From 1221ee9aff724054ce7b866110eb72571a183457 Mon Sep 17 00:00:00 2001 From: Sean Whitton Date: Mon, 22 Jul 2019 21:42:03 +0100 Subject: changelog: start 9.6 Signed-off-by: Sean Whitton --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 767f59e..06787f2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dgit (9.6~) unstable; urgency=medium + + * + + -- + dgit (9.5) unstable; urgency=medium git-debpush [Sean Whitton]: -- cgit v1.2.3 From 9988391d38561dfa83372cb4a1ba881bbe60d727 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 15:06:16 +0100 Subject: changelog: Add missing Closes of #932476 to changelog entry for 9.5 Signed-off-by: Ian Jackson --- debian/changelog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 06787f2..218d624 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ dgit (9.6~) unstable; urgency=medium - * + Administrivia: + * Add missing Closes of #932476 to changelog entry for 9.5 -- @@ -8,7 +9,7 @@ dgit (9.5) unstable; urgency=medium git-debpush [Sean Whitton]: * Support ignoring individual checks with --force=check. Closes:#932459. - * Check upstream source is identical in the upstream tag. + * Check upstream source is identical in the upstream tag. Closes:#932476. * Check that patches are (un)applicable. Closes:#932477. * Check for an unstitched git-debrebase branch. Closes:#932612. * Check for explicitly pushing detached HEAD. -- cgit v1.2.3 From 9949ffa8a74cd5441b9566acabb935bc18d291da Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 15:18:22 +0100 Subject: dgit: Break out api_query_raw In support of #932570. No functional change. Signed-off-by: Ian Jackson --- dgit | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/dgit b/dgit index cde8546..80adf1f 100755 --- a/dgit +++ b/dgit @@ -1223,8 +1223,7 @@ sub archive_api_query_cmd ($) { return @cmd; } -sub api_query ($$;$) { - use JSON; +sub api_query_raw ($$;$) { my ($data, $subpath, $ok404) = @_; badcfg __ "ftpmasterapi archive query method takes no data part" if length $data; @@ -1240,6 +1239,14 @@ sub api_query ($$;$) { return undef if $code eq '404' && $ok404; fail f_ "fetch of %s gave HTTP code %s", $url, $code unless $url =~ m#^file://# or $code =~ m/^2/; + return $json; +} + +sub api_query ($$;$) { + my ($data, $subpath, $ok404) = @_; + use JSON; + my $json = api_query_raw $data, $subpath, $ok404; + return undef unless defined $json; return decode_json($json); } -- cgit v1.2.3 From 49057372811e0d8f1f3cf856a3056dfe49e9139f Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 15:27:51 +0100 Subject: dgit: Move $data check into api_query In support of #932570. Our intended other caller doesn't have a $data. No functional change. Signed-off-by: Ian Jackson --- dgit | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dgit b/dgit index 80adf1f..ed6827b 100755 --- a/dgit +++ b/dgit @@ -1223,10 +1223,8 @@ sub archive_api_query_cmd ($) { return @cmd; } -sub api_query_raw ($$;$) { - my ($data, $subpath, $ok404) = @_; - badcfg __ "ftpmasterapi archive query method takes no data part" - if length $data; +sub api_query_raw ($;$) { + my ($subpath, $ok404) = @_; my @cmd = archive_api_query_cmd($subpath); my $url = $cmd[$#cmd]; push @cmd, qw(-w %{http_code}); @@ -1245,7 +1243,9 @@ sub api_query_raw ($$;$) { sub api_query ($$;$) { my ($data, $subpath, $ok404) = @_; use JSON; - my $json = api_query_raw $data, $subpath, $ok404; + badcfg __ "ftpmasterapi archive query method takes no data part" + if length $data; + my $json = api_query_raw $subpath, $ok404; return undef unless defined $json; return decode_json($json); } -- cgit v1.2.3 From 1451f1261ad4420b46e90a44c3c7cae26432994e Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 15:24:55 +0100 Subject: dgit: Make cmd_archive_api_query call api_query_raw In support of #932570. Now there is only one caller of archive_api_query_cmd. It is OK to pass `undef' because - archive_ No functional change. Signed-off-by: Ian Jackson --- dgit | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dgit b/dgit index ed6827b..924428c 100755 --- a/dgit +++ b/dgit @@ -7347,10 +7347,8 @@ sub cmd_archive_api_query { badusage __ "need only 1 subpath argument" unless @ARGV==1; my ($subpath) = @ARGV; local $isuite = 'DGIT-API-QUERY-CMD'; - my @cmd = archive_api_query_cmd($subpath); - push @cmd, qw(-f); - debugcmd ">",@cmd; - exec @cmd or fail f_ "exec curl: %s\n", $!; + my $json = api_query_raw $subpath; + print $json or die "$!"; } sub repos_server_url () { -- cgit v1.2.3 From 7f1d8a2f4545daba6952981e4836b902b32d2005 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 16:03:13 +0100 Subject: dgit: Provide --for-push option This is much more conveient and in some cases sensible than -cdgit-distro.DISTRO.readonly=0 Signed-off-by: Ian Jackson --- dgit | 3 +++ dgit.1 | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/dgit b/dgit index 924428c..ca6fe56 100755 --- a/dgit +++ b/dgit @@ -7604,6 +7604,9 @@ sub parseopts () { f_ "%s: warning: ignoring unknown force option %s\n", $us, $_; $_=''; + } elsif (m/^--for-push$/s) { + push @ropts, $_; + $access_forpush = 1; } elsif (m/^--config-lookup-explode=(.+)$/s) { # undocumented, for testing push @ropts, $_; diff --git a/dgit.1 b/dgit.1 index f099ed0..a3c2549 100644 --- a/dgit.1 +++ b/dgit.1 @@ -1327,6 +1327,12 @@ Force on or off the use of the absurd git-apply emulation when running gbp pq import when importing a package from a .dsc. See Debian bug #841867. +.TP +.BR \-\-for\-push +Override the dgit-distro.distro.readonly configuration setting, +to specify that we have read/write access +and should use the corresponding git and achive access approach +even if the operation is a read-only one. .SH CONFIGURATION dgit can be configured via the git config system. You may set keys with git-config (either in system-global or per-tree -- cgit v1.2.3 From 92e5cb8a90df986f05a2e9c5435d068486320d7a Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 16:03:49 +0100 Subject: tag2upload: Use the non-readonly method for dgit fetch The principal effect in the Debian configuration is to access the master dgit git server via ssh, rather than the mirror via https. Signed-off-by: Ian Jackson --- infra/dgit-repos-server | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/dgit-repos-server b/infra/dgit-repos-server index 4c7e031..f94315a 100755 --- a/infra/dgit-repos-server +++ b/infra/dgit-repos-server @@ -1263,7 +1263,7 @@ END $clogf->('Version', $version); $clogf->('Source', $package); - @fetch = (@dgit, qw(fetch), $suite); + @fetch = (@dgit, qw(--for-push fetch), $suite); debugcmd "+",@_; $!=0; $?