work/ 0000775 0000000 0000000 00000000000 15007402510 006722 5 ustar work/.dir-locals.el 0000664 0000000 0000000 00000000401 15007402510 011346 0 ustar ;;; Directory Local Variables -*- no-byte-compile: t -*-
;;; For more information see (info "(emacs) Directory Variables")
((nil . ((indent-tabs-mode . t)
(fill-column . 70)))
(python-mode . ((indent-tabs-mode . nil)
(fill-column . 78))))
work/.gitignore 0000664 0000000 0000000 00000000707 15007402510 010716 0 ustar *~
tests/tmp
debian/tmp
debian/dgit
debian/git-debpush
debian/git-debrebase
debian/dgit-infrastructure
debian/files
debian/*.substvars
debian/*.log
debian/debhelper-build-stamp
debian/.debhelper
dgit-user.7
dgit-nmu-simple.7
dgit-maint-native.7
dgit-maint-merge.7
dgit-maint-gbp.7
dgit-maint-debrebase.7
dgit-maint-bpo.7
dgit-sponsorship.7
dgit-downstream-dsc.7
git-debrebase.1
git-debrebase.5
git-debpush.1
tag2upload.5
substituted
.po4a.translated-only
work/.gitlab/ 0000775 0000000 0000000 00000000000 15007402510 010242 5 ustar work/.gitlab/issue_templates/ 0000775 0000000 0000000 00000000000 15007402510 013450 5 ustar work/.gitlab/issue_templates/Default.md 0000664 0000000 0000000 00000000577 15007402510 015367 0 ustar Please do not file any new issues here.
Instead, file Debian Bug Tracking System bugs.
This allows us to organise things by binary package,
though feel free to report against src:dgit if in any doubt.
Merge requests on salsa remain very welcome.
(We cannot make the issues tracker read-only without disabling it
completely, which would break links to comments in closed issues.)
work/.gitlab-ci.yml 0000664 0000000 0000000 00000004161 15007402510 011360 0 ustar # We're following this recipe
# Advanced Use
# https://salsa.debian.org/salsa-ci-team/pipeline#advanced-use
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
variables:
# See:
# https://salsa.debian.org/salsa-ci-team/pipeline#skipping-a-job
# Skipping a job
# Very slow and resource-intensive
SALSA_CI_DISABLE_AUTOPKGTEST: 1
# We build no arch-specific packages; thse are just wasted faff
SALSA_CI_DISABLE_BUILD_PACKAGE_ANY: 1
SALSA_CI_DISABLE_CROSSBUILD_ARM64: 1
# Doesn't work with unfinalised changelogs
SALSA_CI_DISABLE_REPROTEST: 1
SALSA_CI_LINTIAN_SUPPRESS_TAGS: changelog-empty-entry
# t2usm project
T2USM_EXECUTABLE_URL: https://salsa.debian.org/dgit-team/tag2upload-service-manager/-/jobs/artifacts/main/raw/artifacts/tag2upload-service-manager?job=build
.dgit-test-suite:
stage: test
image: debian:testing
dependencies:
- build
after_script:
- tests/maybe-tail-log-of-one-failing-test
artifacts:
name: logs
when: always
expire_in: 1 week
paths:
- tests/tmp/*
dgit-test-suite:
extends: .dgit-test-suite
script:
- apt-get -y update
- tests/gitlab-ci-run-all
dgit-test-suite-bookworm:
extends: dgit-test-suite
image: debian:bookworm
variables:
DGIT_TEST_CURRENT_SUITE: bookworm
dgit-test-suite-bullseye:
extends: dgit-test-suite
image: debian:bullseye
variables:
DGIT_TEST_CURRENT_SUITE: bullseye
dgit-test-suite-buster:
extends: dgit-test-suite
image: debian:buster
variables:
DGIT_TEST_CURRENT_SUITE: buster
t2u-integration:
extends: .dgit-test-suite
stage: test
script:
- apt-get -y update
- apt-get -y install curl
- curl -L "$T2USM_EXECUTABLE_URL" >tag2upload-service-manager
- chmod +x tag2upload-service-manager
- export DGIT_TEST_T2USM_PROGRAM=$(pwd)/tag2upload-service-manager
- export TESTSCRIPTS=$(tests/list-t2u-integration-tests)
- tests/gitlab-ci-run-all
t2u-integration-bookworm:
extends: t2u-integration
image: debian:bookworm
# Don't set DGIT_TEST_CURRENT_SUITE just in case that might suppress the
# very test case(s) we care about.
work/DEVELOPER-CERTIFICATE 0000664 0000000 0000000 00000002616 15007402510 011717 0 ustar Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
work/Debian/ 0000775 0000000 0000000 00000000000 15007402510 010104 5 ustar work/Debian/Dgit/ 0000775 0000000 0000000 00000000000 15007402510 010773 5 ustar work/Debian/Dgit/ExitStatus.pm 0000664 0000000 0000000 00000000735 15007402510 013453 0 ustar # -*- perl -*-
package Debian::Dgit::ExitStatus;
# To use this, at the top (before use strict, even):
#
# END { $? = $Debian::Dgit::ExitStatus::desired // -1; };
# use Debian::Dgit::ExitStatus;
#
# and then replace every call to `exit' with `finish'.
# Add a `finish 0' to the end of the program.
BEGIN {
use Exporter;
@ISA = qw(Exporter);
@EXPORT = qw(finish $desired);
}
our $desired;
sub finish ($) {
$desired = $_[0] // 0;
exit $desired;
}
1;
work/Debian/Dgit/GDR.pm 0000664 0000000 0000000 00000001454 15007402510 011751 0 ustar # -*- perl -*-
package Debian::Dgit::GDR;
use strict;
use warnings;
# Scripts and programs which are going to `use Debian::Dgit' but which
# live in git-debrebase (ie are installed with install-gdr)
# should `use Debian::Dgit::GDR' first. All this module does is
# adjust @INC so that the script gets the version of the script from
# the git-debrebase package (which is installed in a different
# location and may be a different version).
# To use this with ExitStatus, put at the top (before use strict, even):
#
# END { $? = $Debian::Dgit::ExitStatus::desired // -1; };
# use Debian::Dgit::GDR;
# use Debian::Dgit::ExitStatus;
#
# and then replace every call to `exit' with `finish'.
# Add a `finish 0' to the end of the program.
# unshift @INC, q{/usr/share/dgit/gdr/perl5}; ###substituted###
1;
work/Debian/Dgit/I18n.pm 0000664 0000000 0000000 00000001226 15007402510 012051 0 ustar # -*- perl -*-
package Debian::Dgit::I18n;
# This module provides
# __ a function which is an alias for gettext
# f_ sprintf wrapper that gettexts the format
# i_ identify function, but marks string for translation
#
# In perl the sub `_' is a `superglobal', which means there
# is only one of it in the whole program and every reference
# is to the same one. So it's not really usable in modules.
# Hence __.
use Locale::gettext;
BEGIN {
use Exporter;
@ISA = qw(Exporter);
@EXPORT = qw(__ f_ i_);
}
sub __ ($) { gettext @_; }
sub i_ ($) { $_[0]; }
sub f_ ($$;@) { my $f = shift @_; sprintf +(gettext $f), @_; }
1;
work/Debian/Dgit/Infra.pm 0000664 0000000 0000000 00000001024 15007402510 012365 0 ustar # -*- perl -*-
package Debian::Dgit::Infra;
use strict;
use warnings;
# Scripts and programs which are going to `use Debian::Dgit' but which
# live in dgit-infrastructure (ie are installed with install-infra)
# should `use Debian::Dgit::Infra' first. All this module does is
# adjust @INC so that the script gets the version of the script from
# the dgit-infrastructure package (which is installed in a different
# location and may be a different version).
# unshift @INC, q{/usr/share/dgit/infra/perl5}; ###substituted###
1;
work/Debian/Dgit/Policy/ 0000775 0000000 0000000 00000000000 15007402510 012232 5 ustar work/Debian/Dgit/Policy/Debian.pm 0000664 0000000 0000000 00000001313 15007402510 013750 0 ustar # -*- perl -*-
package Debian::Dgit::Policy::Debian;
use strict;
use warnings;
use POSIX;
BEGIN {
use Exporter ();
our ($VERSION, @ISA, @EXPORT, @EXPORT_OK, %EXPORT_TAGS);
$VERSION = 1.00;
@ISA = qw(Exporter);
@EXPORT = qw(poldb_path poldb_setup $poldbh);
%EXPORT_TAGS = ( );
@EXPORT_OK = qw();
}
our @EXPORT_OK;
our $poldbh;
sub poldb_path ($) {
my ($repos) = @_;
return "$repos/policy.sqlite3";
}
sub poldb_setup ($;$) {
my ($policydb, $hook) = @_;
$poldbh ||= DBI->connect("dbi:SQLite:$policydb",'','', {
RaiseError=>1, PrintError=>1, AutoCommit=>0
});
$hook->() if $hook;
$poldbh->do("PRAGMA foreign_keys = ON");
}
1;
work/Debian/Dgit/ProtoConn.pm 0000664 0000000 0000000 00000013365 15007402510 013262 0 ustar # -*- perl -*-
# dgit
# Debian::Dgit::Proto: protocol helper utilities
#
# Copyright (C)2015-2020,2022-2024 Ian Jackson
# Copyright (C)2020-2024 Sean Whitton
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
package Debian::Dgit::ProtoConn;
use strict;
use warnings;
use Debian::Dgit;
use Debian::Dgit::I18n;
use Carp;
use IPC::Open2 ();
sub new ($$) {
# Arguments to new:
# $fh_r filehandle to read from
# $fh_w filehandle to write to
my ($class, $fh_r, $fh_w) = @_;
bless {
R => $fh_r,
W => $fh_w,
Cmd => undef,
Pid => undef,
Desc => undef,
EofHook => sub { undef; },
FailHook => sub { undef; },
} => $class;
}
sub open2 {
my $class = shift;
my $pid = IPC::Open2::open2(my $fh_r, my $fh_w, @_);
my $r = Debian::Dgit::ProtoConn->new($fh_r, $fh_w);
$r->{Pid} = $pid;
$r->{Cmd} = [ @_ ];
$r
}
# $hook is called when we get unexpected eof and
# should return a (translated) message,
# or undef if a generic message is fine.
#
# The hook is called by the following functions:
# expect
# read_bytes
# readfail
# in each case, if the stream got EOF, but not if our read got an error.
sub set_eof_hook ($$) {
my ($self, $hook) = @_;
$self->{EofHook} = $hook;
}
# $hook is called just before fail, and it is passed the error message as sole argument
sub set_fail_hook ($$) {
my ($self, $hook) = @_;
$self->{FailHook} = $hook;
}
sub set_description ($$) {
my ($self, $desc) = @_;
$self->{Desc} = $desc;
}
sub _fail ($$) {
my ($self, $m) = @_;
$self->{FailHook}($m);
fail +(defined $self->{Desc} ? $self->{Desc}.': ' : '').$m;
}
sub bad ($$) {
my ($self, $m) = @_;
$self->_fail(f_ "connection lost: %s", $!) if $self->{R}->error;
$self->_fail(f_ "protocol violation; %s not expected", $m);
}
sub get_pid ($$) {
my ($self) = @_;
$self->{Pid};
}
sub get_command ($$) {
my ($self) = @_;
$self->{Cmd};
}
# die due to a read error.
#
# `$wh` is a (translated) description of what we were trying to read
# (which is used on EOF, if set_eof_hook was not called.)
sub readfail ($$) {
my ($self, $wh) = @_;
$self->_fail(f_ "connection lost: %s", $!) if $!;
my $report = $self->{EofHook}();
$self->_fail($report) if defined $report;
$self->bad(f_ "eof (reading %s)", $wh);
}
# Expects to receive a message in some particular form(s)
#
# $match->() is used to analyse the received message.
# Calls $match->() having set `$_` to the received line (chomped).
#
# In array context, calls $match->() in array context;
# a nonempty array means the value matched,
# and is then returned.
#
# In other contexts, calls $match->() in scalar context;
# a true value means the value matched, and is returned.
#
# If $match returns false, it is bad (expect calls $self->bad()).
sub expect ($&) {
my ($self, $match) = @_;
# Bind $_ for the benefit of the user's matcher.
local $_ = readline $self->{R};
defined && chomp or $self->readfail(__ "protocol message");
printdebug +($self->{Desc} // '')."<< $_\n";
if (wantarray) {
my @r = &$match;
return @r if @r;
} else {
my $r = &$match;
return $r if $r;
}
$self->bad(f_ "\`%s'", $_);
}
sub read_bytes ($$) {
my ($self, $nbytes) = @_;
$nbytes =~ m/^[1-9]\d{0,5}$|^0$/ or $self->bad(__ "bad byte count");
my $d;
my $got = read $self->{R}, $d, $nbytes;
$got==$nbytes or $self->readfail(__ "data block");
return $d;
}
# Receive data sent via zero or more `data-block` messages.
#
# Successive data blocks are passed as the sole argument to `$take_data`.
#
# The caller should consider doing at least one `printdebug`
# before calling this function, if there isn't one nearby already.
sub receive_data_blocks ($&) {
my ($self, $take_data) = @_;
for (;;) {
my ($more_data, $l) = $self->expect(sub {
m/^data-block (.+)$/ ? (1,$1) :
m/^data-end$/ ? (0,) :
();
});
last unless $more_data;
my $d = $self->read_bytes($l);
$take_data->($d);
}
}
sub receive_file ($$) {
my ($self, $ourfn) = @_;
printdebug +($self->{Desc} // '')."() $ourfn\n";
my $pf = new IO::File($ourfn, ">") or die "$ourfn: $!";
$self->receive_data_blocks(sub {
print $pf $_[0] or confess "$!";
});
close $pf or confess "$!";
}
# Like `send` but doesn't add a newline and doesn't call `printdebug`
sub send_raw (&$) {
my ($self, $msg) = @_;
my $fh = $self->{W};
print $fh $msg or confess "$!";
}
sub send (&$) {
my ($self, $msg) = @_;
printdebug +($self->{Desc} // '').">> $msg\n";
$self->send_raw("$msg\n");
}
sub send_counted_message ($$$) {
my ($self, $command, $message) = @_;
$self->send("$command ".length($message));
$self->send_raw($message);
}
sub send_file ($$) {
my ($self, $ourfn) = @_;
my $pf = new IO::File($ourfn, '<') or die "$ourfn: $!";
my $fh = $self->{W};
for (;;) {
my $d;
my $got = (read $pf, $d, 65536) // die "$ourfn: $!";
last if !$got;
print $fh "data-block ".length($d)."\n" or confess "$!";
print $fh $d or confess "$!";
}
$pf->error and die "$ourfn $!";
print $fh "data-end\n" or confess "$!";
close $pf;
}
1;
work/Debian/Dgit.pm 0000664 0000000 0000000 00000111376 15007402510 011342 0 ustar # -*- perl -*-
# dgit
# Debian::Dgit: functions common to dgit and its helpers and servers
#
# Copyright (C)2015-2020,2022-2023 Ian Jackson
# Copyright (C)2020 Sean Whitton
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
package Debian::Dgit;
use strict;
use warnings;
use Carp;
use POSIX;
use IO::Handle;
use Config;
use Digest::SHA;
use Data::Dumper;
use IPC::Open2;
use File::Path qw(make_path);
use File::Basename;
use Dpkg::Control::Hash;
use Debian::Dgit::ExitStatus;
use Debian::Dgit::I18n;
BEGIN {
use Exporter ();
our ($VERSION, @ISA, @EXPORT, @EXPORT_OK, %EXPORT_TAGS);
$VERSION = 1.00;
@ISA = qw(Exporter);
@EXPORT = qw(setup_sigwarn forkcheck_setup forkcheck_mainprocess
dep14_version_mangle
debiantags debiantag_new
debiantag_maintview
upstreamversion
upstream_commitish_search resolve_upstream_version
stripepoch source_file_leafname is_orig_file_of_p_v
server_branch server_ref
stat_exists link_ltarget rename_link_xf
hashfile
fail failmsg ensuredir ensurepath
must_getcwd rmdir_r executable_on_path
waitstatusmsg failedcmd_waitstatus
failedcmd_report_cmd failedcmd
runcmd runcmd_quieten
shell_cmd cmdoutput cmdoutput_errok
@git
git_rev_parse changedir_git_toplevel git_cat_file
git_get_ref git_get_symref git_for_each_ref
git_for_each_tag_referring is_fast_fwd
git_check_unmodified
git_reflog_action_msg git_update_ref_cmd
rm_subdir_cached read_tree_subdir
read_tree_debian read_tree_upstream
make_commit hash_commit hash_commit_text
reflog_cache_insert reflog_cache_lookup
$failmsg_prefix
$package_re $component_re $suite_re $deliberately_re
$distro_re $versiontag_re $series_filename_re
$orig_f_comp_re $orig_f_sig_re
$tarball_f_ext_re $orig_f_tail_re
$extra_orig_namepart_re
$git_null_obj
$branchprefix
$ffq_refprefix $gdrlast_refprefix
initdebug enabledebug enabledebuglevel
printdebug debugcmd
$printdebug_when_debuglevel $debugcmd_when_debuglevel
$atext_re $dot_atom_text_re $addr_spec_re $angle_addr_re
$debugprefix *debuglevel *DEBUG
shellquote printcmd messagequote
$negate_harmful_gitattrs
changedir git_slurp_config_src
gdr_ffq_prev_branchinfo
tainted_objects_message
parsecontrolfh parsecontrol parsechangelog
getfield parsechangelog_loop
playtree_setup playtree_write_gbp_conf);
# implicitly uses $main::us
%EXPORT_TAGS = ( policyflags => [qw(NOFFCHECK FRESHREPO NOCOMMITCHECK)],
playground => [qw(record_maindir $maindir $local_git_cfg
$maindir_gitdir $maindir_gitcommon
fresh_playground
ensure_a_playground)]);
@EXPORT_OK = ( @{ $EXPORT_TAGS{policyflags} },
@{ $EXPORT_TAGS{playground} } );
}
our @EXPORT_OK;
our $package_re = '[0-9a-z][-+.0-9a-z]*';
our $component_re = '[0-9a-zA-Z][-+.0-9a-zA-Z]*';
our $suite_re = '[-+.0-9a-z]+';
our $deliberately_re = "(?:TEST-)?$package_re";
our $distro_re = $component_re;
our $versiontag_re = qr{[-+.\%_0-9a-zA-Z/]+};
our $branchprefix = 'dgit';
our $series_filename_re = qr{(?:^|\.)series(?!\n)$}s;
our $extra_orig_namepart_re = qr{[-0-9a-zA-Z]+};
our $orig_f_comp_re = qr{orig(?:-$extra_orig_namepart_re)?};
our $orig_f_sig_re = '\\.(?:asc|gpg|pgp)';
our $tarball_f_ext_re = "\\.tar(?:\\.\\w+)?(?:$orig_f_sig_re)?";
our $orig_f_tail_re = "$orig_f_comp_re$tarball_f_ext_re";
our $git_null_obj = '0' x 40;
our $ffq_refprefix = 'ffq-prev';
our $gdrlast_refprefix = 'debrebase-last';
our $printdebug_when_debuglevel = 1;
our $debugcmd_when_debuglevel = 1;
