X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=dgit.git;a=blobdiff_plain;f=dgit;h=366c4566fc52f295957919a1e1039e97650f8dab;hp=5d239d692155079085853cf93f0d383704657bd9;hb=395e3a0f5c1d2541a84ac6105f02c7eac34f434b;hpb=eb3b3a8f4be0903cd73193e563c7b56ad48bf54e diff --git a/dgit b/dgit index 5d239d69..366c4566 100755 --- a/dgit +++ b/dgit @@ -2,7 +2,7 @@ # dgit # Integration between git and Debian-style archives # -# Copyright (C)2013 Ian Jackson +# Copyright (C)2013-2015 Ian Jackson # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -32,7 +32,6 @@ use POSIX; use IPC::Open2; use Digest::SHA; use Digest::MD5; -use Config; use Debian::Dgit; @@ -53,7 +52,7 @@ our $new_package = 0; our $ignoredirty = 0; our $rmonerror = 1; our @deliberatelies; -our %supersedes; +our %previously; our $existing_package = 'dpkg'; our $cleanmode = 'dpkg-source'; our $changes_since_version; @@ -112,6 +111,8 @@ sub lref () { return "refs/heads/".lbranch(); } sub lrref () { return "refs/remotes/$remotename/".server_branch($csuite); } sub rrref () { return server_ref($csuite); } +sub lrfetchrefs () { return "refs/dgit-fetch/$csuite"; } + sub stripepoch ($) { my ($vsn) = @_; $vsn =~ s/^\d+\://; @@ -140,30 +141,6 @@ END { } }; -our @signames = split / /, $Config{sig_name}; - -sub waitstatusmsg () { - if (!$?) { - return "terminated, reporting successful completion"; - } elsif (!($? & 255)) { - return "failed with error exit status ".WEXITSTATUS($?); - } elsif (WIFSIGNALED($?)) { - my $signum=WTERMSIG($?); - return "died due to fatal signal ". - ($signames[$signum] // "number $signum"). - ($? & 128 ? " (core dumped)" : ""); # POSIX(3pm) has no WCOREDUMP - } else { - return "failed with unknown wait status ".$?; - } -} - -sub fail { - my $s = "@_\n"; - my $prefix = $us.($we_are_responder ? " (build host)" : "").": "; - $s =~ s/^/$prefix/gm; - die $s; -} - sub badcfg { print STDERR "$us: invalid configuration: @_\n"; exit 12; } sub no_such_package () { @@ -187,6 +164,12 @@ sub deliberately ($) { return !!grep { $_ eq "--deliberately-$enquiry" } @deliberatelies; } +sub deliberately_not_fast_forward () { + foreach (qw(not-fast-forward fresh-repo)) { + return 1 if deliberately($_) || deliberately("TEST-dgit-only-$_"); + } +} + #---------- remote protocol support, common ---------- # remote push initiator/responder protocol: @@ -375,17 +358,6 @@ sub url_get { our ($dscdata,$dscurl,$dsc,$dsc_checked,$skew_warning_vsn); -sub failedcmd { - { local ($!); printcmd \*STDERR, "$us: failed command:", @_ or die $!; }; - if ($!) { - fail "failed to fork/exec: $!"; - } elsif ($?) { - fail "subprocess ".waitstatusmsg(); - } else { - fail "subprocess produced invalid output"; - } -} - sub runcmd { debugcmd "+",@_; $!=0; $?=0; @@ -403,27 +375,6 @@ sub printdone { } } -sub cmdoutput_errok { - die Dumper(\@_)." ?" if grep { !defined } @_; - debugcmd "|",@_; - open P, "-|", @_ or die $!; - my $d; - $!=0; $?=0; - { local $/ = undef; $d =

; } - die $! if P->error; - if (!close P) { printdebug "=>!$?\n"; return undef; } - chomp $d; - $d =~ m/^.*/; - printdebug "=> \`$&'",(length $' ? '...' : ''),"\n" if $debuglevel>0; #'; - return $d; -} - -sub cmdoutput { - my $d = cmdoutput_errok @_; - defined $d or failedcmd @_; - return $d; -} - sub dryrun_report { printcmd(\*STDERR,$debugprefix."