified file 'lib/lp/archivepublisher/archivesigningkey.py'
--- lib/lp/archivepublisher/archivesigningkey.py	2016-03-03 18:44:44 +0000
+++ lib/lp/archivepublisher/archivesigningkey.py	2016-03-03 18:44:44 +0000
@@ -27,6 +27,7 @@
     GPGKeyAlgorithm,
     IGPGHandler,
     )
+from lp.services.propertycache import get_property_cache
 
 
 @implementer(IArchiveSigningKey)
@@ -71,9 +72,10 @@
             if default_ppa.signing_key is None:
                 IArchiveSigningKey(default_ppa).generateSigningKey()
             key = default_ppa.signing_key
-            self.archive.signing_key = key
+            self.archive._signing_key = key
             self.archive.signing_key_owner = key.owner
-            self.archive._signing_key_fingerprint = key.fingerprint
+            self.archive.signing_key_fingerprint = key.fingerprint
+            del get_property_cache(self.archive).signing_key
             return
 
         key_displayname = (
@@ -111,9 +113,10 @@
         key = getUtility(IGPGKeySet).new(
             key_owner, pub_key.keyid, pub_key.fingerprint, pub_key.keysize,
             algorithm, active=True, can_encrypt=pub_key.can_encrypt)
-        self.archive.signing_key = key
+        self.archive._signing_key = key
         self.archive.signing_key_owner = key.owner
-        self.archive._signing_key_fingerprint = key.fingerprint
+        self.archive.signing_key_fingerprint = key.fingerprint
+        del get_property_cache(self.archive).signing_key
 
     def signRepository(self, suite):
         """See `IArchiveSigningKey`."""

=== modified file 'lib/lp/archivepublisher/tests/archive-signing.txt'
--- lib/lp/archivepublisher/tests/archive-signing.txt	2015-10-01 10:25:19 +0000
+++ lib/lp/archivepublisher/tests/archive-signing.txt	2016-03-03 18:44:44 +0000
@@ -104,8 +104,8 @@
 
 And use it as the Mark's PPA signing key.
 
-    >>> mark.archive.signing_key = a_key
-
+    >>> mark.archive.signing_key_owner = a_key.owner
+    >>> mark.archive.signing_key_fingerprint = a_key.fingerprint
     >>> print mark.archive.signing_key_fingerprint
     ABCDEF0123456789ABCDDCBA0000111112345678
 
@@ -286,8 +286,11 @@
 simulating the situation when a the default PPA and a named-ppas get
 created within the same cycle of the key-generator process.
 
+    >>> from lp.services.propertycache import get_property_cache
     >>> login('foo.bar@xxxxxxxxxxxxx')
-    >>> named_ppa.signing_key = None
+    >>> named_ppa.signing_key_owner = None
+    >>> named_ppa.signing_key_fingerprint = None
+    >>> del get_property_cache(named_ppa).signing_key
     >>> login(ANONYMOUS)
 
     >>> print named_ppa.signing_key
@@ -312,8 +315,12 @@
 We will reset the signing-keys for both PPA of Celso.
 
     >>> login('foo.bar@xxxxxxxxxxxxx')
-    >>> cprov.archive.signing_key = None
-    >>> named_ppa.signing_key = None
+    >>> cprov.archive.signing_key_owner = None
+    >>> cprov.archive.signing_key_fingerprint = None
+    >>> del get_property_cache(cprov.archive).signing_key
+    >>> named_ppa.signing_key_owner = None
+    >>> named_ppa.signing_key_fingerprint = None
+    >>> del get_property_cache(named_ppa).signing_key
     >>> login(ANONYMOUS)
 
     >>> print cprov.archive.signing_key
@@ -365,7 +372,9 @@
 Celso's default PPA will uses the testing signing key.
 
     >>> login('foo.bar@xxxxxxxxxxxxx')
-    >>> cprov.archive.signing_key = signing_key
+    >>> cprov.archive.signing_key_owner = signing_key.owner
+    >>> cprov.archive.signing_key_fingerprint = signing_key.fingerprint
+    >>> del get_property_cache(cprov.archive).signing_key
     >>> login(ANONYMOUS)
 
 When signing repositores we assert they contain the right format and
@@ -437,7 +446,9 @@
 Finally, if we try to sign a repository for which the archive doesn't
 have a 'signing_key' set,  it raises an error.
 
