X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=dgit.git;a=blobdiff_plain;f=dgit;h=3162c607a5383eb8b7895585e5470ab5ccc665d4;hp=a21cddec32952c26243ae029a9edd490cb39d3a3;hb=d21df6106426d18407e43473af1be1f417cbc6f4;hpb=985e8045f860fb0be72b56b6859034b8c8746db9

diff --git a/dgit b/dgit
index a21cddec..3162c607 100755
--- a/dgit
+++ b/dgit
@@ -28,6 +28,8 @@ use File::Basename;
 use Dpkg::Version;
 use POSIX;
 
+our $our_version = 'UNRELEASED'; ###substituted###
+
 our $isuite = 'unstable';
 our $idistro;
 our $package;
@@ -47,6 +49,9 @@ our (@git) = qw(git);
 our (@dget) = qw(dget);
 our (@dput) = qw(dput);
 our (@debsign) = qw(debsign);
+our (@gpg) = qw(gpg);
+fixme should be in manual
+fixme should pass this to debsign
 our (@sbuild) = qw(sbuild -A);
 our (@dpkgbuildpackage) = qw(dpkg-buildpackage -i\.git/ -I.git);
 our (@dpkgsource) = qw(dpkg-source -i\.git/ -I.git);
@@ -57,6 +62,7 @@ our (@changesopts) = ('');
 our %opts_opt_map = ('dget' => \@dget,
 		     'dput' => \@dput,
 		     'debsign' => \@debsign,
+                     'gpg' => \@gpg,
                      'sbuild' => \@sbuild,
                      'dpkg-source' => \@dpkgsource,
                      'dpkg-buildpackage' => \@dpkgbuildpackage,
@@ -129,7 +135,7 @@ sub url_get {
     return $r->decoded_content();
 }
 
-our ($dscdata,$dscurl,$dsc);
+our ($dscdata,$dscurl,$dsc,$skew_warning_vsn);
 
 sub printcmd {
     my $fh = shift @_;
@@ -207,6 +213,11 @@ sub runcmd_ordryrun {
     }
 }
 
+sub shell_cmd {
+    my ($first_shell, @cmd) = @_;
+    return qw(sh -ec), $first_shell.'; exec "$@"', 'x', @cmd;
+}
+
 our $helpmsg = <<END;
 main usages:
   dgit [dgit-opts] clone [dgit-opts] package [suite] [./dir|/dir]
@@ -230,7 +241,7 @@ sub badusage {
     exit 8;
 }
 
-sub helponly () {
+sub cmd_help () {
     print $helpmsg or die $!;
     exit 0;
 }
@@ -247,6 +258,7 @@ our %defcfg = ('dgit.default.distro' => 'debian',
 	       'dgit-distro.debian.sshdakls-host' => 'coccia.debian.org',
 	       'dgit-distro.debian.sshdakls-dir' =>
 	           '/srv/ftp-master.debian.org/ftp/dists',
+	       'dgit-distro.debian.upload-host' => 'ftp-master', # for dput
 	       'dgit-distro.debian.mirror' => 'http://ftp.debian.org/debian/');
 
 sub cfg {
@@ -332,7 +344,7 @@ sub getfield ($$) {
 sub parsechangelog {
     my $c = Dpkg::Control::Hash->new();
     my $p = new IO::Handle;
-    my @cmd = (qw(dpkg-parsechangelog));
+    my @cmd = (qw(dpkg-parsechangelog), @_);
     open $p, '-|', @cmd or die $!;
     $c->parse($p);
     $?=0; $!=0; close $p or failedcmd @cmd;
@@ -442,18 +454,19 @@ sub get_archive_dsc () {
 	my ($vsn,$subpath) = @$vinfo;
 	$dscurl = access_cfg('mirror').$subpath;
 	$dscdata = url_get($dscurl);
-	next unless defined $dscdata;
-	$dscurl = access_cfg('mirror').$subpath;
-	$dscdata = url_get($dscurl);
+	if (!$dscdata) {
+	    $skew_warning_vsn = $vsn if !defined $skew_warning_vsn;
+	    next;
+	}
 	my $dscfh = new IO::File \$dscdata, '<' or die $!;
 	print DEBUG Dumper($dscdata) if $debug>1;
 	$dsc = parsecontrolfh($dscfh,$dscurl, allow_pgp=>1);
 	print DEBUG Dumper($dsc) if $debug>1;
 	my $fmt = getfield $dsc, 'Format';
 	fail "unsupported source format $fmt, sorry" unless $format_ok{$fmt};
-	return $dsc;
+	return;
     }
-    return undef;
+    $dsc = undef;
 }
 
 sub check_for_git () {
@@ -484,7 +497,7 @@ sub create_remote_git_repo () {
     }
 }
 