#",@_); } @@ -497,10 +448,18 @@ our %defcfg = ('dgit.default.distro' => 'debian', 'dgit-distro.debian.git-user-force' => 'dgit', 'dgit-distro.debian.git-proto' => 'git+ssh://', 'dgit-distro.debian.git-path' => '/dgit/debian/repos', + 'dgit-distro.debian.git-create' => 'true', 'dgit-distro.debian.git-check' => 'ssh-cmd', 'dgit-distro.debian.archive-query-url', 'https://api.ftp-master.debian.org/', - 'dgit-distro.debian.archive-query-tls-key', - '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem', +# 'dgit-distro.debian.archive-query-tls-key', +# '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem', +# ^ this does not work because curl is broken nowadays +# Fixing #790093 properly will involve providing providing the key +# in some pacagke and maybe updating these paths. +# +# 'dgit-distro.debian.archive-query-tls-curl-args', +# '--ca-path=/etc/ssl/ca-debian', +# ^ this is a workaround but works (only) on DSA-administered machines 'dgit-distro.debian.diverts.alioth' => '/alioth', 'dgit-distro.debian/alioth.git-host' => 'git.debian.org', 'dgit-distro.debian/alioth.git-user-force' => '', @@ -724,23 +683,6 @@ sub parsechangelog { return $c; } -sub git_get_ref ($) { - my ($refname) = @_; - my $got = cmdoutput_errok @git, qw(show-ref --), $refname; - if (!defined $got) { - $?==256 or fail "git show-ref failed (status $?)"; - printdebug "ref $refname= [show-ref exited 1]\n"; - return ''; - } - if ($got =~ m/^(\w+) \Q$refname\E$/m) { - printdebug "ref $refname=$1\n"; - return $1; - } else { - printdebug "ref $refname= [no match]\n"; - return ''; - } -} - sub must_getcwd () { my $d = getcwd(); defined $d or fail "getcwd failed: $!"; @@ -772,16 +714,25 @@ sub archive_api_query_cmd ($) { my $url = access_cfg('archive-query-url'); if ($url =~ m#^https://([-.0-9a-z]+)/#) { my $host = $1; - my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF'); + my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF') //''; foreach my $key (split /\:/, $keys) { $key =~ s/\%HOST\%/$host/g; if (!stat $key) { fail "for $url: stat $key: $!" unless $!==ENOENT; next; } - push @cmd, "--ca-certificate=$key", "--ca-directory=/dev/enoent"; + fail "config requested specific TLS key but do not know". + " how to get curl to use exactly that EE key ($key)"; +# push @cmd, "--cacert", $key, "--capath", "/dev/enoent"; +# # Sadly the above line does not work because of changes +# # to gnutls. The real fix for #790093 may involve +# # new curl options. last; } + # Fixing #790093 properly will involve providing a value + # for this on clients. + my $kargs = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF'); + push @cmd, split / /, $kargs if defined $kargs; } push @cmd, $url.$subpath; return @cmd; @@ -1070,7 +1021,7 @@ sub check_for_git () { my ($usedistro,) = access_distros(); $instead_distro= cfg("dgit-distro.$usedistro.diverts.$divert"); $instead_distro =~ s{^/}{ access_basedistro()."/" }e; - printdebug "diverting $divert so using distro $instead_distro\n"; + progress "diverting to $divert (using config for $instead_distro)"; return check_for_git(); } failedcmd @cmd unless $r =~ m/^[01]$/; @@ -1195,6 +1146,69 @@ sub clogp_authline ($) { return $authline; } +sub vendor_patches_distro ($$) { + my ($checkdistro, $what) = @_; + return unless defined $checkdistro; + + my $series = "debian/patches/\L$checkdistro\E.series"; + printdebug "checking for vendor-specific $series ($what)\n"; + + if (!open SERIES, "<", $series) { + die "$series $!" unless $!