diff options
author | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2017-01-05 13:46:34 +0000 |
---|---|---|
committer | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2017-01-05 13:46:34 +0000 |
commit | 82da82e49b4ae7143bf9fdb582fcb46e1446a2e4 (patch) | |
tree | 725ff586fca659aec843ed85fcdedc738eefb35d | |
parent | d396f6a9302d24d6c4cc7db0670dba9ce6473035 (diff) |
dgit-repos-server: Defend against bad commits (from eg #849041).
Right now, this causes the test `debpolicy-quilt-gbp' to fail,
because in this branch #849041 is unfixed.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
-rw-r--r-- | Debian/Dgit.pm | 3 | ||||
-rwxr-xr-x | infra/dgit-repos-server | 24 |
2 files changed, 26 insertions, 1 deletions
diff --git a/Debian/Dgit.pm b/Debian/Dgit.pm index 50e3b86..e9921d6 100644 --- a/Debian/Dgit.pm +++ b/Debian/Dgit.pm @@ -54,7 +54,7 @@ BEGIN { $debugprefix *debuglevel *DEBUG shellquote printcmd messagequote); # implicitly uses $main::us - %EXPORT_TAGS = ( policyflags => [qw(NOFFCHECK FRESHREPO)] ); + %EXPORT_TAGS = ( policyflags => [qw(NOFFCHECK FRESHREPO NOCOMMITCHECK)] ); @EXPORT_OK = @{ $EXPORT_TAGS{policyflags} }; } @@ -71,6 +71,7 @@ our $branchprefix = 'dgit'; # dynamic loader, runtime, etc., failures, which report 127 or 255 sub NOFFCHECK () { return 0x2; } sub FRESHREPO () { return 0x4; } +sub NOCOMMITCHECK () { return 0x8; } our $debugprefix; our $debuglevel = 0; diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server index 1be3360..eb4b377 100755 --- a/infra/dgit-repos-server +++ b/infra/dgit-repos-server @@ -160,6 +160,9 @@ setup_sigwarn(); # FRESHREPO (4) # blow away repo right away (ie, as if before push or fetch) # ("check-package" and "push" only) +# NOCOMMITCHECK (8) +# suppress dgit-repos-server's check that commits do +# not lack "committer" info (eg as produced by #849041) # any unexpected bits mean failure, and then known set bits are ignored # if no unexpected bits set, operation continues (subject to meaning # of any expected bits set). So, eg, exit 0 means "continue normally" @@ -890,6 +893,27 @@ sub checks () { chomp $mb; $mb eq $oldcommit or reject "not fast forward on dgit branch"; } + + # defend against commits generated by #849041 + if (!($policy & NOCOMMITCHECK)) { + my @checks = qw(%an %ae %at + %cn %ce %ct); + my @chk = qw(git log -z); + push @chk, '--pretty=tformat:%H%n'. + (join "", map { $_, '%n' } @checks); + push @chk, "^$oldcommit" if $oldcommit =~ m/[^0]/; + push @chk, $commit;; + printdebug " ~NOCOMMITCHECK @chk\n"; + open CHK, "-|", @chk or die $!; + local $/ = "\0"; + while (<CHK>) { + next unless m/^$/m; + m/^\w+(?=\n)/ or die; + reject "corrupted object $& (missing metadata)"; + } + $!=0; $?=0; close CHK or $?==256 or die "$? $!"; + } + if ($policy & FRESHREPO) { # It's a bit late to be discovering this here, isn't it ? # |