Merge tag dgit/2.14 into `defence in dgit-repos-server' branch

Fix up semantic conflict: the new git-fsck test (in 2.14) fails on the
new broken commits (in the `defence in dgit-repos-server' branch).

We need to disable this.  Ideally we would make a tighter test, but
that's too much to do in a merge.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/Debian/Dgit.pm b/Debian/Dgit.pm
index 50e3b860a71ae409c6d803b1cd36788f7617e61a..e9921d6a33435c5c34164eca3f2dc2174bf1e4ef 100644 (file)
--- a/Debian/Dgit.pm
+++ b/Debian/Dgit.pm
@@ -54,7 +54,7 @@ BEGIN {
                       $debugprefix *debuglevel *DEBUG
                       shellquote printcmd messagequote);
     # implicitly uses $main::us
-    %EXPORT_TAGS = ( policyflags => [qw(NOFFCHECK FRESHREPO)] );
+    %EXPORT_TAGS = ( policyflags => [qw(NOFFCHECK FRESHREPO NOCOMMITCHECK)] );
     @EXPORT_OK   = @{ $EXPORT_TAGS{policyflags} };
 }
 
@@ -71,6 +71,7 @@ our $branchprefix = 'dgit';
 # dynamic loader, runtime, etc., failures, which report 127 or 255
 sub NOFFCHECK () { return 0x2; }
 sub FRESHREPO () { return 0x4; }
+sub NOCOMMITCHECK () { return 0x8; }
 
 our $debugprefix;
 our $debuglevel = 0;

diff --git a/debian/changelog b/debian/changelog
index 832253f2a4b71ba2fd7c6772644c15b6220d56f7..bfbffd5f26c6167be8b216e16f998730ee21ae68 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+dgit (2.15~) unstable; urgency=low
+
+  * 
+
+ --
+
 dgit (2.14) unstable; urgency=critical
 
   CRITICAL BUGFIX:

diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server
index 1be33609d486578b69a3fdeb2edd7b831b5c9c02..eb4b377334d017807e7f22d70a22946be0707b9e 100755 (executable)
--- a/infra/dgit-repos-server
+++ b/infra/dgit-repos-server
@@ -160,6 +160,9 @@ setup_sigwarn();
 #    FRESHREPO   (4)
 #         blow away repo right away (ie, as if before push or fetch)
 #         ("check-package" and "push" only)
+#    NOCOMMITCHECK   (8)
+#         suppress dgit-repos-server's check that commits do
+#         not lack "committer" info (eg as produced by #849041)
 # any unexpected bits mean failure, and then known set bits are ignored
 # if no unexpected bits set, operation continues (subject to meaning
 # of any expected bits set).  So, eg, exit 0 means "continue normally"
@@ -890,6 +893,27 @@ sub checks () {
        chomp $mb;
        $mb eq $oldcommit or reject "not fast forward on dgit branch";
     }
+
+    # defend against commits generated by #849041
+    if (!($policy & NOCOMMITCHECK)) {
+       my @checks = qw(%an %ae %at
+                       %cn %ce %ct);
+       my @chk = qw(git log -z);
+       push @chk, '--pretty=tformat:%H%n'.
+           (join "", map { $_, '%n' } @checks);
+       push @chk, "^$oldcommit" if $oldcommit =~ m/[^0]/;
+       push @chk, $commit;;
+       printdebug " ~NOCOMMITCHECK @chk\n";
+       open CHK, "-|", @chk or die $!;
+       local $/ = "\0";
+       while (<CHK>) {
+           next unless m/^$/m;
+           m/^\w+(?=\n)/ or die;
+           reject "corrupted object $& (missing metadata)";
+       }
+       $!=0; $?=0; close CHK or $?==256 or die "$? $!";
+    }
+
     if ($policy & FRESHREPO) {
        # It's a bit late to be discovering this here, isn't it ?
        #

diff --git a/tests/lib b/tests/lib
index 579ddda34665dc279cd268ae70a011515095db1e..5fcb6f656b82497e2726638c7ae2523bc5245064 100644 (file)
--- a/tests/lib
+++ b/tests/lib
@@ -350,7 +350,7 @@ t-git-dir-check () {
 }
 
 t-git-fsck () {
-       git fsck --no-dangling --strict
+       git fsck --no-dangling --strict || ${expect_fsck_fail-false}
 }
 
 t-fscks () {

diff --git a/tests/tests/drs-push-rejects b/tests/tests/drs-push-rejects
index f829dc91bbef4372f0b240f2c00be5c063d632ba..dee14b86fe68f14cea98137ef22a03991471b046 100755 (executable)
--- a/tests/tests/drs-push-rejects
+++ b/tests/tests/drs-push-rejects
@@ -139,6 +139,18 @@ mktag
 mustfail 'tag name in tag is wrong' \
        refs/tags/$tagpfx/wombat:refs/tags/$tagpfx/$version $push_spec1
 
+echo ====
+badcommit=$(
+       git cat-file commit HEAD | \
+       perl -pe 's/^committer.*\n//' | \
+       git hash-object -w -t commit --stdin
+)
+git checkout -b broken $badcommit
+prep unstable sid
+mktag
+mustfail "corrupted object $badcommit" $push_spec
+
+git checkout dgit/sid
 prep unstable sid
 mktag
 mustsucceed $push_spec # succeeds
@@ -191,4 +203,7 @@ mustfail "not in permissions list although in keyring" $push_spec
 prep_dm_mangle ''
 mustsucceed $push_spec # succeeds
 
+# we generate some junk, so we must tolerate git-fsck complaining
+expect_fsck_fail=true
+
 t-ok