X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=dgit.git;a=blobdiff_plain;f=infra%2Fdgit-repos-policy-debian;h=e665a636566242c95b844c518a3eebaad93870ce;hp=06ad0022bd878aa4c771fc804052bc1c268a1aed;hb=559eacc729c94b9297874ff2c85f44e72648c0a1;hpb=ae4dea507387c90a796e2a752a717f8bc5ed1dae diff --git a/infra/dgit-repos-policy-debian b/infra/dgit-repos-policy-debian index 06ad0022..e665a636 100755 --- a/infra/dgit-repos-policy-debian +++ b/infra/dgit-repos-policy-debian @@ -206,8 +206,7 @@ sub add_taint_by_tag ($$) { " removed from NEW (ie, rejected) (or never arrived)"); } -sub action_check_package () { - getpackage(); +sub check_package () { return 0 unless $pkg_exists; return 0 unless $pkg_secret; @@ -220,15 +219,16 @@ sub action_check_package () { my $age = time - $mtime; printdebug "check_package age=$age\n"; - return 0 if $age < $new_upload_propagation_slop; - - return 0 if new_has_vsn_in_our_history(); - if (good_suite_has_vsn_in_our_history) { chmod $publicmode, "." or die $!; + $pkg_secret = 0; return 0; } + return 0 if $age < $new_upload_propagation_slop; + + return 0 if new_has_vsn_in_our_history(); + printdebug "check_package secret, deleted, tainting\n"; git_for_each_ref('refs/tags', sub { @@ -239,6 +239,11 @@ sub action_check_package () { return FRESHREPO; } +sub action_check_package () { + getpackage(); + return check_package(); +} + sub getpushinfo () { die unless @ARGV >= 4; $version = shift @ARGV; @@ -250,12 +255,14 @@ sub getpushinfo () { } } -sub deliberately ($) { return $deliberately{$_[0]}; } +sub deliberately ($) { return $deliberately{"--deliberately-$_[0]"}; } sub action_push () { getpackage(); getpushinfo(); + check_package(); # might make package public, or might add taints + return 0 unless $pkg_exists; return 0 unless $pkg_secret; @@ -264,9 +271,9 @@ sub action_push () { if (deliberately('not-fast-forward')) { add_taint(server_ref($suite), - "suite $suite when --deliberately-not-fast-forward". + "rewound suite $suite; --deliberately-not-fast-forward". " specified in signed tag $tagname for upload of". - " version $version into suite $suite"); + " version $version"); return NOFFCHECK|FRESHREPO; } if (deliberately('include-questionable-history')) { @@ -290,11 +297,17 @@ sub action_push_confirm () { END $initq->execute($pkg); + my @objscatcmd = qw(git); + push @objscatcmd, qw(--git-dir), $freshrepo if length $freshrepo; + push @objscatcmd, qw(cat-file --batch); + debugcmd '|',@objscatcmd if $debuglevel>=2; + my @taintids; my $chkinput = tempfile(); while (my $taint = $initq->fetchrow_hashref()) { push @taintids, $taint->{taint_id}; print $chkinput $taint->{gitobjid}, "\n" or die $!; + printdebug '|> ', $taint->{gitobjid}, "\n" if $debuglevel>=2; } flush $chkinput or die $!; seek $chkinput,0,0 or die $!; @@ -302,7 +315,7 @@ END my $checkpid = open CHKOUT, "-|" // die $!; if (!$checkpid) { open STDIN, "<&", $chkinput or die $!; - exec qw(git cat-file --batch) or die $!; + exec @objscatcmd or die $!; } my ($taintinfoq,$overridesanyq,$untaintq,$overridesq); @@ -328,6 +341,7 @@ END # just read what we expect and then let it get SIGPIPE. $!=0; $_ = ; die "$? $!" unless defined $_; + printdebug "|< ", $_ if $debuglevel>=2; next if m/^\w+ missing$/; die unless m/^(\w+) (\w+) (\d+)\s/;