==ENOENT; + return; + } + while () { + next unless m/\S/; + next if m/^\s+\#/; + + print STDERR <error; + close SERIES; +} + +sub check_for_vendor_patches () { + # This dpkg-source feature doesn't seem to be documented anywhere! + # But it can be found in the changelog (reformatted): + + # commit 4fa01b70df1dc4458daee306cfa1f987b69da58c + # Author: Raphael Hertzog + # Date: Sun Oct 3 09:36:48 2010 +0200 + + # dpkg-source: correctly create .pc/.quilt_series with alternate + # series files + # + # If you have debian/patches/ubuntu.series and you were + # unpacking the source package on ubuntu, quilt was still + # directed to debian/patches/series instead of + # debian/patches/ubuntu.series. + # + # debian/changelog | 3 +++ + # scripts/Dpkg/Source/Package/V3/quilt.pm | 4 +++- + # 2 files changed, 6 insertions(+), 1 deletion(-) + + use Dpkg::Vendor; + vendor_patches_distro($ENV{DEB_VENDOR}, "DEB_VENDOR"); + vendor_patches_distro(Dpkg::Vendor::get_current_vendor(), + "Dpkg::Vendor \`current vendor'"); + vendor_patches_distro(access_basedistro(), + "distro being accessed"); +} + sub generate_commit_from_dsc () { prep_ud(); changedir $ud; @@ -1227,6 +1241,7 @@ sub generate_commit_from_dsc () { runcmd @cmd; my ($tree,$dir) = mktree_in_ud_from_only_subdir(); + check_for_vendor_patches() if madformat($dsc->{format}); runcmd qw(sh -ec), 'dpkg-parsechangelog >../changelog.tmp'; my $clogp = parsecontrol('../changelog.tmp',"commit's changelog"); my $authline = clogp_authline $clogp; @@ -1328,24 +1343,34 @@ sub ensure_we_have_orig () { } } -sub rev_parse ($) { - return cmdoutput @git, qw(rev-parse), "$_[0]~0"; -} - -sub is_fast_fwd ($$) { - my ($ancestor,$child) = @_; - my @cmd = (@git, qw(merge-base), $ancestor, $child); - my $mb = cmdoutput_errok @cmd; - if (defined $mb) { - return rev_parse($mb) eq rev_parse($ancestor); - } else { - $?==256 or failedcmd @cmd; - return 0; - } -} - sub git_fetch_us () { - runcmd_ordryrun_local @git, qw(fetch),access_giturl(),fetchspec(); + my @specs = (fetchspec()); + push @specs, + map { "+refs/$_/*:".lrfetchrefs."/$_/*" } + qw(tags heads); + runcmd_ordryrun_local @git, qw(fetch -p -n -q), access_giturl(), @specs; + + my %here; + my $tagpat = debiantag('*',access_basedistro); + + git_for_each_ref("refs/tags/".$tagpat, sub { + my ($objid,$objtype,$fullrefname,$reftail) = @_; + printdebug "currently $fullrefname=$objid\n"; + $here{$fullrefname} = $objid; + }); + git_for_each_ref(lrfetchrefs."/tags/".$tagpat, sub { + my ($objid,$objtype,$fullrefname,$reftail) = @_; + my $lref = "refs".substr($fullrefname, length lrfetchrefs); + printdebug "offered $lref=$objid\n"; + if (!defined $here{$lref}) { + my @upd = (@git, qw(update-ref), $lref, $objid, ''); + runcmd_ordryrun_local @upd; + } elsif ($here{$lref} eq $objid) { + } else { + print STDERR \ + "Not updateting $lref from $here{$lref} to $objid.\n"; + } + }); } sub fetch_from_archive () { @@ -1452,6 +1477,38 @@ END return 1; } +sub set_local_git_config ($$) { + my ($k, $v) = @_; + runcmd @git, qw(config), $k, $v; +} + +sub setup_mergechangelogs () { + my $driver = 'dpkg-mergechangelogs'; + my $cb = "merge.$driver"; + my $attrs = '.git/info/attributes'; + ensuredir '.git/info'; + + open NATTRS, ">", "$attrs.new" or die "$attrs.new $!"; + if (!open ATTRS, "<", $attrs) { + $!==ENOENT or die "$attrs: $!"; + } else { + while () { + chomp; + next if m{^debian/changelog\s}; + print NATTRS $_, "\n" or die $!; + } + ATTRS->error and die $!; + close ATTRS; + } + print NATTRS "debian/changelog merge=$driver\n" or die $!; + close NATTRS; + + set_local_git_config "$cb.name", 'debian/changelog merge driver'; + set_local_git_config "$cb.driver", 'dpkg-mergechangelogs -m %O %A %B %A'; + + rename "$attrs.new", "$attrs" or die "$attrs: $!"; +} + sub clone ($) { my ($dstdir) = @_; canonicalise_suite(); @@ -1462,7 +1519,7 @@ sub clone ($) { runcmd @git, qw(init -q); my $giturl = access_giturl(1); if (defined $giturl) { - runcmd @git, qw(config), "remote.$remotename.fetch", fetchspec(); + set_local_git_config "remote.$remotename.fetch", fetchspec(); open H, "> .git/HEAD" or die $!; print H "ref: ".lref()."