=-1; if (system @fetch) { -- cgit v1.2.3 From a1ecf6c5a6d87ed85f89a63c8ed2c591f496a3c4 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 16:22:19 +0100 Subject: dgit: Drop support for old attempts at cert/key pinning I don't think anyone is using these. We are going to do something different to try fo fix #932570. When #790093 is fixed we may need something like archive-query-tls-key (or even exactly that) but we would have to reimplement it for WWW::Curl anyway. Signed-off-by: Ian Jackson --- dgit | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/dgit b/dgit index ca6fe56..00f86c6 100755 --- a/dgit +++ b/dgit @@ -1197,27 +1197,11 @@ sub archive_api_query_cmd ($) { my @cmd = (@curl, qw(-sS)); my $url = access_cfg('archive-query-url'); if ($url =~ m#^https://([-.0-9a-z]+)/#) { - my $host = $1; - my $keys = access_cfg('archive-query-tls-key','RETURN-UNDEF') //''; - foreach my $key (split /\:/, $keys) { - $key =~ s/\%HOST\%/$host/g; - if (!stat $key) { - fail "for $url: stat $key: $!" unless $!==ENOENT; - next; - } - fail f_ "config requested specific TLS key but do not know". - " how to get curl to use exactly that EE key (%s)", - $key; -# push @cmd, "--cacert", $key, "--capath", "/dev/enoent"; -# # Sadly the above line does not work because of changes -# # to gnutls. The real fix for #790093 may involve -# # new curl options. - last; + foreach my $k (qw(archive-query-tls-key + archive-query-tls-curl-ca-args)) { + fail "config option $k is obsolete and no longer supported" + if defined access_cfg($k, 'RETURN-UNDEF'); } - # Fixing #790093 properly will involve providing a value - # for this on clients. - my $kargs = access_cfg('archive-query-tls-curl-ca-args','RETURN-UNDEF'); - push @cmd, split / /, $kargs if defined $kargs; } push @cmd, $url.$subpath; return @cmd; -- cgit v1.2.3 From f3405131b5bab67ec0757eeeb2c0b7f532c9e05e Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 16:35:01 +0100 Subject: dgit: Use WWW::Curl rather than invoking curl(1) for archive api Signed-off-by: Ian Jackson --- debian/control | 2 +- dgit | 42 +++++++++++++++++++++++++++--------------- 2 files changed, 28 insertions(+), 16 deletions(-) diff --git a/debian/control b/debian/control index 3395984..6fa937b 100644 --- a/debian/control +++ b/debian/control @@ -15,7 +15,7 @@ Depends: perl, libwww-perl, libdpkg-perl, git-core, devscripts, dpkg-dev, coreutils (>= 8.23-1~), libdigest-sha-perl, dput, curl, apt, libjson-perl, ca-certificates, - libtext-iconv-perl, libtext-glob-perl + libtext-iconv-perl, libtext-glob-perl, libwww-curl-perl Recommends: ssh-client Suggests: sbuild | pbuilder | cowbuilder Architecture: all diff --git a/dgit b/dgit index 00f86c6..4a5cae1 100755 --- a/dgit +++ b/dgit @@ -1192,10 +1192,23 @@ sub cfg_apply_map ($$$) { #---------- `ftpmasterapi' archive query method (nascent) ---------- -sub archive_api_query_cmd ($) { - my ($subpath) = @_; - my @cmd = (@curl, qw(-sS)); - my $url = access_cfg('archive-query-url'); +sub archive_api_query_curl ($) { + my ($url) = @_; + + use WWW::Curl::Easy; + + my $curl = WWW::Curl::Easy->new; + my $setopt = sub { + my ($k,$v) = @_; + my $x = $curl->setopt($k, $v); + confess "$k $v ".$curl->strerror($x)." ?" if $x; + }; + + my $response_body; + $setopt->(CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS|CURLPROTO_HTTP); + $setopt->(CURLOPT_URL, $url); + $setopt->(CURLOPT_WRITEDATA, \$response_body); + if ($url =~ m#^https://([-.0-9a-z]+)/#) { foreach my $k (qw(archive-query-tls-key archive-query-tls-curl-ca-args)) { @@ -1203,21 +1216,20 @@ sub archive_api_query_cmd ($) { if defined access_cfg($k, 'RETURN-UNDEF'); } } - push @cmd, $url.