# dgit-repos-server
#
# usages:
-# .../dgit-repos-server DISTRO SUITES KEYRING-AUTH-SPEC DGIT-REPOS-DIR --ssh
+# .../dgit-repos-server DISTRO SUITES KEYRING-AUTH-SPEC \
+# DGIT-REPOS-DIR POLICY-HOOK-SCRIPT --ssh
# internal usage:
# .../dgit-repos-server --pre-receive-hook PACKAGE
#
our $dgitrepos;
our $package;
our $suitesfile;
+our $policyhook;
our $realdestrepo;
our $destrepo;
our $workrepo;
our $keyrings;
our @lockfhs;
our $debug='';
+our @deliberatelies;
+our $policy;
#----- utilities -----
for (;;) {
print PT or die $!;
$!=0; $_=<T>; defined or die "missing signature? $!";
+ if (m/^\[dgit ([^"].*)\]$/) { # [dgit "something"] is for future
+ $_ = $1." ";
+ for (;;) {
+ if (s/^distro\=(\S+) //) {
+ die "$1 != $distro" unless $1 eq $distro;
+ } elsif (s/^(--deliberately-$package_re) //) {
+ push @deliberatelies, $1;
+ } elsif (s/^[-+.=0-9a-z]\S* //) {
+ } else {
+ die "unknown dgit info in tag";
+ }
+ }
+ next;
+ }
last if m/^-----BEGIN PGP/;
}
for (;;) {
sub checks () {
debug "checks";
- checksuite();
+
tagh1('type') eq 'commit' or reject "tag refers to wrong kind of object";
tagh1('object') eq $commit or reject "tag refers to wrong commit";
tagh1('tag') eq $tagname or reject "tag name in tag is wrong";
debug "translated version $v";
$tagname eq "debian/$v" or die;
+ checksuite();
+
# check that our ref is being fast-forwarded
debug "oldcommit $oldcommit";
if ($oldcommit =~ m/[^0]/) {
defined($workrepo = $ENV{'DGIT_DRS_WORK'}) or die;
defined($destrepo = $ENV{'DGIT_DRS_DEST'}) or die;
defined($keyrings = $ENV{'DGIT_DRS_KEYRINGS'}) or die $!;
+ defined($policyhook = $ENV{'DGIT_DRS_POLICYHOOK'}) or die $!;
open STDOUT, ">&STDERR" or die $!;
eval {
stunthook();
$ENV{'DGIT_DRS_SUITES'} = argval();
$ENV{'DGIT_DRS_KEYRINGS'} = argval();
$dgitrepos = argval();
+ $ENV{'DGIT_DRS_POLICYHOOK'} = $policyhook = argval();
die unless @ARGV==1 && $ARGV[0] eq '--ssh';