\n" or die $!; close H or die $!; @@ -1481,6 +1538,7 @@ sub clone ($) { $vcsgiturl =~ s/\s+-b\s+\S+//g; runcmd @git, qw(remote add vcs-git), $vcsgiturl; } + setup_mergechangelogs(); runcmd @git, qw(reset --hard), lrref(); printdone "ready for work in $dstdir"; } @@ -1567,7 +1625,7 @@ sub push_parse_changelog ($) { $package = getfield $clogp, 'Source'; my $cversion = getfield $clogp, 'Version'; - my $tag = debiantag($cversion); + my $tag = debiantag($cversion, access_basedistro); runcmd @git, qw(check-ref-format), $tag; my $dscfn = dscfn($cversion); @@ -1619,9 +1677,9 @@ tagger $authline $package release $cversion for $clogsuite ($csuite) [dgit] [dgit distro=$declaredistro$delibs] END - foreach my $ref (sort keys %supersedes) { + foreach my $ref (sort keys %previously) { print TO <{format}); changedir '../../../..'; my $diffopt = $debuglevel>0 ? '--exit-code' : '--quiet'; my @diffcmd = (@git, qw(diff), $diffopt, $tree); @@ -1714,7 +1774,7 @@ sub dopush () { # runcmd @git, qw(fetch -p ), "$alioth_git/$package.git", # map { lref($_).":".rref($_) } # (uploadbranch()); - my $head = rev_parse('HEAD'); + my $head = git_rev_parse('HEAD'); if (!$changesfile) { my $multi = "$buildproductsdir/". "${package}_".(stripepoch $cversion)."_multi.changes"; @@ -1737,12 +1797,12 @@ sub dopush () { responder_send_command("param head $head"); responder_send_command("param csuite $csuite"); - my $forceflag = deliberately('not-fast-forward') ? '+' : ''; - if ($forceflag && defined $lastpush_hash) { - git_for_each_tag_referring($lastpush_hash, sub { - my ($objid,$fullrefname,$tagname) = @_; - responder_send_command("supersedes $fullrefname=$objid"); - $supersedes{$fullrefname} = $objid; + if (deliberately_not_fast_forward) { + git_for_each_ref(lrfetchrefs, sub { + my ($objid,$objtype,$lrfetchrefname,$reftail) = @_; + my $rrefname= substr($lrfetchrefname, length(lrfetchrefs) + 1); + responder_send_command("previously $rrefname=$objid"); + $previously{$rrefname} = $objid; }); } @@ -1769,7 +1829,7 @@ sub dopush () { create_remote_git_repo(); } runcmd_ordryrun @git, qw(push),access_giturl(), - $forceflag."HEAD:".rrref(), "refs/tags/$tag"; + $forceflag."HEAD:".rrref(), $forceflag."refs/tags/$tag"; runcmd_ordryrun @git, qw(update-ref -m), 'dgit push', lrref(), 'HEAD'; if ($we_are_responder) { @@ -1892,27 +1952,38 @@ sub cmd_push { if ($new_package) { local ($package) = $existing_package; # this is a hack canonicalise_suite(); - } - if (defined $specsuite && $specsuite ne $isuite) { + } else { canonicalise_suite(); - $csuite eq $specsuite or + } + if (defined $specsuite && + $specsuite ne $isuite && + $specsuite ne $csuite) { fail "dgit push: changelog specifies $isuite ($csuite)". " but command line specifies $specsuite"; } if (check_for_git()) { git_fetch_us(); } + my $forceflag = ''; if (fetch_from_archive()) { - is_fast_fwd(lrref(), 'HEAD') or + if (is_fast_fwd(lrref(), 'HEAD')) { + # ok + } elsif (deliberately_not_fast_forward) { + $forceflag = '+'; + } else { fail "dgit push: HEAD is not a descendant". " of the archive's version.\n". - "$us: To overwrite it, use git merge -s ours ".lrref()."."; + "dgit: To overwrite its contents,". + " use git merge -s ours ".lrref().".\n". + "dgit: To rewind history, if permitted by the archive,". + " use --deliberately-not-fast-forward"; + } } else { $new_package or fail "package appears to be new in this suite;". " if this is intentional, use --new"; } - dopush(); + dopush($forceflag); } #---------- remote commands' implementation ---------- @@ -1928,6 +1999,7 @@ sub cmd_remote_push_build_host { # offered several) $debugprefix = ' '; $we_are_responder = 1; + $us .