chiark
/
gitweb
/
~ianmdlvl
/
dgit.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
infra: Finish replay prevention
[dgit.git]
/
infra
/
dgit-repos-policy-debian
diff --git
a/infra/dgit-repos-policy-debian
b/infra/dgit-repos-policy-debian
index 06ad0022bd878aa4c771fc804052bc1c268a1aed..e02c100ccc5d093c36d63245eeac7a25fe2f599e 100755
(executable)
--- a/
infra/dgit-repos-policy-debian
+++ b/
infra/dgit-repos-policy-debian
@@
-250,7
+250,7
@@
sub getpushinfo () {
}
}
}
}
-sub deliberately ($) { return $deliberately{
$_[0]
}; }
+sub deliberately ($) { return $deliberately{
"--deliberately-$_[0]"
}; }
sub action_push () {
getpackage();
sub action_push () {
getpackage();
@@
-264,9
+264,9
@@
sub action_push () {
if (deliberately('not-fast-forward')) {
add_taint(server_ref($suite),
if (deliberately('not-fast-forward')) {
add_taint(server_ref($suite),
- "
suite $suite when
--deliberately-not-fast-forward".
+ "
rewound suite $suite;
--deliberately-not-fast-forward".
" specified in signed tag $tagname for upload of".
" specified in signed tag $tagname for upload of".
- " version $version
into suite $suite
");
+ " version $version");
return NOFFCHECK|FRESHREPO;
}
if (deliberately('include-questionable-history')) {
return NOFFCHECK|FRESHREPO;
}
if (deliberately('include-questionable-history')) {
@@
-290,11
+290,17
@@
sub action_push_confirm () {
END
$initq->execute($pkg);
END
$initq->execute($pkg);
+ my @objscatcmd = qw(git);
+ push @objscatcmd, qw(--git-dir), $freshrepo if length $freshrepo;
+ push @objscatcmd, qw(cat-file --batch);
+ debugcmd '|',@objscatcmd if $debuglevel>=2;
+
my @taintids;
my $chkinput = tempfile();
while (my $taint = $initq->fetchrow_hashref()) {
push @taintids, $taint->{taint_id};
print $chkinput $taint->{gitobjid}, "\n" or die $!;
my @taintids;
my $chkinput = tempfile();
while (my $taint = $initq->fetchrow_hashref()) {
push @taintids, $taint->{taint_id};
print $chkinput $taint->{gitobjid}, "\n" or die $!;
+ printdebug '|> ', $taint->{gitobjid}, "\n" if $debuglevel>=2;
}
flush $chkinput or die $!;
seek $chkinput,0,0 or die $!;
}
flush $chkinput or die $!;
seek $chkinput,0,0 or die $!;
@@
-302,7
+308,7
@@
END
my $checkpid = open CHKOUT, "-|" // die $!;
if (!$checkpid) {
open STDIN, "<&", $chkinput or die $!;
my $checkpid = open CHKOUT, "-|" // die $!;
if (!$checkpid) {
open STDIN, "<&", $chkinput or die $!;
- exec
qw(git cat-file --batch)
or die $!;
+ exec
@objscatcmd
or die $!;
}
my ($taintinfoq,$overridesanyq,$untaintq,$overridesq);
}
my ($taintinfoq,$overridesanyq,$untaintq,$overridesq);
@@
-328,6
+334,7
@@
END
# just read what we expect and then let it get SIGPIPE.
$!=0; $_ = <CHKOUT>;
die "$? $!" unless defined $_;
# just read what we expect and then let it get SIGPIPE.
$!=0; $_ = <CHKOUT>;
die "$? $!" unless defined $_;
+ printdebug "|< ", $_ if $debuglevel>=2;
next if m/^\w+ missing$/;
die unless m/^(\w+) (\w+) (\d+)\s/;
next if m/^\w+ missing$/;
die unless m/^(\w+) (\w+) (\d+)\s/;