From fa5bd1281c3c7500104a7ca15795e6448819f391 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 17:22:53 +0100 Subject: dgit: fix rpush+buildinfo: Transfer buildinfos for signing. buildinfos are supposed to be signed. And, indeed, if they are present, debsign wants to sign them. That means they need to be transferred to the signing end, and back again. We check that the filename is not totally unreasonable, but do not attempt to verify it completely. If there are situations where unwanted or confusing buildinfos are generated, this is the fault of the build process. dgit rpush should, in this respect, do the same as debsign+dput - ie faithfully sign and upload what the build has provided. We do check that the buildinfo doesn't look too much like a .changes, and mentions the same files as the .changes (insofar as they mention files in common). This is a rather nugatory defence against some kinds of bait and switch attacks. This is in some sense an incompatible protocol change: if the build host has a new dgit, and sends buildinfos, an old dgit on the initiator will declare a protocol violation. However, the new protocol elements occur only when needed. in this situation, the only way to get things to work at all with the old dgit at either end would be to strip out the buildinfos, which is obviously undesirable. Closes:#867693. Signed-off-by: Ian Jackson --- debian/changelog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 73a0035..942c77b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ dgit (3.11~) unstable; urgency=medium - * + * dgit: fix rpush+buildinfo: Transfer buildinfos for signing. + Closes:#867693. -- -- cgit v1.2.3 From eebba5982cca5be0436693ca3334fb0b17c4f88a Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 18:05:36 +0100 Subject: dgit: Cope if the archive server sends an HTTP redirect We achieve this by passing -L to curl. We also pass an appropriate-seeming --proto-redir, because the curl manual is not entirely reassuring that following redirections with the default configuration is safe. This finally fixes #867185/#867309. What happens there is that curl gets a redirect, along with an HTML error document. curl then exits with status zero, effectively pretending that the error document is the resource which was requested. dgit notices that something is wrong because the file does not have the expected cryptographic checksum. I suspect that there are other download problems which would give a similar effect. Sadly the curl manpage doesn't seem to suggest a way to avoid this. At least, dgit will never carry on in such a situation, since it insists that the file has the right hash. And if it does have the right hash we don't really care how it was obtained. Signed-off-by: Ian Jackson --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 942c77b..05f08e7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ dgit (3.11~) unstable; urgency=medium * dgit: fix rpush+buildinfo: Transfer buildinfos for signing. Closes:#867693. + * dgit: Cope if the archive server sends an HTTP redirect, + by passing -L to curl. Closes:#867185,#867309. -- -- cgit v1.2.3 From bf6d98357f21e3566bfabb8962e54b99dfb1ec01 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 18:29:43 +0100 Subject: test suite: Cope with git restricting ext:: protocols. buster's git rejects ext:: by default. See #XXXX and man git-config |less +/'protocol.*allow' Signed-off-by: Ian Jackson --- debian/changelog | 1 + 1 file changed, 1 insertion(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 05f08e7..b8809bc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,7 @@ dgit (3.11~) unstable; urgency=medium Closes:#867693. * dgit: Cope if the archive server sends an HTTP redirect, by passing -L to curl. Closes:#867185,#867309. + * test suite: Cope with git restricting ext:: protocols. -- -- cgit v1.2.3 From 7ad5d889f402e47dba2e51bb1907a505d93c8f38 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 18:46:18 +0100 Subject: dgit: rpush: Do argument parsing and chdir in pre_... The only thing in between pre_... and cmd_... os git_slurp_config. The code now in pre_... does the following things, all of these should be done before git_slurp_config: * Sets some global variables affecting debugging and logging output. If git_slurp_config is told to print debugging, it should be affected by these changes. * Rearranges its file descriptors so that stdin/stdout are as the rest of dgit expects, and the protocol is on PI/PO. If git_slurp_config were to use stdin/stdout, it ought to use the "normal" versions, and not access the protocol streams. * Checks and calculates the negotiated protocol version. This is not affected by the config, only by the arguments form the caller and our own idea of the protocol versions we support. * Changes to the appropriate working tree. Doing this before slurping the config arranges to honour the local git config from