-    >>> cprov.archive.signing_key = None
+    >>> cprov.archive.signing_key_owner = None
+    >>> cprov.archive.signing_key_fingerprint = None
+    >>> del get_property_cache(cprov.archive).signing_key
 
     >>> archive_signing_key.signRepository(test_suite)
     Traceback (most recent call last):

=== modified file 'lib/lp/archivepublisher/tests/test_publishdistro.py'
--- lib/lp/archivepublisher/tests/test_publishdistro.py	2016-02-04 19:46:52 +0000
+++ lib/lp/archivepublisher/tests/test_publishdistro.py	2016-03-03 18:44:44 +0000
@@ -246,7 +246,9 @@
         self.addCleanup(tac.tearDown)
         key_path = os.path.join(gpgkeysdir, 'ppa-sample@xxxxxxxxxxxxxxxxx')
         IArchiveSigningKey(cprov.archive).setSigningKey(key_path)
-        name16.archive.signing_key = cprov.archive.signing_key
+        name16.archive.signing_key_owner = cprov.archive.signing_key_owner
+        name16.archive.signing_key_fingerprint = (
+            cprov.archive.signing_key_fingerprint)
 
         self.layer.txn.commit()
 

=== modified file 'lib/lp/archiveuploader/tests/upload-karma.txt'
--- lib/lp/archiveuploader/tests/upload-karma.txt	2016-03-01 12:40:37 +0000
+++ lib/lp/archiveuploader/tests/upload-karma.txt	2016-03-03 18:44:44 +0000
@@ -52,7 +52,10 @@
     >>> from lp.registry.interfaces.person import IPersonSet
     >>> name16 = getUtility(IPersonSet).getByName('name16')
     >>> key = getUtility(IGPGKeySet).getGPGKeysForPerson(name16)[0]
-    >>> removeSecurityProxy(foo_src.queue_root).signing_key = key
+    >>> removeSecurityProxy(foo_src.queue_root).signing_key_owner = (
+    ...     key.owner)
+    >>> removeSecurityProxy(foo_src.queue_root).signing_key_fingerprint = (
+    ...     key.fingerprint)
     >>> transaction.commit()
     >>> foo_src.queue_root.acceptFromQueue()
     Karma added: action=distributionuploadaccepted, distribution=ubuntu

=== modified file 'lib/lp/registry/browser/tests/test_codeofconduct.py'
--- lib/lp/registry/browser/tests/test_codeofconduct.py	2012-11-08 10:48:29 +0000
+++ lib/lp/registry/browser/tests/test_codeofconduct.py	2016-03-03 18:44:44 +0000
@@ -70,7 +70,8 @@
     def sign_coc(self, user, gpg_key):
         """Return a SignedCodeOfConduct using dummy text."""
         signed_coc = SignedCodeOfConduct(
-            owner=user, signingkey=gpg_key,
+            owner=user, signing_key_fingerprint=gpg_key.fingerprint,
+            signing_key_owner=gpg_key.owner,
             signedcode="Dummy CoC signed text.", active=True)
         return signed_coc
 

=== modified file 'lib/lp/registry/browser/tests/test_distroseries.py'
--- lib/lp/registry/browser/tests/test_distroseries.py	2016-01-26 15:47:37 +0000
+++ lib/lp/registry/browser/tests/test_distroseries.py	2016-03-03 18:44:44 +0000
@@ -941,8 +941,11 @@
                             sourcename=spr.sourcepackagename.name,
                             distroseries=derived_series))
                 else:
-                    removeSecurityProxy(spr).dscsigningkey = (
-                        self.factory.makeGPGKey(owner=spr.creator))
+                    key = self.factory.makeGPGKey(owner=spr.creator)
+                    removeSecurityProxy(spr).signing_key_owner = key.owner
+                    removeSecurityProxy(spr).signing_key_fingerprint = (
+                        key.fingerprint)
+                    del get_property_cache(spr).dscsigningkey
 
         def flush_and_render():
             flush_database_caches()
@@ -1357,8 +1360,12 @@
         # each difference row.
         dsd = self.makePackageUpgrade()
         uploader = self.factory.makePerson()
-        removeSecurityProxy(dsd.source_package_release).dscsigningkey = (
-            self.factory.makeGPGKey(uploader))
+        key = self.factory.makeGPGKey(uploader)
+        naked_spr = removeSecurityProxy(
+            dsd.source_package_release.sourcepackagerelease)
+        naked_spr.signing_key_fingerprint = key.fingerprint
+        naked_spr.signing_key_owner = key.owner
+        del get_property_cache(naked_spr).dscsigningkey
         view = self.makeView(dsd.derived_series)
         root = html.fromstring(view())
         [creator_cell] = root.cssselect(
@@ -2433,8 +2440,12 @@
         dsd = self.factory.makeDistroSeriesDifference(
             difference_type=missing_type)
         uploader = self.factory.makePerson()
-        naked_spr = removeSecurityProxy(dsd.parent_source_package_release)
-        naked_spr.dscsigningkey = self.factory.makeGPGKey(uploader)
+        key = self.factory.makeGPGKey(uploader)
+        naked_spr = removeSecurityProxy(
+            dsd.parent_source_package_release.sourcepackagerelease)
+        naked_spr.signing_key_fingerprint = key.fingerprint
+        naked_spr.signing_key_owner = key.owner
+        del get_property_cache(naked_spr).dscsigningkey
         with person_logged_in(self.simple_user):
             view = create_initialized_view(
                 dsd.derived_series, '+missingpackages',

=== modified file 'lib/lp/registry/interfaces/gpg.py'
--- lib/lp/registry/interfaces/gpg.py	2016-03-01 14:15:26 +0000
+++ lib/lp/registry/interfaces/gpg.py	2016-03-03 18:44:44 +0000
@@ -78,6 +78,9 @@
         inactive ones.
         """
 
+    def getByFingerprints(fingerprints):
+        """Get multiple OpenPGP keys by their fingerprints."""
+
     def getGPGKeysForPerson(person, active=True):
         """Return OpenGPG keys for a person.
 

