X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=dgit.git;a=blobdiff_plain;f=infra%2Fdgit-repos-server;h=f391b08776ada836a2720a7c6b429141178bdd85;hp=8a75d0557d49e58700f515aa59e18f6b3dd341de;hb=323e5e59ee548bf44cc2cb9a584cb1c3edcabe3f;hpb=34eb5dad67ac7e3353016d3a109b8e78fb780655 diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server index 8a75d055..f391b087 100755 --- a/infra/dgit-repos-server +++ b/infra/dgit-repos-server @@ -34,6 +34,8 @@ use strict; # PACKAGE_garbage } (also covers executions of # PACKAGE_garbage-old } policy hook script for PACKAGE) # PACKAGE_garbage-tmp } +# policy* } (for policy hook script, covered by +# } lock only when invoked for a package) # # leaf locks, held during brief operaton only: # @@ -105,6 +107,35 @@ use strict; # the corresponding temporary tree, as the lockfile is also # a stampfile whose presence indicates that there may be # cleanup to do +# +# Policy hook script is invoked like this: +# POLICY-HOOK-SCRIPT DISTRO DGIT-REPOS-DIR ACTION... +# ie. +# POLICY-HOOK-SCRIPT ... check-list [...] +# POLICY-HOOK-SCRIPT ... check-package PACKAGE [...] +# POLICY-HOOK-SCRIPT ... push|push-confirm PACKAGE \ +# VERSION SUITE TAGNAME DELIBERATELIES [...] +# +# Exit status is a bitmask. Bit weight constants are defined in Dgit.pm. +# NOFFCHECK (2) +# suppress dgit-repos-server's fast-forward check ("push" only) +# FRESHREPO (4) +# blow away repo right away (ie, as if before push or fetch) +# ("check-package" and "push" only) +# any unexpected bits mean failure, and then known set bits are ignored +# if no unexpected bits set, operation continues (subject to meaning +# of any expected bits set). So, eg, exit 0 means "continue normally" +# and would be appropriate for an unknown action. +# +# cwd for push and push-confirm is a temporary repo where the +# to-be-pushed objects have been received; TAGNAME is the +# version-based tag +# +# if push requested FRESHREPO, push-confirm happens in said fresh repo +# +# policy hook for a particular package will be invoked only once at +# a time - (see comments about DGIT-REPOS-DIR, above) + use POSIX; use Fcntl qw(:flock); @@ -117,6 +148,7 @@ open DEBUG, ">/dev/null" or die $!; our $func; our $dgitrepos; our $package; +our $distro; our $suitesfile; our $policyhook; our $realdestrepo; @@ -222,9 +254,9 @@ sub policyhook { my ($policyallowbits, @polargs) = @_; # => ($exitstatuspolicybitmap); die if $policyallowbits & ~0x3e; - my @cmd = ($policyhook,$distro,$repos,@polargs); - debugcmd @_; - my $r = system @_; + my @cmd = ($policyhook,$distro,$dgitrepos,@polargs); + debugcmd @cmd; + my $r = system @cmd; die "system: $!" if $r < 0; die "hook (@cmd) failed ($?)" if $r & ~($policyallowbits << 8); return $r >> 8; @@ -264,17 +296,6 @@ sub movetogarbage () { or die "$garbagerepo $!"; } -sub onwardpush () { - my @cmd = (qw(git send-pack), $destrepo); - push @cmd, qw(--force) if $policy & NOFFCHECK; - push @cmd, "$commit:refs/dgit/$suite", - "$tagval:refs/tags/$tagname"); - debugcmd @cmd; - $!=0; - my $r = system @cmd; - !$r or die "onward push to $destrepo failed: $r $!"; -} - #----- git-receive-pack ----- sub fixmissing__git_receive_pack () { @@ -432,12 +453,14 @@ sub parsetag () { $version = $2; die "$3 != $suite " unless $3 eq $suite; + my $copyl = $_; for (;;) { - print PT or die $!; + print PT $copyl or die $!; $!=0; $_=; defined or die "missing signature? $!"; + $copyl = $_; if (m/^\[dgit ([^"].*)\]$/) { # [dgit "something"] is for future $_ = $1." "; - for (;;) { + while (length) { if (s/^distro\=(\S+) //) { die "$1 != $distro" unless $1 eq $distro; } elsif (s/^(--deliberately-$package_re) //) { @@ -447,13 +470,14 @@ sub parsetag () { $supersedes{$1} = $2; } elsif (s/^[-+.=0-9a-z]\S* //) { } else { - die "unknown dgit info in tag"; + die "unknown dgit info in tag ($_)"; } } next; } last if m/^-----BEGIN PGP/; } + $_ = $copyl; for (;;) { print DS or die $!; $!=0; $_=; @@ -619,7 +643,7 @@ sub checktagnoreplay () { my @problems; - git_for_each_tag_referring($objreferring, sub { + git_for_each_tag_referring($onlyreferring, sub { my ($objid,$fullrefname,$tagname) = @_; debug "checktagnoreplay - overwriting $fullrefname=$objid"; my $supers = $supersedes{$fullrefname}; @@ -665,9 +689,9 @@ sub checks () { lockrealtree(); - $policy = policyhook(NOFFCHECK|FRESHREPO, 'push',$package, - $version,$suite,$tagname, - join(",",@delberatelies)); + my @policy_args = ($package,$version,$suite,$tagname, + join(",",@deliberatelies)); + $policy = policyhook(NOFFCHECK|FRESHREPO, 'push', @policy_args); checktagnoreplay(); checksuite(); @@ -696,6 +720,19 @@ sub checks () { $destrepo = "${workrepo}_fresh"; # workrepo lock covers mkrepo_fromtemplate $destrepo; } + + policyhook(0, 'push-confirm', @policy_args); +} + +sub onwardpush () { + my @cmd = (qw(git send-pack), $destrepo); + push @cmd, qw(--force) if $policy & NOFFCHECK; + push @cmd, "$commit:refs/dgit/$suite", + "$tagval:refs/tags/$tagname"; + debugcmd @cmd; + $!=0; + my $r = system @cmd; + !$r or die "onward push to $destrepo failed: $r $!"; } sub stunthook () { @@ -772,7 +809,7 @@ sub parseargsdispatch () { exit 0; } - $ENV{'DGIT_DRS_DISTRO'} = argval(); + $ENV{'DGIT_DRS_DISTRO'} = $distro = argval(); $ENV{'DGIT_DRS_SUITES'} = argval(); $ENV{'DGIT_DRS_KEYRINGS'} = argval(); $dgitrepos = argval();