X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=dgit.git;a=blobdiff_plain;f=dgit;h=3162c607a5383eb8b7895585e5470ab5ccc665d4;hp=37e83641324dbcdb30d9ecc4b0f4c7b7c0fb9964;hb=d21df6106426d18407e43473af1be1f417cbc6f4;hpb=b1704c2f1daaabb296b2fa562692f1d2c1c3c510

diff --git a/dgit b/dgit
index 37e83641..3162c607 100755
--- a/dgit
+++ b/dgit
@@ -49,6 +49,9 @@ our (@git) = qw(git);
 our (@dget) = qw(dget);
 our (@dput) = qw(dput);
 our (@debsign) = qw(debsign);
+our (@gpg) = qw(gpg);
+fixme should be in manual
+fixme should pass this to debsign
 our (@sbuild) = qw(sbuild -A);
 our (@dpkgbuildpackage) = qw(dpkg-buildpackage -i\.git/ -I.git);
 our (@dpkgsource) = qw(dpkg-source -i\.git/ -I.git);
@@ -59,6 +62,7 @@ our (@changesopts) = ('');
 our %opts_opt_map = ('dget' => \@dget,
 		     'dput' => \@dput,
 		     'debsign' => \@debsign,
+                     'gpg' => \@gpg,
                      'sbuild' => \@sbuild,
                      'dpkg-source' => \@dpkgsource,
                      'dpkg-buildpackage' => \@dpkgbuildpackage,
@@ -131,7 +135,7 @@ sub url_get {
     return $r->decoded_content();
 }
 
-our ($dscdata,$dscurl,$dsc);
+our ($dscdata,$dscurl,$dsc,$skew_warning_vsn);
 
 sub printcmd {
     my $fh = shift @_;
@@ -209,6 +213,11 @@ sub runcmd_ordryrun {
     }
 }
 
+sub shell_cmd {
+    my ($first_shell, @cmd) = @_;
+    return qw(sh -ec), $first_shell.'; exec "$@"', 'x', @cmd;
+}
+
 our $helpmsg = <<END;
 main usages:
   dgit [dgit-opts] clone [dgit-opts] package [suite] [./dir|/dir]
@@ -335,7 +344,7 @@ sub getfield ($$) {
 sub parsechangelog {
     my $c = Dpkg::Control::Hash->new();
     my $p = new IO::Handle;
-    my @cmd = (qw(dpkg-parsechangelog));
+    my @cmd = (qw(dpkg-parsechangelog), @_);
     open $p, '-|', @cmd or die $!;
     $c->parse($p);
     $?=0; $!=0; close $p or failedcmd @cmd;
@@ -445,16 +454,19 @@ sub get_archive_dsc () {
 	my ($vsn,$subpath) = @$vinfo;
 	$dscurl = access_cfg('mirror').$subpath;
 	$dscdata = url_get($dscurl);
-	next unless defined $dscdata;
+	if (!$dscdata) {
+	    $skew_warning_vsn = $vsn if !defined $skew_warning_vsn;
+	    next;
+	}
 	my $dscfh = new IO::File \$dscdata, '<' or die $!;
 	print DEBUG Dumper($dscdata) if $debug>1;
 	$dsc = parsecontrolfh($dscfh,$dscurl, allow_pgp=>1);
 	print DEBUG Dumper($dsc) if $debug>1;
 	my $fmt = getfield $dsc, 'Format';
 	fail "unsupported source format $fmt, sorry" unless $format_ok{$fmt};
-	return $dsc;
+	return;
     }
-    return undef;
+    $dsc = undef;
 }
 
 sub check_for_git () {
@@ -485,7 +497,7 @@ sub create_remote_git_repo () {
     }
 }
 
-our ($dsc_hash,$upload_hash);
+our ($dsc_hash,$lastpush_hash);
 
 our $ud = '.git/dgit/unpack';
 
@@ -554,6 +566,18 @@ sub make_commit ($) {
     return cmdoutput @git, qw(hash-object -w -t commit), $file;
 }
 