=== modified file 'lib/lp/registry/model/codeofconduct.py'
--- lib/lp/registry/model/codeofconduct.py	2016-03-03 18:44:44 +0000
+++ lib/lp/registry/model/codeofconduct.py	2016-03-03 18:44:44 +0000
@@ -49,6 +49,7 @@
     format_address,
     simple_sendmail,
     )
+from lp.services.propertycache import cachedproperty
 from lp.services.webapp import canonical_url
 
 
@@ -180,7 +181,7 @@
 
     signedcode = StringCol(dbName='signedcode', notNull=False, default=None)
 
-    signingkey = ForeignKey(foreignKey="GPGKey", dbName="signingkey",
+    _signingkey = ForeignKey(foreignKey="GPGKey", dbName="signingkey",
                             notNull=False, default=None)
     signing_key_fingerprint = Unicode()
 
@@ -195,6 +196,12 @@
 
     active = BoolCol(dbName='active', notNull=True, default=False)
 
+    @cachedproperty
+    def signingkey(self):
+        if self.signing_key_fingerprint is not None:
+            return getUtility(IGPGKeySet).getByFingerprint(
+                self.signing_key_fingerprint)
+
     @property
     def displayname(self):
         """Build a Fancy Title for CoC."""
@@ -308,7 +315,7 @@
 
         # Store the signature
         signed = SignedCodeOfConduct(
-            owner=user, signingkey=gpg,
+            owner=user, _signingkey=gpg,
             signing_key_fingerprint=gpg.fingerprint if gpg else None,
             signedcode=signedcode, active=True)
 

=== modified file 'lib/lp/registry/model/distroseries.py'
--- lib/lp/registry/model/distroseries.py	2016-03-03 18:44:44 +0000
+++ lib/lp/registry/model/distroseries.py	2016-03-03 18:44:44 +0000
@@ -1164,7 +1164,7 @@
             architecturehintlist=architecturehintlist, component=component,
             creator=creator, urgency=urgency, changelog=changelog,
             changelog_entry=changelog_entry, dsc=dsc,
-            dscsigningkey=dscsigningkey,
+            _dscsigningkey=dscsigningkey,
             signing_key_owner=dscsigningkey.owner if dscsigningkey else None,
             signing_key_fingerprint=(
                 dscsigningkey.fingerprint if dscsigningkey else None),
@@ -1353,7 +1353,7 @@
         return PackageUpload(
             distroseries=self, status=PackageUploadStatus.NEW,
             pocket=pocket, archive=archive, changesfile=changes_file_alias,
-            signing_key=signing_key,
+            _signing_key=signing_key,
             signing_key_owner=signing_key.owner if signing_key else None,
             signing_key_fingerprint=(
                 signing_key.fingerprint if signing_key else None),

=== modified file 'lib/lp/registry/model/distroseriesdifference.py'
--- lib/lp/registry/model/distroseriesdifference.py	2015-07-08 16:05:11 +0000
+++ lib/lp/registry/model/distroseriesdifference.py	2016-03-03 18:44:44 +0000
@@ -330,17 +330,13 @@
         SourcePackageRecipeBuild, sprs,
         ("source_package_recipe_build_id",))
 
-    # SourcePackageRelease.uploader can end up getting the owner of
-    # the DSC signing key.
-    gpgkeys = bulk.load_related(GPGKey, sprs, ("dscsigningkeyID",))
-
     # Load DistroSeriesDifferenceComment owners, SourcePackageRecipeBuild
     # requesters, GPGKey owners, and SourcePackageRelease creators.
     person_ids = set().union(
         (dsdc.message.ownerID for dsdc in latest_comments),
         (sprb.requester_id for sprb in sprbs),
-        (gpgkey.ownerID for gpgkey in gpgkeys),
-        (spr.creatorID for spr in sprs))
+        (spr.creatorID for spr in sprs),
+        (spr.signing_key_owner_id for spr in sprs))
     uploaders = getUtility(IPersonSet).getPrecachedPersonsFromIDs(
         person_ids, need_validity=True)
     list(uploaders)

=== modified file 'lib/lp/registry/model/gpgkey.py'
--- lib/lp/registry/model/gpgkey.py	2016-03-01 14:15:26 +0000
+++ lib/lp/registry/model/gpgkey.py	2016-03-03 18:44:44 +0000
@@ -19,6 +19,7 @@
     IGPGKeySet,
     )
 from lp.services.database.enumcol import EnumCol
+from lp.services.database.interfaces import IStore
 from lp.services.database.sqlbase import (
     SQLBase,
     sqlvalues,
@@ -95,6 +96,11 @@
             return default
         return result
 