build host working tree. (It also avoids rpush failing on newer git due to asking for git config --local in the wrong place.) Signed-off-by: Ian Jackson --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index b8809bc..682a44f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,8 @@ dgit (3.11~) unstable; urgency=medium Closes:#867693. * dgit: Cope if the archive server sends an HTTP redirect, by passing -L to curl. Closes:#867185,#867309. + * dgit: rpush: Honour local git config from build host working + tree. * test suite: Cope with git restricting ext:: protocols. -- -- cgit v1.2.3 From 3441896d54a67afcf18987eed287061d2afea956 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Wed, 28 Jun 2017 17:00:19 +0100 Subject: dgit: Add many pre_* to call no_local_git_cfg For each operation which can meaningfully be run outside a git tree, arrange to call no_local_git_cfg and thus avoid running git config --local There is one slight infelicity: some subcommands (notably archive-api-query) could in theory be run within a git tree and expect that git tree to influence their output. However, this seems unlikely. In fact, I think there are probably only in-tree callers and the in-tree callers do not do this. Signed-off-by: Ian Jackson --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 682a44f..3ee2de8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,8 @@ dgit (3.11~) unstable; urgency=medium Closes:#867693. * dgit: Cope if the archive server sends an HTTP redirect, by passing -L to curl. Closes:#867185,#867309. + * dgit: Cope with newer git which hates --local outside a working + tree. Closes:#865863. * dgit: rpush: Honour local git config from build host working tree. * test suite: Cope with git restricting ext:: protocols. -- cgit v1.2.3 From dd16a85d0df7e5b55a49b1c80aa769946f1ebb21 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 19:59:41 +0100 Subject: infrastructure: Cope with new git-receive-pack which has quarantine feature Ie, work around #867702. See the bug there for discussion. (We are perhaps flying a little close to the wind with our wrapper script location, but it doesn't seem likely to break, to me.) Signed-off-by: Ian Jackson --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 3ee2de8..f25c5d4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,8 @@ dgit (3.11~) unstable; urgency=medium tree. Closes:#865863. * dgit: rpush: Honour local git config from build host working tree. + * infrastructure: Cope with new git-receive-pack which has + quarantine feature: ie, work around #867702. * test suite: Cope with git restricting ext:: protocols. -- -- cgit v1.2.3 From 286194bf8211db68991be7831e76829c7147829a Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 20:14:28 +0100 Subject: dgit: tolerate compressor terminating with SIGPIPE. Closes:#857694. Signed-off-by: Ian Jackson --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index f25c5d4..91bb617 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,8 @@ dgit (3.11~) unstable; urgency=medium tree. Closes:#865863. * dgit: rpush: Honour local git config from build host working tree. + * dgit: tolerate compressor terminating with SIGPIPE. + Closes:#857694. * infrastructure: Cope with new git-receive-pack which has quarantine feature: ie, work around #867702. * test suite: Cope with git restricting ext:: protocols. -- cgit v1.2.3 From 814fa4dc0dbf43f7b2ec57803a155d03ba136a9b Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 20:21:30 +0100 Subject: dgit: honour more pre-tree git config options in our private trees These share the user's object store and we should manipulate the object store the way the user wants. In particular, core.sharedRepository is important. Prompted by #867603, which is the same bug in dgit-badcommit-fixup. Signed-off-by: Ian Jackson --- debian/changelog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 91bb617..cd44b40 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,9 @@ dgit (3.11~) unstable; urgency=medium tree. * dgit: tolerate compressor terminating with SIGPIPE. Closes:#857694. + * dgit: honour more pre-tree git config options in our private + trees sharing the user's object store. In particular, + core.sharedRepository. Prompted by #867603. * infrastructure: Cope with new git-receive-pack which has quarantine feature: ie, work around #867702. * test suite: Cope with git restricting ext:: protocols. -- cgit v1.2.3 From 5e493b95a805efe689f3c34f50731db568978c4a Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 20:46:12 +0100 Subject: dgit-badcommit-fixup: Honour core.sharedRepository. Closes:#867603. In principle it might be nicer to copy more options. But we don't want to duplicate the logic in prep_ud in dgit, and we don't want to make this script too standalone. I'm not aware of other options that are important, rather than nice-to-have tuneables. Signed-off-by: Ian Jackson --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index cd44b40..729985c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -13,6 +13,8 @@ dgit (3.11~) unstable; urgency=medium * dgit: honour more pre-tree git config options in our private trees sharing the user's object store. In particular, core.sharedRepository. Prompted by #867603. + * dgit-badcommit-fixup: Honour core.sharedRepository. + Closes:#867603. * infrastructure: Cope with new git-receive-pack which has quarantine feature: ie, work around #867702. * test suite: Cope with git restricting ext:: protocols. -- cgit v1.2.3 From 37679efe82686b5fb1ba4d198c6df41a9e1fa52d Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 21:11:52 +0100 Subject: dgit: clone multisuite works even without --no-rm-on-error. This is slightly subtle. We need $rmonerror in cmd_clone to be cleared. cmd_clone does that only when clone itself returns. The multisuite plumbing means that currently, clone returns only in the child which set up the tree and set up the first suite. Unsetting $rmonerror there is correct because we want to keep the tree on success, and the parent will remove it if there is a later failure. (Ie, the child remains responsible for removing the tree if it itself fails.) In the parent, we get $multi_fetched==1 if not only our original clone child succeeded, but all the other fetches worked too. We are now responsible for the tree. If our final tasks are successful, again, we need not to delete the tree. Closes:#867434. Signed-off-by: Ian Jackson --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 729985c..686c69c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,6 +15,8 @@ dgit (3.11~) unstable; urgency=medium core.sharedRepository. Prompted by #867603. * dgit-badcommit-fixup: Honour core.sharedRepository. Closes:#867603. + * dgit: clone multisuite works even without --no-rm-on-error. + Closes:#867434. * infrastructure: Cope with new git-receive-pack which has quarantine feature: ie, work around #867702. * test suite: Cope with git restricting ext:: protocols. -- cgit v1.2.3 From b3330b4429a85d7e63d6809b9c34fa97f747ef5f Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 21:18:29 +0100 Subject: test suite: Test multisuite clone without --rm-on-error. Signed-off-by: Ian Jackson --- debian/changelog | 1 + 1 file changed, 1 insertion(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 686c69c..ed6dc82 100644 --- a/debian/changelog +++ b/debian/changelog @@ -20,6 +20,7 @@ dgit (3.11~) unstable; urgency=medium * infrastructure: Cope with new git-receive-pack which has quarantine feature: ie, work around #867702. * test suite: Cope with git restricting ext:: protocols. + * test suite: Test multisuite clone without --rm-on-error. -- -- cgit v1.2.3 From 8d75cd0a442a76bec017fa5c0481be003fe7f81f Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 21:20:33 +0100 Subject: changelog: Garden and reformat Signed-off-by: Ian Jackson --- debian/changelog | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index ed6dc82..741c055 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,26 +1,25 @@ -dgit (3.11~) unstable; urgency=medium +dgit (3.11~) unstable; urgency=high - * dgit: fix rpush+buildinfo: Transfer buildinfos for signing. - Closes:#867693. - * dgit: Cope if the archive server sends an HTTP redirect, + Important bugfixes to dgit: + * Fix rpush+buildinfo: Transfer buildinfos for signing. Closes:#867693. + * Cope if the archive server sends an HTTP redirect, by passing -L to curl. Closes:#867185,#867309. - * dgit: Cope with newer git which hates --local outside a working - tree. Closes:#865863. - * dgit: rpush: Honour local git config from build host working - tree. - * dgit: tolerate compressor terminating with SIGPIPE. - Closes:#857694. - * dgit: honour more pre-tree git config options in our private - trees sharing the user's object store. In particular, - core.sharedRepository. Prompted by #867603. - * dgit-badcommit-fixup: Honour core.sharedRepository. - Closes:#867603. - * dgit: clone multisuite works even without --no-rm-on-error. - Closes:#867434. + * Cope with newer git which hates --local outside a tree. Closes:#865863. + * rpush: Honour local git config from build host working tree. + * Tolerate compressor terminating with SIGPIPE. Closes:#857694. + * Honour more pre-tree git config options in our private trees sharing + the user's object store. In particular, core.sharedRepository. + Prompted by #867603. + * Clone multisuite works even without --no-rm-on-error. Closes:#867434. + + Important bugfixes to other components: + * dgit-badcommit-fixup: Honour core.sharedRepository. Closes:#867603. * infrastructure: Cope with new git-receive-pack which has quarantine feature: ie, work around #867702. - * test suite: Cope with git restricting ext:: protocols. - * test suite: Test multisuite clone without --rm-on-error. + + Test suite: + * Cope with git restricting