New approach to replay prevention - WIP

diff --git a/dgit b/dgit
index 42f9f457332655cae0832baec4c03c4029fcad50..759df20e5df761a58e05418538283e48003ebb07 100755 (executable)
--- a/dgit
+++ b/dgit
@@ -1650,9 +1650,9 @@ sub dopush ($) {
 
     if ($forceflag && defined $lastpush_hash) {
        git_for_each_tag_referring($lastpush_hash, sub {
 
     if ($forceflag && defined $lastpush_hash) {
        git_for_each_tag_referring($lastpush_hash, sub {

-           my ($objid,$refobjid,$fullrefname,$tagname) = @_;
-           responder_send_command("supersedes $fullrefname=$objid");
-           $supersedes{$fullrefname} = $objid;
+           my ($tagobjid,$refobjid,$fullrefname,$tagname) = @_;
+           responder_send_command("supersedes $fullrefname=$tagobjid");
+           $supersedes{$fullrefname} = $tagobjid;

        });
     }
 
        });
     }
 

diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server
index e794de25d152d4f421dc9064f1b58ce3670b3f68..ab831364ddb8577284cc5cf3f4019f3d44fc2d27 100755 (executable)
--- a/infra/dgit-repos-server
+++ b/infra/dgit-repos-server
@@ -632,10 +632,10 @@ sub checksuite () {
 }
 
 sub checktagnoreplay () {
 }
 
 sub checktagnoreplay () {

-    # We check that the signed tag mentions the name and value of
+    # We check that the signed tag mentions the name and tag object id of

     # (a) in the case of FRESHREPO all tags in the repo;
     # (b) in the case of just NOFFCHECK all tags referring to
     # (a) in the case of FRESHREPO all tags in the repo;
     # (b) in the case of just NOFFCHECK all tags referring to

-    # the current head for the suite (there must be at least one).
+    #     the current head for the suite (there must be at least one).

     # This prevents a replay attack using an earlier signed tag.
     return unless $policy & (FRESHREPO|NOFFCHECK);
 
     # This prevents a replay attack using an earlier signed tag.
     return unless $policy & (FRESHREPO|NOFFCHECK);
 


@@ -677,14 +677,29 @@ sub checktagnoreplay () {
     my @problems;
 
     git_for_each_tag_referring($onlyreferring, sub {
     my @problems;
 
     git_for_each_tag_referring($onlyreferring, sub {

-       my ($objid,$refobjid,$fullrefname,$tagname) = @_;
-       printdebug "checktagnoreplay - overwriting $fullrefname=$objid\n";
+       my ($tagobjid,$refobjid,$fullrefname,$tagname) = @_;
+       printdebug "checktagnoreplay - overwriting".
+           " $fullrefname=$tagobjid->$refobjid\n";

        my $supers = $supersedes{$fullrefname};
        if (!defined $supers) {
        my $supers = $supersedes{$fullrefname};
        if (!defined $supers) {

-           push @problems, "does not supersede $fullrefname";
-       } elsif ($supers ne $objid) {
+           printdebug "checktagnoreply - fallbacks\n";
+           my $super_fallback = 0;
+           foreach my $didsuper (sort keys %supersedes) {
+               my $didsuper_tagobjid = $supersedes{$didsuper};
+               my $didsuper_refobjid = git_rev_parse $didsuper_tagobjid;
+               printdebug "checktagnoreply - fallback".
+                   " $didsuper=$didsuper_refobjid->$didsuper_tagobjid\n";
+               last if 
+                   $refobjid ne $didsuper_refobjid
+                   and is_fast_fwd($refobjid, $didsuper_refobjid);
+               printdebug "checktagnoreply - fallback $didsuper OK\n";
+               $super_fallback = 1;
+           }
+           push @problems, "does not supersede $fullrefname"
+               unless $super_fallback;
+       } elsif ($supers ne $tagobjid) {

            push @problems,
            push @problems,

- "supersedes $fullrefname=$supers but previously $fullrefname=$objid";
+ "supersedes $fullrefname=$supers but previously $fullrefname=$tagobjid";

        } else {
            # ok;
        }
        } else {
            # ok;
        }