diff options
author | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2022-12-27 19:46:26 +0000 |
---|---|---|
committer | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2022-12-28 12:07:44 +0000 |
commit | bb57dba547069e024875213dd088daa1b747946c (patch) | |
tree | e4ae111e2b31a5b4cc01b1a0b3e0a55343f9af2b /infra/dgit-repos-policy-debian | |
parent | 1487f0e51156dedc0121f5e17d6d7cf6f3a19b2f (diff) |
dgit-repos-policy-debian: package_questionable_head_msg: explain
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Diffstat (limited to 'infra/dgit-repos-policy-debian')
-rwxr-xr-x | infra/dgit-repos-policy-debian | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/infra/dgit-repos-policy-debian b/infra/dgit-repos-policy-debian index cb69211..0566285 100755 --- a/infra/dgit-repos-policy-debian +++ b/infra/dgit-repos-policy-debian @@ -313,6 +313,26 @@ sub getpushinfo () { sub deliberately ($) { return $deliberately{"--deliberately-$_[0]"}; } sub package_questionable_head_msg () { + # This lets us reuse some of the same code, and the same message, + # for checking during actual push, and for pre-push taint check. + # + # In principle it might be nicer to unify this code, with some + # kind of super realistic dry run push function. However, that + # dry run function would have to involve sending the client's git + # objects to the server. We wouldn't want to do that twice, so it + # would have to be cached somehow, but we don't want to allow + # un-signed things to lurk about on the server. (The super dry + # run mode would have to involve the server tolerating an unsigned + # tag, or something, but that would be OK in principle.) The dry + # run mode would have to be careful about what subsets of the + # actions it took. + # + # So instead we apply ad-hoc checks, with separate implementations + # for the push path, and the pre-push checks. The tainted-objects + # policy-client-query exists to support this: it allows the + # efficient reimplementation of the tainted objects check, without + # transferring the objects to the server. + return undef unless $pkg_exists; return undef unless $pkg_secret; # TODO: ideally this would be translated at the client end but |