ext:: protocols. + * multisuite: Test clone without --rm-on-error. -- -- cgit v1.2.3 From 97f49a475f82fa7526767cec5dad23669f3b394d Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Fri, 10 Mar 2017 17:43:57 +0000 Subject: dgit: mkdir .git/info in setup_gitattrs This might be necessary if setup_mergechangelogs were disabled. (This is something of a latent bug, since `git init' creates .git/info.) Signed-off-by: Ian Jackson --- debian/changelog | 1 + 1 file changed, 1 insertion(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 741c055..3aa6a14 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,7 @@ dgit (3.11~) unstable; urgency=high the user's object store. In particular, core.sharedRepository. Prompted by #867603. * Clone multisuite works even without --no-rm-on-error. Closes:#867434. + * Work if "git init" does not create $GIT/info. Closes:#858054. Important bugfixes to other components: * dgit-badcommit-fixup: Honour core.sharedRepository. Closes:#867603. -- cgit v1.2.3 From da9855227636c46d09546eacedd95aa8ace7185a Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 22:31:09 +0100 Subject: Actually understand foo,-security (!) There does not in fact seem to have been any code which implements this line from dgit(7): If a specified subsuite starts with - then mainsuite is prepended. The code which canonicalises it back to the version with ",-" does work, though. Closes:#867189. Signed-off-by: Ian Jackson --- debian/changelog | 1 + 1 file changed, 1 insertion(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 3aa6a14..7c8db9f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,7 @@ dgit (3.11~) unstable; urgency=high Prompted by #867603. * Clone multisuite works even without --no-rm-on-error. Closes:#867434. * Work if "git init" does not create $GIT/info. Closes:#858054. + * Actually understand foo,-security (!) Closes:#867189. Important bugfixes to other components: * dgit-badcommit-fixup: Honour core.sharedRepository. Closes:#867603. -- cgit v1.2.3 From 09201af19c2a9476ff35f56c002d1721d444abcb Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 8 Jul 2017 22:42:47 +0100 Subject: changelog: finalise 3.11 --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 7c8db9f..26410b1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -dgit (3.11~) unstable; urgency=high +dgit (3.11) unstable; urgency=high Important bugfixes to dgit: * Fix rpush+buildinfo: Transfer buildinfos for signing. Closes:#867693. @@ -23,7 +23,7 @@ dgit (3.11~) unstable; urgency=high * Cope with git restricting ext:: protocols. * multisuite: Test clone without --rm-on-error. - -- + -- Ian Jackson Sat, 08 Jul 2017 22:40:15 +0100 dgit (3.10) unstable; urgency=medium -- cgit v1.2.3 From 33699f6b4d0e36fca92d36be933f556758bb7ebe Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sun, 9 Jul 2017 13:48:13 +0100 Subject: changelog: start 3.12~ Signed-off-by: Ian Jackson --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 26410b1..780fe23 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dgit (3.12~) unstable; urgency=medium + + * + + -- + dgit (3.11) unstable; urgency=high Important bugfixes to dgit: -- cgit v1.2.3 From a04897e74b24b59ed2a212d967f3698f08fec438 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sun, 9 Jul 2017 13:54:02 +0100 Subject: dgit: Pass --no-renames to git diff-tree -z, avoiding potential trouble Without this option, git-diff-tree might detect a rename (or possibly even a copy). If it does it prints a different output format with a status of C or R *and a separate filename*. The latter is an additional nul-terminated record and would get dgit's interpreter of the git diff-tree output out of step. Signed-off-by: Ian Jackson --- debian/changelog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 780fe23..5d78d25 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ dgit (3.12~) unstable; urgency=medium - * + Important bugfixes to dgit: + * Pass --no-renames to git diff-tree -z, avoiding potential trouble. -- -- cgit v1.2.3 From 166121d66d38a3f6584222a03558493c1a23de72 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sun, 9 Jul 2017 14:45:17 +0100 Subject: dgit: Regularise patch filenames, and defend against funny commit subjects * Do not specified patch names which look like series filenames * When we invent a filename based on a commit message, add ".patch". Signed-off-by: Ian Jackson --- debian/changelog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'debian/changelog') diff --git a/debian/changelog b/debian/changelog index 5d78d25..7900c92 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,9 @@ dgit (3.12~) unstable; urgency=medium Important bugfixes to dgit: * Pass --no-renames to git diff-tree -z, avoiding potential trouble. + * Defend against commit subject lines which would generate patches which + look like series files, etc. Involves adding .patch to all generated + patch filenames. -- -- cgit v1.2.3