path: root/dgit
Commit message (Collapse)AuthorAge
* dgit: unrepres. changes: Tolerate creation of symlinksIan Jackson2017-07-16
| | | | | | | | | | | | | | | | Experimentally, dpkg-source on stretch will create patches to create new symlinks. (It will fail on attempts to modify existing symlinks and it ignores attempts to change plain file executability.) Implementation: add an alternative which tolerates the git symlink mode. This replaces the check on $oldmode, which in this context we know is all 0s and can therefore never match. While we're here, change the error message. Closes:#857382. Signed-off-by: Ian Jackson <>
* dgit: unrepres. changes: Tolerate deletion of executable filesIan Jackson2017-07-16
| | | | | | | | | | | | | | | We don't care what the old mode was; if we tell dpkg-source to record the deletion it can do so. But we do care that it was a file. Experimentally, dpkg-source on stretch ignores attempts to delete symlinks. The removal of the check for $newmode has no functional change, because in this context we know that $newmode is all 0s. If it wasn't, we would have been in "both old and new files exist", above. So that limb of the test will never match and should be removed. Signed-off-by: Ian Jackson <>
* dgit: unrepres. changes: Separate out creation and deletionIan Jackson2017-07-16
| | | | | | | | | | We are going to want to handle these cases separately because the behaviour of dpkg-source is different. In this commit, simply clone the existing code (and add a few comments), so no functional change. Signed-off-by: Ian Jackson <>
* dgit: unrepres. changes: Prepare to tolerate symlinksIan Jackson2017-07-16
| | | | | | | | | | | | | | | | | | | | | | Permit symlinks (which have mode 120000 in git) to make their way through for more detailed checks. No functional change except to error messages, because: * If neither thing was a symlink, then the existing regexps still match and the new "modified symlink" clause will not, so the flow is unchanged. * Otherwise, if both $oldmode and $newmode match [^0], ie, this is a modification rather than deletion or removal, we insist that $oldmode=$newmode, and then, fail the new "modified symlink" check. * Otherwise, we fail the check for default mode. So in the case we are allowing to proceed further, we fail as before. Signed-off-by: Ian Jackson <>
* dgit import: Avoid making broken symlinks in ..Ian Jackson2017-07-16
| | | | | | | | | | | | In most cases we could carry on and fail later. But creating a broken symlink is undesirable, particularly because it might prevent dgit from trying to make a non-broken symlink pointing elsewhere in future (or prevent dget from downloading the file). Even worse, if the dsc is in .. but an absolute path was provided, we would make a circular symlink! Signed-off-by: Ian Jackson <>
* dgit import: Right error message for missing files in ..Ian Jackson2017-07-15
| | | | | | | | | | | | | | | | | Close examination of this code path reveals that: * The error is generated only if $there contains no slash. * This can only occur if $dscfn matches the first regexp, ie $dscfn is [./]../X in which case $there becomes X * So in this situation, $there is simply the dsc filename which is supposed to be in .. * What we should be testing is ../$f but that is $here which is what are trying to create and which we statted earlier and got ENOENT for. So this occurs when the dsc is in .. and a file it refers to is missing. Signed-off-by: Ian Jackson <>
* dgit import: Defend against broken symlinks in ..Ian Jackson2017-07-15
| | | | | | | | | Provide a special error message if lstat succeeds but lstat fails. This is not hypothetical - currently even dgit import ../blah.dsc can generate this situation ! Signed-off-by: Ian Jackson <>
* dgit: Regularise patch filenames, and defend against funny commit subjectsIan Jackson2017-07-09
| | | | | | | * Do not specified patch names which look like series filenames * When we invent a filename based on a commit message, add ".patch". Signed-off-by: Ian Jackson <>
* dgit: Pass --no-renames to git diff-tree -z, avoiding potential troubleIan Jackson2017-07-09
| | | | | | | | | | Without this option, git-diff-tree might detect a rename (or possibly even a copy). If it does it prints a different output format with a status of C or R *and a separate filename*. The latter is an additional nul-terminated record and would get dgit's interpreter of the git diff-tree output out of step. Signed-off-by: Ian Jackson <>
