}
sub checktagnoreplay () {
- # We check that the signed tag mentions the name and value of
- # (a) in the case of FRESHREPO all tags in the repo;
- # (b) in the case of just NOFFCHECK all tags referring to
- # the current head for the suite (there must be at least one).
- # This prevents a replay attack using an earlier signed tag.
+ # We need to prevent a replay attack using an earlier signed tag.
+ # We also want to archive in the history anything
+ #
+ # We check that the signed tag mentions the name and tag object id of
+ #
+ # (a) In the case of FRESHREPO all tags and refs/heads/heads in the
+ # repo. That is, effectively, all the things we are deleting.
+ # This prevents any tag implying a FRESHREPO push being replayed
+ # into a different state of the repo.
+ #
+ # (b) In the case of just NOFFCHECK all tags referring to
+ # the current head for the suite (there must be at least one).
+ # This guarantees that the
+ #
+ #
return unless $policy & (FRESHREPO|NOFFCHECK);
my $garbagerepo = "$dgitrepos/${package}_garbage";
my @problems;
git_for_each_tag_referring($onlyreferring, sub {
- my ($objid,$refobjid,$fullrefname,$tagname) = @_;
- printdebug "checktagnoreplay - overwriting $fullrefname=$objid\n";
+ my ($tagobjid,$refobjid,$fullrefname,$tagname) = @_;
+ printdebug "checktagnoreplay - overwriting".
+ " $fullrefname=$tagobjid->$refobjid\n";
my $supers = $supersedes{$fullrefname};
if (!defined $supers) {
- push @problems, "does not supersede $fullrefname";
- } elsif ($supers ne $objid) {
+ printdebug "checktagnoreply - fallbacks\n";
+ my $super_fallback = 0;
+ foreach my $didsuper (sort keys %supersedes) {
+ my $didsuper_tagobjid = $supersedes{$didsuper};
+ my $didsuper_refobjid = git_rev_parse $didsuper_tagobjid;
+ printdebug "checktagnoreply - fallback".
+ " $didsuper=$didsuper_refobjid->$didsuper_tagobjid\n";
+ last if
+ $refobjid ne $didsuper_refobjid
+ and is_fast_fwd($refobjid, $didsuper_refobjid);
+ printdebug "checktagnoreply - fallback $didsuper OK\n";
+ $super_fallback = 1;
+ }
+ push @problems, "does not supersede $fullrefname"
+ unless $super_fallback;
+ } elsif ($supers ne $tagobjid) {
push @problems,
- "supersedes $fullrefname=$supers but previously $fullrefname=$objid";
+ "supersedes $fullrefname=$supers but previously $fullrefname=$tagobjid";
} else {
# ok;
}