+sub clogp_authline ($) {
+    my ($clogp) = @_;
+    my $author = getfield $clogp, 'Maintainer';
+    $author =~ s#,.*##ms;
+    my $date = cmdoutput qw(date), '+%s %z', qw(-d), getfield($clogp,'Date');
+    my $authline = "$author $date";
+    $authline =~ m/^[^<>]+ \<\S+\> \d+ [-+]\d+$/ or
+	fail "unexpected commit author line format \`$authline'".
+	" (was generated from changelog Maintainer field)";
+    return $authline;
+}
+
 sub generate_commit_from_dsc () {
     prep_ud();
     chdir $ud or die $!;
@@ -574,13 +598,7 @@ sub generate_commit_from_dsc () {
     my ($tree,$dir) = mktree_in_ud_from_only_subdir();
     runcmd qw(sh -ec), 'dpkg-parsechangelog >../changelog.tmp';
     my $clogp = parsecontrol('../changelog.tmp',"commit's changelog");
-    my $date = cmdoutput qw(date), '+%s %z', qw(-d), getfield($clogp,'Date');
-    my $author = getfield $clogp, 'Maintainer';
-    $author =~ s#,.*##ms;
-    my $authline = "$author $date";
-    $authline =~ m/^[^<>]+ \<\S+\> \d+ [-+]\d+$/ or
-	fail "unexpected commit author line format \`$authline'".
-	    " (was generated from changelog Maintainer field)";
+    my $authline = clogp_authline $clogp;
     my $changes = getfield $clogp, 'Changes';
     open C, ">../commit.tmp" or die $!;
     print C <<END or die $!;
@@ -596,8 +614,8 @@ END
     my $outputhash = make_commit qw(../commit.tmp);
     my $cversion = getfield $clogp, 'Version';
     print "synthesised git commit from .dsc $cversion\n";
-    if ($upload_hash) {
-	runcmd @git, qw(reset --hard), $upload_hash;
+    if ($lastpush_hash) {
+	runcmd @git, qw(reset --hard), $lastpush_hash;
 	runcmd qw(sh -ec), 'dpkg-parsechangelog >>../changelogold.tmp';
 	my $oldclogp = parsecontrol('../changelogold.tmp','previous changelog');
 	my $oversion = getfield $oldclogp, 'Version';
@@ -608,7 +626,7 @@ END
 	    open C, ">../commit2.tmp" or die $!;
 	    print C <<END or die $!;
 tree $tree
-parent $upload_hash
+parent $lastpush_hash
 parent $outputhash
 author $authline
 committer $authline
@@ -623,9 +641,9 @@ Version actually in archive:    $cversion (older)
 Last allegedly pushed/uploaded: $oversion (newer or same)
 $later_warning_msg
 END
-            $outputhash = $upload_hash;
+            $outputhash = $lastpush_hash;
         } else {
-	    $outputhash = $upload_hash;
+	    $outputhash = $lastpush_hash;
 	}
     }
     chdir '../../../..' or die $!;
@@ -660,8 +678,7 @@ sub ensure_we_have_orig () {
 	$origurl .= "/$f";
 	die "$f ?" unless $f =~ m/^${package}_/;
 	die "$f ?" if $f =~ m#/#;
-	runcmd_ordryrun qw(sh -ec),'cd ..; exec "$@"','x',
-	    @dget,'--',$origurl;
+	runcmd_ordryrun shell_cmd 'cd ..', @dget,'--',$origurl;
     }
 }
 
@@ -688,62 +705,106 @@ sub git_fetch_us () {
 sub fetch_from_archive () {
     # ensures that lrref() is what is actually in the archive,
     #  one way or another
-    get_archive_dsc() or return 0;
-    foreach my $field (@ourdscfield) {
-	$dsc_hash = $dsc->{$field};
-	last if defined $dsc_hash;
-    }
-    if (defined $dsc_hash) {
-	$dsc_hash =~ m/\w+/ or fail "invalid hash in .dsc \`$dsc_hash'";
-	$dsc_hash = $&;
-	print "last upload to archive specified git hash\n";
+    get_archive_dsc();
+
+    if ($dsc) {
+	foreach my $field (@ourdscfield) {
+	    $dsc_hash = $dsc->{$field};
+	    last if defined $dsc_hash;
+	}
+	if (defined $dsc_hash) {
+	    $dsc_hash =~ m/\w+/ or fail "invalid hash in .dsc \`$dsc_hash'";
+	    $dsc_hash = $&;
+	    print "last upload to archive specified git hash\n";
+	} else {
+	    print "last upload to archive has NO git hash\n";
+	}
     } else {
-	print "last upload to archive has NO git hash\n";
+	print "no version available from the archive\n";
     }
 