# This is RFC 5322's 'atext'.
our $atext_re = qr([[:alnum:]!#$%&'*+\-/=?^_`{|}~])a;
# This is RFC 5322's 'dot-atom-text' without comments and whitespace.
our $dot_atom_text_re = qr($atext_re(?:\.|$atext_re)*)a;
# This is RFC 5322's 'addr-spec' without obsolete syntax.
our $addr_spec_re = qr($dot_atom_text_re\@$dot_atom_text_re);
# This is RFC 5322's 'angle-addr' without obsolete syntax.
our $angle_addr_re = qr(\<($addr_spec_re)\>)a;
our (@git) = qw(git);
# these three all go together, only valid after record_maindir
our $maindir;
our $maindir_gitdir;
our $maindir_gitcommon;
# policy hook exit status bits
# see dgit-repos-server head comment for documentation
# 1 is reserved in case something fails with `exit 1' and to spot
# dynamic loader, runtime, etc., failures, which report 127 or 255
sub NOFFCHECK () { return 0x2; }
sub FRESHREPO () { return 0x4; }
sub NOCOMMITCHECK () { return 0x8; }
# Set this variable (locally) at the top of an `eval { }` when
# - general code within the eval might call fail
# - these errors are nonfatal and maybe not even errors
# This replaces `dgit: error: ` at the start of the message.
our $failmsg_prefix;
our $debugprefix;
our $debuglevel = 0;
our $negate_harmful_gitattrs =
"-text -eol -crlf -ident -filter -working-tree-encoding";
# ^ when updating this, alter the regexp in dgit:is_gitattrs_setup
our $forkcheck_mainprocess;
sub forkcheck_setup () {
$forkcheck_mainprocess = $$;
}
sub forkcheck_mainprocess () {
# You must have called forkcheck_setup or setup_sigwarn already
getppid != $forkcheck_mainprocess;
}
sub setup_sigwarn () {
# $SIG{__WARN__} affects `warn` but not `-w` (`use warnings`).
# Ideally we would fatalise all warnings. However:
# 1. warnings(3perl) has a long discussion of why this is
# a bad idea due to bugs in, well, everything.
# 2. So maybe we would want to do that only when running the tests,
# 3. However, because it's a lexical keyword it's difficult to
# manipulate at runtime. We could use the caller's ^H
# via caller, but that would take effect only in the main
# program (which calls setup_sigwarn, eg dgit.git/dgit),
# and not in the modules.
# This is all swimming too much upstream.
forkcheck_setup();
$SIG{__WARN__} = sub {
confess $_[0] if forkcheck_mainprocess;
};
}
sub initdebug ($) {
($debugprefix) = @_;
open DEBUG, ">/dev/null" or confess "$!";
}
sub enabledebug () {
open DEBUG, ">&STDERR" or confess "$!";
DEBUG->autoflush(1);
$debuglevel ||= 1;
}
sub enabledebuglevel ($) {
my ($newlevel) = @_; # may be undef (eg from env var)
confess if $debuglevel;
$newlevel //= 0;
$newlevel += 0;
return unless $newlevel;
$debuglevel = $newlevel;
enabledebug();
}
sub printdebug {
# Prints a prefix, and @_, to DEBUG. @_ should normally contain
# a trailing \n.
# With no (or only empty) arguments just prints the prefix and
# leaves the caller to do more with DEBUG. The caller should make
# sure then to call printdebug with something ending in "\n" to
# get the prefix right in subsequent calls.
return unless $debuglevel >= $printdebug_when_debuglevel;
our $printdebug_noprefix;
print DEBUG $debugprefix unless $printdebug_noprefix;
pop @_ while @_ and !length $_[-1];
return unless @_;
print DEBUG @_ or confess "$!";
$printdebug_noprefix = $_[-1] !~ m{\n$};
}
sub messagequote ($) {
local ($_) = @_;
s{\\}{\\\\}g;
s{\n}{\\n}g;
s{\x08}{\\b}g;
s{\t}{\\t}g;
s{[\000-\037\177]}{ sprintf "\\x%02x", ord $& }ge;
$_;
}
sub shellquote {
# Quote an argument list for use as a fragment of shell text.
#
# Shell quoting doctrine in dgit.git:
# * perl lists are always unquoted argument lists
# * perl scalars are always individual arguments,
# or if being passed to a shell, quoted shell text.
#
# So shellquote returns a scalar.
#
# When invoking ssh-like programs, that concatenate the arguments
# with spaces and then treat the result as a shell command, we never
# use the concatenation. We pass the intended script as a single
# parameter (which is in accordance with the above doctrine).
my @out;
local $_;
defined or confess __ 'internal error' foreach @_;
foreach my $a (@_) {
$_ = $a;
if (!length || m{[^-=_./:0-9a-z]}i) {
s{['\\]}{'\\$&'}g;
push @out, "'$_'";
} else {
push @out, $_;
}
}
return join ' ', @out;
}
sub printcmd {
my $fh = shift @_;
my $intro = shift @_;
print $fh $intro." ".(shellquote @_)."\n" or confess "$!";
}
sub debugcmd {
my $extraprefix = shift @_;
printcmd(\*DEBUG,$debugprefix.$extraprefix,@_)
if $debuglevel >= $debugcmd_when_debuglevel;
}
sub dep14_version_mangle ($) {
my ($v) = @_;
# DEP-14 patch proposed 2016-11-09 "Version Mangling"
$v =~ y/~:/_%/;
$v =~ s/\.(?=\.|$|lock$)/.#/g;
return $v;
}
sub debiantag_new ($$) {
my ($v,$distro) = @_;
return "archive/$distro/".dep14_version_mangle $v;
}
sub debiantag_maintview ($$) {
my ($v,$distro) = @_;
return "$distro/".dep14_version_mangle $v;
}
sub debiantags ($$) {
my ($version,$distro) = @_;
map { $_->($version, $distro) } (\&debiantag_new, \&debiantag_maintview);
}
sub stripepoch ($) {
my ($vsn) = @_;
$vsn =~ s/^\d+\://;
return $vsn;
}
sub upstreamversion ($) {
my ($vsn) = @_;
$vsn =~ s/-[^-]+$//;
return $vsn;
}
sub source_file_leafname ($$$) {
my ($package,$vsn,$sfx) = @_;
return "${package}_".(stripepoch $vsn).$sfx
}
sub is_orig_file_of_p_v ($$$) {
my ($f, $package, $upstreamvsn) = @_;
my $base = source_file_leafname $package, $upstreamvsn, '';
return 0 unless $f =~ m/^\Q$base\E\.$orig_f_tail_re$/;
return 1;
}
sub server_branch ($) { return "$branchprefix/$_[0]"; }
sub server_ref ($) { return "refs/".server_branch($_[0]); }
sub stat_exists ($) {
my ($f) = @_;
return 1 if stat $f;
return 0 if $!==&ENOENT;
confess "stat $f: $!";
}
sub _us () {
$::us // ($0 =~ m#[^/]*$#, $&);
}
sub failmsg {
my $s = "@_";
$s =~ s/\n\n$/\n/g;
my $prefix;
my $prefixnl;
if (defined $failmsg_prefix) {
$prefixnl = '';
$prefix = $failmsg_prefix;
$s .= "\n";
} else {
$prefixnl = "\n";
$s = f_ "error: %s\n", "$s";
$prefix = _us().": ";
}
$s =~ s/^/$prefix/gm;
return $prefixnl.$s;
}
sub fail {
die failmsg @_;
}
sub ensuredir ($) {
my ($dir) = @_; # does not create parents
return if mkdir $dir;
return if $! == EEXIST;
confess "mkdir $dir: $!";
}
sub ensurepath ($$) {
my ($firsttocreate, $subdir) = @_; # creates necessary bits of $subidr
ensuredir $firsttocreate;
make_path "$firsttocreate/$subdir";
}
sub must_getcwd () {
my $d = getcwd();
defined $d or fail f_ "getcwd failed: %s\n", $!;
return $d;
}
sub executable_on_path ($) {
my ($program) = @_;
return 1 if $program =~ m{/};
my @path = split /:/, ($ENV{PATH} // "/usr/local/bin:/bin:/usr/bin");
foreach my $pe (@path) {
my $here = "$pe/$program";
return $here if stat_exists $here && -x _;
}
return undef;
}
our @signames = split / /, $Config{sig_name};
sub waitstatusmsg () {
if (!$?) {
return __ "terminated, reporting successful completion";
} elsif (!($? & 255)) {
return f_ "failed with error exit status %s", WEXITSTATUS($?);
} elsif (WIFSIGNALED($?)) {
my $signum=WTERMSIG($?);
return f_ "died due to fatal signal %s",
($signames[$signum] // "number $signum").
($? & 128 ? " (core dumped)" : ""); # POSIX(3pm) has no WCOREDUMP
} else {
return f_ "failed with unknown wait status %s", $?;
}
}
sub failedcmd_report_cmd {
my $intro = shift @_;
$intro //= __ "failed command";
{ local ($!); printcmd \*STDERR, _us().": $intro:", @_ or confess "$!"; };
}
sub failedcmd_waitstatus {
if ($? < 0) {
return f_ "failed to fork/exec: %s", $!;
} elsif ($?) {
return f_ "subprocess %s", waitstatusmsg();
} else {
return __ "subprocess produced invalid output";
}
}
sub failedcmd {
# Expects $!,$? as set by close - see below.
# To use with system(), set $?=-1 first.
#
# Actual behaviour of perl operations:
# success $!==0 $?==0 close of piped open
# program failed $!==0 $? >0 close of piped open
# syscall failure $! >0 $?=-1 close of piped open
# failure $! >0 unchanged close of something else
# success trashed $?==0 system
# program failed trashed $? >0 system
# syscall failure $! >0 unchanged system
failedcmd_report_cmd undef, @_;
fail failedcmd_waitstatus();
}
sub runcmd {
debugcmd "+",@_;
$!=0; $?=-1;
failedcmd @_ if system @_;
}
sub shell_cmd {
my ($first_shell, @cmd) = @_;
return qw(sh -ec), $first_shell.'; exec "$@"', 'x', @cmd;
}
# Runs the command in @_, but capturing its stdout and stderr.
# Prints those to our stderr only if the command fails.
sub runcmd_quieten {
debugcmd "+",@_;
$!=0; $?=-1;
my @real_cmd = shell_cmd <<'END', @_;
set +e; output=$("$@" 2>&1); rc=$?; set -e
if [ $rc = 0 ]; then exit 0; fi
printf >&2 "%s\n" "$output"
exit $rc
END
failedcmd @_ if system @real_cmd;
}
sub cmdoutput_errok {
confess Dumper(\@_)." ?" if grep { !defined } @_;
local $printdebug_when_debuglevel = $debugcmd_when_debuglevel;
debugcmd "|",@_;
open P, "-|", @_ or confess "$_[0] $!";
my $d;
$!=0; $?=0;
{ local $/ = undef; $d =
; }
confess "$!" if P->error;
if (!close P) { printdebug "=>!$?\n"; return undef; }
chomp $d;
if ($debuglevel > 0) {
$d =~ m/^.*/;
my $dd = $&;
my $more = (length $' ? '...' : ''); #');
$dd =~ s{[^\n -~]|\\}{ sprintf "\\x%02x", ord $& }ge;
printdebug "=> \`$dd'",$more,"\n";
}
return $d;
}
sub cmdoutput {
my $d = cmdoutput_errok @_;
defined $d or failedcmd @_;
return $d;
}
sub link_ltarget ($$) {
my ($old,$new) = @_;
lstat $old or return undef;
if (-l _) {
$old = cmdoutput qw(realpath --), $old;
}
my $r = link $old, $new;
$r = symlink $old, $new if !$r && $!==EXDEV;
$r or fail "(sym)link $old $new: $!\n";
}
sub rename_link_xf ($$$) {
# renames/moves or links/copies $src to $dst,
# even if $dst is on a different fs
# (May use the filename "$dst.tmp".);
# On success, returns true.
# On failure, returns false and sets
# $@ to a reason message
# $! to an errno value, or -1 if not known
# having possibly printed something about mv to stderr.
# Not safe to use without $keeporig if $dst might be a symlink
# to $src, as it might delete $src leaving $dst invalid.
my ($keeporig,$src,$dst) = @_;
if ($keeporig
? link $src, $dst
: rename $src, $dst) {
return 1;
}
if ($! != EXDEV) {
$@ = "$!";
return 0;
}
if (!stat $src) {
$@ = f_ "stat source file: %S", $!;
return 0;
}
my @src_stat = (stat _)[0..1];
my @dst_stat;
if (stat $dst) {
@dst_stat = (stat _)[0..1];
} elsif ($! == ENOENT) {
} else {
$@ = f_ "stat destination file: %S", $!;
return 0;
}
if ("@src_stat" eq "@dst_stat") {
# (Symlinks to) the same file. No need for a copy but
# we may need to delete the original.
printdebug "rename_link_xf $keeporig $src $dst EXDEV but same\n";
} else {
$!=0; $?=0;
my @cmd = (qw(cp --), $src, "$dst.tmp");
debugcmd '+',@cmd;
if (system @cmd) {
failedcmd_report_cmd undef, @cmd;
$@ = failedcmd_waitstatus();
$! = -1;
return 0;
}
if (!rename "$dst.tmp", $dst) {
$@ = f_ "finally install file after cp: %S", $!;
return 0;
}
}
if (!$keeporig) {
if (!unlink $src) {
$@ = f_ "delete old file after cp: %S", $!;
return 0;
}
}
return 1;
}
sub hashfile ($) {
my ($fn) = @_;
my $h = Digest::SHA->new(256);
$h->addfile($fn);
return $h->hexdigest();
}
sub git_rev_parse ($;$) {
my ($ref, $cmd_map) = @_;
$cmd_map //= sub { @_; };
return cmdoutput $cmd_map->(qw(git rev-parse), "$ref~0");
}
sub changedir_git_toplevel () {
my $toplevel = cmdoutput qw(git rev-parse --show-toplevel);
length $toplevel or fail __ < ($type, $data) or ('missing', undef)
# in scalar context, just the data
# if $etype defined, dies unless type is $etype or in @$etype
our ($gcf_pid, $gcf_i, $gcf_o);
local $printdebug_when_debuglevel = $debugcmd_when_debuglevel;
my $chk = sub {
my ($gtype, $data) = @_;
if ($etype) {
$etype = [$etype] unless ref $etype;
confess "$objname expected @$etype but is $gtype"
unless grep { $gtype eq $_ } @$etype;
}
return ($gtype, $data);
};
if (!$gcf_pid) {
my @cmd = qw(git cat-file --batch);
debugcmd "GCF|", @cmd;
$gcf_pid = open2 $gcf_o, $gcf_i, @cmd or confess "$!";
}
printdebug "GCF>| $objname\n";
print $gcf_i $objname, "\n" or confess "$!";
my $x = <$gcf_o>;
printdebug "GCF<| ", $x;
if ($x =~ m/ (missing)$/) { return $chk->($1, undef); }
my ($type, $size) = $x =~ m/^.* (\w+) (\d+)\n/ or confess "$objname ?";
my $data;
(read $gcf_o, $data, $size) == $size or confess "$objname $!";
$x = <$gcf_o>;
$x eq "\n" or confess "$objname ($_) $!";
return $chk->($type, $data);
}
sub git_get_symref (;$) {
my ($symref) = @_; $symref //= 'HEAD';
