tainted-objects (fix): Pass suite in check and use it for HEAD

This now produces the same answers as push would.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

3 files changed, 5 insertions, 3 deletions

diff --git a/dgit b/dgit
index 06e973a..583fe4a 100755
--- a/dgit
+++ b/dgit
@@ -4872,7 +4872,8 @@ ENDT
     if ($pq_supported !~ m/false/) {
 	my @cmd =
 	  (access_cfg_ssh, access_gituserhost(),
-	   access_runeinfo("policy-client-query $package tainted-objects ").
+	   access_runeinfo("policy-client-query $package tainted-objects ".
+			  join " ", $csuite).
 	   " true");
 	my $json = cmdoutput_errok @cmd;
 	if (!defined $json) {
diff --git a/infra/dgit-repos-policy-debian b/infra/dgit-repos-policy-debian
index 81f8d45..f15c742 100755
--- a/infra/dgit-repos-policy-debian
+++ b/infra/dgit-repos-policy-debian
@@ -545,6 +545,7 @@ sub action_check_list () {
 
 sub polclqu_tainted_objects () {
     check_package();
+    my $suite = shift @ARGV // die "need SUITE";
 
     my $topq = $poldbh->selectall_arrayref(<<END,
         SELECT taint_id, gitobjtype, gitobjid, time, comment
@@ -572,7 +573,7 @@ END
 	# We would reject this in push.  We need to arrange that the
 	# client will detect this.  The object tainting mechanism can
 	# be (ab)used for this: we tell the client that HEAD is tainted.
-	my $head = git_rev_parse('HEAD~0');
+	my $head = git_rev_parse(server_ref($suite).'~0');
 	push @$topq, {
           gitobjtype => 'commit',
           gitobjid => $head,
diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server
index 5cacfb8..20a15a2 100755
--- a/infra/dgit-repos-server
+++ b/infra/dgit-repos-server
@@ -204,7 +204,7 @@ setup_sigwarn();
 #
 # POL-CL-QUERY is one of the following:
 #
-#    tainted-objects <empty>
+#    tainted-objects SUITE
 #        => [ { "gitobjid": "sha",
 #               "comment": $string, # in server"s native language, UTF-8
 #               "overrides": [ "--deliberately-include-q-h", ... ],