* Actually understand foo,-security (!)Ian Jackson2017-07-08
| | | | | | | | | | | | There does not in fact seem to have been any code which implements this line from dgit(7): If a specified subsuite starts with - then mainsuite is prepended. The code which canonicalises it back to the version with ",-" does work, though. Closes:#867189. Signed-off-by: Ian Jackson <>
* dgit: mkdir .git/info in setup_gitattrsIan Jackson2017-07-08
| | | | | | | | This might be necessary if setup_mergechangelogs were disabled. (This is something of a latent bug, since `git init' creates .git/info.) Signed-off-by: Ian Jackson <>
* dgit: clone multisuite works even without --no-rm-on-error.Ian Jackson2017-07-08
| | | | | | | | | | | | | | | | | | | | | This is slightly subtle. We need $rmonerror in cmd_clone to be cleared. cmd_clone does that only when clone itself returns. The multisuite plumbing means that currently, clone returns only in the child which set up the tree and set up the first suite. Unsetting $rmonerror there is correct because we want to keep the tree on success, and the parent will remove it if there is a later failure. (Ie, the child remains responsible for removing the tree if it itself fails.) In the parent, we get $multi_fetched==1 if not only our original clone child succeeded, but all the other fetches worked too. We are now responsible for the tree. If our final tasks are successful, again, we need not to delete the tree. Closes:#867434. Signed-off-by: Ian Jackson <>
* dgit: honour more pre-tree git config options in our private treesIan Jackson2017-07-08
| | | | | | | | | | These share the user's object store and we should manipulate the object store the way the user wants. In particular, core.sharedRepository is important. Prompted by #867603, which is the same bug in dgit-badcommit-fixup. Signed-off-by: Ian Jackson <>
* dgit: tolerate compressor terminating with SIGPIPE.Ian Jackson2017-07-08
| | | | | | Closes:#857694. Signed-off-by: Ian Jackson <>
* dgit: avoid dying with wrong message if compression failsIan Jackson2017-07-08
| | | | | | | | | | | When dgit intended to report a decompressor had failed, it would instead crash with no useful message. This was due to generate_commits_from_dsc's @compr_cmd being shadowed inside the if $compr_ext. This is part of #857694. Signed-off-by: Ian Jackson <>
* dgit: Add many pre_* to call no_local_git_cfgIan Jackson2017-07-08
| | | | | | | | | | | | | | For each operation which can meaningfully be run outside a git tree, arrange to call no_local_git_cfg and thus avoid running git config --local There is one slight infelicity: some subcommands (notably archive-api-query) could in theory be run within a git tree and expect that git tree to influence their output. However, this seems unlikely. In fact, I think there are probably only in-tree callers and the in-tree callers do not do this. Signed-off-by: Ian Jackson <>
* dgit: Provide no_local_git_configIan Jackson2017-07-08
| | | | | | | | | | | Part of the fix to #865863. No callers yet, so no functional change. This function not only arranges not to call git config --local. Removing 'local' from @gitcfgsources also prevents various config lookup machinery from trying to find information in $cfg{local} now of course does not exist. Signed-off-by: Ian Jackson <>
* dgit: rpush: Do argument parsing and chdir in pre_...Ian Jackson2017-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | The only thing in between pre_... and cmd_... os git_slurp_config. The code now in pre_... does the following things, all of these should be done before git_slurp_config: * Sets some global variables affecting debugging and logging output. If git_slurp_config is told to print debugging, it should be affected by these changes. * Rearranges its file descriptors so that stdin/stdout are as the rest of dgit expects, and the protocol is on PI/PO. If git_slurp_config were to use stdin/stdout, it ought to use the "normal" versions, and not access the protocol streams. * Checks and calculates the negotiated protocol version. This is not affected by the config, only by the arguments form the caller and our own idea of the protocol versions we support. * Changes to the appropriate working tree. Doing this before slurping the config arranges to honour the local git config from build host working tree. (It also avoids rpush failing on newer git due to asking for git config --local in the wrong place.) Signed-off-by: Ian Jackson <>