+    def getByFingerprints(self, fingerprints):
+        """See `IGPGKeySet`"""
+        return IStore(GPGKey).find(
+            GPGKey, GPGKey.fingerprint.is_in(fingerprints))
+
     def getGPGKeysForPerson(self, owner, active=True):
         if active is False:
             query = """

=== modified file 'lib/lp/soyuz/configure.zcml'
--- lib/lp/soyuz/configure.zcml	2016-03-03 18:44:44 +0000
+++ lib/lp/soyuz/configure.zcml	2016-03-03 18:44:44 +0000
@@ -389,9 +389,9 @@
             set_schema="lp.soyuz.interfaces.archive.IArchiveRestricted"/>
         <require
             permission="launchpad.InternalScriptsOnly"
-            attributes="signing_key_owner _signing_key_fingerprint"
-            set_attributes="distribution signing_key signing_key_owner
-                            _signing_key_fingerprint"/>
+            attributes="signing_key_owner"
+            set_attributes="distribution _signing_key signing_key_owner
+                            signing_key_fingerprint"/>
     </class>
     <adapter
         for="lp.soyuz.interfaces.archive.IArchive"

=== modified file 'lib/lp/soyuz/doc/distroseriesqueue-notify.txt'
--- lib/lp/soyuz/doc/distroseriesqueue-notify.txt	2016-02-29 18:48:23 +0000
+++ lib/lp/soyuz/doc/distroseriesqueue-notify.txt	2016-03-03 18:44:44 +0000
@@ -110,7 +110,9 @@
     >>> from zope.security.proxy import removeSecurityProxy
     >>> from lp.registry.interfaces.gpg import IGPGKeySet
     >>> gpgkey = getUtility(IGPGKeySet).getByFingerprint('ABCDEF0123456789ABCDDCBA0000111112345678')
-    >>> removeSecurityProxy(netapplet_upload).signing_key = gpgkey
+    >>> removeSecurityProxy(netapplet_upload).signing_key_owner = gpgkey.owner
+    >>> removeSecurityProxy(netapplet_upload).signing_key_fingerprint = (
+    ...     gpgkey.fingerprint)
 
 Now request the email:
 

=== modified file 'lib/lp/soyuz/doc/publishing.txt'
--- lib/lp/soyuz/doc/publishing.txt	2015-02-19 01:35:33 +0000
+++ lib/lp/soyuz/doc/publishing.txt	2016-03-03 18:44:44 +0000
@@ -23,7 +23,9 @@
     >>> from lp.registry.model.gpgkey import GPGKey
     >>> name16 = getUtility(IPersonSet).getByName('name16')
     >>> fake_signer = GPGKey.selectOneBy(owner=name16)
-    >>> spph.sourcepackagerelease.dscsigningkey = fake_signer
+    >>> spph.sourcepackagerelease.signing_key_owner = fake_signer.owner
+    >>> spph.sourcepackagerelease.signing_key_fingerprint = (
+    ...     fake_signer.fingerprint)
 
 Verify if the object follows its interface contracts:
 
@@ -86,7 +88,10 @@
 
 The signer can also be None for packages that were synced (e.g. from Debian):
 
-    >>> spph.sourcepackagerelease.dscsigningkey = None
+    >>> from lp.services.propertycache import get_property_cache
+    >>> spph.sourcepackagerelease.signing_key_owner = None
+    >>> spph.sourcepackagerelease.signing_key_fingerprint = None
+    >>> del get_property_cache(spph.sourcepackagerelease).dscsigningkey
     >>> print spph.package_signer
     None
 

=== modified file 'lib/lp/soyuz/interfaces/sourcepackagerelease.py'
--- lib/lp/soyuz/interfaces/sourcepackagerelease.py	2016-02-05 15:16:29 +0000
+++ lib/lp/soyuz/interfaces/sourcepackagerelease.py	2016-03-03 18:44:44 +0000
@@ -35,7 +35,6 @@
     version = Attribute("A version string")
     dateuploaded = Attribute("Date of Upload")
     urgency = Attribute("Source Package Urgency")
-    dscsigningkeyID = Attribute("DB ID of the DSC Signing Key")
     dscsigningkey = Attribute("DSC Signing Key")
     component = Attribute("Source Package Component")
     format = Attribute("The Source Package Format")

=== modified file 'lib/lp/soyuz/model/archive.py'
--- lib/lp/soyuz/model/archive.py	2016-03-03 18:44:44 +0000
+++ lib/lp/soyuz/model/archive.py	2016-03-03 18:44:44 +0000
@@ -77,6 +77,7 @@
 from lp.registry.errors import NoSuchDistroSeries
 from lp.registry.interfaces.distroseries import IDistroSeriesSet
 from lp.registry.interfaces.distroseriesparent import IDistroSeriesParentSet
+from lp.registry.interfaces.gpg import IGPGKeySet
 from lp.registry.interfaces.person import (
     IPersonSet,
     validate_person,
@@ -338,11 +339,11 @@
 
     date_created = UtcDateTimeCol(dbName='date_created')
 
