+#
+# A wrinkle: if we approved a push recently, we treat NEW as having
+# a version which is in our history. This is because the package may
+# still be being uploaded. (We record this using the timestamp of the
+# package's git repo directory.)
+
+
+sub poldb_setup () {
+ $poldbh = DBI->connect($policydb,'','', {
+ RaiseError=>1, PrintError=>1, AutoCommit=>0
+ });
+ $poldbh->do("PRAGMA foreign_keys = ON");
+
+ $poldbh->do(<<END);
+ CREATE TABLE IF NOT EXISTS taints (
+ taint_id INTEGER NOT NULL PRIMARY KEY ASC AUTOINCREMENT,
+ package TEXT NOT NULL,
+ gitobjid TEXT NOT NULL,
+ comment TEXT NOT NULL,
+ time INTEGER,
+ gitobjtype TEXT,
+ gitobjdata TEXT
+ )
+END
+ $poldbh->do(<<END);
+ CREATE INDEX IF NOT EXISTS taints_by_package
+ ON taints (package, gitobject)
+END
+ # any one of of the listed deliberatelies will override its taint
+ $poldbh->do(<<END);
+ CREATE TABLE IF NOT EXISTS taintoverrides (
+ taint_id INTEGER NOT NULL
+ REFERENCES taints (taint_id)
+ ON UPDATE RESTRICT
+ ON DELETE CASCADE
+ DEFERRABLE INITIALLY DEFERRED,
+ deliberately TEXT NOT NULL,
+ PRIMARY KEY (taint_id, deliberately)
+ )
+END
+}
+
+sub poldb_commit () {
+ $poldbh->commit;
+}