summaryrefslogtreecommitdiff
path: root/infra/dgit-repos-policy-debian
diff options
context:
space:
mode:
Diffstat (limited to 'infra/dgit-repos-policy-debian')
-rwxr-xr-xinfra/dgit-repos-policy-debian111
1 files changed, 111 insertions, 0 deletions
diff --git a/infra/dgit-repos-policy-debian b/infra/dgit-repos-policy-debian
new file mode 100755
index 0000000..db15310
--- /dev/null
+++ b/infra/dgit-repos-policy-debian
@@ -0,0 +1,111 @@
+#!/usr/bin/perl -w
+# dgit repos policy hook script for Debian
+#
+# usages:
+# dgit-repos-policy-debian DISTRO DGIT-REPOS-DIR ACTION...
+# ie.
+# dgit-repos-policy-debian ... check-list
+# dgit-repos-policy-debian ... check-package PACKAGE
+# dgit-repos-policy-debian ... push PACKAGE \
+# VERSION SUITE TAGNAME DELIBERATELIES [...]
+#
+# exit status is bitmap; bit weights (values) as follows
+# 1 failure; operation must be rejected; other bits will be ignored
+# 2 suppress dgit-repos-server's ff check ("push" only)
+# 4 blow away repo away right away (ie before push or fetch)
+# ("check-package" only)
+#
+# cwd for push is a temporary repo where the to-be-pushed objects have
+# been received; TAGNAME is the version-based tag
+#
+# policy hook for a particular package will be invoked only once at
+# a time
+
+use strict;
+use POSIX;
+use JSON;
+
+use Debian::Dgit;
+
+our $distro = shift @ARGV // die "need DISTRO";
+our $repos = shift @ARGV // die "need DGIT-REPOS-DIR";
+our $action = shift @ARGV // die "need ACTION";
+our $pkg = shift @ARGV;
+
+# We assume that it is not possible for NEW to have a version older
+# than sid.
+
+# Whenever pushing, we check for
+# source-package-local tainted history
+# global tainted history
+# can be overridden by --deliberately except for an admin prohib taint
+#
+# ALL of the following apply only if history is secret:
+#
+# if NEW has no version, or a version which is not in our history[1]
+# (always)
+# check all suites
+# if any suite's version is in our history[1], publish our history
+# otherwise discard our history,
+# tainting --deliberately-include-questionable-history
+#
+# if NEW has a version which is in our history[1]
+# (on push only)
+# require explicit specification of one of
+# --deliberately-include-questionable-history
+# --deliberately-not-fast-forward
+# (latter will taint old NEW version --d-i-q-h)
+# (otherwise)
+# leave it be
+#
+# [1] looking for the relevant git tag for the version number and not
+# caring what that tag refers to.
+
+sub apiquery ($) {
+ my ($subpath) = @_;
+ local $/=undef;
+ $!=0; $?=0; my $json = `dgit -d $distro archive-api-query $subpath`;
+ defined $json or die "$subpath $! $?";
+ return decode_json $json;
+}
+
+sub new_has_vsn_in_our_history () {
+ my $in_new = apiquery "/dsc_in_suite/new/$pkg";
+ foreach my $entry (@$in_new) {
+ my $vsn = $entry->{version};
+ die "$pkg ?" unless defined $vsn;
+ my $tag = debiantag $vsn;
+ $?=0; my $r = system qw(git show-ref --verify --quiet), $tag;
+ return 1 if !$r;
+ next if $r==256;
+ die "$pkg tag $tag $? $!";
+ }
+ return 0;
+}
+
+sub selectpackage () {
+ die if $pkg =~ m#^-#;
+ die if $pkg =~ m#[^-+.0-9a-z]#;
+
+ if (!chdir "$repos/$pkg") {
+ die "$pkg $!" unless $!==ENOENT;
+ # something
+ }
+ stat "." or die $!;
+ if (~(stat _)[2] & 05) {
+ # secret history
+ }
+
+}
+
+if (defined $pkg) {
+ selectpackage;
+}
+
+sub action_push () {
+
+}
+
+my $fn = ${*::}{"action_$cmd"};
+$fn or die "unknown ACTION";
+$fn->();