summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIan Jackson <ijackson@chiark.greenend.org.uk>2017-01-05 13:46:34 +0000
committerIan Jackson <ijackson@chiark.greenend.org.uk>2017-01-05 13:46:34 +0000
commit82da82e49b4ae7143bf9fdb582fcb46e1446a2e4 (patch)
tree725ff586fca659aec843ed85fcdedc738eefb35d
parentd396f6a9302d24d6c4cc7db0670dba9ce6473035 (diff)
dgit-repos-server: Defend against bad commits (from eg #849041).
Right now, this causes the test `debpolicy-quilt-gbp' to fail, because in this branch #849041 is unfixed. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
-rw-r--r--Debian/Dgit.pm3
-rwxr-xr-xinfra/dgit-repos-server24
2 files changed, 26 insertions, 1 deletions
diff --git a/Debian/Dgit.pm b/Debian/Dgit.pm
index 50e3b86..e9921d6 100644
--- a/Debian/Dgit.pm
+++ b/Debian/Dgit.pm
@@ -54,7 +54,7 @@ BEGIN {
$debugprefix *debuglevel *DEBUG
shellquote printcmd messagequote);
# implicitly uses $main::us
- %EXPORT_TAGS = ( policyflags => [qw(NOFFCHECK FRESHREPO)] );
+ %EXPORT_TAGS = ( policyflags => [qw(NOFFCHECK FRESHREPO NOCOMMITCHECK)] );
@EXPORT_OK = @{ $EXPORT_TAGS{policyflags} };
}
@@ -71,6 +71,7 @@ our $branchprefix = 'dgit';
# dynamic loader, runtime, etc., failures, which report 127 or 255
sub NOFFCHECK () { return 0x2; }
sub FRESHREPO () { return 0x4; }
+sub NOCOMMITCHECK () { return 0x8; }
our $debugprefix;
our $debuglevel = 0;
diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server
index 1be3360..eb4b377 100755
--- a/infra/dgit-repos-server
+++ b/infra/dgit-repos-server
@@ -160,6 +160,9 @@ setup_sigwarn();
# FRESHREPO (4)
# blow away repo right away (ie, as if before push or fetch)
# ("check-package" and "push" only)
+# NOCOMMITCHECK (8)
+# suppress dgit-repos-server's check that commits do
+# not lack "committer" info (eg as produced by #849041)
# any unexpected bits mean failure, and then known set bits are ignored
# if no unexpected bits set, operation continues (subject to meaning
# of any expected bits set). So, eg, exit 0 means "continue normally"
@@ -890,6 +893,27 @@ sub checks () {
chomp $mb;
$mb eq $oldcommit or reject "not fast forward on dgit branch";
}
+
+ # defend against commits generated by #849041
+ if (!($policy & NOCOMMITCHECK)) {
+ my @checks = qw(%an %ae %at
+ %cn %ce %ct);
+ my @chk = qw(git log -z);
+ push @chk, '--pretty=tformat:%H%n'.
+ (join "", map { $_, '%n' } @checks);
+ push @chk, "^$oldcommit" if $oldcommit =~ m/[^0]/;
+ push @chk, $commit;;
+ printdebug " ~NOCOMMITCHECK @chk\n";
+ open CHK, "-|", @chk or die $!;
+ local $/ = "\0";
+ while (<CHK>) {
+ next unless m/^$/m;
+ m/^\w+(?=\n)/ or die;
+ reject "corrupted object $& (missing metadata)";
+ }
+ $!=0; $?=0; close CHK or $?==256 or die "$? $!";
+ }
+
if ($policy & FRESHREPO) {
# It's a bit late to be discovering this here, isn't it ?
#