From 6fff08035c6fb48fab8f804d965541f7486b8249 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 22 Mar 2015 10:17:09 +0000
Subject: [PATCH] WIP Debian policy

push-confirm
---
 infra/dgit-repos-policy-debian | 172 ++++++++++++++++++++++++++++++---
 1 file changed, 157 insertions(+), 15 deletions(-)

diff --git a/infra/dgit-repos-policy-debian b/infra/dgit-repos-policy-debian
index 0f9d70f5..5724c938 100755
--- a/infra/dgit-repos-policy-debian
+++ b/infra/dgit-repos-policy-debian
@@ -8,6 +8,8 @@
 #   dgit-repos-policy-debian ... check-package PACKAGE [...]
 #   dgit-repos-policy-debian ... push PACKAGE \
 #         VERSION SUITE TAGNAME DELIBERATELIES [...]
+#   dgit-repos-policy-debian ... push-confirm PACKAGE \
+#         VERSION SUITE TAGNAME DELIBERATELIES [...]
 #
 # cwd for push is a temporary repo where the to-be-pushed objects have
 #  been received; TAGNAME is the version-based tag
@@ -37,6 +39,9 @@ our $pkg;
 our $pkgdir;
 our ($pkg_exists,$pkg_secret);
 
+our ($version,$suite,$tagname);
+our %deliberately;
+
 # We assume that it is not possible for NEW to have a version older
 # than sid.
 
@@ -168,11 +173,11 @@ sub getpackage () {
     $pkg_secret = !!(~(stat _)[2] & 05);
 }
 
-sub add_taint_by_tag ($$$) {
-    my ($tagname, $refobjid, $refobjtype) = @_;
+sub add_taint ($$) {
+    my ($refobj, $reason);
 
     my $tf = new File::Temp or die $!;
-    print $tf "$refobjid^0\n" or die $!;
+    print $tf "$refobj^0\n" or die $!;
 
     my $gcfpid = open GCF, "-|";
     defined $gcfpid or die $!;
@@ -196,11 +201,6 @@ sub add_taint_by_tag ($$$) {
     }
     close GCF;
 
-    my $reason =
-	"tag $tagname referred to this object in git tree but all".
-	" previously pushed versions were found to have been".
-	" removed from NEW (ie, rejected) (or never arrived)";
-
     $poldbh->do("INSERT INTO taints".
 		" (package, gitobjid, gitobjtype, gitobjdata, time, comment)",
 		" VALUES (?,?,?,?,?,?)", {},
@@ -210,11 +210,18 @@ sub add_taint_by_tag ($$$) {
     die unless defined $taint_id;
 
     $poldbh->do("INSERT INTO taintoverrides".
-		" (taint_id, 'include-questionable-history')",
-		" VALUES (?)", {},
+		" (taint_id, deliberately)",
+		" VALUES (?, 'include-questionable-history')", {},
 		$taint_id);
 }
 
+sub add_taint_by_tag ($$) {
+    my ($tagname,$refobjid) = @_;
+    add_taint($refobjid,
+	      "tag $tagname referred to this object in git tree but all".
+	      " previously pushed versions were found to have been".
+	      " removed from NEW (ie, rejected) (or never arrived)");
+}
 
 sub action__check_package () {
     getpackage();
@@ -231,30 +238,165 @@ sub action__check_package () {
 
     git_for_each_ref('refs/tags', sub {
 	my ($objid,$objtype,$fullrefname,$tagname) = @_;
-	add_taint_by_tag($tagname,$objid,$objtype);
+	add_taint_by_tag($tagname,$refobjid);
     });
     $?=0; $!=0; close TAGL or die "git for-each-ref $? $!";
 
     return FRESHREPO;
 }
 
-sub action_push () {
-    # we suppose that NEW has a version which is already in our
-    # history, as otherwise the repo would have been blown away
+sub getpushinfo () {
+    die unless @ARGV >= 4;
+    $version = shift @ARGV;
+    $suite = shift @ARGV;
+    $tagname = shift @ARGV;
+    my $delibs = shift @ARGV;
+    foreach my $delib (split /\,/, $delibs) {
+	$deliberately{$delib} = 1;
+    }
+}
+
+sub deliberately ($) { return $deliberately{$_[0]}; }
 
+sub action_push () {
     getpackage();
     return 0 unless $pkg_exists;
     return 0 unless $pkg_secret;
 