* dgit: Postpone call to git_slurp_configIan Jackson2017-07-08
| | | | | | | | | | | | | | | | | | | | | | | This is needed to fix #865863: we need to know what our operation is, before we can decide whether to look for --local git config. The code which now runs earlier is: * The messages about $dryrun_level (which is set only by the command line, and not by configuration - verified by searching for $dryrun_level). * Usage failure if @ARGV empty. This is not affected by configuration. (parseopts does the argument parsing and already runs before git_slurp_config.) * Extracting the $cmd from @ARGV. * Calling $pre_fn. There is only one pre_* sub, which is pre_gbp_build. It provides the default for $quilt_mode. $quilt_mode is indeed somewhat entangled with the git config, but this takes place in parseopts_late_defaults, which is called much later. Therefore there is no functional change. Signed-off-by: Ian Jackson <>
* dgit: curl --proto-redir settings: do not use qw() for ...,...Ian Jackson2017-07-08
| | | | | | | | | | | This syntax generates the following spurious warning with buster's perl (but not with stretch's): Possible attempt to separate words with commas at /home/ian/things/Dgit/2dgit/dgit line 103. It seems better to keep this warning everywhere else, and using a different syntax is easier than disabling it around this construct. Signed-off-by: Ian Jackson <>
* dgit: Cope if the archive server sends an HTTP redirectIan Jackson2017-07-08
| | | | | | | | | | | | | | | | | | | | | | | We achieve this by passing -L to curl. We also pass an appropriate-seeming --proto-redir, because the curl manual is not entirely reassuring that following redirections with the default configuration is safe. This finally fixes #867185/#867309. What happens there is that curl gets a redirect, along with an HTML error document. curl then exits with status zero, effectively pretending that the error document is the resource which was requested. dgit notices that something is wrong because the file does not have the expected cryptographic checksum. I suspect that there are other download problems which would give a similar effect. Sadly the curl manpage doesn't seem to suggest a way to avoid this. At least, dgit will never carry on in such a situation, since it insists that the file has the right hash. And if it does have the right hash we don't really care how it was obtained. Signed-off-by: Ian Jackson <>
* dgit: avoid "Use of uninitialized value $got in concatenation"Ian Jackson2017-07-08
| | | | | | | | | | | When dgit wanted to report that a file it downloaded had the wrong checksum, it would instead crash with this message. This was due to complete_file_from_dsc's $got (which is relied on by the callers of $checkhash) being shadowed inside $checkhash. This is part of #867185/#867185. Signed-off-by: Ian Jackson <>
* dgit: fix rpush+buildinfo: Transfer buildinfos for signing.Ian Jackson2017-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | buildinfos are supposed to be signed. And, indeed, if they are present, debsign wants to sign them. That means they need to be transferred to the signing end, and back again. We check that the filename is not totally unreasonable, but do not attempt to verify it completely. If there are situations where unwanted or confusing buildinfos are generated, this is the fault of the build process. dgit rpush should, in this respect, do the same as debsign+dput - ie faithfully sign and upload what the build has provided. We do check that the buildinfo doesn't look too much like a .changes, and mentions the same files as the .changes (insofar as they mention files in common). This is a rather nugatory defence against some kinds of bait and switch attacks. This is in some sense an incompatible protocol change: if the build host has a new dgit, and sends buildinfos, an old dgit on the initiator will declare a protocol violation. However, the new protocol elements occur only when needed. in this situation, the only way to get things to work at all with the old dgit at either end would be to strip out the buildinfos, which is obviously undesirable. Closes:#867693. Signed-off-by: Ian Jackson <>