# => undef if not a symref, otherwise refs/...
my @cmd = (qw(git symbolic-ref -q HEAD));
my $branch = cmdoutput_errok @cmd;
if (!defined $branch) {
$?==256 or failedcmd @cmd;
} else {
chomp $branch;
}
return $branch;
}
sub git_for_each_ref ($$;$) {
my ($pattern,$func,$gitdir) = @_;
# calls $func->($objid,$objtype,$fullrefname,$reftail);
# $reftail is RHS of ref after refs/[^/]+/
# breaks if $pattern matches any ref `refs/blah' where blah has no `/'
# $pattern may be an array ref to mean multiple patterns
$pattern = [ $pattern ] unless ref $pattern;
my @cmd = (qw(git for-each-ref), @$pattern);
if (defined $gitdir) {
@cmd = ('sh','-ec','cd "$1"; shift; exec "$@"','x', $gitdir, @cmd);
}
open GFER, "-|", @cmd or confess "$!";
debugcmd "|", @cmd;
while () {
chomp or confess "$_ ?";
printdebug "|> ", $_, "\n";
m#^(\w+)\s+(\w+)\s+(refs/[^/]+/(\S+))$# or confess "$_ ?";
$func->($1,$2,$3,$4);
}
$!=0; $?=0; close GFER or confess "$pattern $? $!";
}
sub git_get_ref ($) {
# => '' if no such ref
my ($refname) = @_;
local $_ = $refname;
s{^refs/}{[r]efs/} or confess "$refname $_ ?";
return cmdoutput qw(git for-each-ref --format=%(objectname)), $_;
}
sub git_for_each_tag_referring ($$) {
my ($objreferring, $func) = @_;
# calls $func->($tagobjid,$refobjid,$fullrefname,$tagname);
printdebug "git_for_each_tag_referring ",
($objreferring // 'UNDEF'),"\n";
git_for_each_ref('refs/tags', sub {
my ($tagobjid,$objtype,$fullrefname,$tagname) = @_;
return unless $objtype eq 'tag';
my $refobjid = git_rev_parse $tagobjid;
return unless
!defined $objreferring # caller wants them all
or $tagobjid eq $objreferring
or $refobjid eq $objreferring;
$func->($tagobjid,$refobjid,$fullrefname,$tagname);
});
}
sub git_check_unmodified () {
foreach my $cached (qw(0 1)) {
my @cmd = qw(git diff --quiet);
push @cmd, qw(--cached) if $cached;
push @cmd, qw(HEAD);
debugcmd "+",@cmd;
$!=0; $?=-1; system @cmd;
return if !$?;
if ($?==256) {
fail
$cached
? __ "git index contains changes (does not match HEAD)"
: __ "working tree is dirty (does not match HEAD)";
} else {
failedcmd @cmd;
}
}
}
sub upstream_commitish_search ($$) {
my ($upstream_version, $tried) = @_;
# todo: at some point maybe use git-deborig to do this
my @found;
foreach my $tagpfx ('', 'v', 'upstream/') {
my $tag = $tagpfx.(dep14_version_mangle $upstream_version);
my $new_upstream = git_get_ref "refs/tags/$tag";
push @$tried, $tag;
push @found, [ $tag, $new_upstream ] if $new_upstream;
}
return @{ $found[0] } if @found == 1;
return ();
}
sub resolve_upstream_version ($$) {
my ($new_upstream, $upstream_version) = @_;
my $used = $new_upstream;
my $message = __ 'using specified upstream commitish';
if (!defined $new_upstream) {
my @tried;
($used, $new_upstream) =
upstream_commitish_search $upstream_version, \@tried;
if (!length $new_upstream) {
fail f_
"Could not determine appropriate upstream commitish.\n".
" (Tried these tags: %s)\n".
" Check version, and specify upstream commitish explicitly.",
"@tried";
}
$message = f_ 'using upstream from git tag %s', $used;
} elsif ($new_upstream =~ m{^refs/tags/($versiontag_re)$}s) {
$message = f_ 'using upstream from git tag %s', $1;
$used = $1;
}
$new_upstream = git_rev_parse $new_upstream;
return ($new_upstream, $used, $message);
# used is a human-readable idea of what we found
}
sub is_fast_fwd ($$) {
my ($ancestor,$child) = @_;
my @cmd = (qw(git merge-base), $ancestor, $child);
my $mb = cmdoutput_errok @cmd;
if (defined $mb) {
return git_rev_parse($mb) eq git_rev_parse($ancestor);
} else {
$?==256 or failedcmd @cmd;
return 0;
}
}
sub git_reflog_action_msg ($) {
my ($msg) = @_;
my $rla = $ENV{GIT_REFLOG_ACTION};
$msg = "$rla: $msg" if length $rla;
return $msg;
}
sub git_update_ref_cmd {
# returns qw(git update-ref), qw(-m), @_
# except that message may be modified to honour GIT_REFLOG_ACTION
my $msg = shift @_;
$msg = git_reflog_action_msg $msg;
return qw(git update-ref -m), $msg, @_;
}
sub rm_subdir_cached ($) {
my ($subdir) = @_;
runcmd qw(git rm --quiet -rf --cached --ignore-unmatch), $subdir;
}
sub read_tree_subdir ($$) {
my ($subdir, $new_tree_object) = @_;
# If $new_tree_object is '', the subtree is deleted.
confess unless defined $new_tree_object;
rm_subdir_cached $subdir;
runcmd qw(git read-tree), "--prefix=$subdir/", $new_tree_object
if length $new_tree_object;
}
sub read_tree_debian ($) {
my ($treeish) = @_;
read_tree_subdir 'debian', "$treeish:debian";
rm_subdir_cached 'debian/patches';
}
sub read_tree_upstream ($;$$) {
my ($treeish, $keep_patches, $tree_with_debian) = @_;
# if $tree_with_debian is supplied, will use that for debian/
# otherwise will save and restore it. If $tree_with_debian
# is '' then debian/ is deleted.
my $debian =
defined $tree_with_debian ? "$tree_with_debian:debian"
: cmdoutput qw(git write-tree --prefix=debian/);
runcmd qw(git read-tree), $treeish;
read_tree_subdir 'debian', $debian;
rm_subdir_cached 'debian/patches' unless $keep_patches;
}
sub changedir ($) {
my ($newdir) = @_;
printdebug "CD $newdir\n";
chdir $newdir or confess "chdir: $newdir: $!";
}
sub rmdir_r ($) {
my ($dir) = @_;
# Removes the whole subtree $dir (which need not exist), or dies.
#
# We used to use File::Path::remove_tree (via ::rmtree) but its
# error handling and chmod behaviour is very complex and confusing.
# For example:
# - It chdirs, and then tries to chdir back.
# With our $SIG{__WARN__} setting to die, this can, in combination
# with eval, cause execution to continue in an unexpected cwd!
# - Without the `safe` option it chmods things. We never want that.
# - *With* the `safe` option it appears to silently skip things
# it would want to chdir.
# - The error handling with the errors option is rather janky.
# Don't fork/exec rm if we don't have to.
return unless stat_exists $dir;
# We don't use runcmd because we want to capture errors from rmdir
# in $@ so that if we eval a rmdir_r, the right things happen.
# even cmdoutput_errok is too cooked.
my @cmd = (qw(rm -rf --), $dir);
debugcmd '+', @cmd;
my $child = open P, "-|" // confess $!;
if (!$child) {
open STDERR, ">& STDOUT" or die $!;
exec @cmd or die "exec $cmd[0]: $!";
}
$!=0; $?=0;
my $errs;
{ local $/ = undef; $errs = ; }
confess "$!" if P->error;
return if close P && !stat_exists $dir;
chomp $errs;
$errs =~ s{\n}{; }g;
$errs ||= 'no error messages';
die f_ "failed to remove directory tree %s: rm -rf: %s; %s\n",
$dir, waitstatusmsg, $errs;
}
sub git_slurp_config_src ($) {
my ($src) = @_;
# returns $r such that $r->{KEY}[] = VALUE
my @cmd = (qw(git config -z --get-regexp), "--$src", qw(.*));
debugcmd "|",@cmd;
local ($debuglevel) = $debuglevel-2;
local $/="\0";
my $r = { };
open GITS, "-|", @cmd or confess "$!";
while () {
chomp or confess;
printdebug "=> ", (messagequote $_), "\n";
m/\n/ or confess "$_ ?";
push @{ $r->{$`} }, $'; #';
}
$!=0; $?=0;
close GITS
or ($!==0 && $?==256)
or failedcmd @cmd;
return $r;
}
sub gdr_ffq_prev_branchinfo ($) {
my ($symref) = @_;
# => ('status', "message", [$symref, $ffq_prev, $gdrlast])
# 'status' may be
# branch message is undef
# weird-symref } no $symref,
# notbranch } no $ffq_prev
return ('detached', __ 'detached HEAD') unless defined $symref;
return ('weird-symref', __ 'HEAD symref is not to refs/')
unless $symref =~ m{^refs/};
my $ffq_prev = "refs/$ffq_refprefix/$'";
my $gdrlast = "refs/$gdrlast_refprefix/$'";
printdebug "ffq_prev_branchinfo branch current $symref\n";
return ('branch', undef, $symref, $ffq_prev, $gdrlast);
}
sub parsecontrolfh ($$;$) {
my ($fh, $desc, $allowsigned) = @_;
our $dpkgcontrolhash_noissigned;
my $c;
for (;;) {
my %opts = ('name' => $desc);
$opts{allow_pgp}= $allowsigned || !$dpkgcontrolhash_noissigned;
$c = Dpkg::Control::Hash->new(%opts);
$c->parse($fh,$desc) or fail f_ "parsing of %s failed", $desc;
last if $allowsigned;
last if $dpkgcontrolhash_noissigned;
my $issigned= $c->get_option('is_pgp_signed');
if (!defined $issigned) {
$dpkgcontrolhash_noissigned= 1;
seek $fh, 0,0 or confess "seek $desc: $!";
} elsif ($issigned) {
fail f_
"control file %s is (already) PGP-signed. ".
" Note that dgit push needs to modify the .dsc and then".
" do the signature itself",
$desc;
} else {
last;
}
}
return $c;
}
sub parsecontrol {
my ($file, $desc, $allowsigned) = @_;
my $fh = new IO::Handle;
open $fh, '<', $file or fail f_ "open %s (%s): %s", $file, $desc, $!;
my $c = parsecontrolfh($fh,$desc,$allowsigned);
$fh->error and confess "$!";
close $fh;
return $c;
}
sub parsechangelog {
# parsechangelog @dpkg_changelog_args
# parsechangelog \&cmd_map, @dpkg_changelog_args
my $c = Dpkg::Control::Hash->new(name => 'parsed changelog');
my $p = new IO::Handle;
my $cmd_map = sub { @_; };
$cmd_map = shift @_ if ref $_[0];
my @cmd = $cmd_map->(qw(dpkg-parsechangelog), @_);
open $p, '-|', @cmd or confess "$!";
$c->parse($p);
$?=0; $!=0; close $p or failedcmd @cmd;
return $c;
}
sub getfield ($$) {
my ($dctrl,$field) = @_;
my $v = $dctrl->{$field};
return $v if defined $v;
fail f_ "missing field %s in %s", $field, $dctrl->get_option('name');
}
sub parsechangelog_loop ($$$) {
my ($clogcmd, $descbase, $fn) = @_;
# @$clogcmd is qw(dpkg-parsechangelog ...some...options...)
# calls $fn->($thisstanza, $desc);
debugcmd "|",@$clogcmd;
open CLOGS, "-|", @$clogcmd or confess "$!";
for (;;) {
my $stanzatext = do { local $/=""; ; };
printdebug "clogp stanza ".Dumper($stanzatext) if $debuglevel>1;
last if !defined $stanzatext;
my $desc = "$descbase, entry no.$.";
open my $stanzafh, "<", \$stanzatext or confess;
my $thisstanza = parsecontrolfh $stanzafh, $desc, 1;
$fn->($thisstanza, $desc);
}
confess "$!" if CLOGS->error;
close CLOGS or $?==SIGPIPE or failedcmd @$clogcmd;
}
sub make_commit ($$) {
my ($parents, $message_paras) = @_;
my $tree = cmdoutput qw(git write-tree);
my @cmd = (qw(git commit-tree), $tree);
push @cmd, qw(-p), $_ foreach @$parents;
push @cmd, qw(-m), $_ foreach @$message_paras;
return cmdoutput @cmd;
}
sub hash_commit ($) {
my ($file) = @_;
return cmdoutput qw(git hash-object -w -t commit), $file;
}
sub hash_commit_text ($) {
my ($text) = @_;
my ($out, $in);
my @cmd = (qw(git hash-object -w -t commit --stdin));
debugcmd "|",@cmd;
print Dumper($text) if $debuglevel > 1;
my $child = open2($out, $in, @cmd) or confess "$!";
my $h;
eval {
print $in $text or confess "$!";
close $in or confess "$!";
$h = <$out>;
$h =~ m/^\w+$/ or confess;
$h = $&;
printdebug "=> $h\n";
};
close $out;
waitpid $child, 0 == $child or confess "$child $!";
$? and failedcmd @cmd;
return $h;
}
sub reflog_cache_insert ($$$) {
my ($ref, $cachekey, $value) = @_;
# you must call this in $maindir
# you must have called record_maindir
# When we no longer need to support squeeze, use --create-reflog
# instead of this:
my $parent = $ref; $parent =~ s{/[^/]+$}{};
ensurepath "$maindir_gitcommon/logs", "$parent";
my $makelogfh = new IO::File "$maindir_gitcommon/logs/$ref", '>>'
or confess "$!";
my $oldcache = git_get_ref $ref;
if ($oldcache eq $value) {
my $tree = cmdoutput qw(git rev-parse), "$value:";
# git update-ref doesn't always update, in this case. *sigh*
my $authline = (ucfirst _us()).
' <'._us().'@example.com> 1000000000 +0000';
my $dummy = hash_commit_text <(no reflog)\n";
finish 0;
}
exec @cmd; die f_ "exec %s: %s\n", $cmd[0], $!;
}
while () {
chomp;
printdebug ">| ", $_, "\n" if $debuglevel > 1;
next unless m/^(\w+) (\S.*\S)$/ && $2 eq $cachekey;
close GC;
return $1;
}
confess "$!" if GC->error;
failedcmd unless close GC;
return undef;
}
sub tainted_objects_message ($$$) {
my ($ti, $override_status, $hinted_dedup) = @_;
# $override_status:
# undef, not overriddeable
# '', not overridden
# $deliberately, overridden
my $msg = '';
my $timeshow = defined $ti->{time}
? strftime("%Y-%m-%d %H:%M:%S Z", gmtime $ti->{time})
: "";
my $infoshow = length $timeshow && length $ti->{package} ?
f_ "Taint recorded at time %s for package %s", $timeshow, $ti->{package},
: length $timeshow && !length $ti->{package} ?
f_ "Taint recorded at time %s for any package", $timeshow,
: !length $timeshow && length $ti->{package} ?
f_ "Taint recorded for package %s", $ti->{package},
: !length $timeshow && !length $ti->{package} ?
