X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=dgit.git;a=blobdiff_plain;f=dgit;h=f6bf3a7cbe2e4d48075a585a5c8dc41cc88e2ce1;hp=6e9c3044f54d745e4371209d51208f7ec1d372b2;hb=7a226db27fb1e8b59a65bed06fa3aace2c266cb0;hpb=6539061dd349972a00899120f7997efa1e7824cd

diff --git a/dgit b/dgit
index 6e9c3044..f6bf3a7c 100755
--- a/dgit
+++ b/dgit
@@ -2,7 +2,7 @@
 # dgit
 # Integration between git and Debian-style archives
 #
-# Copyright (C)2013 Ian Jackson
+# Copyright (C)2013-2015 Ian Jackson
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -52,7 +52,7 @@ our $new_package = 0;
 our $ignoredirty = 0;
 our $rmonerror = 1;
 our @deliberatelies;
-our %supersedes;
+our %previously;
 our $existing_package = 'dpkg';
 our $cleanmode = 'dpkg-source';
 our $changes_since_version;
@@ -111,6 +111,8 @@ sub lref () { return "refs/heads/".lbranch(); }
 sub lrref () { return "refs/remotes/$remotename/".server_branch($csuite); }
 sub rrref () { return server_ref($csuite); }
 
+sub lrfetchrefs () { return "refs/dgit-fetch/$isuite"; }
+
 sub stripepoch ($) {
     my ($vsn) = @_;
     $vsn =~ s/^\d+\://;
@@ -163,8 +165,9 @@ sub deliberately ($) {
 }
 
 sub deliberately_not_fast_forward () {
-    deliberately('not-fast-forward') ||
-	deliberately('TEST-not-fast-forward-dgit-only');
+    foreach (qw(not-fast-forward fresh-repo)) {
+	return 1 if deliberately($_) || deliberately("TEST-dgit-only-$_");
+    }
 }
 
 #---------- remote protocol support, common ----------
@@ -447,8 +450,15 @@ our %defcfg = ('dgit.default.distro' => 'debian',
 	       'dgit-distro.debian.git-path' => '/dgit/debian/repos',
 	       'dgit-distro.debian.git-check' => 'ssh-cmd',
  'dgit-distro.debian.archive-query-url', 'https://api.ftp-master.debian.org/',
- 'dgit-distro.debian.archive-query-tls-key',
-    '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
+# 'dgit-distro.debian.archive-query-tls-key',
+#    '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
+# ^ this does not work because curl is broken nowadays
+# Fixing #790093 properly will involve providing providing the key
+# in some pacagke and maybe updating these paths.
+#
+# 'dgit-distro.debian.archive-query-tls-curl-args',
+#   '--ca-path=/etc/ssl/ca-debian',
+# ^ this is a workaround but works (only) on DSA-administered machines
 	       'dgit-distro.debian.diverts.alioth' => '/alioth',
 	       'dgit-distro.debian/alioth.git-host' => 'git.debian.org',
 	       'dgit-distro.debian/alioth.git-user-force' => '',
@@ -703,16 +713,25 @@ sub archive_api_query_cmd ($) {
     my $url = access_cfg('archive-query-url');
     if ($url =~ m#^https://([-.0-9a-z]+)/#) {
 	my $host = $1;
-	my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF');
+	my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF') //'';
 	foreach my $key (split /\:/, $keys) {
 	    $key =~ s/\%HOST\%/$host/g;
 	    if (!stat $key) {
 		fail "for $url: stat $key: $!" unless $!==ENOENT;
 		next;
 	    }
-	    push @cmd, "--ca-certificate=$key", "--ca-directory=/dev/enoent";
+	    fail "config requested specific TLS key but do not know".
+		" how to get curl to use exactly that EE key ($key)";
+#	    push @cmd, "--cacert", $key, "--capath", "/dev/enoent";
+#           # Sadly the above line does not work because of changes
+#           # to gnutls.   The real fix for #790093 may involve
+#           # new curl options.
 	    last;
 	}
+	# Fixing #790093 properly will involve providing a value
+	# for this on clients.
+	my $keys = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF');
+	push @cmd, split / /, $keys if defined $keys;
     }
     push @cmd, $url.$subpath;
     return @cmd;
@@ -1261,6 +1280,11 @@ sub ensure_we_have_orig () {
 
