X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=dgit.git;a=blobdiff_plain;f=infra%2Fdgit-repos-policy-debian;h=fa1d17d92d903a4d7456efb61a697c24d8a06470;hp=493fefdd6d9233c3d85056c6483888589c58e238;hb=323e5e59ee548bf44cc2cb9a584cb1c3edcabe3f;hpb=5408b0c227d942af55442389894a9ed7338a55ce

diff --git a/infra/dgit-repos-policy-debian b/infra/dgit-repos-policy-debian
index 493fefdd..fa1d17d9 100755
--- a/infra/dgit-repos-policy-debian
+++ b/infra/dgit-repos-policy-debian
@@ -1,21 +1,5 @@
 #!/usr/bin/perl -w
 # dgit repos policy hook script for Debian
-#
-# usages:
-#   dgit-repos-policy-debian DISTRO DGIT-REPOS-DIR ACTION...
-# ie.
-#   dgit-repos-policy-debian ... check-list [...]
-#   dgit-repos-policy-debian ... check-package PACKAGE [...]
-#   dgit-repos-policy-debian ... push PACKAGE \
-#         VERSION SUITE TAGNAME DELIBERATELIES [...]
-#
-# cwd for push is a temporary repo where the to-be-pushed objects have
-#  been received; TAGNAME is the version-based tag
-#
-# if push requested FRESHREPO, push-confirm happens in said fresh repo
-#
-# policy hook for a particular package will be invoked only once at
-# a time
 
 use strict;
 use POSIX;
@@ -23,13 +7,13 @@ use JSON;
 use File::Temp;
 
 use Debian::Dgit qw(:DEFAULT :policyflags);
+use Debian::Dgit::Policy::Debian;
 
 our $distro = shift @ARGV // die "need DISTRO";
 our $repos = shift @ARGV // die "need DGIT-REPOS-DIR";
 our $action = shift @ARGV // die "need ACTION";
 
 our $publicmode = 02775;
-our $policydb = "dbi:SQLite:$repos/policy";
 our $new_upload_propagation_slop = 3600*4 + 100;
 
 our $poldbh;
@@ -37,6 +21,11 @@ our $pkg;
 our $pkgdir;
 our ($pkg_exists,$pkg_secret);
 
+our $stderr;
+
+our ($version,$suite,$tagname);
+our %deliberately;
+
 # We assume that it is not possible for NEW to have a version older
 # than sid.
 
@@ -71,45 +60,16 @@ our ($pkg_exists,$pkg_secret);
 # still be being uploaded.  (We record this using the timestamp of the
 # package's git repo directory.)
 
-
-sub poldb_setup () {
-    $poldbh = DBI->connect($policydb,'','', {
-	RaiseError=>1, PrintError=>1, AutoCommit=>0
-			   });
-    $poldbh->do("PRAGMA foreign_keys = ON");
-
-    $poldbh->do(<<END);
-	CREATE TABLE IF NOT EXISTS taints (
-	    taint_id   INTEGER NOT NULL PRIMARY KEY ASC AUTOINCREMENT,
-	    package    TEXT    NOT NULL,
-	    gitobjid   TEXT    NOT NULL,
-	    comment    TEXT    NOT NULL,
-	    time       INTEGER,
-	    gitobjtype TEXT,
-	    gitobjdata TEXT
-	    )
-END
-    $poldbh->do(<<END);
-	CREATE INDEX IF NOT EXISTS taints_by_package
-	    ON taints (package, gitobject)
-END
-    # any one of of the listed deliberatelies will override its taint
-    $poldbh->do(<<END);
-	CREATE TABLE IF NOT EXISTS taintoverrides (
-	    taint_id  INTEGER NOT NULL
-		      REFERENCES taints (taint_id)
-			  ON UPDATE RESTRICT
-			  ON DELETE CASCADE
-		      DEFERRABLE INITIALLY DEFERRED,
-	    deliberately TEXT NOT NULL,
-	    PRIMARY KEY (taint_id, deliberately)
-	)
-END
-}
-
-sub poldb_commit () {
-    $poldbh->commit;
-}
+# We aim for the following invariants and properties:
+#
+# - .dsc of published dgit package will have corresponding publicly
+#   visible dgit-repo (soon)
+#
+# - when a new package is rejected we help maintainer avoid
+#   accidentally including bad objects in published dgit history
+#
+# - .dsc of NEW dgit package has corresponding dgit-repo but not
+#   publicly readable
 
 sub apiquery ($) {
     my ($subpath) = @_;
@@ -121,8 +81,8 @@ sub apiquery ($) {
 
