chiark
/
gitweb
/
~ianmdlvl
/
dgit.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Infra: dgit-repos-server-debian: Run check_package on push
[dgit.git]
/
infra
/
dgit-repos-policy-debian
diff --git
a/infra/dgit-repos-policy-debian
b/infra/dgit-repos-policy-debian
index 06ad0022bd878aa4c771fc804052bc1c268a1aed..e665a636566242c95b844c518a3eebaad93870ce 100755
(executable)
--- a/
infra/dgit-repos-policy-debian
+++ b/
infra/dgit-repos-policy-debian
@@
-206,8
+206,7
@@
sub add_taint_by_tag ($$) {
" removed from NEW (ie, rejected) (or never arrived)");
}
" removed from NEW (ie, rejected) (or never arrived)");
}
-sub action_check_package () {
- getpackage();
+sub check_package () {
return 0 unless $pkg_exists;
return 0 unless $pkg_secret;
return 0 unless $pkg_exists;
return 0 unless $pkg_secret;
@@
-220,15
+219,16
@@
sub action_check_package () {
my $age = time - $mtime;
printdebug "check_package age=$age\n";
my $age = time - $mtime;
printdebug "check_package age=$age\n";
- return 0 if $age < $new_upload_propagation_slop;
-
- return 0 if new_has_vsn_in_our_history();
-
if (good_suite_has_vsn_in_our_history) {
chmod $publicmode, "." or die $!;
if (good_suite_has_vsn_in_our_history) {
chmod $publicmode, "." or die $!;
+ $pkg_secret = 0;
return 0;
}
return 0;
}
+ return 0 if $age < $new_upload_propagation_slop;
+
+ return 0 if new_has_vsn_in_our_history();
+
printdebug "check_package secret, deleted, tainting\n";
git_for_each_ref('refs/tags', sub {
printdebug "check_package secret, deleted, tainting\n";
git_for_each_ref('refs/tags', sub {
@@
-239,6
+239,11
@@
sub action_check_package () {
return FRESHREPO;
}
return FRESHREPO;
}
+sub action_check_package () {
+ getpackage();
+ return check_package();
+}
+
sub getpushinfo () {
die unless @ARGV >= 4;
$version = shift @ARGV;
sub getpushinfo () {
die unless @ARGV >= 4;
$version = shift @ARGV;
@@
-250,12
+255,14
@@
sub getpushinfo () {
}
}
}
}
-sub deliberately ($) { return $deliberately{
$_[0]
}; }
+sub deliberately ($) { return $deliberately{
"--deliberately-$_[0]"
}; }
sub action_push () {
getpackage();
getpushinfo();
sub action_push () {
getpackage();
getpushinfo();
+ check_package(); # might make package public, or might add taints
+
return 0 unless $pkg_exists;
return 0 unless $pkg_secret;
return 0 unless $pkg_exists;
return 0 unless $pkg_secret;
@@
-264,9
+271,9
@@
sub action_push () {
if (deliberately('not-fast-forward')) {
add_taint(server_ref($suite),
if (deliberately('not-fast-forward')) {
add_taint(server_ref($suite),
- "
suite $suite when
--deliberately-not-fast-forward".
+ "
rewound suite $suite;
--deliberately-not-fast-forward".
" specified in signed tag $tagname for upload of".
" specified in signed tag $tagname for upload of".
- " version $version
into suite $suite
");
+ " version $version");
return NOFFCHECK|FRESHREPO;
}
if (deliberately('include-questionable-history')) {
return NOFFCHECK|FRESHREPO;
}
if (deliberately('include-questionable-history')) {
@@
-290,11
+297,17
@@
sub action_push_confirm () {
END
$initq->execute($pkg);
END
$initq->execute($pkg);
+ my @objscatcmd = qw(git);
+ push @objscatcmd, qw(--git-dir), $freshrepo if length $freshrepo;
+ push @objscatcmd, qw(cat-file --batch);
+ debugcmd '|',@objscatcmd if $debuglevel>=2;
+
my @taintids;
my $chkinput = tempfile();
while (my $taint = $initq->fetchrow_hashref()) {
push @taintids, $taint->{taint_id};
print $chkinput $taint->{gitobjid}, "\n" or die $!;
my @taintids;
my $chkinput = tempfile();
while (my $taint = $initq->fetchrow_hashref()) {
push @taintids, $taint->{taint_id};
print $chkinput $taint->{gitobjid}, "\n" or die $!;
+ printdebug '|> ', $taint->{gitobjid}, "\n" if $debuglevel>=2;
}
flush $chkinput or die $!;
seek $chkinput,0,0 or die $!;
}
flush $chkinput or die $!;
seek $chkinput,0,0 or die $!;
@@
-302,7
+315,7
@@
END
my $checkpid = open CHKOUT, "-|" // die $!;
if (!$checkpid) {
open STDIN, "<&", $chkinput or die $!;
my $checkpid = open CHKOUT, "-|" // die $!;
if (!$checkpid) {
open STDIN, "<&", $chkinput or die $!;
- exec
qw(git cat-file --batch)
or die $!;
+ exec
@objscatcmd
or die $!;
}
my ($taintinfoq,$overridesanyq,$untaintq,$overridesq);
}
my ($taintinfoq,$overridesanyq,$untaintq,$overridesq);
@@
-328,6
+341,7
@@
END
# just read what we expect and then let it get SIGPIPE.
$!=0; $_ = <CHKOUT>;
die "$? $!" unless defined $_;
# just read what we expect and then let it get SIGPIPE.
$!=0; $_ = <CHKOUT>;
die "$? $!" unless defined $_;
+ printdebug "|< ", $_ if $debuglevel>=2;
next if m/^\w+ missing$/;
die unless m/^(\w+) (\w+) (\d+)\s/;
next if m/^\w+ missing$/;
die unless m/^(\w+) (\w+) (\d+)\s/;