blob: 05a0a4fc246f6e75db35891a14407103614930f1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
#!/bin/bash
set -e
. tests/lib
t-tstunt-parsechangelog
t-debpolicy
t-prep-newpackage example 1.0
cd $p
revision=1
git tag start
t-dgit setup-mergechangelogs
git config dgit.default.push-subcmd built
echo FORBIDDEN >debian/some-file
git add debian/some-file
t-commit 'Commit a forbidden thing'
bad=`git rev-parse HEAD:debian/some-file`
t-policy-admin taint --global "$bad" "forbidden for testing"
t-policy-admin taint --global "$bad" "forbidden for testing - again"
t_expect_push_fail_hook+='
t-git-objects-not-present "" $bad
'
t-dgit build
t-expect-push-fail-tainted \
'Reason: forbidden for testing' \
t-dgit push --new
t-git-dir-check enoent
git reset --hard start
t-commit 'will vanish from NEW'
vanished=$v
t-dgit build
t-dgit push --new
t-git-dir-check secret
t-policy-periodic
t-git-dir-check secret
# pretend it vanished from new:
rm $tmp/incoming/*
t-archive-none example
t-git-dir-time-passes
t-policy-periodic
t-git-dir-check enoent
t-commit 'should require --deliberately...questionable'
t-dgit build
t-expect-push-fail-tainted \
"Reason: tag $tagpfx/${vanished//./\\.} referred to this object.*all previously pushed versions were found to have been removed" \
t-dgit push --new
t-git-dir-check enoent
vanished=$v
t-dgit push --new --deliberately-include-questionable-history \
--force-reusing-version
t-git-dir-check secret
t-policy-periodic
t-git-dir-check secret
t-archive-process-incoming new
t-git-dir-time-passes
t-policy-periodic
t-git-dir-check secret
oldobj=`git rev-parse HEAD`
git reset --hard start
t-commit 'should require --deliberately..not-ff'
t-dgit build
# Rewound, without passing the option
t-expect-push-fail-retriably \
E:"^dgit: error: .* HEAD is not a descendant of the archive's version" \
t-dgit push
# Rewound, passing stunt option to defeat local checks
# so we check that remote check is effective.
t-expect-push-fail \
E:"^remote: Package is in NEW and has not been accepted or rejected yet" \
t-dgit --deliberately-TEST-dgit-only-not-fast-forward push
t-dgit --deliberately-not-fast-forward --force-reusing-version push
cd $dgitrepo
t-expect-fail "Not a valid object name" \
git cat-file -p $oldobj
cd $tmp/$p
t-commit 'Still not accepted, will override taint'
t-dgit build
t-expect-push-fail-tainted \
"Package is in NEW and has not been accepted or rejected yet" \
t-dgit push
t-dgit push --deliberately-include-questionable-history \
--force-reusing-version
t-archive-process-incoming sid
t-commit 'Check taint is no longer there'
t-dgit build
t-dgit push
git checkout -b stoats $tagpfx/$vanished
t-commit 'Simulate accidentally building on rejected version'
t-dgit build
t-expect-push-fail \
E:"^dgit: error:.* HEAD is not a descendant of the archive's version" \
t-dgit push
: "check that uploader can't force it now"
t-expect-push-fail \
E:"^remote: .*: reject: not fast forward on dgit branch" \
t-dgit --deliberately-not-fast-forward push \
--deliberately-include-questionable-history \
--force-push-tainted
# Ideally ^ this would be detected locally first, in which case we would
# use t-expect-push-fail-tainted or something like it. But it isn't.
t-dgit pull
t-dgit build
t-expect-push-fail-tainted \
'Reason: rewound suite sid; --deliberately-not-fast-forward specified' \
t-dgit --force-reusing-version push
t-ok
|