-    signing_key = ForeignKey(
+    _signing_key = ForeignKey(
         foreignKey='GPGKey', dbName='signing_key', notNull=False)
     signing_key_owner_id = Int(name="signing_key_owner")
     signing_key_owner = Reference(signing_key_owner_id, 'Person.id')
-    _signing_key_fingerprint = Unicode(name="signing_key_fingerprint")
+    signing_key_fingerprint = Unicode()
 
     relative_build_score = IntCol(
         dbName='relative_build_score', notNull=True, default=0)
@@ -391,6 +392,13 @@
         """See `IArchive`."""
         return self.displayname
 
+    @cachedproperty
+    def signing_key(self):
+        """See `IArchive`."""
+        if self.signing_key_fingerprint is not None:
+            return getUtility(IGPGKeySet).getByFingerprint(
+                self.signing_key_fingerprint)
+
     @property
     def is_ppa(self):
         """See `IArchive`."""
@@ -518,13 +526,6 @@
         return urlappend(
             db_pubconf.base_url, self.distribution.name + postfix)
 
-    @property
-    def signing_key_fingerprint(self):
-        if self.signing_key is not None:
-            return self.signing_key.fingerprint
-
-        return None
-
     def getBuildRecords(self, build_state=None, name=None, pocket=None,
                         arch_tag=None, user=None, binary_only=True):
         """See IHasBuildRecords"""
@@ -679,7 +680,6 @@
         def eager_load(rows):
             # \o/ circular imports.
             from lp.registry.model.distroseries import DistroSeries
-            from lp.registry.model.gpgkey import GPGKey
             ids = set(map(attrgetter('distroseriesID'), rows))
             ids.discard(None)
             if ids:
@@ -698,10 +698,14 @@
             ids.discard(None)
             if ids:
                 list(getUtility(IPersonSet).getPrecachedPersonsFromIDs(ids))
-            ids = set(map(attrgetter('dscsigningkeyID'), releases))
-            ids.discard(None)
-            if ids:
-                list(store.find(GPGKey, GPGKey.id.is_in(ids)))
+            keys = {
+                key.fingerprint: key for key in
+                getUtility(IGPGKeySet).getByFingerprints(
+                    set(map(attrgetter('signing_key_fingerprint'), releases))
+                    - set([None]))}
+            for spr in releases:
+                get_property_cache(spr).dscsigningkey = keys.get(
+                    spr.signing_key_fingerprint)
         return DecoratedResultSet(resultset, pre_iter_hook=eager_load)
 
     def getSourcesForDeletion(self, name=None, status=None, distroseries=None):
@@ -2537,9 +2541,9 @@
         new_archive = Archive(
             owner=owner, distribution=distribution, name=name,
             displayname=displayname, description=description,
-            purpose=purpose, publish=publish, signing_key=signing_key,
+            purpose=purpose, publish=publish, _signing_key=signing_key,
             signing_key_owner=signing_key.owner if signing_key else None,
-            _signing_key_fingerprint=(
+            signing_key_fingerprint=(
                 signing_key.fingerprint if signing_key else None),
             require_virtualized=require_virtualized)
 
@@ -2631,8 +2635,8 @@
                  SourcePackagePublishingHistory.archive == Archive.id))
         results = IStore(Archive).using(*origin).find(
             Archive,
-            Archive.signing_key == None, Archive.purpose == ArchivePurpose.PPA,
-            Archive._enabled == True)
+            Archive.signing_key_fingerprint == None,
+            Archive.purpose == ArchivePurpose.PPA, Archive._enabled == True)
         results.order_by(Archive.date_created)
         return results.config(distinct=True)
 

=== modified file 'lib/lp/soyuz/model/queue.py'
--- lib/lp/soyuz/model/queue.py	2016-03-03 18:44:44 +0000
+++ lib/lp/soyuz/model/queue.py	2016-03-03 18:44:44 +0000
@@ -46,6 +46,7 @@
 from lp.archivepublisher.config import getPubConfig
 from lp.archivepublisher.customupload import CustomUploadError
 from lp.archiveuploader.tagfiles import parse_tagfile_content
+from lp.registry.interfaces.gpg import IGPGKeySet
 from lp.registry.interfaces.pocket import PackagePublishingPocket
 from lp.registry.model.sourcepackagename import SourcePackageName
 from lp.services.auditor.client import AuditorClient
@@ -184,7 +185,7 @@
 
     archive = ForeignKey(dbName="archive", foreignKey="Archive", notNull=True)
 
-    signing_key = ForeignKey(
+    _signing_key = ForeignKey(
         foreignKey='GPGKey', dbName='signing_key', notNull=False)
     signing_key_owner_id = Int(name="signing_key_owner")
     signing_key_owner = Reference(signing_key_owner_id, 'Person.id')
@@ -291,6 +292,12 @@
                 })
         return properties
 
+    @cachedproperty
+    def signing_key(self):
+        if self.signing_key_fingerprint is not None:
+            return getUtility(IGPGKeySet).getByFingerprint(
+                self.signing_key_fingerprint)
+
     @property
     def copy_source_archive(self):
         """See `IPackageUpload`."""

