chiark
/
gitweb
/
~ianmdlvl
/
dgit.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
fb73b55
)
New approach to replay prevention - WIP
author
Ian Jackson
<ijackson@chiark.greenend.org.uk>
Thu, 21 May 2015 09:12:23 +0000
(10:12 +0100)
committer
Ian Jackson
<ijackson@chiark.greenend.org.uk>
Sun, 31 May 2015 11:58:00 +0000
(12:58 +0100)
infra/dgit-repos-server
patch
|
blob
|
history
diff --git
a/infra/dgit-repos-server
b/infra/dgit-repos-server
index ab831364ddb8577284cc5cf3f4019f3d44fc2d27..f2f30884854a83e2403b4142235f8fe4617ecd4c 100755
(executable)
--- a/
infra/dgit-repos-server
+++ b/
infra/dgit-repos-server
@@
-632,11
+632,21
@@
sub checksuite () {
}
sub checktagnoreplay () {
}
sub checktagnoreplay () {
+ # We need to prevent a replay attack using an earlier signed tag.
+ # We also want to archive in the history anything
+ #
# We check that the signed tag mentions the name and tag object id of
# We check that the signed tag mentions the name and tag object id of
- # (a) in the case of FRESHREPO all tags in the repo;
- # (b) in the case of just NOFFCHECK all tags referring to
+ #
+ # (a) In the case of FRESHREPO all tags and refs/heads/heads in the
+ # repo. That is, effectively, all the things we are deleting.
+ # This prevents any tag implying a FRESHREPO push being replayed
+ # into a different state of the repo.
+ #
+ # (b) In the case of just NOFFCHECK all tags referring to
# the current head for the suite (there must be at least one).
# the current head for the suite (there must be at least one).
- # This prevents a replay attack using an earlier signed tag.
+ # This guarantees that the
+ #
+ #
return unless $policy & (FRESHREPO|NOFFCHECK);
my $garbagerepo = "$dgitrepos/${package}_garbage";
return unless $policy & (FRESHREPO|NOFFCHECK);
my $garbagerepo = "$dgitrepos/${package}_garbage";