$subpath; - return @cmd; + + my $x = $curl->perform(); + fail f_ "fetch of %s failed (%s): %s", + $url, $curl->strerror($x), $curl->errbuf + if $x; + + return $curl->getinfo(CURLINFO_HTTP_CODE), $response_body; } sub api_query_raw ($;$) { my ($subpath, $ok404) = @_; - my @cmd = archive_api_query_cmd($subpath); - my $url = $cmd[$#cmd]; - push @cmd, qw(-w %{http_code}); - my $json = cmdoutput @cmd; - unless ($json =~ s/\d+\d+\d$//) { - failedcmd_report_cmd undef, @cmd; - fail __ "curl failed to print 3-digit HTTP code"; - } - my $code = $&; + my $url = access_cfg('archive-query-url'); + $url .= $subpath; + my ($code,$json) = archive_api_query_curl($url); return undef if $code eq '404' && $ok404; fail f_ "fetch of %s gave HTTP code %s", $url, $code unless $url =~ m#^file://# or $code =~ m/^2/; -- cgit v1.2.3 From 871cb459862d86e8c572e52a0beca8b5381883f5 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 17:06:38 +0100 Subject: dgit: archive_api_query_curl: Add a bit of debug Signed-off-by: Ian Jackson --- dgit | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dgit b/dgit index 4a5cae1..7e975e1 100755 --- a/dgit +++ b/dgit @@ -1217,6 +1217,8 @@ sub archive_api_query_curl ($) { } } + printdebug "archive api query: fetching $url...\n"; + my $x = $curl->perform(); fail f_ "fetch of %s failed (%s): %s", $url, $curl->strerror($x), $curl->errbuf -- cgit v1.2.3 From b0879c98de6356234edf1365c6553a694725d040 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 21:47:57 +0100 Subject: dgit: Set $SIG{INT} to DEFAULT There is a bug in libdpkg-perl, where Dpkg::Source::Package installs a handler on loading. This has the effect of making in-process C calls (eg to libcurl) uninterruptible by ^C. Work around it by unconditionally resetting SIGINT. (Anyone who deliberately invoked us with SIGINT ignored deserves to keep all the resulting pieces.) See #932841. Signed-off-by: Ian Jackson --- dgit | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dgit b/dgit index 7e975e1..696978b 100755 --- a/dgit +++ b/dgit @@ -54,6 +54,8 @@ use Debian::Dgit; our $our_version = 'UNRELEASED'; ###substituted### our $absurdity = undef; ###substituted### +$SIG{INT} = 'DEFAULT'; # work around #932841 + our @rpushprotovsn_support = qw(6 5 4); # Reverse order! our $protovsn; -- cgit v1.2.3 From 230d9f8ed1dd3f9e4ee4351af34e4bcb52c54ac8 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 18:22:26 +0100 Subject: dgit: libcurl usage: Install SIGPIPE handler ourselv We don't want a global SIGPIPE setting. In particular we do not want to run any of subprocesses with SIGPIPE ignored. Just in case libcurl gets this wrong, tell it CURLOPT_NOSIGNAL, and do it ourselves. Signed-off-by: Ian Jackson --- dgit | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dgit b/dgit index 696978b..5bd648a 100755 --- a/dgit +++ b/dgit @@ -1209,6 +1209,7 @@ sub archive_api_query_curl ($) { my $response_body; $setopt->(CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS|CURLPROTO_HTTP); $setopt->(CURLOPT_URL, $url); + $setopt->(CURLOPT_NOSIGNAL, 1); $setopt->(CURLOPT_WRITEDATA, \$response_body); if ($url =~ m#^https://([-.0-9a-z]+)/#) { @@ -1221,6 +1222,8 @@ sub archive_api_query_curl ($) { printdebug "archive api query: fetching $url...