Infra: Make replay prevention file contain tags (by searching for right ref names)

[dgit.git] / infra / dgit-repos-policy-debian

diff --git a/infra/dgit-repos-policy-debian b/infra/dgit-repos-policy-debian
index 8a105366211754a5d04541bdd0d0d33724a465e6..e02c100ccc5d093c36d63245eeac7a25fe2f599e 100755 (executable)
--- a/infra/dgit-repos-policy-debian
+++ b/infra/dgit-repos-policy-debian
@@ -17,6 +17,8 @@ use Debian::Dgit::Policy::Debian;
 initdebug('%');
 enabledebuglevel $ENV{'DGIT_DRS_DEBUG'};
 
+END { $? = 127; } # deliberate exit uses _exit
+
 our $distro = shift @ARGV // die "need DISTRO";
 our $repos = shift @ARGV // die "need DGIT-REPOS-DIR";
 our $dgitlive = shift @ARGV // die "need DGIT-LIVE-DIR";
@@ -98,15 +100,16 @@ sub apiquery ($) {
 
 sub specific_suite_has_vsn_in_our_history ($) {
     my ($suite) = @_;
-    my $in_suite = apiquery "/dsc_in_suite/$suite/$pkg";
+    my $in_suite = apiquery "dsc_in_suite/$suite/$pkg";
     foreach my $entry (@$in_suite) {
        my $vsn = $entry->{version};
        die "$pkg ?" unless defined $vsn;
-       my $tag = debiantag $vsn;
-       $?=0; my $r = system qw(git show-ref --verify --quiet), $tag;
+       my $tagref = "refs/tags/".debiantag $vsn;
+       printdebug " checking history suite=$suite vsn=$vsn tagref=$tagref\n";
+       $?=0; my $r = system qw(git show-ref --verify --quiet), $tagref;
        return 1 if !$r;
        next if $r==256;
-       die "$pkg tag $tag $? $!";
+       die "$pkg tagref $tagref $? $!";
     }
     return 0;
 }
@@ -116,7 +119,7 @@ sub new_has_vsn_in_our_history () {
 }
 
 sub good_suite_has_vsn_in_our_history () {
-    my $suites = apiquery "/suites";
+    my $suites = apiquery "suites";
     foreach my $suitei (@$suites) {
        my $suite = $suitei->{name};
        die unless defined $suite;
@@ -247,7 +250,7 @@ sub getpushinfo () {
     }
 }
 
-sub deliberately ($) { return $deliberately{$_[0]}; }
+sub deliberately ($) { return $deliberately{"--deliberately-$_[0]"}; }
 
 sub action_push () {
     getpackage();
@@ -261,9 +264,9 @@ sub action_push () {
 
     if (deliberately('not-fast-forward')) {
        add_taint(server_ref($suite),
-                 "suite $suite when --deliberately-not-fast-forward".
+                 "rewound suite $suite; --deliberately-not-fast-forward".
                  " specified in signed tag $tagname for upload of".
-                 " version $version into suite $suite");
+                 " version $version");
        return NOFFCHECK|FRESHREPO;
     }
     if (deliberately('include-questionable-history')) {
@@ -287,11 +290,17 @@ sub action_push_confirm () {
 END
     $initq->execute($pkg);
 
+    my @objscatcmd = qw(git);
+    push @objscatcmd, qw(--git-dir), $freshrepo if length $freshrepo;
+    push @objscatcmd, qw(cat-file --batch);
+    debugcmd '|',@objscatcmd if $debuglevel>=2;
+
     my @taintids;
     my $chkinput = tempfile();
     while (my $taint = $initq->fetchrow_hashref()) {
        push @taintids, $taint->{taint_id};
        print $chkinput $taint->{gitobjid}, "\n" or die $!;
+       printdebug '|> ', $taint->{gitobjid}, "\n" if $debuglevel>=2;
     }
     flush $chkinput or die $!;
     seek $chkinput,0,0 or die $!;
@@ -299,7 +308,7 @@ END
     my $checkpid = open CHKOUT, "-|" // die $!;
     if (!$checkpid) {
        open STDIN, "<&", $chkinput or die $!;
-       exec qw(git cat-file --batch) or die $!;
+       exec @objscatcmd or die $!;
     }
 
     my ($taintinfoq,$overridesanyq,$untaintq,$overridesq);
@@ -325,6 +334,7 @@ END
        # just read what we expect and then let it get SIGPIPE.
        $!=0; $_ = <CHKOUT>;
        die "$? $!" unless defined $_;
+       printdebug "|< ", $_ if $debuglevel>=2;
 
        next if m/^\w+ missing$/;
        die unless m/^(\w+) (\w+) (\d+)\s/;
@@ -433,7 +443,7 @@ if (!$fn) {
 }
 
 my $sleepy=0;
-our $rcode = 127;
+my $rcode;
 
 for (;;) {
     poldb_setup(poldb_path($repos));
@@ -452,5 +462,6 @@ for (;;) {
     $poldbh->rollback;
 }
 
-print STDERR $stderr;
-exit $rcode;
+print STDERR $stderr or die $!;
+flush STDERR or die $!;
+_exit $rcode;