=== modified file 'lib/lp/soyuz/model/sourcepackagerelease.py'
--- lib/lp/soyuz/model/sourcepackagerelease.py	2016-03-03 18:44:44 +0000
+++ lib/lp/soyuz/model/sourcepackagerelease.py	2016-03-03 18:44:44 +0000
@@ -35,10 +35,12 @@
 from storm.store import Store
 from zope.component import getUtility
 from zope.interface import implementer
+from zope.security.proxy import removeSecurityProxy
 
 from lp.app.errors import NotFoundError
 from lp.archiveuploader.utils import determine_source_file_type
 from lp.buildmaster.enums import BuildStatus
+from lp.registry.interfaces.gpg import IGPGKeySet
 from lp.registry.interfaces.person import validate_public_person
 from lp.registry.interfaces.sourcepackage import (
     SourcePackageType,
@@ -89,7 +91,7 @@
     maintainer = ForeignKey(
         dbName='maintainer', foreignKey='Person',
         storm_validator=validate_public_person, notNull=True)
-    dscsigningkey = ForeignKey(foreignKey='GPGKey', dbName='dscsigningkey')
+    _dscsigningkey = ForeignKey(foreignKey='GPGKey', dbName='dscsigningkey')
     signing_key_owner_id = Int(name="signing_key_owner")
     signing_key_owner = Reference(signing_key_owner_id, 'Person.id')
     signing_key_fingerprint = Unicode()
@@ -172,6 +174,15 @@
             "UPDATE sourcepackagerelease SET copyright=%s WHERE id=%s",
             (content, self.id))
 
+    @cachedproperty
+    def dscsigningkey(self):
+        if self.signing_key_fingerprint is not None:
+            # Stripping proxy as some tests expect this former FK to
+            # hold an unsecured object. self is always proxied by things
+            # that hold it, so no issue here.
+            return removeSecurityProxy(getUtility(IGPGKeySet).getByFingerprint(
+                self.signing_key_fingerprint))
+
     @property
     def user_defined_fields(self):
         """See `IBinaryPackageRelease`."""
@@ -364,8 +375,8 @@
         """See `ISourcePackageRelease`"""
         if self.source_package_recipe_build is not None:
             return self.source_package_recipe_build.requester
-        if self.dscsigningkey is not None:
-            return self.dscsigningkey.owner
+        if self.signing_key_owner is not None:
+            return self.signing_key_owner
         return None
 
     @property

=== modified file 'lib/lp/soyuz/scripts/gina/handlers.py'
--- lib/lp/soyuz/scripts/gina/handlers.py	2016-03-03 18:44:44 +0000
+++ lib/lp/soyuz/scripts/gina/handlers.py	2016-03-03 18:44:44 +0000
@@ -615,7 +615,7 @@
             component=componentID,
             sourcepackagename=name.id,
             maintainer=maintainer.id,
-            dscsigningkey=key,
+            _dscsigningkey=key,
             signing_key_owner=key.owner if key else None,
             signing_key_fingerprint=key.fingerprint if key else None,
             urgency=ChangesFile.urgency_map[src.urgency],

=== modified file 'lib/lp/soyuz/scripts/tests/test_ppakeygenerator.py'
--- lib/lp/soyuz/scripts/tests/test_ppakeygenerator.py	2016-02-29 18:48:23 +0000
+++ lib/lp/soyuz/scripts/tests/test_ppakeygenerator.py	2016-03-03 18:44:44 +0000
@@ -10,6 +10,7 @@
 from lp.registry.interfaces.distribution import IDistributionSet
 from lp.registry.interfaces.gpg import IGPGKeySet
 from lp.registry.interfaces.person import IPersonSet
+from lp.services.propertycache import get_property_cache
 from lp.services.scripts.base import LaunchpadScriptFailure
 from lp.soyuz.interfaces.archive import IArchiveSet
 from lp.soyuz.scripts.ppakeygenerator import PPAKeyGenerator
@@ -52,7 +53,9 @@
         def fake_key_generation(archive):
             a_key = getUtility(IGPGKeySet).getByFingerprint(
                 'ABCDEF0123456789ABCDDCBA0000111112345678')
-            archive.signing_key = a_key
+            archive.signing_key_fingerprint = a_key.fingerprint
+            archive.signing_key_owner = a_key.owner
+            del get_property_cache(archive).signing_key
 
         key_generator.generateKey = fake_key_generation
 
@@ -71,7 +74,8 @@
         cprov = getUtility(IPersonSet).getByName('cprov')
         a_key = getUtility(IGPGKeySet).getByFingerprint(
             'ABCDEF0123456789ABCDDCBA0000111112345678')
-        cprov.archive.signing_key = a_key
+        cprov.archive.signing_key_fingerprint = a_key.fingerprint
+        cprov.archive.signing_key_owner = a_key.owner
 
         key_generator = self._getKeyGenerator(
             archive_reference='~cprov/ubuntu/ppa')