__ "Taint recorded for any package"
: confess;
$msg .= <{gitobjtype} $ti->{gitobjid}
$infoshow
Reason: $ti->{comment}
END
$msg .=
!defined $override_status ? __ <{hint};
if (defined $hint and !$hinted_dedup->{$hint}++) {
$msg .= $hint;
}
return $msg;
}
# ========== playground handling ==========
# terminology:
#
# $maindir user's git working tree
# playground area in .git/ where we can make files, unpack, etc. etc.
# playtree git working tree sharing object store with the user's
# inside playground, or identical to it
#
# other globals
#
# $local_git_cfg hash of arrays of values: git config from $maindir
#
# expected calling pattern
#
# firstly
#
# [record_maindir]
# must be run in directory containing .git
# assigns to $maindir if not already set
# also calls git_slurp_config_src to record git config
# in $local_git_cfg, unless it's already set
#
# fresh_playground SUBDIR_PATH_COMPONENTS
# e.g fresh_playground 'dgit/unpack' ('.git/' is implied)
# default SUBDIR_PATH_COMPONENTS is playground_subdir
# calls record_maindir
# sets up a new playground (destroying any old one)
# returns playground pathname
# caller may call multiple times with different subdir paths
# creating different playgrounds
#
# ensure_a_playground SUBDIR_PATH_COMPONENTS
# like fresh_playground except:
# merely ensures the directory exists; does not delete an existing one
#
# then can use
#
# changedir playground
# changedir $maindir
#
# playtree_setup
# # ^ call in some (perhaps trivial) subdir of playground
#
# rmdir_r playground
# ----- maindir -----
our $local_git_cfg;
sub record_maindir () {
if (!defined $maindir) {
$maindir = must_getcwd();
if (!stat "$maindir/.git") {
fail f_ "cannot stat %s/.git: %s", $maindir, $!;
}
if (-d _) {
# we fall back to this in case we have a pre-worktree
# git, which may not know git rev-parse --git-common-dir
$maindir_gitdir = "$maindir/.git";
$maindir_gitcommon = "$maindir/.git";
} else {
$maindir_gitdir = cmdoutput qw(git rev-parse --git-dir);
$maindir_gitcommon = cmdoutput qw(git rev-parse --git-common-dir);
}
}
$local_git_cfg //= git_slurp_config_src 'local';
}
# ----- playgrounds -----
sub ensure_a_playground_parent ($) {
my ($spc) = @_;
record_maindir();
$spc = "$maindir_gitdir/$spc";
my $parent = dirname $spc;
mkdir $parent or $!==EEXIST or fail f_
"failed to mkdir playground parent %s: %s", $parent, $!;
return $spc;
}
sub ensure_a_playground ($) {
my ($spc) = @_;
$spc = ensure_a_playground_parent $spc;
mkdir $spc or $!==EEXIST or fail f_
"failed to mkdir a playground %s: %s", $spc, $!;
return $spc;
}
sub fresh_playground ($) {
my ($spc) = @_;
$spc = ensure_a_playground_parent $spc;
rmdir_r $spc;
mkdir $spc or fail f_
"failed to mkdir the playground %s: %s", $spc, $!;
return $spc;
}
# ----- playtrees -----
sub playtree_setup () {
# for use in the playtree
# $maindir must be set, eg by calling record_maindir or fresh_playground
# this is confusing: we have
# . playtree, not a worktree, has .git/, our cwd
# $maindir might be a worktree so
# $maindir_gitdir contains our main working "dgit", HEAD, etc.
# $maindir_gitcommon the shared stuff, including .objects
# we need to invoke git-playtree-setup via git because
# there may be config options it needs which are only available
# to us, sensibly, in @git
# And, we look for it in @INC too. This is a bit perverse.
# We do this because in the Debian packages we want to have
# a copy of this script in each binary package, rather than
# making yet another .deb or tangling the dependencies.
# @INC is conveniently available.
my $newpath = join ':', +(grep { !m/:/ } @INC),
'/usr/share/dgit', $ENV{PATH};
runcmd qw(env), "PATH=$newpath", @git, qw(playtree-setup .);
ensuredir '.git/info';
open GA, "> .git/info/attributes" or confess "$!";
print GA "* $negate_harmful_gitattrs\n" or confess "$!";
close GA or confess "$!";
playtree_write_gbp_conf();
}
sub playtree_write_gbp_conf (;$) {
my ($ignore_new) = @_;
$ignore_new //= 'false';
open GC, "> .git/gbp.conf" or confess "$!";
print GC <<"END" or confess $!;
[pq]
ignore-new = $ignore_new
END
close GC or confess "$!";
}
1;
work/HACKING 0000664 0000000 0000000 00000006521 15007402510 007715 0 ustar Here are some hints and tips or working on src:dgit
===================================================
Program and source code layout
------------------------------
Most stuff is in the toplevel.
Debian/ contains Perl modules, notably Debian/Dgit.pm.
That module contains much shared code and is used by every package.
The test suite is very useful for ad-hoc work, so see "Tests" below.
Coding style
------------
I like to use perl "poetry mode" where ( ) are often elided.
This is often nice and terse but there is a gotcha. This
some_function ($a + 2), $b, $c
is wrong, because the ( ) are treated as function call ( )
for some_function. When this is a risk, you have to write:
some_function +($a + 2), $b, $c
Keep the line length to 75 at most please.
i18n
----
In the Perl code we use these functions:
here: meaning: like, in C:
__ translate this message _ aka gettext
f_ this is a sprintf string to be translated sprintf(_ ...
i_ mark for translation but do not translate here gettext_noop
See the info node `(gettext) Sources' for the complete semantics.
The shell scripts are not translated right now.
Running ad-hoc
--------------
You can run everything right out of the git tree, for ad hoc testing,,
like this (supposing your dgit tree is in things/Dgit/dgit):
~/things/Dgit/dgit/using-these dgit --some-option blah blah
using-these will set PATH and PERLLIB so that programs and modules
come from its own directory (obtained from $0).
Tests, running and use for hacking
----------------------------------
The test cases are in bash and are in tests/tests/*. They all use
shell libraries tests/lib*.
You can install all test suite dependencies like this:
sudo apt-get install $(tests/enumerate-tests dep-packages)
You can run it formally with autopkgtest, but you normally want to run
tests in one of these two ways [1]:
tests/using-intree tests/tests/ 2>&1 |tee ../log
tests/run-all [tests/tests/]
These will leave their working stuff in ./tests/tmp/.
The test suite is often a nice way to set up situations for ad-hoc
testing. You can add "xxx" in the middle of one of the test cases to
get it to crash at the right point. Have an absolute cd like
cd ~/things/Dgit/dgit/tests/tmp/
in your shell history, because each time you run the test it will
blow that directory away again.
There are many env vars settings like
DGIT_TEST_DEBUG= DGIT_TEST_DEBUG=-DDD
DGIT_TEST_DEBPUSH_DEBUG= DGIT_TEST_DEBPUSH_DEBUG=x
which can be used to control the level of debug output from
individual programs run by the test suite.
Editing/adding tests
--------------------
Things in tests/setup/ generate canned starting points. You can run
them by hand, but when they are imported by other tests they are not
automatically regenerated by default. So if you are editing one of
those, git-clean is your friend.
debian/tests/control is autogenerated by a rule in debia/rules. If
making actual releases, you must rerun that.
[1] The test suite and libraries, when run without any special
environment variables, expect to be run via DEP-8 (autopkgtest) - so
they want an to everything out of PATH and /usr. But there are also
arrangements to honour environment variables set by using-intree.
work/Makefile 0000664 0000000 0000000 00000013220 15007402510 010360 0 ustar # dgit
# Integration between git and Debian-style archives
#
# Copyright (C)2013-2018 Ian Jackson
# Copyright (C)2019,2024 Sean Whitton
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
INSTALL=install
INSTALL_DIR=$(INSTALL) -d
INSTALL_PROGRAM=$(INSTALL) -m 755
INSTALL_DATA=$(INSTALL) -m 644
prefix?=/usr/local
bindir=$(prefix)/bin
mandir=$(prefix)/share/man
perldir=$(prefix)/share/perl5
man1dir=$(mandir)/man1
man5dir=$(mandir)/man5
man7dir=$(mandir)/man7
infraexamplesdir=$(prefix)/share/doc/dgit-infrastructure/examples
infradebiandir=$(prefix)/share/dgit-infrastructure/debian
txtdocdir=$(prefix)/share/doc/dgit
absurddir=$(prefix)/share/dgit/absurd
PROGRAMS=dgit git-playtree-setup mini-git-tag-fsck
MAN1PAGES=dgit.1
MAN7PAGES=dgit.7 \
dgit-user.7 dgit-nmu-simple.7 \
dgit-maint-native.7 \
dgit-maint-merge.7 dgit-maint-gbp.7 \
dgit-maint-debrebase.7 \
dgit-downstream-dsc.7 \
dgit-sponsorship.7 \
dgit-maint-bpo.7
TXTDOCS=README.dsc-import
PERLMODULES= \
Debian/Dgit.pm \
Debian/Dgit/ExitStatus.pm \
Debian/Dgit/I18n.pm \
Debian/Dgit/ProtoConn.pm
ABSURDITIES=git
GDR_PROGRAMS=git-debrebase
GDR_PERLMODULES= \
Debian/Dgit.pm \
Debian/Dgit/GDR.pm \
Debian/Dgit/ExitStatus.pm \
Debian/Dgit/I18n.pm
GDR_MAN1PAGES=git-debrebase.1
GDR_MAN5PAGES=git-debrebase.5
GDP_PROGRAMS=git-debpush
GDP_MAN1PAGES=git-debpush.1
GDP_MAN5PAGES=tag2upload.5
INFRA_PROGRAMS=dgit-repos-server dgit-ssh-dispatch dgit-mirror-ssh-wrap \
dgit-repos-policy-debian dgit-repos-admin-debian \
dgit-repos-policy-trusting dgit-mirror-rsync \
tag2upload-oracled
INFRA_EXAMPLES=get-dm-txt ssh-wrap drs-cron-wrap get-suites
INFRA_DEBIAN=get-dm-txt tag2upload-builder-rebuild \
tag2upload-oracle-crontab tag2upload-builder-crontab
INFRA_PERLMODULES= \
Debian/Dgit.pm \
Debian/Dgit/Infra.pm \
Debian/Dgit/Policy/Debian.pm \
Debian/Dgit/ProtoConn.pm
MANPAGES=$(MAN1PAGES) $(MAN5PAGES) $(MAN7PAGES) \
$(GDR_MAN1PAGES) $(GDR_MAN5PAGES) \
$(GDP_MAN1PAGES) $(GDP_MAN5PAGES)
all: $(MANPAGES) $(addprefix substituted/,$(PROGRAMS))
substituted/%: %
mkdir -p substituted
perl -pe 's{\bundef\b}{'\''$(absurddir)'\''} if m/###substituted###/' \
<$< >$@
install: installdirs all
$(INSTALL_PROGRAM) $(addprefix substituted/,$(PROGRAMS)) \
$(DESTDIR)$(bindir)
$(INSTALL_PROGRAM) $(addprefix absurd/,$(ABSURDITIES)) \
$(DESTDIR)$(absurddir)
$(INSTALL_DATA) $(MAN1PAGES) $(DESTDIR)$(man1dir)
$(INSTALL_DATA) $(MAN7PAGES) $(DESTDIR)$(man7dir)
$(INSTALL_DATA) $(TXTDOCS) $(DESTDIR)$(txtdocdir)
set -e; for m in $(PERLMODULES); do \
$(INSTALL_DATA) $$m $(DESTDIR)$(perldir)/$${m%/*}; \
done
installdirs:
$(INSTALL_DIR) $(DESTDIR)$(bindir) \
$(DESTDIR)$(man1dir) $(DESTDIR)$(man5dir) \
$(DESTDIR)$(man7dir) \
$(DESTDIR)$(txtdocdir) $(DESTDIR)$(absurddir) \
$(addprefix $(DESTDIR)$(perldir)/, $(dir $(PERLMODULES)))
install-gdp: installdirs-gdp
$(INSTALL_PROGRAM) $(GDP_PROGRAMS) $(DESTDIR)$(bindir)
$(INSTALL_DATA) $(GDP_MAN1PAGES) $(DESTDIR)$(man1dir)
$(INSTALL_DATA) $(GDP_MAN5PAGES) $(DESTDIR)$(man5dir)
install-gdr: installdirs-gdr
$(INSTALL_PROGRAM) $(GDR_PROGRAMS) $(DESTDIR)$(bindir)
$(INSTALL_DATA) $(GDR_MAN1PAGES) $(DESTDIR)$(man1dir)
$(INSTALL_DATA) $(GDR_MAN5PAGES) $(DESTDIR)$(man5dir)
set -e; for m in $(GDR_PERLMODULES); do \
$(INSTALL_DATA) $$m $(DESTDIR)$(perldir)/$${m%/*}; \
done
install-infra: installdirs-infra
$(INSTALL_PROGRAM) $(addprefix infra/, $(INFRA_PROGRAMS)) \
$(DESTDIR)$(bindir)
$(INSTALL_PROGRAM) $(addprefix infra/, $(INFRA_EXAMPLES)) \
$(DESTDIR)$(infraexamplesdir)
$(INSTALL_PROGRAM) $(addprefix infra/, $(INFRA_DEBIAN)) \
$(DESTDIR)$(infradebiandir)
set -e; for m in $(INFRA_PERLMODULES); do \
$(INSTALL_DATA) $$m $(DESTDIR)$(perldir)/$${m%/*}; \
done
installdirs-gdp:
$(INSTALL_DIR) $(DESTDIR)$(bindir) \
$(DESTDIR)$(man1dir) $(DESTDIR)$(man5dir)
installdirs-gdr:
$(INSTALL_DIR) $(DESTDIR)$(bindir) \
$(DESTDIR)$(man1dir) $(DESTDIR)$(man5dir) \
$(addprefix $(DESTDIR)$(perldir)/, $(dir $(GDR_PERLMODULES)))
installdirs-infra:
$(INSTALL_DIR) $(DESTDIR)$(bindir) \
$(DESTDIR)$(infraexamplesdir) $(DESTDIR)$(infradebiandir) \
$(addprefix $(DESTDIR)$(perldir)/, $(dir $(INFRA_PERLMODULES)))
list-manpages:
@echo $(MANPAGES)
i18n i18n-update:
$(MAKE) -C po update
$(MAKE) -C po4a update
i18n-commit:
set -e; x=$$(git status --porcelain); set -x; test "x$$x" = x
$(MAKE) i18n-update
git commit -a -m 'i18n-commit - autogenerated'
check installcheck:
clean distclean mostlyclean maintainer-clean:
rm -rf tests/tmp substituted
set -e; for m in $(MANPAGES); do \
test -e $$m.pod && rm -f $$m; \
done
dgit%: dgit%.pod
m=$@; pod2man --section=$${m##*.} --date="Debian Project" \
--center="dgit" --name=$${m%.*} \
$^ $@
git-debrebase.%: git-debrebase.%.pod
pod2man --section=$* --date="Debian Project" --center="git-debrebase" \
--name=$(subst .$*,,$@) \
$^ $@
git-debpush.1: git-debpush.1.pod
pod2man --section=1 --date="Debian Project" --center="git-debpush" \
--name git-debpush \
$^ $@
tag2upload.5: tag2upload.5.pod
pod2man --section=5 --date="Debian Project" --center="tag2upload" \
--name tag2upload \
$^ $@
%.view: %
man -l $*
work/NOTES.dgit-downstream-dsc.7.pod 0000664 0000000 0000000 00000004722 15007402510 014346 0 ustar NOTE This text was once going to be part of dgit-downstream-dsc(7) or
dgit-downstream-dsc(5). It probably wants to be reworked, and
maybe put there, to fix
#810829 want instructions for reprepro-style small repo
This guide is to help you if:
* you are a distro which is a downstream of Debian (directly
or indirectly)
* you want to publish source packages as well as git branches
You will also need:
* A git server. [...]
There are various options for the git server, depending on how much
you trust your uploaders. There are four levels of trust and
sophistication:
shell account
For use when uploaders have shell accounts on the server and you
trust them completely. You then do not need to install any special
software on the server.
dgit-repos-server
Your uploaders do not (necessarily) have shell accounts.
You will need to collect their ssh keys and also their PGP
signing keys. You can restrict uploads on a per-package
per-key basis by using the Debian `dm.txt' format.
dgit-repos-server + policy hook
You want to impose additional policy. For example, Debian's
copyright review process means that uploads of new packages are
initially not public: dgit-repos-policy-debian is an example.
custom implementation
From the dgit client's point of view, the dgit git server is a git
server accessed by ssh (when pushing) or https (when fetching).
You may use anything that has the right properties for your needs.
dgit primarily authenticates pushes by signing tags, so your
software will probably need to check and verify that tag
appropriately before accepting a push. dgit-repos-server knows how
to do this properly.
Set up your git server, as follows:
shell account
Make a suitable (sub)directory. You should create a _template.git
bare repo, with appropriate permissions. When new packages are
uploaded, this _template.git will be copied. You will probably
want to set core.sharedRepository in the template, and/or arrange
for personal groups and 002 umask.
dgit-repos-server
Additionally, install dgit-infrastructure. Create a service
account `dgit' on the server. For each authorised uploader, put
their ssh key in dgit's authorized_keys file, with a
restricted_command specifying the dgit-repos-server invocation.
Put the keyring where dgit-repos-server can find it.
Consult the comment at the top of dgit-repos-server for the
restricted command rune.
work/NOTES.git-debrebase 0000664 0000000 0000000 00000010337 15007402510 012235 0 ustar # problems / outstanding questions:
#
# * new-upstream has an awkward UI for multiple upstream pieces.
# You end up with giant runic command lines. Does this matter /
# One consequence of the lack of richness it can need -f in
# fairly sensible situations.
#
# * There should be a good convention for the version number,
# and unfinalised or not changelog, after new-upstream.
#
# * Handing of multi-orig dgit new-upstream .dsc imports is known to
# be broken. They may be not recognised, improperly converted, or
# their conversion may be unrecognised.
#
# * We need to develop a plausible model that works for derivatives,
# who probably want to maintain their stack on top of Debian's.
# downstream-rebase-launder-v0 may be a starting point?
# maybe the hypothetical git-ffqrebase is part of it too.
# undocumented usages:
#
# git-debrebase [] downstream-rebase-launder-v0 # experimental
========================================
Theory for ffq-prev
refs/ffq-prev/REF relates to refs/REF
When we strip a pm, we need to maybe record it (or something) as the
new start point.
