diff options
| -rw-r--r-- | Debian/Dgit.pm | 3 | ||||
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rwxr-xr-x | infra/dgit-repos-server | 24 | ||||
| -rw-r--r-- | tests/lib | 2 | ||||
| -rwxr-xr-x | tests/tests/drs-push-rejects | 15 |
5 files changed, 48 insertions, 2 deletions
diff --git a/Debian/Dgit.pm b/Debian/Dgit.pm index 50e3b86..e9921d6 100644 --- a/Debian/Dgit.pm +++ b/Debian/Dgit.pm @@ -54,7 +54,7 @@ BEGIN { $debugprefix *debuglevel *DEBUG shellquote printcmd messagequote); # implicitly uses $main::us - %EXPORT_TAGS = ( policyflags => [qw(NOFFCHECK FRESHREPO)] ); + %EXPORT_TAGS = ( policyflags => [qw(NOFFCHECK FRESHREPO NOCOMMITCHECK)] ); @EXPORT_OK = @{ $EXPORT_TAGS{policyflags} }; } @@ -71,6 +71,7 @@ our $branchprefix = 'dgit'; # dynamic loader, runtime, etc., failures, which report 127 or 255 sub NOFFCHECK () { return 0x2; } sub FRESHREPO () { return 0x4; } +sub NOCOMMITCHECK () { return 0x8; } our $debugprefix; our $debuglevel = 0; diff --git a/debian/changelog b/debian/changelog index 832253f..bfbffd5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dgit (2.15~) unstable; urgency=low + + * + + -- + dgit (2.14) unstable; urgency=critical CRITICAL BUGFIX: diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server index 1be3360..eb4b377 100755 --- a/infra/dgit-repos-server +++ b/infra/dgit-repos-server @@ -160,6 +160,9 @@ setup_sigwarn(); # FRESHREPO (4) # blow away repo right away (ie, as if before push or fetch) # ("check-package" and "push" only) +# NOCOMMITCHECK (8) +# suppress dgit-repos-server's check that commits do +# not lack "committer" info (eg as produced by #849041) # any unexpected bits mean failure, and then known set bits are ignored # if no unexpected bits set, operation continues (subject to meaning # of any expected bits set). So, eg, exit 0 means "continue normally" @@ -890,6 +893,27 @@ sub checks () { chomp $mb; $mb eq $oldcommit or reject "not fast forward on dgit branch"; } + + # defend against commits generated by #849041 + if (!($policy & NOCOMMITCHECK)) { + my @checks = qw(%an %ae %at + %cn %ce %ct); + my @chk = qw(git log -z); + push @chk, '--pretty=tformat:%H%n'. + (join "", map { $_, '%n' } @checks); + push @chk, "^$oldcommit" if $oldcommit =~ m/[^0]/; + push @chk, $commit;; + printdebug " ~NOCOMMITCHECK @chk\n"; + open CHK, "-|", @chk or die $!; + local $/ = "\0"; + while (<CHK>) { + next unless m/^$/m; + m/^\w+(?=\n)/ or die; + reject "corrupted object $& (missing metadata)"; + } + $!=0; $?=0; close CHK or $?==256 or die "$? $!"; + } + if ($policy & FRESHREPO) { # It's a bit late to be discovering this here, isn't it ? # @@ -350,7 +350,7 @@ t-git-dir-check () { } t-git-fsck () { - git fsck --no-dangling --strict + git fsck --no-dangling --strict || ${expect_fsck_fail-false} } t-fscks () { diff --git a/tests/tests/drs-push-rejects b/tests/tests/drs-push-rejects index f829dc9..dee14b8 100755 --- a/tests/tests/drs-push-rejects +++ b/tests/tests/drs-push-rejects @@ -139,6 +139,18 @@ mktag mustfail 'tag name in tag is wrong' \ refs/tags/$tagpfx/wombat:refs/tags/$tagpfx/$version $push_spec1 +echo ==== +badcommit=$( + git cat-file commit HEAD | \ + perl -pe 's/^committer.*\n//' | \ + git hash-object -w -t commit --stdin +) +git checkout -b broken $badcommit +prep unstable sid +mktag +mustfail "corrupted object $badcommit" $push_spec + +git checkout dgit/sid prep unstable sid mktag mustsucceed $push_spec # succeeds @@ -191,4 +203,7 @@ mustfail "not in permissions list although in keyring" $push_spec prep_dm_mangle '' mustsucceed $push_spec # succeeds +# we generate some junk, so we must tolerate git-fsck complaining +expect_fsck_fail=true + t-ok |