 sub git_fetch_us () {
     runcmd_ordryrun_local @git, qw(fetch),access_giturl(),fetchspec();
+    if (deliberately_not_fast_forward) {
+	runcmd_ordryrun_local @git, qw(fetch -p), access_giturl(),
+	    map { "+refs/$_/*:".lrfetchrefs."/$_/*" }
+	    qw(tags heads);
+    }
 }
 
 sub fetch_from_archive () {
@@ -1534,9 +1558,9 @@ tagger $authline
 $package release $cversion for $clogsuite ($csuite) [dgit]
 [dgit distro=$declaredistro$delibs]
 END
-    foreach my $ref (sort keys %supersedes) {
+    foreach my $ref (sort keys %previously) {
 		    print TO <<END or die $!;
-[dgit supersede:$ref=$supersedes{$ref}]
+[dgit previously:$ref=$previously{$ref}]
 END
     }
 
@@ -1653,11 +1677,12 @@ sub dopush ($) {
     responder_send_command("param head $head");
     responder_send_command("param csuite $csuite");
 
-    if ($forceflag && defined $lastpush_hash) {
-	git_for_each_tag_referring($lastpush_hash, sub {
-	    my ($tagobjid,$refobjid,$fullrefname,$tagname) = @_;
-	    responder_send_command("supersedes $fullrefname=$tagobjid");
-	    $supersedes{$fullrefname} = $tagobjid;
+    if (deliberately_not_fast_forward) {
+	git_for_each_ref(lrfetchrefs, sub {
+	    my ($objid,$objtype,$lrfetchrefname,$reftail) = @_;
+	    my $rrefname= substr($lrfetchrefname, length(lrfetchrefs) + 1);
+	    responder_send_command("previously $rrefname=$objid");
+	    $previously{$rrefname} = $objid;
 	});
     }
 
@@ -1684,7 +1709,7 @@ sub dopush ($) {
 	create_remote_git_repo();
     }
     runcmd_ordryrun @git, qw(push),access_giturl(),
-        $forceflag."HEAD:".rrref(), "refs/tags/$tag";
+        $forceflag."HEAD:".rrref(), $forceflag."refs/tags/$tag";
     runcmd_ordryrun @git, qw(update-ref -m), 'dgit push', lrref(), 'HEAD';
 
     if ($we_are_responder) {
@@ -1975,12 +2000,12 @@ sub i_resp_param ($) {
     $i_param{$1} = $2;
 }
 
-sub i_resp_supersedes ($) {
+sub i_resp_previously ($) {
     $_[0] =~ m#^(refs/tags/\S+)=(\w+)$#
-	or badproto \*RO, "bad supersedes spec";
+	or badproto \*RO, "bad previously spec";
     my $r = system qw(git check-ref-format), $1;
-    die "bad supersedes ref spec ($r)" if $r;
-    $supersedes{$1} = $2;
+    die "bad previously ref spec ($r)" if $r;
+    $previously{$1} = $2;
 }
 
 our %i_wanted;
@@ -2627,6 +2652,15 @@ sub cmd_archive_api_query {
     exec @cmd or fail "exec curl: $!\n";
 }
 
+sub cmd_clone_dgit_repos_server {
+    badusage "need destination argument" unless @ARGV==1;
+    my ($destdir) = @ARGV;
+    $package = '_dgit-repos-server';
+    my @cmd = (@git, qw(clone), access_giturl(), $destdir);
+    debugcmd ">",@cmd;
+    exec @cmd or fail "exec git clone: $!\n";
+}
+
 #---------- argument parsing and main program ----------
 
 sub cmd_version {