* rpush: break out @rfiles in dopushIan Jackson2017-07-08
| | | | | | | | | This very slight refactoring makes it easier to add additional files here, and also factors out the appending of $dryrunsuffix to each one. No functional change. Signed-off-by: Ian Jackson <>
* dgit: importing: Better handle commas in changelog maintainer fieldsIan Jackson2017-02-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some maintainers have written commas in the maintainer field of their changelog entries. Such changelog entries could not be imported. clogp_authline had code to replace multiple maintainers (which are hypothetical right now) into just the first, but that trips on these maintainers with commas. Ultimately we should expect that the Maintainer: field from dpkg-parsechangelog is in (a subset of) RFC5322 recipient field format. In that format, any commas would need to be quoted. So: If the Maintainer field from dpkg-parsechangelog has a comma which has no @ or " before it, then we consider it a single old-school comma-containing maintainer. If it were intended as multiple maintainers, then the first maintainer has no email address. Not coping properly with that very-hypothetical future seems OK. We simply delete the comma, so that the things we record in the git history are more conservative. If there is a " we leave things untouched in the hope that this is a single address, albeit with some quoting. The alternative would be to try to use a full RFC5322 parser. That's quite a risky change. Perhaps we will revisit this after stretch. For now this Closes:#852661. Signed-off-by: Ian Jackson <>
* dgit: Do not fail when run with detached HEAD. Closes:#853022.Ian Jackson2017-02-05
| | | | | | | | | | | | | | Specifically: * Pass -q to git-symbolic-ref. That means that it doesn't print an error message when HEAD is not a symbolic ref (ie, a detached head), and it means that the exit status is then 1 rather than 128. * If the return value from cmdoutput_errok is undef, check $? (which is the exit status <<8) and then simply pass on the undef. Signed-off-by: Ian Jackson <>
* dgit: branchsuite: Break out @cmdIan Jackson2017-02-05
| | | | | | | | We are going to need to reuse this to print a proper error message. No functional change. Signed-off-by: Ian Jackson <>
* dgit: Strip initial newline from Changes line from dpkg-parsechangelogIan Jackson2017-02-05
| | | | | | so as to avoid blank line in commit messages. Closes:#853093. Signed-off-by: Ian Jackson <>
* dgit: Copy several user.* settings from main tree git local configIan Jackson2017-02-05
| | | | | | Copy to dgit private workarea. Closes:#853085. Signed-off-by: Ian Jackson <>
* dgit --overwrite: Check $gf->('Distribution')Ian Jackson2017-01-25
| | | | | | | | | | | | | Check that the overwritten version's changelog entry is not UNRELEASED. This could easily happen if this release was being made from a git branch which predates the previous package upload, with working practices which commit finalised UNRELEASED changelog entries with the complete version number for the next upload. (Such practices seem quite common.) Signed-off-by: Ian Jackson <>
* pseudomerge_version_check; Break out $gfIan Jackson2017-01-25
| | | | | | No functional change. Signed-off-by: Ian Jackson <>
* config and suite handling: Make dgit-setup-* work in default distro.Ian Jackson2017-01-23
| | | | Signed-off-by: Ian Jackson <>
* dgit: repos_server_url: Set $access_forpush to 1Ian Jackson2017-01-19
| | | | | | | | | | | In 468edf05661e "dgit: clone-dgit-repos-server: Set $access_forpush" we set this to 0. But this is wrong. The dgit-repos-server is used for pushing, not for readonly access. The readonly url may be entirely wrong, and indeed it is, for Debian. Signed-off-by: Ian Jackson <>
* dgit: repos_server_url: Set $isuiteIan Jackson2017-01-19
| | | | | | | | We need to set this or access_*() fails. Set it to a dummy value. The user will need to specify -d to get the server for a non-default distro, which is hopefully obvious. Signed-off-by: Ian Jackson <>
* dgit: repos_server_url(): Break outIan Jackson2017-01-19
| | | | | | No functional change. Signed-off-by: Ian Jackson <>
* dgit: aptget archive access methodPeter Michael Green2017-01-19
| | | | | Add dummy implementation of file_in_archive_aptget copied from file_in_archive_dummycat. Re:#851697.