 sub specific_suite_has_vsn_in_our_history ($) {
     my ($suite) = @_;
-    my $in_new = apiquery "/dsc_in_suite/$suite/$pkg";
-    foreach my $entry (@$in_new) {
+    my $in_suite = apiquery "/dsc_in_suite/$suite/$pkg";
+    foreach my $entry (@$in_suite) {
 	my $vsn = $entry->{version};
 	die "$pkg ?" unless defined $vsn;
 	my $tag = debiantag $vsn;
@@ -169,10 +129,10 @@ sub getpackage () {
 }
 
 sub add_taint ($$) {
-    my ($gitobjid, $gitobjtype, $reason) = @_;
+    my ($refobj, $reason);
 
     my $tf = new File::Temp or die $!;
-    print $tf "$gitobjid\n" or die $!;
+    print $tf "$refobj^0\n" or die $!;
 
     my $gcfpid = open GCF, "-|";
     defined $gcfpid or die $!;
@@ -185,12 +145,15 @@ sub add_taint ($$) {
     close $tf or die $!;
     $_ = <GCF>;
     m/^(\w+) (\w+) (\d+)\n/ or die "$objline ?";
-    $1 eq $gitobjid or die "$! $gitobjid ?";
-    $2 eq $gitobjtype or die "$! $gitobjtype ?";
+    my $gitobjid = $1;
+    my $gitobjtype = $2;
     my $bytes = $3;
 
     my $gitobjdata;
-    $!=0; read GCF, $gitobjdata, $bytes == $bytes or die "$gitobjid $bytes $!";
+    if ($gitobjtype eq 'commit' or $gitobjtype eq 'tag') {
+	$!=0; read GCF, $gitobjdata, $bytes == $bytes
+	    or die "$gitobjid $bytes $!";
+    }
     close GCF;
 
     $poldbh->do("INSERT INTO taints".
@@ -202,11 +165,18 @@ sub add_taint ($$) {
     die unless defined $taint_id;
 
     $poldbh->do("INSERT INTO taintoverrides".
-		" (taint_id, 'include-questionable-history')",
-		" VALUES (?)", {},
+		" (taint_id, deliberately)",
+		" VALUES (?, 'include-questionable-history')", {},
 		$taint_id);
 }
 
+sub add_taint_by_tag ($$) {
+    my ($tagname,$refobjid) = @_;
+    add_taint($refobjid,
+	      "tag $tagname referred to this object in git tree but all".
+	      " previously pushed versions were found to have been".
+	      " removed from NEW (ie, rejected) (or never arrived)");
+}
 
 sub action__check_package () {
     getpackage();
@@ -221,43 +191,186 @@ sub action__check_package () {
 	return 0;
     }
 
-    open TAGL, "git for-each-ref '[r]efs/tags/*' |" or die $!;
-    while (<TAGL>) {
-	m#^(\w+) (\w+) (refs/tags/\S+)\s# or die "$_ ?";
-	add_taint($1,$2,
-		  "tag $3 referred to this object in git tree but all".
-		  " previously pushed versions were found to have been".
-		  " removed from NEW (ie, rejected) (or never arrived)");
-    }
+    git_for_each_ref('refs/tags', sub {
+	my ($objid,$objtype,$fullrefname,$tagname) = @_;
+	add_taint_by_tag($tagname,$refobjid);
+    });
     $?=0; $!=0; close TAGL or die "git for-each-ref $? $!";
 
     return FRESHREPO;
 }
 
-sub action_push () {
-    # we suppose that NEW has a version which is already in our
-    # history, as otherwise the repo would have been blown away
+sub getpushinfo () {
+    die unless @ARGV >= 4;
+    $version = shift @ARGV;
+    $suite = shift @ARGV;
+    $tagname = shift @ARGV;
+    my $delibs = shift @ARGV;
+    foreach my $delib (split /\,/, $delibs) {
+	$deliberately{$delib} = 1;
+    }
+}
+
+sub deliberately ($) { return $deliberately{$_[0]}; }
 
+sub action_push () {
     getpackage();
     return 0 unless $pkg_exists;
     return 0 unless $pkg_secret;
 
-    xxx up to here
+    # we suppose that NEW has a version which is already in our
+    # history, as otherwise the repo would have been blown away
+
+    if (deliberately('not-fast-forward')) {
+	add_taint(server_ref($suite),
+		  "suite $suite when --deliberately-not-fast-forward".
+		  " specified in signed tag $tagname for upload of".
+		  " version $version into suite $suite");
+	return NOFFCHECK|FRESHREPO;
+    }
+    if (deliberately('include-questionable-history')) {
+	return 0;
+    }
+    die "Package is in NEW and has not been accepted or rejected yet;".
+	" use a --deliberately option to specify whether you are".
+	" keeping or discarding the previously pushed history. ".
+	" Please RTFM dgit(1).\n";
 }
 
