X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=dgit.git;a=blobdiff_plain;f=dgit;h=19c0657b17eb6741edf3112c8fba0ed9ce9d76b5;hp=863104bfd709bb32e601772cc1976c3bcc3ad5a9;hb=fd8f387167425d0c9da7bce0ffc460a57d0ceced;hpb=436142c37d5a7925d6452651275382e935533e82

diff --git a/dgit b/dgit
index 863104bf..19c0657b 100755
--- a/dgit
+++ b/dgit
@@ -2,7 +2,7 @@
 # dgit
 # Integration between git and Debian-style archives
 #
-# Copyright (C)2013 Ian Jackson
+# Copyright (C)2013-2015 Ian Jackson
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -450,8 +450,15 @@ our %defcfg = ('dgit.default.distro' => 'debian',
 	       'dgit-distro.debian.git-path' => '/dgit/debian/repos',
 	       'dgit-distro.debian.git-check' => 'ssh-cmd',
  'dgit-distro.debian.archive-query-url', 'https://api.ftp-master.debian.org/',
- 'dgit-distro.debian.archive-query-tls-key',
-    '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
+# 'dgit-distro.debian.archive-query-tls-key',
+#    '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
+# ^ this does not work because curl is broken nowadays
+# Fixing #790093 properly will involve providing providing the key
+# in some pacagke and maybe updating these paths.
+#
+# 'dgit-distro.debian.archive-query-tls-curl-args',
+#   '--ca-path=/etc/ssl/ca-debian',
+# ^ this is a workaround but works (only) on DSA-administered machines
 	       'dgit-distro.debian.diverts.alioth' => '/alioth',
 	       'dgit-distro.debian/alioth.git-host' => 'git.debian.org',
 	       'dgit-distro.debian/alioth.git-user-force' => '',
@@ -706,16 +713,25 @@ sub archive_api_query_cmd ($) {
     my $url = access_cfg('archive-query-url');
     if ($url =~ m#^https://([-.0-9a-z]+)/#) {
 	my $host = $1;
-	my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF');
+	my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF') //'';
 	foreach my $key (split /\:/, $keys) {
 	    $key =~ s/\%HOST\%/$host/g;
 	    if (!stat $key) {
 		fail "for $url: stat $key: $!" unless $!==ENOENT;
 		next;
 	    }
-	    push @cmd, "--ca-certificate=$key", "--ca-directory=/dev/enoent";
+	    fail "config requested specific TLS key but do not know".
+		" how to get curl to use exactly that EE key ($key)";
+#	    push @cmd, "--cacert", $key, "--capath", "/dev/enoent";
+#           # Sadly the above line does not work because of changes
+#           # to gnutls.   The real fix for #790093 may involve
+#           # new curl options.
 	    last;
 	}
+	# Fixing #790093 properly will involve providing a value
+	# for this on clients.
+	my $kargs = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF');
+	push @cmd, split / /, $kargs if defined $kargs;
     }
     push @cmd, $url.$subpath;
     return @cmd;
@@ -1129,6 +1145,69 @@ sub clogp_authline ($) {
     return $authline;
 }
 
