# usages:
# .../dgit-repos-server DISTRO SUITES KEYRING-AUTH-SPEC \
# DGIT-REPOS-DIR POLICY-HOOK-SCRIPT --ssh
+# .../dgit-repos-server DISTRO SUITES KEYRING-AUTH-SPEC \
+# DGIT-REPOS-DIR POLICY-HOOK-SCRIPT --cron
# internal usage:
# .../dgit-repos-server --pre-receive-hook PACKAGE
#
# PACKAGE_garbage } (also covers executions of
# PACKAGE_garbage-old } policy hook script for PACKAGE)
# PACKAGE_garbage-tmp }
+# policy* } (for policy hook script, covered by
+# } lock only when invoked for a package)
#
# leaf locks, held during brief operaton only:
#
# the corresponding temporary tree, as the lockfile is also
# a stampfile whose presence indicates that there may be
# cleanup to do
+#
+# Policy hook script is invoked like this:
+# POLICY-HOOK-SCRIPT DISTRO DGIT-REPOS-DIR ACTION...
+# ie.
+# POLICY-HOOK-SCRIPT ... check-list [...]
+# POLICY-HOOK-SCRIPT ... check-package PACKAGE [...]
+# POLICY-HOOK-SCRIPT ... push|push-confirm PACKAGE \
+# VERSION SUITE TAGNAME DELIBERATELIES [...]
+#
+# Exit status is a bitmask. Bit weight constants are defined in Dgit.pm.
+# NOFFCHECK (2)
+# suppress dgit-repos-server's fast-forward check ("push" only)
+# FRESHREPO (4)
+# blow away repo right away (ie, as if before push or fetch)
+# ("check-package" and "push" only)
+# any unexpected bits mean failure, and then known set bits are ignored
+# if no unexpected bits set, operation continues (subject to meaning
+# of any expected bits set). So, eg, exit 0 means "continue normally"
+# and would be appropriate for an unknown action.
+#
+# cwd for push and push-confirm is a temporary repo where the
+# to-be-pushed objects have been received; TAGNAME is the
+# version-based tag
+#
+# if push requested FRESHREPO, push-confirm happens in said fresh repo
+#
+# policy hook for a particular package will be invoked only once at
+# a time - (see comments about DGIT-REPOS-DIR, above)
+#
+# check-list and check-package are invoked via the --cron option.
+# First, without any locking, check-list is called. It should produce
+# a list of package names. Then check-package will be invoked for
+# each named package, in each case after taking an appropriate lock.
+
use POSIX;
use Fcntl qw(:flock);
our $func;
our $dgitrepos;
our $package;
+our $distro;
our $suitesfile;
our $policyhook;
our $realdestrepo;
my ($policyallowbits, @polargs) = @_;
# => ($exitstatuspolicybitmap);
die if $policyallowbits & ~0x3e;
- my @cmd = ($policyhook,$distro,$repos,@polargs);
- debugcmd @_;
- my $r = system @_;
+ my @cmd = ($policyhook,$distro,$dgitrepos,@polargs);
+ debugcmd @cmd;
+ my $r = system @cmd;
die "system: $!" if $r < 0;
die "hook (@cmd) failed ($?)" if $r & ~($policyallowbits << 8);
return $r >> 8;
or die "$garbagerepo $!";
}
-sub onwardpush () {
- my @cmd = (qw(git send-pack), $destrepo);
- push @cmd, qw(--force) if $policy & NOFFCHECK;
- push @cmd, "$commit:refs/dgit/$suite",
- "$tagval:refs/tags/$tagname");
- debugcmd @cmd;
- $!=0;
- my $r = system @cmd;
- !$r or die "onward push to $destrepo failed: $r $!";
-}
-
#----- git-receive-pack -----
sub fixmissing__git_receive_pack () {
$version = $2;
die "$3 != $suite " unless $3 eq $suite;
+ my $copyl = $_;
for (;;) {
- print PT or die $!;
+ print PT $copyl or die $!;
$!=0; $_=<T>; defined or die "missing signature? $!";
+ $copyl = $_;
if (m/^\[dgit ([^"].*)\]$/) { # [dgit "something"] is for future
$_ = $1." ";
- for (;;) {
+ while (length) {
if (s/^distro\=(\S+) //) {
die "$1 != $distro" unless $1 eq $distro;
} elsif (s/^(--deliberately-$package_re) //) {
$supersedes{$1} = $2;
} elsif (s/^[-+.=0-9a-z]\S* //) {
} else {
- die "unknown dgit info in tag";
+ die "unknown dgit info in tag ($_)";
}
}
next;
}
last if m/^-----BEGIN PGP/;
}
+ $_ = $copyl;
for (;;) {
print DS or die $!;
$!=0; $_=<T>;
my @problems;
- git_for_each_tag_referring($objreferring, sub {
+ git_for_each_tag_referring($onlyreferring, sub {
my ($objid,$fullrefname,$tagname) = @_;
debug "checktagnoreplay - overwriting $fullrefname=$objid";
my $supers = $supersedes{$fullrefname};
lockrealtree();
- $policy = policyhook(NOFFCHECK|FRESHREPO, 'push',$package,
- $version,$suite,$tagname,
- join(",",@delberatelies));
+ my @policy_args = ($package,$version,$suite,$tagname,
+ join(",",@deliberatelies));
+ $policy = policyhook(NOFFCHECK|FRESHREPO, 'push', @policy_args);
checktagnoreplay();
checksuite();
$destrepo = "${workrepo}_fresh"; # workrepo lock covers
mkrepo_fromtemplate $destrepo;
}
+
+ policyhook(0, 'push-confirm', @policy_args);
+}
+
+sub onwardpush () {
+ my @cmd = (qw(git send-pack), $destrepo);
+ push @cmd, qw(--force) if $policy & NOFFCHECK;
+ push @cmd, "$commit:refs/dgit/$suite",
+ "$tagval:refs/tags/$tagname";
+ debugcmd @cmd;
+ $!=0;
+ my $r = system @cmd;
+ !$r or die "onward push to $destrepo failed: $r $!";
}
sub stunthook () {
@ARGV == 1 or die;
$package = shift @ARGV;
defined($distro = $ENV{'DGIT_DRS_DISTRO'}) or die;
+ defined($dgitrepos = $ENV{'DGIT_DRS_REPOS'}) or die;
defined($suitesfile = $ENV{'DGIT_DRS_SUITES'}) or die;
defined($workrepo = $ENV{'DGIT_DRS_WORK'}) or die;
defined($destrepo = $ENV{'DGIT_DRS_DEST'}) or die;
exit 0;
}
- $ENV{'DGIT_DRS_DISTRO'} = argval();
+ $ENV{'DGIT_DRS_DISTRO'} = $distro = argval();
$ENV{'DGIT_DRS_SUITES'} = argval();
$ENV{'DGIT_DRS_KEYRINGS'} = argval();
- $dgitrepos = argval();
+ $ENV{'DGIT_DRS_REPOS'} = $dgitrepos = argval();
$ENV{'DGIT_DRS_POLICYHOOK'} = $policyhook = argval();
die unless @ARGV==1 && $ARGV[0] eq '--ssh';
~ianmdlvl / dgit.git / blobdiff