When we do a thing
with no recorded ffq-prev
ffq-prev is our current tip
obviously it is safe to say we will overwrite this
we do check whether there are not-included changes in the remotes
because if the new ffq-prev is not ff from the remotes
the later pushes will fail
this model tends to keep ad-hoc commits made on our
tip branch before we did rebase start, in the
`interchange view' and also in the rebase stack.
also we can explicitly preserve with
git-debrebase stitch
It is always safe to rewind ffq-prev: all
that does is overwrite _less_ stuff.
in any case putative ffq-prev must be ff from remote.
Otherwise when we push it will not be ff, even though we have
made pseudomerge to overwrite ffq-prev. So if we spot
this, report an error. see above
with a recorded ffq-prev
we may need to advance ffq-prev, to allow us to generate
future pseudomerges that will be pushable
advancing ffq-prev is dangerous, since it might
effectively cancel the commits that will-ovewrite is advanced
over.
??? advance it to merge-base( current remote, current tip )
if possible (see above), - ie to current remote, subject
to the condition that that is an ancestor of current tip
currently this is not implemented
better maybe to detect divergence ? but it is rather late
by then!
We check we are ff from remotes before recording new ffq-prev
========================================
how to handle divergence and merges (if not detected soon enough)
same problem
if merge, look at branches before merge
generate new combined branch
pseudomerge to overwrite merge
current available strategies:
maybe launder foreign branch
if foreign branch is nmuish, can rebase it onto ours
could merge breakwaters (use analyse to find them)
merge breakwaters (assuming same upstream)
manually construct new patch queue by inspection of
the other two patch queues
instead of manually constructing patch queue, could use
gbp pq export and git merge the patch queues
(ie work with interdiffs)
if upstreams are different and one is ahead
simply treat that as "ours" and
do the work to import changes from the other
if upstreams have diverged, can
resolve somehow to make new upstream
do new-upstream on each branch separately
now reduced to previously "solved" problem
in future, auto patch queue merge algorithm
determine next patch to apply
there are three versions o..O, l..L, r..R
we have already constructed m (previous patch or merged breakwater)
try using vector calculus in the implied cube and compute
multiple ways to check consistency ?
========================================
For downstreams of Debian, sketch of git-ffqrebase
# git-ffqrebase start [BASE]
# # records previous HEAD so it can be overwritten
# # records base for future git-ffqrebase
# git-ffqrebase set-base BASE
# git-ffqrebase
# git-ffqrebase finish
# git-ffqrebase status [BRANCH]
work/NOTES.podchecker 0000664 0000000 0000000 00000002141 15007402510 011641 0 ustar todo: maybe we wanted to run podchecker but it complains about a lot
of things for which we don't have good alternatives. Eg:
*** WARNING: (section) in 'dgit-maint-debrebase(7)' deprecated at line 17 in file ../git-debrebase.1.pod
But this is not actually described as deprecated and how else to
write a manpage cross-reference ? Maybe this warning applies
only to perl's own manpages.
*** WARNING: 2 unescaped <> in paragraph at line 30 in file ../git-debrebase.1.pod
I have a habit of writing things like
git-debrebase [-- ]
which is obviously unescaped < but the E<> syntax would be awful
*** WARNING: No items in =over (at line 31) / =back list at line 42 in file ../dgit-user.7.pod
*** WARNING: No argument for =item at line 553 in file ../git-debrebase.1.pod
pod doesn't offer a better answer, and these render well
*** ERROR: unresolved internal link 'dgit-maint-*(7)' at line 22 in file ../dgit-user.7.pod
This is obviously needed.
At the time of writing it does not seem to detect anything which
generates bad rendering. So for now I will not run it.
work/README.dsc-import 0000664 0000000 0000000 00000010665 15007402510 011672 0 ustar We would like to: represent the input tarballs as a commit each (which
all get merged together as if by git merge -s subtree), and for quilt
packages, each patch as a commit. But w want to avoid (as much as
possible) reimplementing the package extraction algorithm in
dpkg-source.
dpkg-source does not currently provide interfaces that look like they
are intended for what dgit wants to do. And dgit wants to work with
old versions of dpkg, so I have implemented the following algorithm
rather than wait for such interfaces added (even supposing that a sane
interface could be designed, which is doubtful):
* dgit will untar each input tarball.
This will be done by scanning the .dsc for things whose names look
like (compressed) tarballs, and using the interfaces provided by
Dpkg::Compression to get at the tarball.
Each input tarball unpack will be done separately, and will be
followed by git add and git write-tree, to obtain a git tree object
corresponding to the tarball contents.
That tree object will be made into a commit object with no parents.
(The package changelog will be searched for the earliest version
with the right upstream version component, and the information found
there used for the commit object's metadata.)
* For `3.0 (quilt), dgit will run
dpkg-source -x --skip-patches
git plumbing will be used to make the result into a tree and a
commit. The commit will have as parents all the tarballs previously
mentioned. The main orig tarball will be the leftmost parent and
the debian tarball the rightmost parent. The metadata will come
from the .dsc and/or the final changelog entry.
dgit will then dpkg-source --before-build and record the resulting
tree, too.
Then, dgit will switch back to the patches-unapplied version and use
`gbp pq import' (in the private working area) to turn the
patches-unapplied tree into a patches-applied one.
Finally dgit will check that the gbp pq generated patches-applied
version has the same git tree object as the one generated by
dpkg-source --before-build.
* For source formats other than `3.0 (quilt)', dgit will do simply
dpkg-source -x.
Again, it will make that into a tree and a commit.
* For source formats with only single file entry in the .dsc, the
(one) tarball is not imported separately (since its tree object
would be the same as the extracted object), and the commit of the
dpkg-source -x output has no parents.
* As currently, there will be a final no-change-to-the-tree
pseudomerge commit which stitches the package into the relevant dgit
suite branch. (By `pseudomerge' we mean something that looks as if
it was made with git merge -s ours.)
* As currently, dgit will take steps so that none of the git trees
discussed above contain a .pc directory.
This has the following properties:
* Each input tarball is represented by a different commit; in usual
cases these commits will be the same for every upload of the same
upstream version.
* For `3.0 (quilt)' each patch's changes to the upstream files appears
as a single git commit (as is the effect of the debian tarball);
also, there is a commit object whose tree is just the debian/
directory, which might well be the same as certain debian-only git
workflow trees.
* For `1.0' non-native, the effect of the diff is represented as a
commit. So eg `git blame' will show synthetic commits corresponding
to the correct parts of the input source package.
* It is possible to `git cherry-pick' etc. commits representing `3.0
(quilt)' patches. It is even possible fish out the patch stack as
git branch and rebase it elsewhere etc., since the patch stack is
represented as a contiguous series of commits which make only the
relevant upstream changes.
* Every orig tarball in the source package is decompressed twice, but
disk space for only one extra copy of its unpacked contents is
needed. (The converse would be possible in principle but would be
very hard to arrange with the current interfaces provided by the
various tools.)
* No back doors into the innards of dpkg-source (nor changes to
dpkg-dev) are required.
* dgit does grow a dependency on git-buildpackage.
* Knowledge of the source format embedded in dgit is is restricted to
some relatively straightforward processing of filenames found in
.dsc files.
* dgit now depends on dpkg-source -x --skip-patches followed by
dpkg-source --before-build being the same as dpkg-source -x
(for `3.0 (quilt)').
work/README.md 0000664 0000000 0000000 00000002451 15007402510 010203 0 ustar dgit & git-debrebase
====================
* `dgit` - git integration with the Debian archive
* `git-debrebase` - delta queue rebase tool for Debian packaging
These tools are independent and can be used separately, but they work
well together, and they share a source package and a test suite.
dgit
----
dgit allows you to treat the Debian archive as if it were a git
repository. Conversely, it allows Debian to publish the source of its
packages as git branches, in a format which is directly usable by
ordinary people.
Documentation: https://manpages.debian.org/testing/dgit
git-debrebase
-------------
git-debrebase is a tool for representing in git, and manpulating,
Debian packages based on upstream source code.
Documentation: https://manpages.debian.org/testing/git-debrebase
Contributing
------------
The source is maintained in git (of course). The principal git
branch can be found at either of these locations:
* https://salsa.debian.org/dgit-team/dgit
* https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/dgit.git/
Merge requests on Salsa are welcome; as are code contributions via the
Debian Bug Tracking System. If you encounter a bug, please report it
via the Debian BTS.
The package is marked up for message and document translation.
See po/README which has Notes for Translators.
work/TAG2UPLOAD-DESIGN.txt 0000664 0000000 0000000 00000030702 15007402510 012036 0 ustar TAG-TO-UPLOAD - DEBIAN - SERVICE DESIGN / DEPLOYMENT PLAN
=========================================================
Overall structure and dataflow
------------------------------
* Uploader (DD or DM) makes signed git tag (containing metadata
forming instructions to tag2upload service)
* Uploader pushes said tag to salsa. [1]
* salsa sends webhook to tag2upload service.
* tag2upload service
: provides an HTTPS service accessible to salsa
: fishes url and tag name out of webhook json
: checks to see if the tag is at all relevant
: retrieves tag data (git shallow clone)
! verifies signature on the tag
! parses the tag metadata
! checks that salsa repo url is basically sane
! checks to see if signed by DD, or DM for appropriate package
- obtains relevant git history
- obtains, if applicable, orig tarball from archive
- makes source package
# signs source package and "canonical view" git tag
- pushes history and both tags to dgit-repos git server
- uploads source package to archive
! reports activities by email
: shows status of package building to enquirers via www
* archive publishes package as normal
[1] In principle other git servers would be possible but it would have
to be restricted to ones where we can either avoid, or stop, them
being used as a channel for a DoS attack against the tag2upload
service.
Privsep
-------
The tag2upload service will have to have a signing key that can upload
source packages to the archive.
We do not want that signing key to be abused. In particular, even
though it will be in a hardware token we want to avoid giving
unrestricted access to use that key, to code which itself has a large
attack surface. In particular, source package construction is very
complex.
So there will be a privilege separation arrangement, as described
above. Different tasks run in a different security context:
: runs on the Manager, which is web-accessible and
not trusted very much
! is fully trusted and has access to the signing key
- runs in the discardable VM or container, controlled by `!'
# is achieved by the `dgit rpush' protocol, where the trusted
(invoking, signing) part offers a restricted signing oracle to
the less-trusted (building) part.
The signing oracle will check that the files to be signed are
roughly in the right form and that they name the right source
package. It will construct the "canonical view" git tag itself
from metadata provided by the building part.
The signing oracle has the information from the now-verified git
tag (since it operating in the context of a particular request)
and will only sign for the same source package and version.
Service architecture
--------------------
I propose the following architecture for the tag2upload service.
There are three systems involved:
I. Manager (`:`)
Hardly trusted.
* Database (sqlite) containing queue, and historical data.
* Conventional webserver offering TLS and using Let's Encrypt.
* Manager daemon.
Manager daemon has the following tasks:
* Web-service-style "application server" written in some scripting
language listens on a local TCP port, handles HTTP connections
proxied by the webserver.
* Receives webbook requests.
Checks that the calling IP address is salsa.
Parses the JSON. Checks tag name to see if it seems of interest.
If so, fetches the actual tag data (git shallow clone)
and sees if it looks plausible, and if so, stores it in the db.
If an Oracle client is waiting, feeds it the tag and url.
* Server for very simple protocol, used by Oracle to obtain work to do.
Accessed via ssh with restricted key (`ssh ... nc`).
* Manager daemon web service also offers basic query API
and web pages showing recent activity, for human tracking.
(To all comers.)
II. Oracle (`!`)
Trusted to use the signing key. (Key itself is in a hardware token.)
Not exposed to source package contents. Not exposed to the web.
Not exposed via the git protocol, not even as a client.
* Uses ssh to connect to manager's simple Oracle protocol port.
Manager sends Oracle the signed tag, and repository URL.
* Sends an email saying what it is about to process.
(We do this in the Oracle so that less-trusted components
don't get to hide their misbheaviours by not sending reports.)
* Checks that the tag is signed by someone in the keyring
(and that it uses a good enough hash function).
(Oracle has a copy of the keyrings and dm allow list.)
* Parses the tag to find the metadata including
source package name, target suite, and version.
Checks that the signer is authorised for this package.
* Checks that the source repository URL is basically sane.
(But does not access it - the Builder does that, below.)
* Arranges that the Builder is reset (see below).
* ssh's to the Builder to have the builder fetch the git data.
* Runs dgit rpush, specifying the package, version and
target suite on the command line. Target host is the Builder.
(We use the existing dgit rpush signing oracle protocol, except extended
to include the new SOURCE_VERSION.git.tar.xz described below.)
* Sends an email saying what it did.
* Reports the outcome success/failure and a summary line
to the Manager via the still-open manager protocol connection.
III. Builder (`-`)
Does the actual source package conversion.
Largely trusts the Oracle.
Trusted as to source package contents, but not otherwise.
Oracle can reset this. So it is a VM or a chroot.
We propose to use the same schroot configuration as for a buildd,
subject to consultation with DSA as to the best approach.
* On instructions from the Oracle (via incoming ssh):
- Fetches the git objects for the maintainer's tag from Salsa.
- Fetches the git objects for the existing canonical view
from the dgit-repos git server.
- Fetches necessary origs from the archive.
- Converts the git history to the canonical form (treesame to
the source package) by adding necessary synthetic commits.
- Builds the source package
- Uses the rpush protocol to obtain signed git tag
(on the canonical git form)
and signed .dsc and .changes.
- Pushes the git objects to the dgit-repos server.
- Uploads the .dsc and .changes to the archive.
* Packet filter limiting outgoing connections to salsa,
dgit-repos, and the Debian archive,
Incoming connections come only from the Oracle.
Reproducibility, metadata and auditing
--------------------------------------
The trusted part of the tag2upload service will keep some logs,
particularly of each tag it is told about and what the disposition of
that was, and when it was retried.
Also, it will send the following information to a public mailing list:
- The tag object data for any tag it decides to process,
before it passes it to the VM.
- A report (more or less, a shell transcript)
of each processing attempt
- The list will also be the public email address of the
tag2upload robot's signing key
The generated .dscs will contain additional fields
Git-Tag-Tagger: Firstname Surname
"tagger" line from the git tag converted to deb822 format
Git-Tag-Info: tag= fp=
is the git object ID of the tag object
(if someone wants to obtain referenced git objects,
they can be found on the dgit-repos git server)
is the "fingerprint_in_hex" from the VALIDSIG line
in the gpgv output.
This additional metadata is needed to be able to tell by looking at
the .dsc who the original uploader was (which might be different to
the maintainer, in the sponsorship case). (Programs which use the
uploader signature identity will send mails to the mailing list
mentioned above, until they have been updated. This is not desirable
but not a blocker for deployment.)
The generated .changes will contain copies of the two .dsc fields
above.
The upload will contain a .source_buildinfo. This will list the
versions of the software running in the Builder, which is primarily what
controls the generated .dsc.
The versions of dgit-infrastructure and git running in the trusted
part are also relevant because the trusted part assembles outgoing
tagger lines etc. and interprets the incoming git tag; however, in our
deployment we intend to maintain them in sync, and anyway our ad-hoc
reproduction tooling will not be able to arrange for them to be
different. So the outside-VM version information will not be
included.
Eventually there could be a mode for sbuild (related to
binary build reproduction), or a suitable script, which can verify a
reproduction attempt. For now the src:dgit test suite will check that
the upload is reproducible if run again in the same environment.
SOURCE_VERSION.git.tar.xz
=========================
The .changes will also contain a file SOURCE_VERSION.git.tar.xz which is
a compressed git repository with the following properties:
* It has the ref debian/VERSION, the maintainer's signed tag.
* It is sufficient on its own to (re)produce the canonical git view.
It is jointly sufficient, together with the orig.tar, to (re)produce
the source package.
(When the upload including the .git.tar.xz does not contain the
full source, this means the orig.tar that's already in the archive.)
* These reproductions are up to equality of file names and contents
-- timestamps of files may differ.
* It is usually shallow, for performance and storage space reasons.
* It may be a bare repository; or, it might be that no branch is
checked out.
This .git.tar.xz is for the purpose of third-party auditing of what
tag2upload did. There will be a Python script in dgit.git, called
mini-git-tag-fsck, which will take the .git.tar.xz as input, and produce
two forms of auditing output:
* It extracts the maintainer's signed tag and deconstructs it into two
files, the tag text, and the detached signature.
* It prints to standard output a list of all files in the tagged
commit, with their git checksums (their object IDs).
It does this by walking the Merkle tree whose head is the
debian/VERSION signed tag object, re-checksumming as it goes.
mini-git-tag-fsck has the following other properties:
* It does not verify the signature on the tag.
That is left to the caller.
* Given that the signature on the tag *is* valid, then all of the
script's own output is (transitively, via SHA1CD hashing) covered by
that signature, and so the output faithfully represents the intent of
the person who signed the tag.
* It does not invoke git, or anything from libgit2, or any other
external code of comparable complexity.
* It is designed to process only tag2upload's .git.tar.xz repositories;
it cannot process arbitrary git repositories.