* dgit: git_lrfetch_sane: Take $url, and pass it right value in importIan Jackson2017-01-18
| | | | | | | This means we actually use the url from a Dgit .dsc field naming an unknown distro. Closes:#851728. Signed-off-by: Ian Jackson <>
* dgit: git_get_config: Use confess, not croakIan Jackson2017-01-18
| | | | | | Using croak was simply a mistake. I always wanted a stack trace. Signed-off-by: Ian Jackson <>
* dgit: clonee: Do setup_new_tree earlier.Ian Jackson2017-01-17
| | | | | | | This avoids printing a spurious warning about actually-defused gitattributes when cloning. Closes:#851624. Signed-off-by: Ian Jackson <>
* dgit: Defuse gitattributes in private working area, alwaysIan Jackson2017-01-17
| | | | | | | Even if we don't do it in the user's tree because config setup-gitattributes=false. Signed-off-by: Ian Jackson <>
* dgit: Improve comment left in .git/info/attributes.Ian Jackson2017-01-17
| | | | Signed-off-by: Ian Jackson <>
* gitattributes: Docs and message wordsmithingIan Jackson2017-01-16
| | | | Signed-off-by: Ian Jackson <>
* gitattributes: Issue a warning on un-defused .gitattributesIan Jackson2017-01-16
| | | | Signed-off-by: Ian Jackson <>
* gitattributes: dgit: setup-gitattributes: New actionIan Jackson2017-01-16
| | | | Signed-off-by: Ian Jackson <>
* gitattributes: Suppress transformations in our cloned treesIan Jackson2017-01-16
| | | | | | | The user wants a checkout of the actual source tree, so that their checkout and the source package are identical. Signed-off-by: Ian Jackson <>
* gitattributes: Suppress transformations in udIan Jackson2017-01-16
| | | | | | | | | | We want all of our own manipulations to be unaffected by gitattributes transformations, so that the imported git *trees* are identical to the source packages. (Ie, if transformations are in effect, the *checkout* of such a tree might not be identical to the source package.) Signed-off-by: Ian Jackson <>
* dgit: gitattributes: Provide setup_gitattrs (internal function)Ian Jackson2017-01-16
| | | | | | | This is the idempotent function which adds the appropriate runes to .git/info/attributes. No callers yet. Signed-off-by: Ian Jackson <>
* dgit: import_dsc: Break out import_dsc_resultIan Jackson2017-01-16
| | | | | | No functional change other than slight change to messages. Signed-off-by: Ian Jackson <>
* dgit: Remove redundant use of List::Util qw(any). Closes:#851280.Ian Jackson2017-01-13
| | | | Signed-off-by: Ian Jackson <>
* dgit: Option parsing: Fix undefined $suite in some import-dsc.Ian Jackson2017-01-13
| | | | | | | | | | | | | | | | | | | | | | | * Set $isuite to a dummy value. In import-dsc we aren't operating on a suite. We have to set it to something (because the config likes to look at the suite) and this avoids picking up information relating to the default suite. * Set $idistro (if -d not supplied) to the distro from (or implied by) the .dsc. This is needed so that we do not use any config from the default distro. In particular, the default commands (like what `git' command to use to access the dgit git server) need to be found via the dsc's distro's cmd-git setting, and this is done by parseopts_late_defaults() in pushing(). So we must set $idistro before then. * Move notpushing earlier, so that we call it before we call resolve_dsc_field_commit(). (It doesn't matter there for $idistro, because it sets that itself, but the git command does.) Closes:#851213. Signed-off-by: Ian Jackson <>