X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=dgit;h=f6bf3a7cbe2e4d48075a585a5c8dc41cc88e2ce1;hb=1868619ffd6277eb01d676f816cba61b52083927;hp=009319a56996cc48a705d29251728d61b480dfbd;hpb=89506141b188407123bf605d2b051f2dfa10ad4b;p=dgit.git diff --git a/dgit b/dgit index 009319a5..f6bf3a7c 100755 --- a/dgit +++ b/dgit @@ -2,7 +2,7 @@ # dgit # Integration between git and Debian-style archives # -# Copyright (C)2013 Ian Jackson +# Copyright (C)2013-2015 Ian Jackson # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -32,7 +32,6 @@ use POSIX; use IPC::Open2; use Digest::SHA; use Digest::MD5; -use Config; use Debian::Dgit; @@ -53,7 +52,7 @@ our $new_package = 0; our $ignoredirty = 0; our $rmonerror = 1; our @deliberatelies; -our %supersedes; +our %previously; our $existing_package = 'dpkg'; our $cleanmode = 'dpkg-source'; our $changes_since_version; @@ -112,6 +111,8 @@ sub lref () { return "refs/heads/".lbranch(); } sub lrref () { return "refs/remotes/$remotename/".server_branch($csuite); } sub rrref () { return server_ref($csuite); } +sub lrfetchrefs () { return "refs/dgit-fetch/$isuite"; } + sub stripepoch ($) { my ($vsn) = @_; $vsn =~ s/^\d+\://; @@ -140,30 +141,6 @@ END { } }; -our @signames = split / /, $Config{sig_name}; - -sub waitstatusmsg () { - if (!$?) { - return "terminated, reporting successful completion"; - } elsif (!($? & 255)) { - return "failed with error exit status ".WEXITSTATUS($?); - } elsif (WIFSIGNALED($?)) { - my $signum=WTERMSIG($?); - return "died due to fatal signal ". - ($signames[$signum] // "number $signum"). - ($? & 128 ? " (core dumped)" : ""); # POSIX(3pm) has no WCOREDUMP - } else { - return "failed with unknown wait status ".$?; - } -} - -sub fail { - my $s = "@_\n"; - my $prefix = $us.($we_are_responder ? " (build host)" : "").": "; - $s =~ s/^/$prefix/gm; - die $s; -} - sub badcfg { print STDERR "$us: invalid configuration: @_\n"; exit 12; } sub no_such_package () { @@ -183,7 +160,14 @@ sub changedir ($) { } sub deliberately ($) { - return !!grep { $_[0] eq $_ } @deliberatelies; + my ($enquiry) = @_; + return !!grep { $_ eq "--deliberately-$enquiry" } @deliberatelies; +} + +sub deliberately_not_fast_forward () { + foreach (qw(not-fast-forward fresh-repo)) { + return 1 if deliberately($_) || deliberately("TEST-dgit-only-$_"); + } } #---------- remote protocol support, common ---------- @@ -374,17 +358,6 @@ sub url_get { our ($dscdata,$dscurl,$dsc,$dsc_checked,$skew_warning_vsn); -sub failedcmd { - { local ($!); printcmd \*STDERR, "$us: failed command:", @_ or die $!; }; - if ($!) { - fail "failed to fork/exec: $!"; - } elsif ($?) { - fail "subprocess ".waitstatusmsg(); - } else { - fail "subprocess produced invalid output"; - } -} - sub runcmd { debugcmd "+",@_; $!=0; $?=0; @@ -402,27 +375,6 @@ sub printdone { } } -sub cmdoutput_errok { - die Dumper(\@_)." ?" if grep { !defined } @_; - debugcmd "|",@_; - open P, "-|", @_ or die $!; - my $d; - $!=0; $?=0; - { local $/ = undef; $d =
; }
- die $! if P->error;
- if (!close P) { printdebug "=>!$?\n"; return undef; }
- chomp $d;
- $d =~ m/^.*/;
- printdebug "=> \`$&'",(length $' ? '...' : ''),"\n" if $debuglevel>0; #';
- return $d;
-}
-
-sub cmdoutput {
- my $d = cmdoutput_errok @_;
- defined $d or failedcmd @_;
- return $d;
-}
-
sub dryrun_report {
printcmd(\*STDERR,$debugprefix."#",@_);
}
@@ -498,8 +450,15 @@ our %defcfg = ('dgit.default.distro' => 'debian',
'dgit-distro.debian.git-path' => '/dgit/debian/repos',
'dgit-distro.debian.git-check' => 'ssh-cmd',
'dgit-distro.debian.archive-query-url', 'https://api.ftp-master.debian.org/',
- 'dgit-distro.debian.archive-query-tls-key',
- '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
+# 'dgit-distro.debian.archive-query-tls-key',
+# '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
+# ^ this does not work because curl is broken nowadays
+# Fixing #790093 properly will involve providing providing the key
+# in some pacagke and maybe updating these paths.