Although the .git.tar.xz contains a bona fide git repository,
special arrangements are made regarding packfiles versus loose
objects to facilitate mini-git-tag-fsck's being able to process it
without invoking git/libgit2/etc..
mini-git-tag-fsck will also have a mode to generate the .git.tar.xz.
This will be invoked by the tag2upload service as part of preparing the
upload. (This mode will need to call out to git/libgit2/etc..)
Emails
------
Emails are sent to:
1. The username associated with the signing key
2. The tagger (email address from the git tag object)
3. A public mailing list selected (or created) for the purpose
1 and 2 will often be the same.
This provides feedback to the person making the signature.
The person preparing (rather than, maybe, sponsoring) the upload
(Changed-By in .changes) will be notified by the archive software.
The email report will contain at least:
* The target distro, package, suite and version
* The URL from which the git objectx were downloadeed
* Whether the operation succeeded, and error messages if it didn't.
Email is sent by the Oracle feeding a file to
`ssh smarthost sendmail -t` not by implementing SMTP,
to reduce the attack surface.
DoS
---
This service is not very resistant to DoS attacks. In particular,
sending it bad URLs might stall it (since it has to retry failing
URLs).
So we (i) do not expose it to anyone but salsa and (ii) limit it to
trying to fetch salsa urls.
Making very many tags on salsa would stress this tag2upload service a
bit but not fatally, and it would be a DoS against salsa too.
After signature verification, we are much more vulnerable to DoS. An
approved signer can get the service to do a lot of work. That is the
purpose of the service, indeed.
work/TAG2UPLOAD-FAQ.md 0000664 0000000 0000000 00000026116 15007402510 011261 0 ustar # tag2upload Frequently Asked Questions
* [What is tag2upload anyway and how does it work? ](#what-is-tag2upload-anyway-and-how-does-it-work-)
* [How much effort will I have to put in to adopt tag2upload?](#how-much-effort-will-i-have-to-put-in-to-adopt-tag2upload)
* [Which git workflows does tag2upload support? And which not?](#which-git-workflows-does-tag2upload-support--and-which-not)
* [What is the relationship between tag2upload & dgit?](#what-is-the-relationship-between-tag2upload--dgit)
* [Why are we having a GR? Have other avenues been exhausted?](#why-are-we-having-a-gr--have-other-avenues-been-exhausted)
* [How about including sha256 checksums of the source package contents in the git tag?](#how-about-including-sha256-checksums-of-the-source-package-contents-in-the-git-tag)
* [How does access control work? What about Debian Maintainer (DM) uploads?](#how-does-access-control-work--what-about-debian-maintainer-dm-uploads)
* [Aren't you demanding that ftpmaster volunteers do work they disagree with?](#arent-you-demanding-that-ftpmaster-volunteers-do-work-they-disagree-with)
* [I'm not happy voting on an unimplemented design proposal](#im-not-happy-voting-on-an-unimplemented-design-proposal)
## What is tag2upload anyway and how does it work?
As the GR says, tag2upload will make it possible to upload a package to
Debian, by signing and pushing a simple git tag.
The tag contains a tiny amount of human-readable metadata, which
instructs a robot, running on Debian Project infrastructure, to build
and upload a source package.
Most of tag2upload is already implemented and tested. We just need
some code to invoke the machinery, and then we can deploy it.
The full design document is here:
Ian gave a talk on tag2upload at the 2023 Cambridge Minidebconf:
There's a helpful diagram on the last page of the slides:
## How much effort will I have to put in to adopt tag2upload?
If your existing workflow is based on upstream git, then very little.
Let's suppose you are using git-buildpackage. You prepare and test
your upload as normal. When you are ready to tag, dput and push to
salsa, you instead just type `git debpush`. That's it.
The only other thing is that the first time will require `git debpush
--gbp` to record that you're using git-buildpackage and not, say,
git-dpm. Thereafter `git debpush` alone will work, for all uploaders.
git-debpush is deliberately very simple. It is a hundred times
simpler than both dgit and git-buildpackage. It isn't likely to fail
in ways that aren't easy to understand for anyone experienced with
uploading directly to ftp-master.
The tag format is simple enough that you can create and push tags
manually, using plain `git tag` and `git push`: refer to the
specification in .
## Which git workflows does tag2upload support? And which not?
* git-buildpackage workflows and patches-applied workflows all work.
* Workflows where only `debian/` is committed to the repository mostly work.
* Native packages work.
* The main exceptions are packages in team monorepos, and packages with
very large assets that can't be checked into git. These are not
supported yet.
tag2upload really shines in a fully-git-based workflow, where you do
all of your Debian work in git, in a git branch which is based on
upstream's signed git tags -- and ignore any upstream tarballs.
One of tag2upload's design principles is that git and the source
package must be equivalent. So if you use upstream *tarballs* as the
base for your work (and as the `.orig`), there must be a
commit/tag/branch in your repository that contains the full upstream
release, including anything which upstream includes in their tarball
releases but doesn't commit to their own VCS repository, such as
autotools output. Your packaging branch must be based off this full
upstream release (except for the "bare debian/ directory" workflow).
gbp-importorig can be used to create this tarball import.
## What is the relationship between tag2upload & dgit?
dgit is relevant to the server-side implementation, but you do not
need dgit installed, or to learn dgit, to use `git debpush`. From an
uploader's perspective, dgit is a server-side implementation detail.
* dgit is the most mature tool that exists for converting arbitrary
git trees to Debian source packages. So tag2upload calls out to
dgit for that purpose.
* tag2upload is developed in dgit.git because they are tested using
the same test suite.
* tag2upload pushes to dgit.debian.org because that git archive has
the desired append-only properties, and there's no reason to set up
a separate git hosting service for t2u.
* The git tag metadata reuses syntax developed for dgit.
## Why are we having a GR? Have other avenues been exhausted?
tag2upload was originally designed, and mostly implemented, four years
ago in 2019. ftpmaster declined to allow the deployment of
tag2upload, and some ftpmaster delegates requested major design
changes that we felt would defeat the point.
Since then we have been quietly seeking help behind the scenes, with
multiple DPLs and other prominent members of the project who might've
been able to successfully mediate. Unfortunately these efforts did
not lead to resolution of the impasse.
The specific changes requested were:
* The tag2upload server should perform only certain trivial git->dsc
conversions.
But this would mean that tag2upload wouldn't work for most Git
workflows Debian package maintainers actually use, including very
common git-buildpackage workflows.
* The tag2upload client should locally compute some sort of tree hash
over the included files, and include it in the Git tag.
But this would mean that tag2upload requires running
Debian-specific tools over the Git tree before uploading, which
defeats a core design goal of tag2upload.
These points are discussed in more detail in the next section.
On debian-vote this June, we had another extensive discussion with
ftpmaster delegates, and it reached exactly the same conclusion as the
discussion in 2019.
(Constitutionally, as this is a delegate override, only a GR is
appropriate, not the TC.)
## How about including sha256 checksums of the source package contents in the git tag?
This is intended to allow dak to establish a chain of trust from a
signature by the uploader to the *contents* of the .dsc. Our
understanding of ftpmaster's position is that, with this change,
tag2upload would be acceptable to them. However, this approach
eliminates much of the point of tag2upload:
With our design, the git tag for an upload is *just* a git tag,
containing a small amount of simple metadata. You can see an example
(from a talk demo), here:
With the proposed modification, this is no longer true. Making that
list of the sha256sums is very complicated. Doing so requires
building the source package (or something very like it) locally, on
the tagger's system.
This is a problem because in the general case, reliably producing
source packages from git is complex, depends on the git workflow in
use, and is highly Debian-specific. The point of tag2upload is to
move the git-to-dsc conversion from the maintainer's laptop to a
central system, which is more convenient, traceable, reliable, and
secure.
If we adopted this suggestion:
* git-debpush would have to be much, much more complicated -- as
complicated as dgit -- and opaque.
* Only git-debpush would be able to generate the tag. But we want it
to be possible for other software to generate it.
* The conversion from git to source package might still be influenced
by bugs and anomalies on the uploader's system.
**So, this is the core of the disagreement.** With this modification,
it's no longer "just tag to upload" -- and we feel it's no longer
worthwhile.
Further reading:
* Sven Mueller summarised it well, here:
(start reading at "In essence:").
* Russ Allbery wrote a more detailed explanation of objections to the
suggestion:
* Ian Jackson described in detail some cases which show why reliably
producing source packages from git is so complex:
## How does access control work? What about Debian Maintainer (DM) uploads?
tag2upload implements the same access control policy as the Debian
Archive, based on the keyrings and `dm.txt`. So tag2upload is usable
precisely by uploading Debian Members (uploading DDs), and by Debian
Maintainers (DMs) for their authorised packages.
The access control on the tag2upload server is a reimplementation. As
a future avenue of development, we would like to include a copy of the
maintainer's signed git tag along with the rest of the upload.
We can't do this already because it would cause dak to reject the
upload. We hope dak will be modified to accept this additional file,
and then to use it to redo tag2upload's authentication and
authorisation checks on the original signed tag. This modification is
a good idea, but not required for deployment.
## Aren't you demanding that ftpmaster volunteers do work they disagree with?
No.
We hope this GR will decide that archive.debian.org should extend
enough trust to the tag2upload server for the system to work. Once
that's decided, then there are deployment strategies that do not
involve *any* work by ftpmaster.
The natural deployment strategy would be for ftpmaster to add a new
keyring that allows uploading only source packages, similar to how
there is a keyring for the binary buildds which allows uploading only
binary packages. So that would be a small amount of work for
ftpmaster.
But, instead, the tag2upload server's signing key could be certified
as a subkey by an existing key which is already authorised for
uploads. Or the tag2upload robot could be enrolled in the Debian
keyring as a pseudo-DD. These deployment strategies aren't as good as
first-class support in dak, but they are OK.
Of course there *are* security improvements, which could be made
before or after deployment, which would involve work by both ftpmaster
and the tag2upload team. We would encourage and cooperate with such
improvements, but they are not essential.
## I'm not happy voting on an unimplemented design proposal
The core of tag2upload -- the automated tag handler and source package
constructor -- is implemented and tested. You may have seen it
demo'd, for example in Ian's 2023 Cambridge Minidebconf talk.
The bulk of the remaining implementation work is just the surrounding
framework, which we will work on in detail after discussion with DSA.
It doesn't make sense for us and DSA to do all this work if the
resulting system won't be actually enabled.
work/TAG2UPLOAD-MANAGER-PROTOCOL.md 0000664 0000000 0000000 00000013150 15007402510 013155 0 ustar # Protocol between the tag2upload Manager and the Oracle.
## Initiation and lifecycle
The Oracle initiates the connection.
The transport is `ssh manager nc`:
ie, the Manager will be listening on a local socket.
(There will be an ssh restricted command.)
In principle,
the Oracle might make multiple connections,
if it has multiple worker processes.
In that case, each worker has one connection.
The ssh connection will use "protocol keepalives",
so that the Manager will (eventually) detect a failure.
## Protocol
### Basic principles; notation
The protocol is line-based.
Lines are terminated by newlines.
Extraneous whitespace is a protocol violation.
We see things from the Oracle's point of view.
`<` is from Manager to Oracle.
### Initial exchange
```
$ ssh manager nc -U /srv/socket
< t2u-manager-ready
> t2u-oracle-version 4
> worker-id WORKER-ID FIDELITY
```
If there are multiple protocol versions,
the Oracle gets to choose its preferred one.
This document describes version `4`.
In `3` and earlier, `PUTATIVE-PACKAGE` is omitted from the `job` message.
In `2` and earlier, `FIDELITY` is omitted from the `worker-id` message.
(The protocol version could be on the command line,
but that entangles it with the ssh restricted command.)
The WORKER-ID must consist of ASCII alphanumerics,
commas, hyphens, and dots, and must start with an alphanumeric.
It is used by the manager for reporting,
including in public-facing status reports.
If the Oracle manages multiple Builders,
it should make multiple connections to the Oracle,
one for each Builder.
(The `worker-id` message is mandatory.)
`FIDELITY` is one of the fixed strings `testing` or `production`,
according to the Oracle's self-determination of its own status.
The Manager will not give out jobs to to a non-`production` Oracle,
unless it explicitly so instructed by its administrator.
### Readiness
The Oracle should then wait, indefinitely,
for a job to be available.
During this time,
the Manager will periodically poll the Oracle for readiness:
```
< ayt
> ack
```
This allows the Manager to detect a dead Oracle connection.
Before responding with `ack`, the Oracle should attempt to discover
any reasons why the processing of a source package is bound to fail.
In particular, ideally, the Oracle would check that:
* it can contact its Builder;
* the build environment (the autopkgtest testbed) is `open`;
* the build environment is accessible (commands can be run in it);
* the signing key it intends to use is available.
The Oracle need not check anything visible to the Manager.
For example, the Oracle need not check availability of dgit-reposs,
the ftpmaster upload queue, or input git repository servers (eg salsa).
### Job
```
< job JOB-ID PUTATIVE-PACKAGE URL
< data-block NBYTES
< [NBYTES bytes of data for the tag (no newline)]
< data-end
```
JOB-ID is the "job id" assigned by the Manager,
and displayed in the Manager's reporting web pages etc.
The Oracle should use it only for reporting.
It has the same syntax as BUILDER-ID.
PUTATIVE-PACKAGE is the source package name.
It is derived from the Manager's parse of the tag data,
so should be used for reporting only.
The Oracle must reparse the tag for itself after verifying the signature.
URL is the git URL for the repository where the tag exists.
It is guaranteed to consist of ASCII graphic characters.
The NBYTES of data are precisely the git tag object,
as output by `git cat-file tag`.
This protocol is identical to the `dgit rpush` file transfer protocol,
except that the Manager guarantees to put the whole tag
in one data block.
(So there will be only one `data-block`.)
After receiving a job, the Oracle must produce an outcome.
If it doesn't, the job (perhaps, that package version)
is irrecoverable.
### Outcome
```
> message MESSAGE
> uploaded
```
or
```
> message MESSAGE
> irrecoverable
```
MESSAGE is UTF-8 text, possibly containing whitespace,
up to the newline.
The manager will log it,
and display it publicly in its status reports.
### Conclusion
After sending the outcome,
the Oracle should either close the connection,
or retain it and wait for further jobs.
### Protocol violations, reporting
Either side may send this message, at any time
(except in the middle of data blocks)
if it considers that its peer has violated the protocol:
```
> protocol-violation MESSAGE
< protocol-violation MESSAGE
```
The complaining side should then close the connection.
The complained-at side should report the error somewhere,
and will ideally display it in user-facing output
such as status web pages or emails.
It should also then close the connection.
The complaining side that sends `protocol-violation`
should *also* report or log the error as appropriate.
### Connection failures - handling by Oracle
If the connection is dropped,
or a connection attempt is unsuccessful,
the Oracle should retry with a delay.
### Connection failures - handling by Manager
If the connection fails (or the protocol is violated)
after `job` and before the outcome,
the job is treated as irrecoverable.
To Manager always does an `ayt` check
immediately before issuing a job,
to minimise the opportunity for jobs to be lost
simply because of a broken connection.
(The rest of the time the Manager doesn't care about connection failure.)
### Error recovery and retrying jobs
In this version of the protocol there is no way to retry a failed job.
For example, if the Builder is unable to clone the repo,
the tag is irrecoverable and a new version number must be used.
