#!/usr/bin/perl -w
# dgit repos policy hook script for Debian
-#
-# usages:
-# dgit-repos-policy-debian DISTRO DGIT-REPOS-DIR ACTION...
-# ie.
-# dgit-repos-policy-debian ... check-list [...]
-# dgit-repos-policy-debian ... check-package PACKAGE [...]
-# dgit-repos-policy-debian ... push PACKAGE \
-# VERSION SUITE TAGNAME DELIBERATELIES [...]
-# dgit-repos-policy-debian ... push-confirm PACKAGE \
-# VERSION SUITE TAGNAME DELIBERATELIES [...]
-#
-# cwd for push is a temporary repo where the to-be-pushed objects have
-# been received; TAGNAME is the version-based tag
-#
-# if push requested FRESHREPO, push-confirm happens in said fresh repo
-#
-# policy hook for a particular package will be invoked only once at
-# a time
use strict;
use POSIX;
our $action = shift @ARGV // die "need ACTION";
our $publicmode = 02775;
-our $policydb = "dbi:SQLite:$repos/policy";
+our $policydb = "dbi:SQLite:$repos/policy.sqlite3";
our $new_upload_propagation_slop = 3600*4 + 100;
our $poldbh;
our $pkgdir;
our ($pkg_exists,$pkg_secret);
+our $stderr;
+
our ($version,$suite,$tagname);
our %deliberately;
# still be being uploaded. (We record this using the timestamp of the
# package's git repo directory.)
+# We aim for the following invariants and properties:
+#
+# - .dsc of published dgit package will have corresponding publicly
+# visible dgit-repo (soon)
+#
+# - when a new package is rejected we help maintainer avoid
+# accidentally including bad objects in published dgit history
+#
+# - .dsc of NEW dgit package has corresponding dgit-repo but not
+# publicly readable
sub poldb_setup () {
- $poldbh = DBI->connect($policydb,'','', {
+ $poldbh ||= DBI->connect($policydb,'','', {
RaiseError=>1, PrintError=>1, AutoCommit=>0
});
$poldbh->do("PRAGMA foreign_keys = ON");
END
}
-sub poldb_commit () {
- $poldbh->commit;
-}
-
sub apiquery ($) {
my ($subpath) = @_;
local $/=undef;
sub specific_suite_has_vsn_in_our_history ($) {
my ($suite) = @_;
- my $in_new = apiquery "/dsc_in_suite/$suite/$pkg";
- foreach my $entry (@$in_new) {
+ my $in_suite = apiquery "/dsc_in_suite/$suite/$pkg";
+ foreach my $entry (@$in_suite) {
my $vsn = $entry->{version};
die "$pkg ?" unless defined $vsn;
my $tag = debiantag $vsn;
? "package $ti->{package}"
: "any package";
- print STDERR <<END;
+ $stderr .= <<END;
History contains tainted $objtype $objid
Taint recorded$timeshow for $pkginfo
END
$overridesanyq->execute($taintid);
my ($ovany) = $overridesanyq->fetchrow_array();
- print STDERR $ovany ? <<END : <<END;
+ $stderr .= $ovany ? <<END : <<END;
Could be forced using --deliberately. Consult documentation.
END
Uncorrectable error. If confused, consult administrator.
END
$mustreject = 1;
} else {
- print STDERR <<END;
+ $stderr .= <<END;
Forcing due to --deliberately-$ovwhy
END
$untaintq ||= $dbh->prepare(<<END);
}
if ($mustreject) {
- print STDERR <<END;
+ $stderr .= <<END;
Rejecting push due to questionable history.
END
- exit 1;
+ return 1;
}
return 0;
}
-if (defined $pkg) {
- selectpackage;
-}
-
$cmd =~ y/-/_/;
my $fn = ${*::}{"action__$cmd"};
-$fn or die "unknown ACTION";
+if (!$fn) {
+ exit 0;
+}
+
+my $sleepy=0;
-poldb_setup();
+for (;;) {
+ poldb_setup();
+ $stderr = '';
-my $rcode = $fn->();
-die unless defined $rcode;
+ my $rcode = $fn->();
+ die unless defined $rcode;
+
+ eval { $poldbh->commit; };
+ last unless length $@;
+
+ die if $sleepy >= 20;
+ print STDERR "[policy database busy, retrying]\n";
+ sleep ++$sleepy;
+
+ $poldbh->rollback;
+}
-poldb_commit();
+print STDERR $stderr;
exit $rcode;
~ianmdlvl / dgit.git / blobdiff