=== modified file 'lib/lp/soyuz/stories/ppa/xx-private-ppa-subscriptions.txt'
--- lib/lp/soyuz/stories/ppa/xx-private-ppa-subscriptions.txt	2016-02-29 18:48:23 +0000
+++ lib/lp/soyuz/stories/ppa/xx-private-ppa-subscriptions.txt	2016-03-03 18:44:44 +0000
@@ -174,7 +174,9 @@
     >>> login('foo.bar@xxxxxxxxxxxxx')
     >>> mark = getUtility(IPersonSet).getByName('mark')
     >>> a_key = getUtility(IGPGKeySet).getByFingerprint('ABCDEF0123456789ABCDDCBA0000111112345678')
-    >>> removeSecurityProxy(mark_private_ppa).signing_key = a_key
+    >>> removeSecurityProxy(mark_private_ppa).signing_key_fingerprint = (
+    ...     a_key.fingerprint)
+    >>> removeSecurityProxy(mark_private_ppa).signing_key_owner = a_key.owner
     >>> logout()
 
     >>> joe_browser.reload()

=== modified file 'lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt'
--- lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt	2016-02-29 18:48:23 +0000
+++ lib/lp/soyuz/stories/ppa/xx-ubuntu-ppas.txt	2016-03-03 18:44:44 +0000
@@ -557,7 +557,9 @@
     >>> login('foo.bar@xxxxxxxxxxxxx')
     >>> no_priv = getUtility(IPersonSet).getByName('no-priv')
     >>> a_key = getUtility(IGPGKeySet).getByFingerprint('ABCDEF0123456789ABCDDCBA0000111112345678')
-    >>> removeSecurityProxy(no_priv.archive).signing_key = a_key
+    >>> removeSecurityProxy(no_priv.archive).signing_key_fingerprint = (
+    ...     a_key.fingerprint)
+    >>> removeSecurityProxy(no_priv.archive).signing_key_owner = a_key.owner
     >>> logout()
 
 Now that 'No privileges' PPA has a signing key, a text with the key

=== modified file 'lib/lp/soyuz/stories/webservice/xx-archive.txt'
--- lib/lp/soyuz/stories/webservice/xx-archive.txt	2016-01-05 15:06:24 +0000
+++ lib/lp/soyuz/stories/webservice/xx-archive.txt	2016-03-03 18:44:44 +0000
@@ -80,7 +80,10 @@
     ABCDEF0123456789ABCDDCBA0000111112345678
 
     >>> cprov = getUtility(IPersonSet).getByName('cprov')
-    >>> removeSecurityProxy(cprov.archive).signing_key = a_key
+    >>> removeSecurityProxy(cprov.archive).signing_key_fingerprint = (
+    ...     a_key.fingerprint)
+    >>> removeSecurityProxy(cprov.archive).signing_key_owner = (
+    ...     a_key.owner)
     >>> print cprov.archive.signing_key_fingerprint
     ABCDEF0123456789ABCDDCBA0000111112345678
 

=== modified file 'lib/lp/soyuz/stories/webservice/xx-builds.txt'
--- lib/lp/soyuz/stories/webservice/xx-builds.txt	2016-01-06 12:24:47 +0000
+++ lib/lp/soyuz/stories/webservice/xx-builds.txt	2016-03-03 18:44:44 +0000
@@ -22,7 +22,10 @@
     >>> ppa = getUtility(IPersonSet).getByName('cprov').archive
     >>> for pub in ppa.getPublishedSources():
     ...     pub = removeSecurityProxy(pub)
-    ...     pub.sourcepackagerelease.dscsigningkey = fake_signer
+    ...     pub.sourcepackagerelease.signing_key_owner = (
+    ...         fake_signer.owner)
+    ...     pub.sourcepackagerelease.signing_key_fingerprint = (
+    ...         fake_signer.fingerprint)
     >>> transaction.commit()
     >>> logout()
 

=== modified file 'lib/lp/soyuz/stories/webservice/xx-source-package-publishing.txt'
--- lib/lp/soyuz/stories/webservice/xx-source-package-publishing.txt	2015-04-09 05:16:37 +0000
+++ lib/lp/soyuz/stories/webservice/xx-source-package-publishing.txt	2016-03-03 18:44:44 +0000
@@ -23,7 +23,9 @@
     >>> cprov_ppa = cprov_db.archive
     >>> for pub in cprov_ppa.getPublishedSources():
     ...     pub = removeSecurityProxy(pub)
-    ...     pub.sourcepackagerelease.dscsigningkey = fake_signer
+    ...     pub.sourcepackagerelease.signing_key_owner = fake_signer.owner
+    ...     pub.sourcepackagerelease.signing_key_fingerprint = (
+    ...         fake_signer.fingerprint)
     >>> logout()
     >>> cprov_webservice = webservice_for_person(
     ...     cprov_db, permission=OAuthPermission.WRITE_PUBLIC)
@@ -159,7 +161,8 @@
     >>> login("foo.bar@xxxxxxxxxxxxx")
     >>> for pub in cprov_ppa.getPublishedSources():
     ...     pub = removeSecurityProxy(pub)
-    ...     pub.sourcepackagerelease.dscsigningkey = None
+    ...     pub.sourcepackagerelease.signing_key_owner = None
+    ...     pub.sourcepackagerelease.signing_key_fingerprint = None
     >>> logout()
 