+sub vendor_patches_distro ($$) {
+    my ($checkdistro, $what) = @_;
+    return unless defined $checkdistro;
+
+    my $series = "debian/patches/\L$checkdistro\E.series";
+    printdebug "checking for vendor-specific $series ($what)\n";
+
+    if (!open SERIES, "<", $series) {
+	die "$series $!" unless $!==ENOENT;
+	return;
+    }
+    while (<SERIES>) {
+	next unless m/\S/;
+	next if m/^\s+\#/;
+
+	print STDERR <<END;
+
+Unfortunately, this source package uses a feature of dpkg-source where
+the same source package unpacks to different source code on different
+distros.  dgit cannot safely operate on such packages on affected
+distros, because the meaning of source packages is not stable.
+
+Please ask the distro/maintainer to remove the distro-specific series
+files and use a different technique (if necessary, uploading actually
+different packages, if different distros are supposed to have
+different code).
+
+END
+	fail "Found active distro-specific series file for".
+	    " $checkdistro ($what): $series, cannot continue";
+    }
+    die "$series $!" if SERIES->error;
+    close SERIES;
+}
+
+sub check_for_vendor_patches () {
+    # This dpkg-source feature doesn't seem to be documented anywhere!
+    # But it can be found in the changelog (reformatted):
+
+    #   commit  4fa01b70df1dc4458daee306cfa1f987b69da58c
+    #   Author: Raphael Hertzog <hertzog@debian.org>
+    #   Date: Sun  Oct  3  09:36:48  2010 +0200
+
+    #   dpkg-source: correctly create .pc/.quilt_series with alternate
+    #   series files
+    #   
+    #   If you have debian/patches/ubuntu.series and you were
+    #   unpacking the source package on ubuntu, quilt was still
+    #   directed to debian/patches/series instead of
+    #   debian/patches/ubuntu.series.
+    #   
+    #   debian/changelog                        |    3 +++
+    #   scripts/Dpkg/Source/Package/V3/quilt.pm |    4 +++-
+    #   2 files changed, 6 insertions(+), 1 deletion(-)
+
+    use Dpkg::Vendor;
+    vendor_patches_distro($ENV{DEB_VENDOR}, "DEB_VENDOR");
+    vendor_patches_distro(Dpkg::Vendor::get_current_vendor(),
+			 "Dpkg::Vendor \`current vendor'");
+    vendor_patches_distro(access_basedistro(),
+			  "distro being accessed");
+}
+
 sub generate_commit_from_dsc () {
     prep_ud();
     changedir $ud;
@@ -1161,6 +1240,7 @@ sub generate_commit_from_dsc () {
     runcmd @cmd;
 
     my ($tree,$dir) = mktree_in_ud_from_only_subdir();
+    check_for_vendor_patches() if madformat($dsc->{format});
     runcmd qw(sh -ec), 'dpkg-parsechangelog >../changelog.tmp';
     my $clogp = parsecontrol('../changelog.tmp',"commit's changelog");
     my $authline = clogp_authline $clogp;
@@ -1616,6 +1696,7 @@ sub dopush ($) {
     runcmd qw(dpkg-source -x --),
         $dscpath =~ m#^/# ? $dscpath : "../../../$dscpath";
     my ($tree,$dir) = mktree_in_ud_from_only_subdir();
+    check_for_vendor_patches() if madformat($dsc->{format});
     changedir '../../../..';
     my $diffopt = $debuglevel>0 ? '--exit-code' : '--quiet';
     my @diffcmd = (@git, qw(diff), $diffopt, $tree);
@@ -1693,7 +1774,7 @@ sub dopush ($) {
 	create_remote_git_repo();
     }
     runcmd_ordryrun @git, qw(push),access_giturl(),
-        $forceflag."HEAD:".rrref(), "refs/tags/$tag";
+        $forceflag."HEAD:".rrref(), $forceflag."refs/tags/$tag";
     runcmd_ordryrun @git, qw(update-ref -m), 'dgit push', lrref(), 'HEAD';
 
     if ($we_are_responder) {
@@ -2254,7 +2335,7 @@ sub quiltify ($$) {
 	    my $s = $abbrev->($notp);
 	    my $c = $notp->{Child};
 	    $s .= "..".$abbrev->($c) if $c;
-	    $s .= ": ".$c->{Whynot};
+	    $s .= ": ".$notp->{Whynot};
 	    return $s;
 	};
 	if ($quilt_mode eq 'linear') {
@@ -2338,6 +2419,8 @@ sub build_maybe_quilt_fixup () {
     return unless madformat $format;
     # sigh
 
+    check_for_vendor_patches();
+
     # Our objective is:
     #  - honour any existing .pc in case it has any strangeness
     #  - determine the git commit corresponding to the tip of
@@ -2462,7 +2545,7 @@ END
     commit_quilty_patch();
 
     if ($mustdeletepc) {
-        runcmd @git, qw(rm -rq .pc);
+        runcmd @git, qw(rm -rqf .pc);
         commit_admin "Commit removal of .pc (quilt series tracking data)";
     }
 
@@ -2636,6 +2719,15 @@ sub cmd_archive_api_query {
     exec @cmd or fail "exec curl: $!\n";
 }
 
+sub cmd_clone_dgit_repos_server {
+    badusage "need destination argument" unless @ARGV==1;
+    my ($destdir) = @ARGV;
+    $package = '_dgit-repos-server';
+    my @cmd = (@git, qw(clone), access_giturl(), $destdir);
+    debugcmd ">",@cmd;
+    exec @cmd or fail "exec git clone: $!\n";
+}
+
 #---------- argument parsing and main program ----------
 
 sub cmd_version {