summaryrefslogtreecommitdiff
path: root/infra/dgit-repos-admin-debian
blob: 6d1e4d03d686ce2df9c15494145eb7c829ffd4ca (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
#!/usr/bin/perl -w
# dgit repos policy admin script for Debian
#
# Copyright (C) 2015-2016  Ian Jackson
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.

use strict;

use Debian::Dgit::Infra; # must precede Debian::Dgit; - can change @INC!
use Debian::Dgit;
setup_sigwarn();

our $usage = <<'END';
usage:
  dgit-repos-admin-debian [<options>] operation...
options:
  --git-dir /path/to/git/repo/or/working/tree
  --repos /path/to/dgit/repos/directory    } alternatives
  --db /path/to/dgit/repos/policy.sqlite3  }
  (at least one of above required; if only one, cwd is used for other)
operations:
  create-db
  list-taints
  taint [--global|<package>] <gitobjid> '<comment>'
  untaint [--global|<package>] <gitobjid>
END

use POSIX;
use DBI;

use Debian::Dgit::Policy::Debian;

sub badusage ($) { die "bad usage: $_[0]\n$usage"; }

use Getopt::Long qw(:config posix_default gnu_compat bundling);

our ($git_dir,$repos_dir,$db_path);

GetOptions("git-dir=s" => \$git_dir,
	   "repos=s" => \$repos_dir,
	   "db=s" => \$db_path)
    or die $usage;

$db_path //= poldb_path($repos_dir) if defined $repos_dir;
$db_path // $repos_dir ||
    die <<'END'.$usage;
Must supply --git-dir and/or --repos (or --db instead of --repos).
If only one of --git-dir and --repos is supplied, other is taken to
be current working directory.
END
# /

$git_dir //= '.';
$repos_dir //= '.';

our $p;
our $gitobjid;

sub get_package_objid () {
    $p = shift @ARGV;  $p // badusage "operation needs package or --global";
    if ($p eq '--global') {
	$p = '';
    } else {
	$p =~ m/^$package_re$/ or badusage 'package name or --global needed';
    }
    $gitobjid = shift @ARGV;
    $gitobjid // badusage "operation needs git object id";
    $gitobjid =~ m/\W/ && badusage "invalid git object id";
}

sub sort_out_git_dir () {
    foreach my $sfx ('/.git', '') {
	my $path = "$git_dir/$sfx";
	if (stat_exists "$path/objects") {
	    $ENV{GIT_DIR} = $git_dir = $path;
	    return;
	}
    }
    die "git directory $git_dir doesn't seem valid\n";
}

sub show_taints ($$@) {
    my ($m, $cond, @condargs) = @_;
    my $q = $poldbh->prepare
	("SELECT package,gitobjid,gitobjtype,time,comment, ".
	 " (gitobjdata IS NOT NULL) hasdata".
	 " FROM taints WHERE $cond".
	 " ORDER BY package, gitobjid, time");
    $q->execute(@condargs);
    print "$m:\n" or die $!;
    my $count = 0;
    while (my $row = $q->fetchrow_hashref) {
	my $t = strftime "%Y-%m-%dT%H:%M:%S", gmtime $row->{time};
	my $objinfo = $row->{gitobjtype}. ($row->{hasdata} ? '+' : ' ');
	my $comment = $row->{comment};
	$comment =~ s/\\/\\\\/g; $comment =~ s/\n/\\n/g;
	printf(" %s %-30s %s %7s %s\n",
	       $t, $row->{package}, $row->{gitobjid},
	       $objinfo, $row->{comment})
	    or die $!;
	$count++;
    }
    return $count;
}

sub cmd_list_taints ($) {
    badusage "no args/options" if @ARGV;
    my $count = show_taints("all taints","1");
    printf "%d taints listed\n", $count or die $!;
}

sub cmd_create_db ($) {
    badusage "no args/options" if @ARGV;

    $poldbh->do(<<END);
	CREATE TABLE IF NOT EXISTS taints (
	    taint_id   INTEGER NOT NULL PRIMARY KEY ASC AUTOINCREMENT,
	    package    TEXT    NOT NULL,
	    gitobjid   TEXT    NOT NULL,
	    comment    TEXT    NOT NULL,
	    time       INTEGER,
	    gitobjtype TEXT,
	    gitobjdata TEXT
	    )
END
    $poldbh->do(<<END);
	CREATE INDEX IF NOT EXISTS taints_by_gitobjid
	    ON taints (gitobjid, package)
END
    # any one of of the listed deliberatelies will override its taint
    # the field `deliberately' contains `--deliberately-blah-blah',
    # not just `blah blah'.
    $poldbh->do(<<END);
	CREATE TABLE IF NOT EXISTS taintoverrides (
	    taint_id  INTEGER NOT NULL
		      REFERENCES taints (taint_id)
			  ON UPDATE RESTRICT
			  ON DELETE CASCADE
		      DEFERRABLE INITIALLY DEFERRED,
	    deliberately TEXT NOT NULL,
	    PRIMARY KEY (taint_id, deliberately)
	)
END

    $poldbh->commit;
}

sub show_taints_bypackage ($) {
    my ($m) = @_;
    show_taints($m, "package = ?", $p);
}

sub show_taints_bygitobjid ($) {
    my ($m) = @_;
    show_taints($m, "gitobjid = ?", $gitobjid);
}

sub show_relevant_taints ($) {
    my ($what) = @_;
    show_taints_bypackage($p ? "$what taints for package $p"
			  : "$what global taints");
    show_taints_bygitobjid("$what taints for object $gitobjid");
}

sub cmd_taint () {
    get_package_objid();
    my $comment = shift @ARGV;
    $comment // badusage "operation needs comment";
    @ARGV && badusage "too many arguments to taint";

    sort_out_git_dir();
    $!=0; $?=0; my $objtype = `git cat-file -t $gitobjid`;
    chomp $objtype or die "$? $!";

    $poldbh->do("INSERT INTO taints".
		" (package, gitobjid, gitobjtype, time, comment)".
		" VALUES (?,?,?,?,?)", {},
		$p, $gitobjid, $objtype, time, $comment);
    $poldbh->commit;
    print "taint added\n" or die $!;
    show_relevant_taints("resulting");
}

sub cmd_untaint () {
    get_package_objid();
    @ARGV && badusage "too many arguments to untaint";

    show_relevant_taints("existing");
    my $affected =
	$poldbh->do("DELETE FROM taints".
		    " WHERE package = ? AND gitobjid = ?",
		    {}, $p, $gitobjid);
    $poldbh->commit;
    printf "%d taints removed\n", $affected or die $!;
    exit $affected ? 0 : 1;
}


my $cmd = shift @ARGV;
$cmd // badusage "need operation";

$cmd =~ y/-/_/;
my $fn = ${*::}{"cmd_$cmd"};
$fn or badusage "unknown operation $cmd";

poldb_setup($db_path);

$fn->();