= " (build host)"; open PI, "<&STDIN" or die $!; open STDIN, "/dev/null" or die $!; @@ -2050,12 +2122,12 @@ sub i_resp_param ($) { $i_param{$1} = $2; } -sub i_resp_supersedes ($) { +sub i_resp_previously ($) { $_[0] =~ m#^(refs/tags/\S+)=(\w+)$# - or badproto \*RO, "bad supersedes spec"; + or badproto \*RO, "bad previously spec"; my $r = system qw(git check-ref-format), $1; - die "bad supersedes ref spec ($r)" if $r; - $supersedes{$1} = $2; + die "bad previously ref spec ($r)" if $r; + $previously{$1} = $2; } our %i_wanted; @@ -2320,7 +2392,7 @@ sub quiltify ($$) { my $s = $abbrev->($notp); my $c = $notp->{Child}; $s .= "..".$abbrev->($c) if $c; - $s .= ": ".$c->{Whynot}; + $s .= ": ".$notp->{Whynot}; return $s; }; if ($quilt_mode eq 'linear') { @@ -2404,6 +2476,8 @@ sub build_maybe_quilt_fixup () { return unless madformat $format; # sigh + check_for_vendor_patches(); + # Our objective is: # - honour any existing .pc in case it has any strangeness # - determine the git commit corresponding to the tip of @@ -2449,7 +2523,7 @@ sub build_maybe_quilt_fixup () { # 6. Back in the main tree, fast forward to the new HEAD my $clogp = parsechangelog(); - my $headref = rev_parse('HEAD'); + my $headref = git_rev_parse('HEAD'); prep_ud(); changedir $ud; @@ -2528,7 +2602,7 @@ END commit_quilty_patch(); if ($mustdeletepc) { - runcmd @git, qw(rm -rq .pc); + runcmd @git, qw(rm -rqf .pc); commit_admin "Commit removal of .pc (quilt series tracking data)"; } @@ -2611,17 +2685,35 @@ sub changesopts () { return @opts; } +sub massage_dbp_args ($) { + my ($cmd) = @_; + return unless $cleanmode =~ m/git|none/; + debugcmd '#massaging#', @$cmd if $debuglevel>1; + my @newcmd = shift @$cmd; + # -nc has the side effect of specifying -b if nothing else specified + push @newcmd, '-nc'; + # and some combinations of -S, -b, et al, are errors, rather than + # later simply overriding earlier + push @newcmd, '-F' unless grep { m/^-[bBASF]$/ } @$cmd; + push @newcmd, @$cmd; + @$cmd = @newcmd; +} + sub cmd_build { build_prep(); - runcmd_ordryrun_local @dpkgbuildpackage, qw(-us -uc), changesopts(), @ARGV; + my @dbp = (@dpkgbuildpackage, qw(-us -uc), changesopts(), @ARGV); + massage_dbp_args \@dbp; + runcmd_ordryrun_local @dbp; printdone "build successful\n"; } sub cmd_git_build { build_prep(); + my @dbp = @dpkgbuildpackage; + massage_dbp_args \@dbp; my @cmd = (qw(git-buildpackage -us -uc --git-no-sign-tags), - "--git-builder=@dpkgbuildpackage"); + "--git-builder=@dbp"); unless (grep { m/^--git-debian-branch|^--git-ignore-branch/ } @ARGV) { canonicalise_suite(); push @cmd, "--git-debian-branch=".lbranch(); @@ -2662,7 +2754,7 @@ sub cmd_sbuild { changedir ".."; my $pat = "${package}_".(stripepoch $version)."_*.changes"; if (act_local()) { - stat_exist $dscfn or fail "$dscfn (in parent directory): $!"; + stat_exists $dscfn or fail "$dscfn (in parent directory): $!"; stat_exists $sourcechanges or fail "$sourcechanges (in parent directory): $!"; foreach my $cf (glob $pat) { @@ -2702,6 +2794,20 @@ sub cmd_archive_api_query { exec @cmd or fail "exec curl: $!\n"; } +sub cmd_clone_dgit_repos_server { + badusage "need destination argument" unless @ARGV==1; + my ($destdir) = @ARGV; + $package = '_dgit-repos-server'; + my @cmd = (@git, qw(clone), access_giturl(), $destdir); + debugcmd ">",@cmd; + exec @cmd or fail "exec git clone: $!\n"; +} + +sub cmd_setup_mergechangelogs { + badusage "no arguments allowed to dgit setup-mergechangelogs" if @ARGV; + setup_mergechangelogs(); +} + #---------- argument parsing and main program ---------- sub cmd_version {