-our ($dsc_hash,$upload_hash);
+our ($dsc_hash,$lastpush_hash);
 
 our $ud = '.git/dgit/unpack';
 
@@ -513,21 +526,19 @@ sub mktree_in_ud_from_only_subdir () {
 }
 
 sub dsc_files_info () {
-    foreach my $csum (qw(Sha256 Sha1 MD5)) {
-	my $fname = $csum eq 'MD5' ? 'Files' : "Checksums-$csum";
+    foreach my $csumi (['Checksums-Sha256','Digest::SHA', 'new(256)'],
+		       ['Checksums-Sha1',  'Digest::SHA', 'new(1)'],
+		       ['Files',           'Digest::MD5', 'new()']) {
+	my ($fname, $module, $method) = @$csumi;
 	my $field = $dsc->{$fname};
 	next unless defined $field;
-	my $digest = uc $csum;
-	if (!eval "use Digest::$digest; 1;") {
-	    print DEBUG "ignoring $fname because $@\n";
-	    next;
-	}
+	eval "use $module; 1;" or die $@;
 	my @out;
 	foreach (split /\n/, $field) {
 	    next unless m/\S/;
 	    m/^(\w+) (\d+) (\S+)$/ or
 		fail "could not parse .dsc $fname line \`$_'";
-	    my $digester = eval "Digest::$digest->new;" or die $@;
+	    my $digester = eval "$module"."->$method;" or die $@;
 	    push @out, {
 		Hash => $1,
 		Bytes => $2,
@@ -555,6 +566,18 @@ sub make_commit ($) {
     return cmdoutput @git, qw(hash-object -w -t commit), $file;
 }
 
+sub clogp_authline ($) {
+    my ($clogp) = @_;
+    my $author = getfield $clogp, 'Maintainer';
+    $author =~ s#,.*##ms;
+    my $date = cmdoutput qw(date), '+%s %z', qw(-d), getfield($clogp,'Date');
+    my $authline = "$author $date";
+    $authline =~ m/^[^<>]+ \<\S+\> \d+ [-+]\d+$/ or
+	fail "unexpected commit author line format \`$authline'".
+	" (was generated from changelog Maintainer field)";
+    return $authline;
+}
+
 sub generate_commit_from_dsc () {
     prep_ud();
     chdir $ud or die $!;
@@ -575,13 +598,7 @@ sub generate_commit_from_dsc () {
     my ($tree,$dir) = mktree_in_ud_from_only_subdir();
     runcmd qw(sh -ec), 'dpkg-parsechangelog >../changelog.tmp';
     my $clogp = parsecontrol('../changelog.tmp',"commit's changelog");
-    my $date = cmdoutput qw(date), '+%s %z', qw(-d), getfield($clogp,'Date');
-    my $author = getfield $clogp, 'Maintainer';
-    $author =~ s#,.*##ms;
-    my $authline = "$author $date";
-    $authline =~ m/^[^<>]+ \<\S+\> \d+ [-+]\d+$/ or
-	fail "unexpected commit author line format \`$authline'".
-	    " (was generated from changelog Maintainer field)";
+    my $authline = clogp_authline $clogp;
     my $changes = getfield $clogp, 'Changes';
     open C, ">../commit.tmp" or die $!;
     print C <<END or die $!;
@@ -597,8 +614,8 @@ END
     my $outputhash = make_commit qw(../commit.tmp);
     my $cversion = getfield $clogp, 'Version';
     print "synthesised git commit from .dsc $cversion\n";
-    if ($upload_hash) {
-	runcmd @git, qw(reset --hard), $upload_hash;
+    if ($lastpush_hash) {
+	runcmd @git, qw(reset --hard), $lastpush_hash;
 	runcmd qw(sh -ec), 'dpkg-parsechangelog >>../changelogold.tmp';
 	my $oldclogp = parsecontrol('../changelogold.tmp','previous changelog');
 	my $oversion = getfield $oldclogp, 'Version';
@@ -609,7 +626,7 @@ END
 	    open C, ">../commit2.tmp" or die $!;
 	    print C <<END or die $!;
 tree $tree
-parent $upload_hash
+parent $lastpush_hash
 parent $outputhash
 author $authline
 committer $authline
@@ -624,9 +641,9 @@ Version actually in archive:    $cversion (older)
 Last allegedly pushed/uploaded: $oversion (newer or same)
 $later_warning_msg
 END
-            $outputhash = $upload_hash;
+            $outputhash = $lastpush_hash;
         } else {
-	    $outputhash = $upload_hash;
+	    $outputhash = $lastpush_hash;
 	}
     }
     chdir '../../../..' or die $!;
@@ -639,10 +656,20 @@ END
 }
 