     my $lrref_fn = ".git/".lrref();
     if (open H, $lrref_fn) {
-	$upload_hash = <H>;
-	chomp $upload_hash;
-	die "$lrref_fn $upload_hash ?" unless $upload_hash =~ m/^\w+$/;
+	$lastpush_hash = <H>;
+	chomp $lastpush_hash;
+	die "$lrref_fn $lastpush_hash ?" unless $lastpush_hash =~ m/^\w+$/;
     } elsif ($! == &ENOENT) {
-	$upload_hash = '';
+	$lastpush_hash = '';
     } else {
 	die "$lrref_fn $!";
     }
-    print DEBUG "previous reference hash=$upload_hash\n";
+    print DEBUG "previous reference hash=$lastpush_hash\n";
     my $hash;
     if (defined $dsc_hash) {
 	fail "missing git history even though dsc has hash -".
 	    " could not find commit $dsc_hash".
 	    " (should be in ".access_giturl()."#".rrref().")"
-	    unless $upload_hash;
+	    unless $lastpush_hash;
 	$hash = $dsc_hash;
 	ensure_we_have_orig();
-	if ($dsc_hash eq $upload_hash) {
-	} elsif (is_fast_fwd($dsc_hash,$upload_hash)) {
+	if ($dsc_hash eq $lastpush_hash) {
+	} elsif (is_fast_fwd($dsc_hash,$lastpush_hash)) {
 	    print STDERR <<END or die $!;
 
