diff options
author | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2022-12-28 20:34:03 +0000 |
---|---|---|
committer | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2022-12-28 23:33:35 +0000 |
commit | e6dc1107052f8177b8f4b6aeb01b3c00c946e367 (patch) | |
tree | 30d3181399b6727e937946bd28326a53e2a94bee | |
parent | 0e0d6a5b96157b96fd095dbe191f0dfae180d74d (diff) |
tainted-objects (fix): Pass suite in check and use it for HEAD
This now produces the same answers as push would.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
-rwxr-xr-x | dgit | 3 | ||||
-rwxr-xr-x | infra/dgit-repos-policy-debian | 3 | ||||
-rwxr-xr-x | infra/dgit-repos-server | 2 |
3 files changed, 5 insertions, 3 deletions
@@ -4872,7 +4872,8 @@ ENDT if ($pq_supported !~ m/false/) { my @cmd = (access_cfg_ssh, access_gituserhost(), - access_runeinfo("policy-client-query $package tainted-objects "). + access_runeinfo("policy-client-query $package tainted-objects ". + join " ", $csuite). " true"); my $json = cmdoutput_errok @cmd; if (!defined $json) { diff --git a/infra/dgit-repos-policy-debian b/infra/dgit-repos-policy-debian index 81f8d45..f15c742 100755 --- a/infra/dgit-repos-policy-debian +++ b/infra/dgit-repos-policy-debian @@ -545,6 +545,7 @@ sub action_check_list () { sub polclqu_tainted_objects () { check_package(); + my $suite = shift @ARGV // die "need SUITE"; my $topq = $poldbh->selectall_arrayref(<<END, SELECT taint_id, gitobjtype, gitobjid, time, comment @@ -572,7 +573,7 @@ END # We would reject this in push. We need to arrange that the # client will detect this. The object tainting mechanism can # be (ab)used for this: we tell the client that HEAD is tainted. - my $head = git_rev_parse('HEAD~0'); + my $head = git_rev_parse(server_ref($suite).'~0'); push @$topq, { gitobjtype => 'commit', gitobjid => $head, diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server index 5cacfb8..20a15a2 100755 --- a/infra/dgit-repos-server +++ b/infra/dgit-repos-server @@ -204,7 +204,7 @@ setup_sigwarn(); # # POL-CL-QUERY is one of the following: # -# tainted-objects <empty> +# tainted-objects SUITE # => [ { "gitobjid": "sha", # "comment": $string, # in server"s native language, UTF-8 # "overrides": [ "--deliberately-include-q-h", ... ], |