If this turns out to be annoying in practice,
we should have the Oracle ask the Manager for confirmation
just before it first makes a signature,
as that is the point of no return.
work/absurd/ 0000775 0000000 0000000 00000000000 15007402510 010202 5 ustar work/absurd/git 0000775 0000000 0000000 00000005314 15007402510 010716 0 ustar #!/bin/sh
set -e
case "$DGIT_ABSURD_DEBUG" in
''|0) exec 3>/dev/null ;;
1) exec 3>>../../gbp-pq-output ;;
*) exec 3>>../../gbp-pq-output 2>&3 ;;
esac
exec 4>>../../absurd-apply-warnings
log () {
echo >&3 "DGIT ABSURD GIT APPLY (DEBUG) $*"
echo >&2 "DGIT ABSURD GIT APPLY (STDERR) $*"
}
fail () {
log "FAILED: $*"
exit 127
}
self=${0%/*}
npath=${PATH#$self:}
if test "x$PATH" = "x$npath"; then
fail "PATH FILTER FAIL ($0 $self $PATH)"
fi
filter_path () {
PATH=$npath
}
squash_author () {
author_vars='NAME EMAIL DATE'
for var in in $author_vars; do
eval "GIT_AUTHOR_$var=\$GIT_COMMITTER_$var"
done
}
try_commit () { git commit-tree "$try_commit_obj" /dev/null; }
maybe_squash_author () {
if (set -e; filter_path; try_commit); then return; fi
if ! (set -e; filter_path; squash_author; try_commit); then return; fi
read last <../../absurd-apply-applied
echo >&4 \
"dgit: warning: suppressed corrupted metadata! ($last)"
squash_author
}
bypass=true
for arg in "$@"; do
case "$arg" in
apply) bypass=false; break ;;
commit-tree)
# Work around #950446 in gbp
echo >&3 "DGIT ABSURD GIT APPLY - COMMIT-TREE: $*"
try_commit_obj="$2"
maybe_squash_author
bypass=true; break
;;
-*) ;;
*) bypass=true; break ;;
esac
done
if $bypass; then
filter_path
echo >&3 "DGIT ABSURD GIT APPLY - BYPASS: $*"
exec git "$@"
fi
log "NO BYPASS: $*"
case "$DGIT_ABSURD_DEBUG" in
''|0|1) ;;
*) set -x ;;
esac
#exec >/dev/tty 2>&1
index=0
noo=0
for arg in "$@"; do
case "$noo.$arg" in
1.--index)
index=1
continue
;;
1.--whitespace=fix)
continue
;;
?.-*)
fail "UNKNOWN OPTION $arg ($*)"
;;
0.apply)
;;
1.*) patch="$arg"
;;
*)
fail "BAD USAGE $arg ($noo $*)"
esac
noo=$(( $noo + 1 ))
done
if [ $noo != 2 ]; then
fail "NO PATCH ($*)"
fi
pwd=`pwd`
patch=${patch#$pwd/debian/patches/}
rm -f debian/patches/series
# Work around #848611.
# We need a stunt filename which the source package must not
# contain. A trick is to use the commit hash of HEAD, whose
# hash value cannot appear in any file in its own tree.
omgwtf="dgit-omg-wtf-$(git rev-parse HEAD)"
cat <debian/patches/$omgwtf
---
--- a/$omgwtf 2016-10-31 23:28:47.314155919 +0000
+++ b/$omgwtf 2016-12-18 22:40:01.870058270 +0000
@@ -0,0 +1 @@
+:
END
printf "%s\n" "$omgwtf" >debian/patches/series
printf "%s\n" "$patch" >>debian/patches/series
# Just in case some joker tries to patch .git/something
mv .git ../.git
set +e
dpkg-source --before-build .
rc=$?
set -e
rm -rf .git
mv ../.git .
test $rc = 0
rm -f $omgwtf debian/patches/$omgwtf
rm -rf .pc
git checkout debian/patches/series
git add -Af .
log "APPLIED $patch"
printf >../../absurd-apply-applied '%s\n' "$patch"
#printf 'APPLIED '; date --iso-8601=ns
work/debian/ 0000775 0000000 0000000 00000000000 15007402510 010144 5 ustar work/debian/changelog 0000664 0000000 0000000 00000443114 15007402510 012025 0 ustar dgit (12.12) unstable; urgency=medium
Bugfixes:
* git-debrebase: Use add -f for d/p/series in merge resolution
Closes: #1101958. [Report from Sean Whitton]
* Honour debian-nonupload keyring as a DM keyring. Will enable
"non-uploading" DDs who have DM permissions to dgit push, and
use tag2upload. Closes:1102202.
Process metadata [Sean Whitton]:
* dgit-infrastructure package description:
Say "git depository" as per delegation.
* Set Maintainer to role address, with humans in Uploaders.
* Set a GitLab issue template.
Documentation:
* git-debrebase(1): fix xref to git-debrebase(5). [Tony Finch]
* i18n: Updated nl translations for dgit-user(7) and messages.
Closes: #1103908, #1103910. [Frans Spiesschaert]
tag2upload internals:
* tag2upload-oracled: Add function prototypes. [Sean Whitton]
-- Ian Jackson Fri, 09 May 2025 14:38:16 +0100
dgit (12.11) unstable; urgency=high
dgit, dgit-repos-server, Dgit.pm [Ian Jackson]:
* Install countermeasures for 'rm -r' failure (see #1101580).
* Replace File::Path::rmtree with a subroutine of our own.
tag2upload-oracled [Ian Jackson]:
* Fix worker PID tracking, and rigorously avoid sending wild signals.
Closes: #1101690.
* Do not ignore SIGCHLD.
* Quit if the link count of the workercwd becomes zero.
Test suite:
* autopkgtest-virt-null-for-test: Avoid 'mkdir -p'.
Don't recreate the whole test's $tmp directory from here. [Ian Jackson]
* autopkgtest-virt-null-for-test: Always set TMPDIR.
In particular, when autopkgtest is new enough not to require workarounds.
[Ian Jackson]
* tag-updates test: Fix $tagname variable.
Broken for a while, revealed by git 2.49.0 hitting sid.
-- Sean Whitton Mon, 31 Mar 2025 11:45:54 +0800
dgit (12.10) unstable; urgency=medium
dgit:
* Avoid crash with EEXIST on single-debian-patch and --split-view=always.
Closes: #1076983. [Report from Aaron M. Ucko]
* Better tolerate source trees without debian/rules, eg with debputy.
Closes: #1092929. [Niels Thykier; report from Andrea Pappacoda]
git-debrebase:
* Unconditionally enable general merge resolution attempts;
improve relevant documentation, and invite bug reports.
(Previously this required --experimental-merge-resolution).
* upstream: Strip epoch in human-facing outputs. Closes: #1099311.
workflow manpages:
* dgit-maint-bpo(7): Replace a lingering --overwrite. [Sean Whitton]
* dgit-nmu-simple(7): Be less pessimistic about rebasing. Closes: #1099519.
* Disambiguate what we mean by "first ever dgit push". [Sean Whitton]
translations [Frans Spiesschaert]:
* nl: Update translation for messages. Closes: #1090762.
* nl: Update translation for dgit-user(7). Closes: #1090763.
Infrastructure:
* Improve handling of stderr output from gpgv.
(Improves the output for users of dgit push, and tag2upload emails.)
tag2upload:
* Builder: Use dgit and gdr from testing. [Sean Whitton]
* dgit-repos access control): Expect a separate tag2upload public keyring.
* Oracle: Pass -u to dput to suppress a spurious warning in email reports.
* Oracle: Speak oracle-to-manager protocol version 4.
* Oracle: Report fidelity to Manager (whether we're the production codebase).
* Oracle/Builder: Always report source package (using info from Manager).
* Oracle: Improved consistency and informativeness of logging.
* tests: t2u: Add a test case for a completely unknown signing key.
-- Ian Jackson Sat, 29 Mar 2025 18:04:29 +0000
dgit (12.9) unstable; urgency=medium
tag2upload development:
* tag2upload-oracled:
- Query systemd re whether we are a production or testing instance.
- New --force-production option.
* tag2upload-oracled systemd unit:
- Fix WantedBy= so the user unit starts on reboot.
- Add additional Documentation= values.
* TAG2UPLOAD-MANAGER-PROTOCOL.md: Define v3, including worker fidelity.
[Ian Jackson]
Test suite:
* Bypass autopkgtest-virt-null workarounds with newer autopkgtest.
This should fix our autopkgtest in sid.
-- Sean Whitton Fri, 14 Mar 2025 22:32:23 +0800
dgit (12.8) unstable; urgency=medium
Bugfix to dgit:
* Fix passing -c options to git.
While -c options intended to affect dgit work, it was discovered
that -c options for git itself have been broken since dgit 2.0.
[Ian Jackson]
tag2upload development:
* Improvements to generated e-mail messages:
- Reorder parts to put the tag last. [Ian Jackson]
- Make the log disposition inline. [Ian Jackson]
- Add a Reply-To header, use our dgit-owner@ role address in From.
This fixes our mail not reaching debian-tag2upload@lists.debian.org.
- Make tag2upload-oracled's --noreply option a full From field value.
Use this to capitalise "Debian" in "Debian tag2upload service".
- Replace long line splitting with encoding in quoted-printable.
DSA's MTA is already doing a conversion to quoted-printable so
it's cleaner to replace our own long line splitting with this.
[Ian Jackson]
* tag2upload-oracled: Don't invoke dgit-repos-server more than once
in the same working directory, as required by its calling convention.
This fixes using more than one worker.
* tag2upload-oracled systemd unit:
- Work around 'podman exec' failing to set HOME.
- Work around 'podman exec --user=...' breaking autopkgtest-virt-podman.
Prefix an invocation of su(1) to switch user, instead.
- Set IgnoreSIGPIPE=false.
* Save a copy of all outgoing mail in case of MTA issues.
[Ian Jackson & Sean Whitton]
* Have the Oracle use precisely the one available signing key.
Pass it as a -k option to 'dgit rpush-source'.
Closes: #932553. [Ian Jackson]
* Pass --no-tags to 'git fetch'. [Ian Jackson]
* tag2upload-builder-rebuild:
- Copy in DSA's /etc/ssh/ssh_known_hosts.
- Copy in Builder's SSH key for dgit-repos access.
- Copy in public part of Oracle's package signing key.
- Install dgit and git-debrebase from Debian backports.
- Install python3-pygit2.
- Add several abstractions to make it easier to customise our images.
* tag2upload-oracle-crontab: Add a job to delete old outgoing mail copies.
* tag2upload-*-crontab: Add comments about how to make changes effective.
Test suite [Ian Jackson]:
* t2u-integration: Increase test timeouts.
* match-check-template: Fix some more output indentation.
* Move t-dgit lib -> lib-core, simplify tstunt/dgit.
* Replace generic someuser@somehost with more specific dummy strings.
* No longer dump sendmail.last.
Miscellaneous [Ian Jackson]:
* Consistently use scalars vs arrays for shell-quoted commands and
not-yet-shell-quoted argument lists, respectively.
This fixes issues running commands in the tag2upload virt.
* tag2upload-oracled: Minor improvements to some error handling.
-- Sean Whitton Sun, 02 Mar 2025 13:58:10 +0800
dgit (12.7) unstable; urgency=medium
tag2upload development:
* Fixes to tag2upload-oracled:
- Pass -N to nc.openbsd on the Manager.
This is required for the connection to be properly terminated.
- Fix protocol violation in the case where '--builder=USER@...'.
- Actually validate the protocol messages generated by
'dgit-repos-server --tag2upload5'.
* dgit-repos-server, tag2upload support:
- Impose a length limit on various values. [Ian Jackson]
- Split long lines in the e-mail. [Ian Jackson]
* Other improvements to tag2upload-oracled:
- Before reporting readiness to the Manager,
+ establish a connection to the Builder;
+ test we can really run commands in the isolation environment; and
+ test we have a usable signing key.
- New -D option to set the Debian::Dgit debug level.
- New --worker-restart-timeout option. [Ian Jackson]
- Drop old SIGALRM handler, no longer used by test suite.
- Add [USER@] to --manager and --builder in usage docs.
* tag2upload-oracled systemd unit:
- Fill in remaining config values for our current hosts.
- Instruct autopkgtest-virt-podman not to unshare the netns.
- Set a value for TimeoutStopSec equal to the processing timeout.
* Provide tag2upload-builder-rebuild script.
Previously maintained in dgit-infra-notes-scripts.git.
* Provide self-installing crontabs for the Oracle and the Builder.
Test suite:
* Completely rewrite mocking up tag2upload-service-manager. [Ian Jackson]
- tag2upload-oracled now connects to a real socket.
- Correctly handle the tag2upload-oracled child process, to fix a race.
* Pass new 'run-manager' subcommand to tag2upload-service-manager.
[Ian Jackson]
* gitlab-ci-run-all: Add a per-test-case timeout. [Ian Jackson]
This avoids GitLab timing out the whole job and thus losing logs.
* Always pass new -D option to tag2upload-oracled.
* Work around autopkgtest-virt-* not exiting (#868576). [Ian Jackson]
* autopkgtest-virt-null-for-test: Fix shebang. [Ian Jackson]
* Rename template-match-check to match-check-template. [Ian Jackson]
* match-check-template: Fix some output indentation. [Ian Jackson]
* Print "success." after the log dumps, for reassurance. [Ian Jackson]
Documentation:
* dgit-maint-debrebase(7), dgit-maint-merge(7): Consistently use
lowercase 'debian' for the salsa.d.o namespace. [Dr Tobias Quathamer]
* dgit-maint-gbp(7): In one place, list all three push commands
instead of just the 'dgit push' alias. [Dr Tobias Quathamer]
* dgit-maint-merge(7): Replace a reference to alioth's collab-maint.
[Dr Tobias Quathamer]
* TAG2UPLOAD-MANAGER-PROTOCOL.md:
- Document additional things Oracle should do before saying 'ack'.
[Ian Jackson]
- Fix a reference to the worker ID.
* dgit-user(7): Fix typo comments->commits. Closes: #1098688.
[Reported by Ben Harris]
Miscellaneous:
* Debian::Dgit::ProtoConn: Call printdebug in expect.
This ensure we see both halves of the conversation. [Ian Jackson]
* get-dm-txt: Take data dir using a positional param, not an env var.
* d/control: Drop unnecessary Testsuite field.
* Override 'unusual-interpreter /usr/bin/crontab' Lintian warning.
* Comment out mismatched file-contains-trailing-whitespace override.
-- Sean Whitton Tue, 25 Feb 2025 12:36:05 +0800
dgit (12.6) unstable; urgency=medium
tag2upload development:
* Implement & test timing out the work done by dgit-repos-server's
tag2upload mode, for robustness. [Ian Jackson]
* tag2upload-oracled: New --process-timeout option. [Ian Jackson]
* tag2upload-oracled systemd unit: Pass --process-timeout. [Ian Jackson]
* tag2upload-oracled systemd unit: Fix line continuation syntax.
* tag2upload-oracled: Tidy up logging and then exiting non-zero.
Test suite:
* Use new template-match-check utility to test the content of the
success e-mail from the tag2upload mode of dgit-repos-server.
[Ian Jackson]
* t2u-email test: Also do the mpack MIME check here. [Ian Jackson]
-- Sean Whitton Thu, 30 Jan 2025 09:13:55 +0000
dgit (12.5) unstable; urgency=medium
tag2upload development:
* Rewrite the tag2upload mode of the dgit-repos-server program in
order to satisfy a number of requirements of the design that the
old code did not. [Ian Jackson]
In particular, we now send much better e-mails.
* Set the Git-Tag-Tagger and Git-Tag-Info fields. Closes: #932753.
* Implement & test CCing the tag signing key's owner.
- Don't CC them if they're probably also the Git tagger.
- More strictly validate tag2upload Git tag taggers.
- New 'preferred-mail-domains' dgit-repos-server configuration.
* tag2upload-oracled:
- Validate & log the protocol messages generated by
'dgit-repos-server --tag2upload5'.
- Don't expect "ok" in response to "quit". [Ian Jackson]
Instead, waitpid the adt virt server. See #1092808.
- Improved debug printing. [Ian Jackson]
- New --retain-tmp option. [Ian Jackson]
- Pass ssh timeout options to builder SSH, too.
* Pass --ssh:-oBatchMode=yes to dgit in dgit-repos-server t2u mode.
* Patch autopkgtest-virt-null so as to retain the temp dir.
[Ian Jackson]
* Set dgit-repos-server $0 to something else in tag2upload mode.
[Ian Jackson]
Test suite [Ian Jackson]:
* Complete the end-to-end t2u-integration test.
- Add GitLab CI definition to run it on bookworm as well as sid.
* Add a test case for a DM attempting to git-debpush a package they
are not authorized to upload.
* Fix spuriously removing 'git cat-file tag' trailing newline.
* Rewrite t2u-ssh-for-t2u-oracled in Perl.
* Provide and use new general facility for polling in tests.
* tag2upload-oracled test: Don't kill tag2upload-oracled again.
* Output improvements when testing 'mini-git-tag-fsck --audit'.
* Introduce T2U dependencies alias.
Documentation:
* dgit-maint-debrebase(7): Improve sample 'git remote add'.
[Andrea Pappacoda]
* git-debpush(1): Fix -sn versus -sk. Closes: #1093216.
[Reported by Ben Harris]
* dgit(1), dgit usage message: List push-built|push-source not push.
This is better because plain push issues a warning, at present.
Closes: #1092904. [Ian Jackson, report from Niels Thykier]
* dgit usage message: Mention rpush-source, and tidy. [Ian Jackson]
Miscellaneous:
* dgit-repos-server: Improved error handling when invoking gpgv.
[Ian Jackson]
* Update copyright for dgit, dgit-repos-server & tag2upload-oracled.
* Fix documentation of --expect-version option.
* mini-git-tag-fsck: Fix bytestring regexp syntax.
-- Sean Whitton Fri, 24 Jan 2025 13:55:00 +0000
dgit (12.4) unstable; urgency=medium
dgit changes:
* New --dsc-control-add and --ch-control-add options.
* With --dry-run, dgit now always writes an edited .changes to a
temporary file, as it has long done for the edited .dsc.
tag2upload development:
* tag2upload-oracled: Speak version 2 of the simple Oracle protocol.
* dgit-repos-server: Take JOB-ID from tag2upload-oracled.
* dgit: In --tag2upload-builder-mode, include a _source.buildinfo.
This is work towards #932802.
Specifications [Ian Jackson]:
* Define version 2 of the Manager-to-Oracle protocol.
The protocol now additionally conveys the job ID.
Test suite fix:
* Set "Rules-Requires-Root: binary-targets" in example_1.0.tar.
Closes: #1092190.
CI job definitions [Ian Jackson]:
* dgit-test-suite, t2u-integration: Use a Debian testing image.
This means that the inputs to our CI are gated by our own tests.