\n"; + local $SIG{PIPE} = 'IGNORE'; + my $x = $curl->perform(); fail f_ "fetch of %s failed (%s): %s", $url, $curl->strerror($x), $curl->errbuf -- cgit v1.2.3 From f9462701607b57a6debcf3e0e7a5548a56af3cf6 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 17:26:51 +0100 Subject: dgit: Reorganise url_fetch This was archive_api_query_curl. We're working on making it good for other things too. No functional change. Signed-off-by: Ian Jackson --- dgit | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/dgit b/dgit index 5bd648a..48be198 100755 --- a/dgit +++ b/dgit @@ -1192,10 +1192,9 @@ sub cfg_apply_map ($$$) { $$varref = $_; } -#---------- `ftpmasterapi' archive query method (nascent) ---------- - -sub archive_api_query_curl ($) { - my ($url) = @_; +sub url_fetch ($;@) { + my ($url, %xopts) = @_; + # Ok404 => 1 means give undef for 404 use WWW::Curl::Easy; @@ -1220,7 +1219,7 @@ sub archive_api_query_curl ($) { } } - printdebug "archive api query: fetching $url...\n"; + printdebug "query: fetching $url...\n"; local $SIG{PIPE} = 'IGNORE'; @@ -1229,18 +1228,21 @@ sub archive_api_query_curl ($) { $url, $curl->strerror($x), $curl->errbuf if $x; - return $curl->getinfo(CURLINFO_HTTP_CODE), $response_body; + my $code = $curl->getinfo(CURLINFO_HTTP_CODE); + if ($code eq '404' && $xopts{Ok404}) { return undef; } + + fail f_ "fetch of %s gave HTTP code %s", $url, $code + unless $url =~ m#^file://# or $code =~ m/^2/; + return $response_body; } +#---------- `ftpmasterapi' archive query method (nascent) ---------- + sub api_query_raw ($;$) { my ($subpath, $ok404) = @_; my $url = access_cfg('archive-query-url'); $url .= $subpath; - my ($code,$json) = archive_api_query_curl($url); - return undef if $code eq '404' && $ok404; - fail f_ "fetch of %s gave HTTP code %s", $url, $code - unless $url =~ m#^file://# or $code =~ m/^2/; - return $json; + return url_fetch $url, Ok404 => $ok404; } sub api_query ($$;$) { -- cgit v1.2.3 From 86613b3222ebbe16464ce10b0a1a734ceb1eabba Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 17:33:16 +0100 Subject: dgit: url_fetch: Honour new AccessBase No functional change with the existing callers. Signed-off-by: Ian Jackson --- dgit | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/dgit b/dgit index 48be198..714d6b4 100755 --- a/dgit +++ b/dgit @@ -1195,6 +1195,7 @@ sub cfg_apply_map ($$$) { sub url_fetch ($;@) { my ($url, %xopts) = @_; # Ok404 => 1 means give undef for 404 + # AccessBase => 'archive-query' (eg) use WWW::Curl::Easy; @@ -1211,9 +1212,9 @@ sub url_fetch ($;@) { $setopt->(CURLOPT_NOSIGNAL, 1); $setopt->(CURLOPT_WRITEDATA, \$response_body); - if ($url =~ m#^https://([-.0-9a-z]+)/#) { - foreach my $k (qw(archive-query-tls-key - archive-query-tls-curl-ca-args)) { + if ($xopts{AccessBase} && $url =~ m#^https://([-.0-9a-z]+)/#) { + foreach my $k ("$xopts{AccessBase}-tls-key", + "$xopts{AccessBase}-tls-curl-ca-args") { fail "config option $k is obsolete and no longer supported" if defined access_cfg($k, 'RETURN-UNDEF'); } @@ -1242,7 +1243,9 @@ sub api_query_raw ($;$) { my ($subpath, $ok404) = @_; my $url = access_cfg('archive-query-url'); $url .= $subpath; - return url_fetch $url, Ok404 => $ok404; + return url_fetch $url, + Ok404 => $ok404, + AccessBase => 'archive-query'; } sub api_query ($$;$) { -- cgit v1.2.3 From e9957b2d5326b0bdce0e5ca314fde99e213f53d8 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 17:33:41 +0100 Subject: dgit: url_fetch: Honour new CurlOpts No functional change with the existing callers. Signed-off-by: Ian Jackson --- dgit | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dgit b/dgit index 714d6b4..0f801a3 100755 --- a/dgit +++ b/dgit @@ -1196,6 +1196,7 @@ sub url_fetch ($;@) { my ($url, %xopts) = @_; # Ok404 => 1 means give undef for 404 # AccessBase => 'archive-query' (eg) + # CurlOpts => { key => value } use WWW::Curl::Easy; @@ -1212,6 +1213,10 @@ sub url_fetch ($;@) { $setopt->(CURLOPT_NOSIGNAL, 1); $setopt->(CURLOPT_WRITEDATA, \$response_body); + my $xcurlopts = $xopts{CurlOpts} // { }; + keys %$xcurlopts; + while (my ($k,$v) = each %$xcurlopts) { $setopt->($k,$v); } + if ($xopts{AccessBase} && $url =~ m#^https://([-.0-9a-z]+)/#) { foreach my $k ("$xopts{AccessBase}-tls-key", "$xopts{AccessBase}-tls-curl-ca-args") { -- cgit v1.2.3 From a778f6fe55a7672a9b0052c7b946c5fca5b7c61c Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 17:42:08 +0100 Subject: dgit: Use libcurl, not @curl, for git check This means that when we sort out our TLS problems this will be fixed too. The remaining use of command-line curl is just to download additional .dsc compoments. I intend to leave that as-is. Signed-off-by: Ian Jackson --- dgit | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/dgit b/dgit index 0f801a3..978eabe 100755 --- a/dgit +++ b/dgit @@ -1804,22 +1804,11 @@ sub check_for_git () { my $suffix = access_cfg('git-check-suffix','git-suffix', 'RETURN-UNDEF') // '.git'; my $url = "$prefix/$package$suffix"; - my @cmd = (@curl, qw(-sS -I), $url); - my $result = cmdoutput @cmd; - $result =~ s/^\S+ 200 .*\n\r?\n//; - # curl -sS -I with https_proxy prints - # HTTP/1.0 200 Connection established - $result =~ m/^\S+ (404|200) /s or - fail +(__ "unexpected results from git check query - "). - Dumper($prefix, $result); - my $code = $1; - if ($code eq '404') { - return 0; - } elsif ($code eq '200') { - return 1; - } else { - die; - } + my $result = url_fetch $url, + CurlOpts => { CURLOPT_NOBODY() => 1 }, + Ok404 => 1, + AccessBase => 'git-check'; + return defined $result; } elsif ($how eq 'true') { return 1; } elsif ($how eq 'false') { -- cgit v1.2.3 From 7821907696dbe72c977548f7ffc4e8367d551b65 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 18:18:53 +0100 Subject: dgit: Abolish url_get in favour of url_fetch This removes use of LWP from dgit. Signed-off-by: Ian Jackson --- dgit | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/dgit b/dgit index 978eabe..6401524 100755 --- a/dgit +++ b/dgit @@ -30,7 +30,7 @@ setup_sigwarn(); use IO::Handle; use Data::Dumper; -use LWP::UserAgent; +use WWW::Curl::Easy; use Dpkg::Control::Hash; use File::Path; use File::Spec; @@ -639,20 +639,6 @@ sub progress { our $ua; -sub url_get { - if (!$ua) { - $ua = LWP::UserAgent->new(); - $ua->env_proxy; - } - my $what = $_[$#_]; - progress "downloading $what..."; - my $r = $ua->get(@_) or confess "$!"; - return undef if $r->code == 404; - $r->is_success or fail f_ "failed to fetch %s: %s", - $what, $r->status_line; - return $r->decoded_content(charset => 'none'); -} - our ($dscdata,$dscurl,$dsc,$dsc_checked,$skew_warning_vsn); sub act_local () { return $dryrun_level <= 1; } @@ -1198,8 +1184,6 @@ sub url_fetch ($;@) { # AccessBase => 'archive-query' (eg) # CurlOpts => { key => value } - use WWW::Curl::Easy; - my $curl = WWW::Curl::Easy->new; my $setopt = sub { my ($k,$v) = @_; @@ -1750,7 +1734,7 @@ sub get_archive_dsc () { foreach my $vinfo (@vsns) { my ($vsn,$vsn_dscurl,$digester,$digest) = @$vinfo; $dscurl = $vsn_dscurl; - $dscdata = url_get($dscurl); + $dscdata = url_fetch($dscurl); if (!$dscdata) { $skew_warning_vsn = $vsn if !defined $skew_warning_vsn; next; -- cgit v1.2.3 From 44f566983bd41228644176bb0abf5201e471db8d Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 21:50:37 +0100 Subject: dgit(1): Drop mention of LWP::UserAgent since we don't use it now Signed-off-by: Ian Jackson --- dgit.