 Git commit in archive is behind the last version allegedly pushed/uploaded.
 Commit referred to by archive:  $dsc_hash
-Last allegedly pushed/uploaded: $upload_hash
+Last allegedly pushed/uploaded: $lastpush_hash
 $later_warning_msg
 END
-	    $hash = $upload_hash;
+	    $hash = $lastpush_hash;
 	} else {
 	    fail "archive's .dsc refers to ".$dsc_hash.
-		" but this is an ancestor of ".$upload_hash;
+		" but this is an ancestor of ".$lastpush_hash;
 	}
-    } else {
+    } elsif ($dsc) {
 	$hash = generate_commit_from_dsc();
+    } elsif ($lastpush_hash) {
+	# only in git, not in the archive yet
+	$hash = $lastpush_hash;
+	print STDERR <<END or die $!;
+
+Package not found in the archive, but has allegedly been pushed using dgit.
+$later_warning_msg
+END
+    } else {
+	print DEBUG "nothing found!\n";
+	if (defined $skew_warning_vsn) {
+	    print STDERR <<END or die $!;
+
+Warning: relevant archive skew detected.
+Archive allegedly contains $skew_warning_vsn
+But we were not able to obtain any version from the archive or git.
+
+END
+	}
+	return 0;
     }
     print DEBUG "current hash=$hash\n";
-    if ($upload_hash) {
+    if ($lastpush_hash) {
 	fail "not fast forward on last upload branch!".
 	    " (archive's version left in DGIT_ARCHIVE)"
-	    unless is_fast_fwd($upload_hash, $hash);
+	    unless is_fast_fwd($lastpush_hash, $hash);
     }
-    if ($upload_hash ne $hash) {
+    if (defined $skew_warning_vsn) {
+	mkpath '.git/dgit';
+	print DEBUG "SKEW CHECK WANT $skew_warning_vsn\n";
+	my $clogf = ".git/dgit/changelog.tmp";
+	runcmd shell_cmd "exec >$clogf",
+	    @git, qw(cat-file blob), "$hash:debian/changelog";
+	my $gotclogp = parsechangelog("-l$clogf");
+	my $got_vsn = getfield $gotclogp, 'Version';
+	print DEBUG "SKEW CHECK GOT $got_vsn\n";
+	if (version_compare_string($got_vsn, $skew_warning_vsn) < 0) {
+	    print STDERR <<END or die $!;
+
+Warning: archive skew detected.  Using the available version:
+Archive allegedly contains    $skew_warning_vsn
+We were able to obtain only   $got_vsn
+
+END
+	}
+    }
+    if ($lastpush_hash ne $hash) {
 	my @upd_cmd = (@git, qw(update-ref -m), 'dgit fetch', lrref(), $hash);
 	if (!$dryrun) {
 	    cmdoutput @upd_cmd;
@@ -885,7 +946,8 @@ sub dopush () {
 #    runcmd @git, qw(fetch -p ), "$alioth_git/$package.git",
 #        map { lref($_).":".rref($_) }
 #        (uploadbranch());
-    $dsc->{$ourdscfield[0]} = rev_parse('HEAD');
+    my $head = rev_parse('HEAD');
+    $dsc->{$ourdscfield[0]} = $head;
     $dsc->save("../$dscfn.tmp") or die $!;
     if (!$changesfile) {
 	my $multi = "../${package}_".(stripepoch $cversion)."_multi.changes";
@@ -909,6 +971,44 @@ sub dopush () {
 	        " does not match changelog \`$clogp->{$field}'";
     }
     my $tag = debiantag($dversion);
+    runcmd @git, qw(check-ref-format), $tag;
+
+    # We make the git tag by hand because (a) that makes it easier
+    # to control the "tagger" (b) we can do remote signing
+    my $authline = clogp_authline $clogp;
+    my $tfn = sub { ".git/dgit/tag$_[0]"; };
+    open TO, '>', $tfn->('.tmp') or die $!;
+    print TO <<END or die $!;
+object $head
+type commit
+tag $tag
+tagger $authline
+
+$package release $dversion for $csuite [dgit]
+END
+    close TO or die $!;
+
+    my $tagobjfn = $tfn->('.tmp');
+    if ($sign) {
+	if (!defined $keyid) {
+	    $keyid = access_cfg('keyid','RETURN-UNDEF');
+	}
+	unlink $tfn->('.tmp.asc') or $!==&ENOENT or die $!;
+	my @sign_cmd = (@gpg, qw(--detach-sign --armor));
+	push @sign_cmd, qw(-u),$keyid if defined $keyid;
+	push @sign_cmd, $tfn->('.tmp');
+	runcmd_ordryrun @sign_cmd;
+	if (!$dryrun) {
+	    $tagobjfn = $tfn->('.signed.tmp')
+	    runcmd shell_cmd "> $tagobjfn", qw(cat --),
+	        $tfn->('.tmp'), $tfn->('.tmp.asc');
+	}
+    }
+    my $tag_obj_hash = runcmd @git, qw(hash-object -w -t tag), $tagobjfn;
+    runcmd_ordryrun @git, qw(verify-tag), $tag_obj_hash;
+    runcmd_ordryrun @git, qw(update-ref), "refs/tags/$tag", $tag_obj_hash;
+    runcmd_ordryrun @git, qw(tag -v --), $tag;
+
     if (!check_for_git()) {
 	create_remote_git_repo();
     }
@@ -919,15 +1019,18 @@ sub dopush () {
     } else {
 	print "[new .dsc left in $dscfn.tmp]\n";
     }
+
     if ($sign) {
-	if (!defined $keyid) {
-	    $keyid = access_cfg('keyid','RETURN-UNDEF');
+	if (!$as_remote) {
+	    my @tag_cmd = (@git, qw(tag -a -m),
+			   );
+	    push @tag_cmd, $tag;
+	    runcmd_ordryrun @tag_cmd;
+	} else {
 	}
-	my @tag_cmd = (@git, qw(tag -s -m),
-		       "$package release $dversion for $csuite [dgit]");
+
 	push @tag_cmd, qw(-u),$keyid if defined $keyid;
-	push @tag_cmd, $tag;
-	runcmd_ordryrun @tag_cmd;
+
 	my @debsign_cmd = @debsign;
 	push @debsign_cmd, "-k$keyid" if defined $keyid;
 	push @debsign_cmd, $changesfile;
@@ -1203,6 +1306,7 @@ sub cmd_quilt_fixup {
 
 sub cmd_version {
     print "dgit version $our_version\n" or die $!;
+    exit 0;
 }
 
 sub parseopts () {
@@ -1218,6 +1322,8 @@ sub parseopts () {
 		$sign=0;
 	    } elsif (m/^--help$/) {
 		cmd_help();
+	    } elsif (m/^--version$/) {
+		cmd_version();
 	    } elsif (m/^--new$/) {
 		$new_package=1;
 	    } elsif (m/^--(\w+)=(.*)/s &&