-    xxx up to here
+    # we suppose that NEW has a version which is already in our
+    # history, as otherwise the repo would have been blown away
+
+    if (deliberately('not-fast-forward')) {
+	add_taint(server_ref($suite),
+		  "suite $suite when --deliberately-not-fast-forward".
+		  " specified in signed tag $tagname for upload of".
+		  " version $version into suite $suite");
+	return NOFFCHECK|FRESHREPO;
+    }
+    if (deliberately('include-questionable-history')) {
+	return 0;
+    }
+    die "Package is in NEW and has not been accepted or rejected yet;".
+	" use a --deliberately option to specify whether you are".
+	" keeping or discarding the previously pushed history. ".
+	" Please RTFM dgit(1).\n";
 }
 
+sub action_push_confirm () {
+    my $initq = $dbh->prepare(<<END);
+        SELECT taint_id, gitobjid FROM taints t
+            WHERE (package = ? OR package = '')
+END
+    $initq->execute($pkg);
+
+    my @taintids;
+    my $chkinput = tempfile();
+    while (my $taint = $initq->fetchrow_hashref()) {
+	push @taintids, $taint->{taint_id};
+	print $chkinput, $taint->{gitobjid}, "\n" or die $!;
+    }
+    flush $chkinput or die $!;
+    seek $chkinput,0,0 or die $!;
+
+    my $checkpid = open2("<&$chkinput", \*CHKOUT, qw(git cat-file --batch));
+    $checkpid or die $!;
+
+    my ($taintinfoq,$overridesanyq,$untaintq,$overridesq);
+
+    my $overridesstmt = <<END;
+        SELECT deliberately FROM taintoverrides WHERE (
+    my @overridesv = sort keys %deliberately;
+    $overridesstmt .= join <<END, (<<END x @overridesv);
+END
+            OR
+END
+            deliberately = ?
+END
+    $overridesstmt .= <<END;
+	) AND taint_id = ?
+        ORDER BY deliberately ASC
+END
+
+    my $mustreject=0;
+
+    while (<CHKOUT>) {
+	my $taintid = shift @taintids;
+	die unless defined $taintid;
+
+	next if m/^\w+ missing$/;
+	die unless m/^(\w+) (\s+) (\d+)\s/;
+	my ($objid,$objtype,$nbytes) = @_;
+
+	read CHKOUT, $_, $nbytes == $bytes or last;
+
+	$taintinfoq ||= $dbh->prepare(<<END);
+            SELECT package, time, comment FROM taints WHERE taint_id =  ?
+END
+        $taintinfoq->execute($taintid);
+
+	my $ti = $taintinfoq->fetchrow_hashref();
+	die unless $ti;
+
+	my $timeshow = defined $ti->{time}
+	    ? " at time ".strftime("%Y-%m-%d %H:%M:%S Z", gmtime $ti->time)
+	    : "";
+	my $pkgshow = length $ti->{package}
+	    ? "package $ti->{package}"
+	    : "any package";
+
+	print STDERR <<END;
+
+History contains tainted $objtype $objid
+Taint recorded$timeshow for $pkginfo
+Reason: $ti->{comment}
+END
+
+        $overridesq ||= $dbh->prepare($overridesstmt);
+	$overridesq->execute(@overridesv, $taintid);
+	my ($ovwhy) = $overridesq->fetchrow_array();
+	if (!defined $ovwhy) {
+	    $overridesanyq ||= $dbh->prepare(<<END);
+	        SELECT 1 FROM taintoverrides WHERE taint_id = ? LIMIT 1
+END
+	    $overridesanyq->execute($taintid);
+	    my ($ovany) = $overridesanyq->fetchrow_array();
+	    print STDERR $ovany ? <<END : <<END;
+Could be forced using --deliberately.  Consult documentation.
+END
+Uncorrectable error.  If confused, consult administrator.
+END
+            $mustreject = 1;
+	} else {
+	    print STDERR <<END;
+Forcing due to --deliberately-$ovwhy
+END
+            $untaintq ||= $dbh->prepare(<<END);
+                DELETE FROM taints WHERE taint_id = ?
+END
+            $untaintq->execute($taint_id);
+        }
+    }
+    if (@taintids) {
+	$?=0; my $gotpid = waitpid $checkpid, WNOHANG;
+	die "@taintids $gotpid $? $!";
+    }
 
+    if ($mustreject) {
+	print STDERR <<END;
+
+Rejecting push due to questionable history.
+END
+        exit 1;
+    }
+
+    return 0;
+}
 
 if (defined $pkg) {
     selectpackage;
 }
 
+$cmd =~ y/-/_/;
 my $fn = ${*::}{"action__$cmd"};
 $fn or die "unknown ACTION";
 
-- 
2.30.2