+#
+# 'dgit-distro.debian.archive-query-tls-curl-args',
+# '--ca-path=/etc/ssl/ca-debian',
+# ^ this is a workaround but works (only) on DSA-administered machines
'dgit-distro.debian.diverts.alioth' => '/alioth',
'dgit-distro.debian/alioth.git-host' => 'git.debian.org',
'dgit-distro.debian/alioth.git-user-force' => '',
@@ -531,7 +490,7 @@ sub cfg {
my @cmd = (@git, qw(config --), $c);
my $v;
{
- local ($debuglevel) = $debuglevel-1;
+ local ($debuglevel) = $debuglevel-2;
$v = cmdoutput_errok @cmd;
};
if ($?==0) {
@@ -723,23 +682,6 @@ sub parsechangelog {
return $c;
}
-sub git_get_ref ($) {
- my ($refname) = @_;
- my $got = cmdoutput_errok @git, qw(show-ref --), $refname;
- if (!defined $got) {
- $?==256 or fail "git show-ref failed (status $?)";
- printdebug "ref $refname= [show-ref exited 1]\n";
- return '';
- }
- if ($got =~ m/^(\w+) \Q$refname\E$/m) {
- printdebug "ref $refname=$1\n";
- return $1;
- } else {
- printdebug "ref $refname= [no match]\n";
- return '';
- }
-}
-
sub must_getcwd () {
my $d = getcwd();
defined $d or fail "getcwd failed: $!";
@@ -771,16 +713,25 @@ sub archive_api_query_cmd ($) {
my $url = access_cfg('archive-query-url');
if ($url =~ m#^https://([-.0-9a-z]+)/#) {
my $host = $1;
- my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF');
+ my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF') //'';
foreach my $key (split /\:/, $keys) {
$key =~ s/\%HOST\%/$host/g;
if (!stat $key) {
fail "for $url: stat $key: $!" unless $!==ENOENT;
next;
}
- push @cmd, "--ca-certificate=$key", "--ca-directory=/dev/enoent";
+ fail "config requested specific TLS key but do not know".
+ " how to get curl to use exactly that EE key ($key)";
+# push @cmd, "--cacert", $key, "--capath", "/dev/enoent";
+# # Sadly the above line does not work because of changes
+# # to gnutls. The real fix for #790093 may involve
+# # new curl options.
last;
}
+ # Fixing #790093 properly will involve providing a value
+ # for this on clients.
+ my $keys = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF');
+ push @cmd, split / /, $keys if defined $keys;
}
push @cmd, $url.$subpath;
return @cmd;
@@ -1327,24 +1278,13 @@ sub ensure_we_have_orig () {
}
}
-sub rev_parse ($) {
- return cmdoutput @git, qw(rev-parse), "$_[0]~0";
-}
-
-sub is_fast_fwd ($$) {
- my ($ancestor,$child) = @_;
- my @cmd = (@git, qw(merge-base), $ancestor, $child);
- my $mb = cmdoutput_errok @cmd;
- if (defined $mb) {
- return rev_parse($mb) eq rev_parse($ancestor);
- } else {
- $?==256 or failedcmd @cmd;
- return 0;
- }
-}
-
sub git_fetch_us () {
runcmd_ordryrun_local @git, qw(fetch),access_giturl(),fetchspec();
+ if (deliberately_not_fast_forward) {
+ runcmd_ordryrun_local @git, qw(fetch -p), access_giturl(),
+ map { "+refs/$_/*:".lrfetchrefs."/$_/*" }
+ qw(tags heads);
+ }
}
sub fetch_from_archive () {
@@ -1618,9 +1558,9 @@ tagger $authline
$package release $cversion for $clogsuite ($csuite) [dgit]
[dgit distro=$declaredistro$delibs]
END
- foreach my $ref (sort keys %supersedes) {
+ foreach my $ref (sort keys %previously) {
print TO <