 sub ensure_we_have_orig () {
-    foreach my $f (dsc_files()) {
+    foreach my $fi (dsc_files_info()) {
+	my $f = $fi->{Filename};
 	next unless is_orig_file($f);
-	if (stat "../$f") {
-	    die "$f ?" unless -f _;
+	if (open F, "<", "../$f") {
+	    $fi->{Digester}->reset();
+	    $fi->{Digester}->addfile(*F);
+	    F->error and die $!;
+	    my $got = $fi->{Digester}->hexdigest();
+	    $got eq $fi->{Hash} or
+		fail "existing file $f has hash $got but .dsc".
+		    " demands hash $fi->{Hash}".
+		    " (perhaps you should delete this file?)";
+	    print "using existing $f\n";
+	    next;
 	} else {
 	    die "$f $!" unless $!==&ENOENT;
 	}
@@ -651,8 +678,7 @@ sub ensure_we_have_orig () {
 	$origurl .= "/$f";
 	die "$f ?" unless $f =~ m/^${package}_/;
 	die "$f ?" if $f =~ m#/#;
-	runcmd_ordryrun qw(sh -ec),'cd ..; exec "$@"','x',
-	    @dget,'--',$origurl;
+	runcmd_ordryrun shell_cmd 'cd ..', @dget,'--',$origurl;
     }
 }
 
@@ -673,69 +699,112 @@ sub is_fast_fwd ($$) {
 }
 
 sub git_fetch_us () {
-    badusage "cannot dry run with fetch" if $dryrun;
-    runcmd @git, qw(fetch),access_giturl(),fetchspec();
+    runcmd_ordryrun @git, qw(fetch),access_giturl(),fetchspec();
 }
 
 sub fetch_from_archive () {
     # ensures that lrref() is what is actually in the archive,
     #  one way or another
-    get_archive_dsc() or return 0;
-    foreach my $field (@ourdscfield) {
-	$dsc_hash = $dsc->{$field};
-	last if defined $dsc_hash;
-    }
-    if (defined $dsc_hash) {
-	$dsc_hash =~ m/\w+/ or fail "invalid hash in .dsc \`$dsc_hash'";
-	$dsc_hash = $&;
-	print "last upload to archive specified git hash\n";
+    get_archive_dsc();
+
+    if ($dsc) {
+	foreach my $field (@ourdscfield) {
+	    $dsc_hash = $dsc->{$field};
+	    last if defined $dsc_hash;
+	}
+	if (defined $dsc_hash) {
+	    $dsc_hash =~ m/\w+/ or fail "invalid hash in .dsc \`$dsc_hash'";
+	    $dsc_hash = $&;
+	    print "last upload to archive specified git hash\n";
+	} else {
+	    print "last upload to archive has NO git hash\n";
+	}
     } else {
-	print "last upload to archive has NO git hash\n";
+	print "no version available from the archive\n";
     }
 
     my $lrref_fn = ".git/".lrref();
     if (open H, $lrref_fn) {
-	$upload_hash = <H>;
-	chomp $upload_hash;
-	die "$lrref_fn $upload_hash ?" unless $upload_hash =~ m/^\w+$/;
+	$lastpush_hash = <H>;
+	chomp $lastpush_hash;
+	die "$lrref_fn $lastpush_hash ?" unless $lastpush_hash =~ m/^\w+$/;
     } elsif ($! == &ENOENT) {
-	$upload_hash = '';
+	$lastpush_hash = '';
     } else {
 	die "$lrref_fn $!";
     }
-    print DEBUG "previous reference hash=$upload_hash\n";
+    print DEBUG "previous reference hash=$lastpush_hash\n";
     my $hash;
     if (defined $dsc_hash) {
 	fail "missing git history even though dsc has hash -".
 	    " could not find commit $dsc_hash".
 	    " (should be in ".access_giturl()."#".rrref().")"
-	    unless $upload_hash;
+	    unless $lastpush_hash;
 	$hash = $dsc_hash;
 	ensure_we_have_orig();
-	if ($dsc_hash eq $upload_hash) {
-	} elsif (is_fast_fwd($dsc_hash,$upload_hash)) {
+	if ($dsc_hash eq $lastpush_hash) {
+	} elsif (is_fast_fwd($dsc_hash,$lastpush_hash)) {
 	    print STDERR <<END or die $!;
 