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dgit.1 b/dgit.1 index a3c2549..a7346e5 100644 --- a/dgit.1 +++ b/dgit.1 @@ -1525,7 +1525,7 @@ also the \-\-ssh= and \-\-ssh: options. Default git user.email and user.name for new trees. See .BR "dgit setup-new-tree" . .TP -.BR gpg ", " dpkg- "..., " debsign ", " git ", " curl ", " dput ", " LWP::UserAgent +.BR gpg ", " dpkg- "..., " debsign ", " git ", [" lib ] curl ", " dput and other subprograms and modules used by dgit are affected by various environment variables. Consult the documentation for those programs for details. -- cgit v1.2.3 From 178322026ec058541d791c507ae59307a2fab08d Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 23 Jul 2019 21:50:56 +0100 Subject: debian/control: Drop now unused dependency on libwww-perl. Signed-off-by: Ian Jackson --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 6fa937b..3e82d8d 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,7 @@ Vcs-Git: https://salsa.debian.org/dgit-team/dgit Vcs-Browser: https://salsa.debian.org/dgit-team/dgit Package: dgit -Depends: perl, libwww-perl, libdpkg-perl, git-core, devscripts, dpkg-dev, +Depends: perl, libdpkg-perl, git-core, devscripts, dpkg-dev, ${misc:Depends}, git-buildpackage, liblist-moreutils-perl, liblocale-gettext-perl, coreutils (>= 8.23-1~), @@ -53,7 +53,7 @@ Description: client script for git pushing to Debian-style archives Package: dgit-infrastructure Depends: ${misc:Depends}, perl, git-core, gpgv, chiark-utils-bin, libjson-perl, libdigest-sha-perl, libdbd-sqlite3-perl, sqlite3, - libwww-perl, libdpkg-perl, + libdpkg-perl, liblocale-gettext-perl Recommends: dgit Architecture: all -- cgit v1.2.3 From d4a4e683f887a2bfb2f5271ed96ae0c623f8b1af Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Thu, 25 Jul 2019 12:53:28 +0100 Subject: git-playtree-create: Drop an unwanted set -x Closes: #932959 Reported-by: Sean Whitton Signed-off-by: Ian Jackson --- git-playtree-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git-playtree-setup b/git-playtree-setup index 5d890a0..184de4d 100755 --- a/git-playtree-setup +++ b/git-playtree-setup @@ -8,7 +8,7 @@ # cd .git/some/play/thing # git-playtree-setup . -set -ex +set -e${GIT_PLAYTREE_SETUP_DEBUG} target=$1; shift -- cgit v1.2.3 From 54f54996175734cf141d4568b16fa0d06a63580f Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Thu, 25 Jul 2019 13:12:11 +0100 Subject: changelog: Write and finalise for 9.6 Signed-off-by: Ian Jackson --- debian/changelog | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 218d624..15cf3e2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,20 @@ -dgit (9.6~) unstable; urgency=medium +dgit (9.6) unstable; urgency=medium + + * git-playtree-setup had a spurious set -x so many programs spewed + debugging output. This is now fixed. Closes:#932959. + + dgit: + * Drop support for configuring old, not currently enabled, methods + of TLS key/cert pinning. We are going to revisit this soon. + * Provide a --for-push option (useful in for certain special users). + * Reduce variety in HTTP clients we use. Specificalloy, use WWW::Curl + for accessing (i) the ftpmaster API, (ii) the http dgit git server + mirror (iii) downloading the .dsc. Administrivia: * Add missing Closes of #932476 to changelog entry for 9.5 - -- + -- Ian Jackson Thu, 25 Jul 2019 13:12:08 +0100 dgit (9.5) unstable; urgency=medium -- cgit v1.2.3