 Query the source again:

=== modified file 'lib/lp/soyuz/tests/test_archive.py'
--- lib/lp/soyuz/tests/test_archive.py	2016-01-05 15:06:24 +0000
+++ lib/lp/soyuz/tests/test_archive.py	2016-03-03 18:44:44 +0000
@@ -42,7 +42,10 @@
 from lp.services.database.interfaces import IStore
 from lp.services.database.sqlbase import sqlvalues
 from lp.services.job.interfaces.job import JobStatus
-from lp.services.propertycache import clear_property_cache
+from lp.services.propertycache import (
+    clear_property_cache,
+    get_property_cache,
+    )
 from lp.services.webapp.interfaces import OAuthPermission
 from lp.services.worlddata.interfaces.country import ICountrySet
 from lp.soyuz.adapters.archivedependencies import (
@@ -3456,7 +3459,11 @@
             owner=person, purpose=ArchivePurpose.PPA, name="ppa")
         self.assertEqual(ppa, person.archive)
         self.factory.makeGPGKey(person)
-        removeSecurityProxy(person.archive).signing_key = person.gpg_keys[0]
+        key = person.gpg_keys[0]
+        removeSecurityProxy(person.archive).signing_key_owner = key.owner
+        removeSecurityProxy(person.archive).signing_key_fingerprint = (
+            key.fingerprint)
+        del get_property_cache(person.archive).signing_key
         ppa_with_key = self.factory.makeArchive(
             owner=person, purpose=ArchivePurpose.PPA)
         self.assertEqual(person.gpg_keys[0], ppa_with_key.signing_key)

=== modified file 'lib/lp/soyuz/tests/test_build_notify.py'
--- lib/lp/soyuz/tests/test_build_notify.py	2015-09-11 12:20:23 +0000
+++ lib/lp/soyuz/tests/test_build_notify.py	2016-03-03 18:44:44 +0000
@@ -15,6 +15,7 @@
 from lp.registry.interfaces.person import IPersonSet
 from lp.services.config import config
 from lp.services.mail.sendmail import format_address_for_person
+from lp.services.propertycache import get_property_cache
 from lp.services.webapp import canonical_url
 from lp.soyuz.enums import ArchivePurpose
 from lp.soyuz.interfaces.publishing import PackagePublishingPocket
@@ -83,7 +84,11 @@
                     self.factory.getUniqueInteger(), status.value),
                 distroseries=self.distroseries, architecturehintlist='any',
                 creator=self.creator, archive=archive)
-            spph.sourcepackagerelease.dscsigningkey = self.gpgkey
+            spph.sourcepackagerelease._dscsigningkey = self.gpgkey
+            spph.sourcepackagerelease.signing_key_fingerprint = (
+                self.gpgkey.fingerprint)
+            spph.sourcepackagerelease.signing_key_owner = (
+                self.gpgkey.owner)
             [build] = spph.createMissingBuilds()
             with person_logged_in(self.admin):
                 build.updateStatus(BuildStatus.BUILDING, builder=self.builder)
@@ -432,7 +437,9 @@
         build = self.builds[BuildStatus.FAILEDTOBUILD.value]
         spr = build.current_source_publication.sourcepackagerelease
         # Push past the security proxy
-        removeSecurityProxy(spr).dscsigningkey = key
+        removeSecurityProxy(spr).signing_key_owner = key.owner
+        removeSecurityProxy(spr).signing_key_fingerprint = key.fingerprint
+        del get_property_cache(spr).dscsigningkey
         with dbuser(config.builddmaster.dbuser):
             build.notify()
         expected_reasons = [

=== modified file 'utilities/soyuz-sampledata-setup.py'
--- utilities/soyuz-sampledata-setup.py	2015-10-13 13:22:08 +0000
+++ utilities/soyuz-sampledata-setup.py	2016-03-03 18:44:44 +0000
@@ -316,7 +316,8 @@
     if signedcocset.searchByUser(person_id).count() == 0:
         fake_gpg_key = LaunchpadObjectFactory().makeGPGKey(person)
         Store.of(person).add(SignedCodeOfConduct(
-            owner=person, signingkey=fake_gpg_key,
+            owner=person, signing_key_fingerprint=fake_gpg_key.fingerprint,
+            signing_key_owner=fake_gpg_key.owner,
             signedcode="Normally a signed CoC would go here.", active=True))
 
 


Follow ups