 Git commit in archive is behind the last version allegedly pushed/uploaded.
 Commit referred to by archive:  $dsc_hash
-Last allegedly pushed/uploaded: $upload_hash
+Last allegedly pushed/uploaded: $lastpush_hash
 $later_warning_msg
 END
-	    $hash = $upload_hash;
+	    $hash = $lastpush_hash;
 	} else {
 	    fail "archive's .dsc refers to ".$dsc_hash.
-		" but this is an ancestor of ".$upload_hash;
+		" but this is an ancestor of ".$lastpush_hash;
 	}
-    } else {
+    } elsif ($dsc) {
 	$hash = generate_commit_from_dsc();
+    } elsif ($lastpush_hash) {
+	# only in git, not in the archive yet
+	$hash = $lastpush_hash;
+	print STDERR <<END or die $!;
+
+Package not found in the archive, but has allegedly been pushed using dgit.
+$later_warning_msg
+END
+    } else {
+	print DEBUG "nothing found!\n";
+	if (defined $skew_warning_vsn) {
+	    print STDERR <<END or die $!;
+
+Warning: relevant archive skew detected.
+Archive allegedly contains $skew_warning_vsn
+But we were not able to obtain any version from the archive or git.
+
+END
+	}
+	return 0;
     }
     print DEBUG "current hash=$hash\n";
-    if ($upload_hash) {
+    if ($lastpush_hash) {
 	fail "not fast forward on last upload branch!".
 	    " (archive's version left in DGIT_ARCHIVE)"
-	    unless is_fast_fwd($upload_hash, $hash);
+	    unless is_fast_fwd($lastpush_hash, $hash);
     }
-    if ($upload_hash ne $hash) {
+    if (defined $skew_warning_vsn) {
+	mkpath '.git/dgit';
+	print DEBUG "SKEW CHECK WANT $skew_warning_vsn\n";
+	my $clogf = ".git/dgit/changelog.tmp";
+	runcmd shell_cmd "exec >$clogf",
+	    @git, qw(cat-file blob), "$hash:debian/changelog";
+	my $gotclogp = parsechangelog("-l$clogf");
+	my $got_vsn = getfield $gotclogp, 'Version';
+	print DEBUG "SKEW CHECK GOT $got_vsn\n";
+	if (version_compare_string($got_vsn, $skew_warning_vsn) < 0) {
+	    print STDERR <<END or die $!;
+
+Warning: archive skew detected.  Using the available version:
+Archive allegedly contains    $skew_warning_vsn
+We were able to obtain only   $got_vsn
+
+END
+	}
+    }
+    if ($lastpush_hash ne $hash) {
 	my @upd_cmd = (@git, qw(update-ref -m), 'dgit fetch', lrref(), $hash);
 	if (!$dryrun) {
 	    cmdoutput @upd_cmd;
@@ -761,7 +830,7 @@ sub clone ($) {
     if (check_for_git()) {
 	print "fetching existing git history\n";
 	git_fetch_us();
-	runcmd @git, qw(fetch origin);
+	runcmd_ordryrun @git, qw(fetch origin);
     } else {
 	print "starting new git history\n";
     }
@@ -877,7 +946,8 @@ sub dopush () {
 #    runcmd @git, qw(fetch -p ), "$alioth_git/$package.git",
 #        map { lref($_).":".rref($_) }
 #        (uploadbranch());
-    $dsc->{$ourdscfield[0]} = rev_parse('HEAD');
+    my $head = rev_parse('HEAD');
+    $dsc->{$ourdscfield[0]} = $head;
     $dsc->save("../$dscfn.tmp") or die $!;
     if (!$changesfile) {
 	my $multi = "../${package}_".(stripepoch $cversion)."_multi.changes";
@@ -901,24 +971,66 @@ sub dopush () {
 	        " does not match changelog \`$clogp->{$field}'";
     }
     my $tag = debiantag($dversion);
+    runcmd @git, qw(check-ref-format), $tag;
+
+    # We make the git tag by hand because (a) that makes it easier
