diff options
author | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2015-03-17 21:56:41 +0000 |
---|---|---|
committer | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2015-03-22 15:18:54 +0000 |
commit | 379f4be6fc6ce15641bd7412dce3e71ca11ece00 (patch) | |
tree | e5e06b7485cf0b1f9362e898e00bf4112beaea71 /infra/dgit-repos-policy-debian | |
parent | bd14b12dc5968943106f05f1a869afd290c2e2a5 (diff) |
WIP Debian policy
More notes and also some code
Diffstat (limited to 'infra/dgit-repos-policy-debian')
-rwxr-xr-x | infra/dgit-repos-policy-debian | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/infra/dgit-repos-policy-debian b/infra/dgit-repos-policy-debian new file mode 100755 index 0000000..db15310 --- /dev/null +++ b/infra/dgit-repos-policy-debian @@ -0,0 +1,111 @@ +#!/usr/bin/perl -w +# dgit repos policy hook script for Debian +# +# usages: +# dgit-repos-policy-debian DISTRO DGIT-REPOS-DIR ACTION... +# ie. +# dgit-repos-policy-debian ... check-list +# dgit-repos-policy-debian ... check-package PACKAGE +# dgit-repos-policy-debian ... push PACKAGE \ +# VERSION SUITE TAGNAME DELIBERATELIES [...] +# +# exit status is bitmap; bit weights (values) as follows +# 1 failure; operation must be rejected; other bits will be ignored +# 2 suppress dgit-repos-server's ff check ("push" only) +# 4 blow away repo away right away (ie before push or fetch) +# ("check-package" only) +# +# cwd for push is a temporary repo where the to-be-pushed objects have +# been received; TAGNAME is the version-based tag +# +# policy hook for a particular package will be invoked only once at +# a time + +use strict; +use POSIX; +use JSON; + +use Debian::Dgit; + +our $distro = shift @ARGV // die "need DISTRO"; +our $repos = shift @ARGV // die "need DGIT-REPOS-DIR"; +our $action = shift @ARGV // die "need ACTION"; +our $pkg = shift @ARGV; + +# We assume that it is not possible for NEW to have a version older +# than sid. + +# Whenever pushing, we check for +# source-package-local tainted history +# global tainted history +# can be overridden by --deliberately except for an admin prohib taint +# +# ALL of the following apply only if history is secret: +# +# if NEW has no version, or a version which is not in our history[1] +# (always) +# check all suites +# if any suite's version is in our history[1], publish our history +# otherwise discard our history, +# tainting --deliberately-include-questionable-history +# +# if NEW has a version which is in our history[1] +# (on push only) +# require explicit specification of one of +# --deliberately-include-questionable-history +# --deliberately-not-fast-forward +# (latter will taint old NEW version --d-i-q-h) +# (otherwise) +# leave it be +# +# [1] looking for the relevant git tag for the version number and not +# caring what that tag refers to. + +sub apiquery ($) { + my ($subpath) = @_; + local $/=undef; + $!=0; $?=0; my $json = `dgit -d $distro archive-api-query $subpath`; + defined $json or die "$subpath $! $?"; + return decode_json $json; +} + +sub new_has_vsn_in_our_history () { + my $in_new = apiquery "/dsc_in_suite/new/$pkg"; + foreach my $entry (@$in_new) { + my $vsn = $entry->{version}; + die "$pkg ?" unless defined $vsn; + my $tag = debiantag $vsn; + $?=0; my $r = system qw(git show-ref --verify --quiet), $tag; + return 1 if !$r; + next if $r==256; + die "$pkg tag $tag $? $!"; + } + return 0; +} + +sub selectpackage () { + die if $pkg =~ m#^-#; + die if $pkg =~ m#[^-+.0-9a-z]#; + + if (!chdir "$repos/$pkg") { + die "$pkg $!" unless $!==ENOENT; + # something + } + stat "." or die $!; + if (~(stat _)[2] & 05) { + # secret history + } + +} + +if (defined $pkg) { + selectpackage; +} + +sub action_push () { + +} + +my $fn = ${*::}{"action_$cmd"}; +$fn or die "unknown ACTION"; +$fn->(); |