dgit-repos-server: fix dm parsing, more tests

diff --git a/dgit-repos-server b/dgit-repos-server
index 897e414d834942678d7a2236eb2490e7bd3e3711..33c18f1b795732902c43c5335d95e082f634d603 100755 (executable)
--- a/dgit-repos-server
+++ b/dgit-repos-server
@@ -391,12 +391,14 @@ sub dm_txt_check ($$) {
     while (<DT>) {
        m/^fingerprint:\s+$keyid$/oi
            ..0 or next;
-       m/^./
-           or reject "key $keyid missing Allow section in permissions!";
+       if (s/^allow:/ /i..0) {
+       } else {
+           m/^./
+               or reject "key $keyid missing Allow section in permissions!";
+           next;
+       }
        # in right stanza...
-       s/^allow:/ /i
-           ..0 or next;
-       s/^\s+//
+       s/^[ \t]+//
            or reject "package $package not allowed for key $keyid";
        # in allow field...
        s/\([^()]+\)//;

diff --git a/tests/tests/drs-push-rejects b/tests/tests/drs-push-rejects
index 6bc9bff0b3b70f99a200d80df64dfd3fdba2cbca..e3b5c7d603255b13fdd0c2f5b14775b25a0e4acb 100755 (executable)
--- a/tests/tests/drs-push-rejects
+++ b/tests/tests/drs-push-rejects
@@ -63,16 +63,38 @@ mustfail 'sid != sponge' HEAD:refs/dgit/sponge $push_spec2
 # fixme test --sig-policy-url string
 # fixme cannot test   reject "signature is not of type 00!";
 
+prep unstable sid
+mktag
+cp $tmp/dm.gpg $tmp/dd.gpg
+mustfail 'key not found in keyrings'
+
 prep unstable sid
 git push origin $push_spec # succeeds
 mktag
 mustfail 'not replacing previously-pushed version' $push_spec
 
+prep_dm_mangle () {
+       prep unstable sid
+       perl -i.bak -pe '
+               next unless m/^fingerprint: 3A82860837A0CD32/i../^$/;
+       ' -e "$1" $tmp/dm.txt
+       tag_signer='-u Populus'
+       mktag
+}
+
 git checkout v2
 version=3-2_dummy2
-prep unstable sid
-tag_signer='-u Populus'
-mktag
+
+prep_dm_mangle 's/allow:/asponge:/i'
+mustfail 'missing Allow section in permission' $push_spec
+
+prep_dm_mangle 's/\bpari-extra\b/sponge/i'
+mustfail "package $p not allowed for key" $push_spec
+
+prep_dm_mangle 'y/0-9/5-90-4/ if m/^fingerprint:/i'
+mustfail "not in permissions list although in keyring" $push_spec
+
+prep_dm_mangle ''
 git push origin $push_spec # succeeds
 
 echo ok.