+    # to control the "tagger" (b) we can do remote signing
+    my $authline = clogp_authline $clogp;
+    my $tfn = sub { ".git/dgit/tag$_[0]"; };
+    open TO, '>', $tfn->('.tmp') or die $!;
+    print TO <<END or die $!;
+object $head
+type commit
+tag $tag
+tagger $authline
+
+$package release $dversion for $csuite [dgit]
+END
+    close TO or die $!;
+
+    my $tagobjfn = $tfn->('.tmp');
+    if ($sign) {
+	if (!defined $keyid) {
+	    $keyid = access_cfg('keyid','RETURN-UNDEF');
+	}
+	unlink $tfn->('.tmp.asc') or $!==&ENOENT or die $!;
+	my @sign_cmd = (@gpg, qw(--detach-sign --armor));
+	push @sign_cmd, qw(-u),$keyid if defined $keyid;
+	push @sign_cmd, $tfn->('.tmp');
+	runcmd_ordryrun @sign_cmd;
+	if (!$dryrun) {
+	    $tagobjfn = $tfn->('.signed.tmp')
+	    runcmd shell_cmd "> $tagobjfn", qw(cat --),
+	        $tfn->('.tmp'), $tfn->('.tmp.asc');
+	}
+    }
+    my $tag_obj_hash = runcmd @git, qw(hash-object -w -t tag), $tagobjfn;
+    runcmd_ordryrun @git, qw(verify-tag), $tag_obj_hash;
+    runcmd_ordryrun @git, qw(update-ref), "refs/tags/$tag", $tag_obj_hash;
+    runcmd_ordryrun @git, qw(tag -v --), $tag;
+
     if (!check_for_git()) {
 	create_remote_git_repo();
     }
     runcmd_ordryrun @git, qw(push),access_giturl(),"HEAD:".rrref();
+    runcmd_ordryrun @git, qw(update-ref -m), 'dgit push', lrref(), 'HEAD';
     if (!$dryrun) {
 	rename "../$dscfn.tmp","../$dscfn" or die "$dscfn $!";
     } else {
 	print "[new .dsc left in $dscfn.tmp]\n";
     }
+
     if ($sign) {
-	if (!defined $keyid) {
-	    $keyid = access_cfg('keyid','RETURN-UNDEF');
+	if (!$as_remote) {
+	    my @tag_cmd = (@git, qw(tag -a -m),
+			   );
+	    push @tag_cmd, $tag;
+	    runcmd_ordryrun @tag_cmd;
+	} else {
 	}
-	my @tag_cmd = (@git, qw(tag -s -m),
-		       "Release $dversion for $csuite [dgit]");
+
 	push @tag_cmd, qw(-u),$keyid if defined $keyid;
-	push @tag_cmd, $tag;
-	runcmd_ordryrun @tag_cmd;
+
 	my @debsign_cmd = @debsign;
 	push @debsign_cmd, "-k$keyid" if defined $keyid;
 	push @debsign_cmd, $changesfile;
@@ -1048,6 +1160,7 @@ sub build_maybe_quilt_fixup () {
     my $ncommits = 3;
     my $patchname = "auto-$version-$headref-$time";
     my $msg = cmdoutput @git, qw(log), "-n$ncommits";
+    mkpath '.git/dgit';
     my $descfn = ".git/dgit/quilt-description.tmp";
     open O, '>', $descfn or die "$descfn: $!";
     $msg =~ s/\n/\n /g;
@@ -1191,6 +1304,11 @@ sub cmd_quilt_fixup {
     build_maybe_quilt_fixup();
 }
 
+sub cmd_version {
+    print "dgit version $our_version\n" or die $!;
+    exit 0;
+}
+
 sub parseopts () {
     my $om;
     while (@ARGV) {
@@ -1203,7 +1321,9 @@ sub parseopts () {
 	    } elsif (m/^--no-sign$/) {
 		$sign=0;
 	    } elsif (m/^--help$/) {
-		helponly();
+		cmd_help();
+	    } elsif (m/^--version$/) {
+		cmd_version();
 	    } elsif (m/^--new$/) {
 		$new_package=1;
 	    } elsif (m/^--(\w+)=(.*)/s &&
@@ -1233,7 +1353,7 @@ sub parseopts () {
 		if (s/^-n/-/) {
 		    $dryrun=1;
 		} elsif (s/^-h/-/) {
-		    helponly();
+		    cmd_help();
 		} elsif (s/^-D/-/) {
 		    open DEBUG, ">&STDERR" or die $!;
 		    $debug++;