+sub action_push_confirm () {
+    my $initq = $dbh->prepare(<<END);
+        SELECT taint_id, gitobjid FROM taints t
+            WHERE (package = ? OR package = '')
+END
+    $initq->execute($pkg);
+
+    my @taintids;
+    my $chkinput = tempfile();
+    while (my $taint = $initq->fetchrow_hashref()) {
+	push @taintids, $taint->{taint_id};
+	print $chkinput, $taint->{gitobjid}, "\n" or die $!;
+    }
+    flush $chkinput or die $!;
+    seek $chkinput,0,0 or die $!;
+
+    my $checkpid = open2("<&$chkinput", \*CHKOUT, qw(git cat-file --batch));
+    $checkpid or die $!;
 
+    my ($taintinfoq,$overridesanyq,$untaintq,$overridesq);
 
-if (defined $pkg) {
-    selectpackage;
+    my $overridesstmt = <<END;
+        SELECT deliberately FROM taintoverrides WHERE (
+    my @overridesv = sort keys %deliberately;
+    $overridesstmt .= join <<END, (<<END x @overridesv);
+END
+            OR
+END
+            deliberately = ?
+END
+    $overridesstmt .= <<END;
+	) AND taint_id = ?
+        ORDER BY deliberately ASC
+END
+
+    my $mustreject=0;
+
+    while (<CHKOUT>) {
+	my $taintid = shift @taintids;
+	die unless defined $taintid;
+
+	next if m/^\w+ missing$/;
+	die unless m/^(\w+) (\s+) (\d+)\s/;
+	my ($objid,$objtype,$nbytes) = @_;
+
+	read CHKOUT, $_, $nbytes == $bytes or last;
+
+	$taintinfoq ||= $dbh->prepare(<<END);
+            SELECT package, time, comment FROM taints WHERE taint_id =  ?
+END
+        $taintinfoq->execute($taintid);
+
+	my $ti = $taintinfoq->fetchrow_hashref();
+	die unless $ti;
+
+	my $timeshow = defined $ti->{time}
+	    ? " at time ".strftime("%Y-%m-%d %H:%M:%S Z", gmtime $ti->time)
+	    : "";
+	my $pkgshow = length $ti->{package}
+	    ? "package $ti->{package}"
+	    : "any package";
+
+	$stderr .= <<END;
+
+History contains tainted $objtype $objid
+Taint recorded$timeshow for $pkginfo
+Reason: $ti->{comment}
+END
+
+        $overridesq ||= $dbh->prepare($overridesstmt);
+	$overridesq->execute(@overridesv, $taintid);
+	my ($ovwhy) = $overridesq->fetchrow_array();
+	if (!defined $ovwhy) {
+	    $overridesanyq ||= $dbh->prepare(<<END);
+	        SELECT 1 FROM taintoverrides WHERE taint_id = ? LIMIT 1
+END
+	    $overridesanyq->execute($taintid);
+	    my ($ovany) = $overridesanyq->fetchrow_array();
+	    $stderr .= $ovany ? <<END : <<END;
+Could be forced using --deliberately.  Consult documentation.
+END
+Uncorrectable error.  If confused, consult administrator.
+END
+            $mustreject = 1;
+	} else {
+	    $stderr .= <<END;
+Forcing due to --deliberately-$ovwhy
+END
+            $untaintq ||= $dbh->prepare(<<END);
+                DELETE FROM taints WHERE taint_id = ?
+END
+            $untaintq->execute($taint_id);
+        }
+    }
+    if (@taintids) {
+	$?=0; my $gotpid = waitpid $checkpid, WNOHANG;
+	die "@taintids $gotpid $? $!";
+    }
+
+    if ($mustreject) {
+	$stderr .= <<END;
+
+Rejecting push due to questionable history.
+END
+        return 1;
+    }
+
+    return 0;
 }
 
+$cmd =~ y/-/_/;
 my $fn = ${*::}{"action__$cmd"};
-$fn or die "unknown ACTION";
+if (!$fn) {
+    exit 0;
+}
+
+my $sleepy=0;
 
-poldb_setup();
+for (;;) {
+    poldb_setup(poldb_path($repos));
+    $stderr = '';
 
-my $rcode = $fn->();
-die unless defined $rcode;
+    my $rcode = $fn->();
+    die unless defined $rcode;
+
+    eval { $poldbh->commit; };
+    last unless length $@;
+
+    die if $sleepy >= 20;
+    print STDERR "[policy database busy, retrying]\n";
+    sleep ++$sleepy;
+
+    $poldbh->rollback;
+}
 
-poldb_commit();
+print STDERR $stderr;
 exit $rcode;