New approach to replay prevention - WIP

[dgit.git] / infra / dgit-repos-server

diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server
index ab831364ddb8577284cc5cf3f4019f3d44fc2d27..f2f30884854a83e2403b4142235f8fe4617ecd4c 100755 (executable)
--- a/infra/dgit-repos-server
+++ b/infra/dgit-repos-server
@@ -632,11 +632,21 @@ sub checksuite () {
 }
 
 sub checktagnoreplay () {
+    # We need to prevent a replay attack using an earlier signed tag.
+    # We also want to archive in the history anything 
+    #
     # We check that the signed tag mentions the name and tag object id of
-    # (a) in the case of FRESHREPO all tags in the repo;
-    # (b) in the case of just NOFFCHECK all tags referring to
+    #
+    # (a) In the case of FRESHREPO all tags and refs/heads/heads in the
+    #     repo.  That is, effectively, all the things we are deleting.
+    #     This prevents any tag implying a FRESHREPO push being replayed
+    #     into a different state of the repo.
+    #
+    # (b) In the case of just NOFFCHECK all tags referring to
     #     the current head for the suite (there must be at least one).
-    # This prevents a replay attack using an earlier signed tag.
+    #     This guarantees that the 
+    #
+    # 
     return unless $policy & (FRESHREPO|NOFFCHECK);
 
     my $garbagerepo = "$dgitrepos/${package}_garbage";