* t2u-integration: Explicitly install curl.
Documentation fix [Xiyue Deng]:
* git-debrebase(5): Fix a few typos of repeated words.
-- Sean Whitton Wed, 08 Jan 2025 09:11:11 +0000
dgit (12.3) unstable; urgency=medium
tag2upload development:
* dgit: Make --tag2upload-builder-mode imply --dep14tag-reuse=must.
* tag2upload-oracled.user.service: Use @packages.d.o address in From.
* Document proposed new calling convention between tag2upload-oracled
and 'dgit-repos-server --tag2upload4' [Ian Jackson].
Test suite fix:
* tag2upload-oracled-systemd-unit: Restore default test dependencies.
This was breaking this test under autopkgtest.
-- Sean Whitton Sun, 15 Dec 2024 10:38:57 +0800
dgit (12.2) unstable; urgency=medium
* git-debpush options improvements:
- Rename patches-applicable check to patches-nonapplicable.
- Rename suite check to changed-suite.
- Rename existing -n/--no-push to -t/--tag-only.
- New -n/--dry-run and --print-tag-text options.
Closes: #935085. [Report & suggestions from Ian Jackson]
* git-debpush output improvements:
- Use uniform line prefix "git-debpush: check failed: ".
This should make it easier to see which checks failed.
- Disable whitespace warnings from git-apply.
Closes: #940590. [Report & suggestion from Andrej Shadura]
* Test suite fixes:
- Fix overlapping use of file descriptor 5 by the tests.
This was breaking all the tag2upload tests under autopkgtest.
- t2u-gbp: Replace an unwarranted change of pipefail settings.
- t2u-gdr: Fix dependencies and environment variable issue.
-- Sean Whitton Fri, 13 Dec 2024 17:06:02 +0800
dgit (12.1) unstable; urgency=high
Critical bugfix:
* Once again honour command line options --delayed, -c, -m.
(-c would sometimes still work, depending on the usage).
Regressed in 12.0. Closes:#1089632. [Report from Sean Whitton]
New feature for dgit [Xiyue Deng]:
* New passthrough option, --allow-unrelated-histories.
Documentation:
* dgit(1), dgit-user(7): Document dgit's backwards installability.
tag2upload development [Sean Whitton]:
* Complete mini-git-tag-fsck by implementing its --audit mode.
* Complete the integration tests for mini-git-tag-fsck.
* Make the Oracle always invoke mini-git-tag-fsck.
* Don't call 'git deborig' if we got one from the archive.
* Fix hardcoded debian/ tag prefix in git-debpush.
* Test git-debpush's fishing the quilt mode out of history.
* Some minor code style changes.
Internal changes & test suite:
* Tidy up some control of split brain mode.
* Demonstrate --collab-non-dgit for a native package.
* Strip junk from a number of tarballs used to set up tests.
* Fix the gdr-convert-gbp canned setup to call t-select-package
[Sean Whitton].
-- Ian Jackson Fri, 13 Dec 2024 02:16:53 +0000
dgit (12.0) unstable; urgency=medium
Possible incompatible changes:
* dgit push-*: Retain existing DEP-14 tag, even if unsigned, by default.
New --dep14 options (and config settings) to control the behaviour.
DEP-14 tag handling and docs overhauled and debugged.
Closes: #1073787.
* Command option option handling (--cmd:... etc.):
Reimplement, with behavioural change bugfix: now you can
always override configured information from the command line.
Other misbehaviours and crashes in this area fixed.
Documentation:
* dgit-user(7): Use `apt-get build-dep .` in build examples.
* dgit-sponsorship(7): Mention possible lack of origs.
* Update Dutch (.nl) translation. Closes:#1070141 [Frans Spiesschaert]
* Fix minor docs typos. [Otto Kekäläinen]
Other improvements:
* dgit: Include split-maint-view-tag metadata item in dgit view tag.
* dgit rpush: Better error handling when child fails.
* dgit rpush: debug prints: show the files-end message.
Packaging:
* debian/control: Bump to debhelper compat level 12.
Testing - compatibility and bug fixes:
* Replace use of apt-key with trusted.gpg.d.
Closes:#1088220. [Report from Julian Andres Klode]
* Strip libeatmydata.so out of LD_PRELOAD when using schroot.
(Fixes in-tree run failures on trixie.)
* CI: Disable new changelog-empty-entry warning.
Testing - other improvements:
* enumerate-tests: Honour TESTSCRIPTS
* Turn off gbp-buildpackage desktop notifications.
* CI: Add jobs to test on old releases, back to buster.
* CI: Better error reporting; use eatmydata; disable two empty jobs.
* Supporting changes and refactoring.
tag2upload development:
* tag2upload-oracled: New program, still in development.
* Add systemd user unit for tag2upload-oracled.
* Relax syntax of WORKER-ID in o2m protocol.
* Break out ProtoConn module for reuse in o2m.
* New test: integration with tag2upload-service-manager.
* Run existing tag2upload tests via tag2upload-oracled.
* Further development of mini-git-tag-fsck.
* Supporting changes to and refactoring of dgit-repos-server.
Much of the work described above was done by, or with,
or reviewed by, Sean Whitton. Thanks, Sean!
-- Ian Jackson Fri, 29 Nov 2024 01:40:28 +0000
dgit (11.11) unstable; urgency=medium
[ Ian Jackson ]
* dgit-repos-server, tag2upload support:
- Introduce t2uv_* prefix to distinguish trusted parts of t2u flow.
- New parameter for mail addresses to Cc error messages to.
* dgit-repos-server, general:
- New always-accept AUTH-SPEC.
- Fix & update some debug printing.
- Some other refactorings.
* Dgit.pm:
- git_rev_parse: New \@prefix parameter.
* dgit: Fix documentation of the rpush protocol.
* TAG2UPLOAD-MANAGER-PROTOCOL.md: New protocol specification.
* Test suite:
- New .gitlab-ci.yml to enable salsa CI.
- Pass --no-same-owner to tar.
Fixes running the tests as root.
- Move some variables out from tests/drs-git-ext to tests/lib.
- tag2upload: Check for drs dgit success (t-tagupl-succeeded).
- tests/enumerate-tests: New facility for printing package names.
- Various renames to replace 'tagupl' abbreviation with 't2u'.
Not yet complete.
[ Sean Whitton ]
* dgit:
- Check that a source-only changes has "Architecture: source".
- New --expect-suite, --expect-version options for rpush.
The initiator now checks the values of these options, and that of
-p/--package, against the parsed changelog, .changes and .dsc sent
by the responder. This protects against a misbehaving or
compromised responder attempting to use the initiator to sign
.changes and .dsc files for some other package, version or target
suite. This is relevant for how the security of the tag2upload
design relies on the rpush protocol.
- New --tag2upload-builder-mode, --tag2upload-upstream and
--tag2upload-upstream-commit options.
These are used to invoke mini-git-tag-fsck in the right way, and
--tag2upload-builder-mode may enable other things in the future.
(As of this release, they are not yet passed by dgit-repos-servers.)
* git-debpush: Add source= & version= to the in-tag metadata (for real
this time) (Closes: #1069001).
* dgit-repos-server, tag2upload support:
- Obtain the source package and version from the [dgit ...] metadata.
(The target suite is still obtained from the first line of the tag
message; this will change.)
- Replace invoking 'dgit push-source' with 'dgit rpush-source'.
This is work towards the new tag2upload three node design.
- Pass the new --package, --expect-suite and --expect-version.
- Some other tidying up.
* TAG2UPLOAD-DESIGN.txt: Document SOURCE_VERSION.git.tar.xz.
* mini-git-tag-fsck: New script to handle SOURCE_VERSION.git.tar.xz.
Its functionality is only partially implemented as of this release.
* Test suite:
- Test the new rpush security by mocking up an MITM of the responder
(tests/ssh-rpush-mitm).
- Very basic test for --tag2upload-builder-mode.
- t2u-gbp: Drop an unnecessary, confusing include.
* Update copyright notices for Ian and me for core files.
* Add .dir-locals.el.
* Add some file mode indicators in various places.
[ Sean Whitton & Ian Jackson ]
* Add TAG2UPLOAD-FAQ.md.
With thanks to Russ Allbery for review.
-- Sean Whitton Tue, 03 Sep 2024 13:55:01 +0100
dgit (11.10) unstable; urgency=medium
* Add TAG2UPLOAD-DESIGN.txt [Ian Jackson].
* git-debpush: Revert changes to in-tag metadata from the last upload.
-- Sean Whitton Wed, 22 May 2024 20:42:50 +0100
dgit (11.9) unstable; urgency=medium
* tag2upload(5):
- The COMMITID must be an abbreviated hash.
- Explain why upstream-tag=TAG is required.
- Add source= & version= to the in-tag metadata.
* git-debpush:
- Quote an argument to git-cat-file.
- Add source= & version= to the in-tag metadata.
* Replace http->https in GPL file headers.
-- Sean Whitton Tue, 21 May 2024 14:08:20 +0100
dgit (11.8) unstable; urgency=medium
* Fix installation of tag2upload(5).
-- Sean Whitton Sun, 14 Apr 2024 20:34:49 +0800
dgit (11.7) unstable; urgency=medium
[ Ian Jackson ]
* dgit: Introduce --trust-changelog, as the new name for --overwrite,
and recommend it everywhere. As requested in #1050713;
may help with #913451 #990667 (requests for better docs).
* dgit: New --collab-non-dgit option. Closes: #1050713.
[Apropos informal reports from several people]
* dgit diff generation: Avoid breaking if user has ui.color=always.
Closes: #1067222. [Report from Rafael Laboissière]
* tag2upload(5): New manpage documenting the tag2upload protocol.
Closes: #1068231.
[ Sean Whitton ]
* Add myself to Uploaders.
-- Sean Whitton Sat, 13 Apr 2024 21:14:43 +0800
dgit (11.6) unstable; urgency=medium
Improved behaviour:
* dgit: Delete the playground on success, by default.
[Report from gregor herrmann] Closes: #1056103.
Documentation:
* dgit(7): Don't falsely assert that *.dgit.d.o is usually `origin`.
* dgit-user(7): Deprioritise information about jessie.
Tests:
* autopkgtests: Install locales-all for i18n-messages test.
* Stunt httpd: don't respond to HEAD with 404+body. Closes: #1063341.
* autopkgtests: Reduce primary log size when running under autopkgtest:
Save the stderr/stdout to a file which appears (compressed) in
the artifacts, and is only printed if the test fails.
* Add comment about benchmarking of the gzip -1 flag on artifacts.
-- Ian Jackson Fri, 09 Feb 2024 12:05:39 +0000
dgit (11.5) unstable; urgency=medium
* dgit: Fix harmless but annoying warning about rebinding $date.
[Report from Étienne Mollier] Closes: #1055528.
-- Ian Jackson Fri, 10 Nov 2023 13:12:42 +0000
dgit (11.4) unstable; urgency=medium
dgit dsc import fixes:
* Do not fail when source package has broken changelog for -1 upload.
Closes: #1054630. See also #1051961. [Report from Peter Green]
* Pass through the changelog timezone to the generated commit metadata.
Documentation:
* dgit-sponsorship(7): Mention git-deborig(1) alongside git-archive(1)
[Sean Whitton].
Test suite:
* Fix i18n-messages test to explictly demand "locales", and set locale.
-- Ian Jackson Mon, 30 Oct 2023 02:21:52 +0000
dgit (11.3) unstable; urgency=medium
* Prevent pushing older versions than is in the archive.
Closes: #1050711. [Reports from Helmut Grohne and Phil Hands]
* Detect tar-ignore in d/s/options and bail early if appropriate.
Closes: #1050709. [Report from Helmut Grohne]
* dgit(1): --overwrite: Add cross reference to --split-view.
Apropos ##1050713. [Report from Helmut Grohne]
-- Ian Jackson Sun, 03 Sep 2023 00:43:36 +0100
dgit (11.2) unstable; urgency=high
* Use the old /updates security map only for buster. Fixes fetching from
suites ,-security after buster. [Matthew Vernon] Closes: #1050179.
-- Ian Jackson Tue, 22 Aug 2023 19:25:55 +0100
dgit (11.1) unstable; urgency=medium
* dgit(1): Adjust tbl formatting to avoid warning.
[Report and suggestions from Branden Robinson] Closes: #1041317.
-- Ian Jackson Thu, 20 Jul 2023 00:32:36 +0100
dgit (11.0) unstable; urgency=medium
Bugfix with compatibility implications:
* Pass --no-source-only-changes to sbuild (when building binaries).
Fixes operation with SOURCE_ONLY_CHANGES locally overridden.
(Incompatible with sbuild <0.78; to work around, say
dgit --sbuild!:--no-source-only-changes.).
[Report from Sean Whitton] Closes: #904969.
Documentation:
* dgit-maint-{merge,rebase}(7): Cross-reference to gitrevisions(7).
[Sean Whitton, Ian Jackson] Closes: #959760.
Removal:
* Abolish dgit-badcommit-fixup (the remedial script for #849041).
If ancient repositories are found which need fixing, install
dgit.deb 10.7 or earlier (eg from Debian bookworm and earlier).
Testing;
* Tests: work around git changes in 2.40 relating to commit verification.
Skipping tests involving now-uncreatable objects. Closes: #1033503.
-- Ian Jackson Thu, 15 Jun 2023 00:53:22 +0100
dgit (10.7) unstable; urgency=medium
* dgit(1), dgit-maint-merge(7): Copy-edit changes since dgit 9.16.
* dgit, dgit-maint-merge(7): Merge suggested README.source text into
--quilt=single's generated patch header.
We now have to say "a workflow similar to ... dgit-maint-merge(7)" but
this is worth it for the simplification to the workflow.
-- Sean Whitton Wed, 22 Feb 2023 15:13:06 -0700
dgit (10.6) unstable; urgency=medium
Bugfix for handling some source packages:
* dgit: dsc import: Launder the series file before feeding it to gbp,
(in absurd git-apply mode) in case it contains strange things.
Closes: #1030093. [Report from Peter Green]
Minor improvements to git-debrebase:
* git-debrebase(1): Add imprecation to call conclude or prepush, at top
* git-debrebase(1): Remove launder-v0 from documentation
* git-debrebase status: Print upstream commitid
Supporting chnages:
* dgit: Fix confusing appending of gbp-pq-output in innards.
(Conceivably this might fix wrong messages in very unusual situations.)
* dgit: Fix a call to die to be confess, if an unexpected copy fails.
* tests: Bail on seeing "internal-only" commits, which should be invisible.
* tests: Test laundering of a deranged series file (with a form feed).
* dgit-ssh-dispatch: Apply perllib_local to policy hook, fixing a test
suite bug where the wrong Dgit.pm might be used.
-- Ian Jackson Sat, 04 Feb 2023 16:56:30 +0000
dgit (10.5) unstable; urgency=medium
* [INTL:nl] Dutch translation for the dgit package.
[Frans Spiesschaert] Closes:#1029682.
* dgit: Add TODO about inappropriate translation of Subject
-- Ian Jackson Thu, 26 Jan 2023 14:41:05 +0000
dgit (10.4) unstable; urgency=medium
* Tainted object handling: Require policy-client-query to be supported
when talking to the Debian server, so this check is now properly
implemented rather than best-effort. Closes: #944855, #1027186.
[Completes work prompted by report from Felipe Sateler.]
* git-debrebase(1): Be less scary about --experimental-merge-resolution.
-- Ian Jackson Thu, 29 Dec 2022 11:51:50 +0000
dgit (10.3) unstable; urgency=medium
dgit useability improvements:
* Silently tolerate mentions of debian/ in debian/source/include-binaries.
Closes:#1026918. [Report from Simon McVittie]
* Scan for duplicated orig tarballs with different names,
avoiding strange dpkg-source errors mentioning format 2.0.
Closes:#993769. [Report from Philip Hands]
* Rename auto quilt mode to try-linear (retaining compat alias),
to clarify that it won't automatically detect branch format.
Closes:#935762. [Report from David Bremner]
* dgit(1): Clarify the non-split-brain --quilt options, explicitly
stating that they expect a patched-applied (dgit view) branch.
Tainted object handling (relevant to Debian NEW):
* dgit can now usually discover when --deliberately-* will be needed,
before making signatures and attempting the actual push.
Thus, missing a --deliberately no longer burns a version number.
* This is #944855. However, it depends new infrastructure,
which is (in this version) only queried on a best-effort basis:
* New protocol transaction (over ssh) with dgit repos server,
to allow client to make a policy enquiry, and specifically to
enquire about tainted objects.
* More of the relevant error messages are now translatable via gettext.
Supporting changes:
* Modest refactoring to support the new functionality.
* Tests for new functionality, and improved tests in changed areas.
* tests: sbuild-gitish: Pass -v to sbuild for better debuggability.
-- Ian Jackson Thu, 29 Dec 2022 00:51:29 +0000
dgit (10.2) unstable; urgency=medium
Command line change - dgit rpush vs rpush-source vs rpush-built:
* Introduce "dgit rpush-source", a new feature.
Closes:#974012. [Request from Wookey]
* Introduce "dgit rpush-built", meaning what "dgit rpush" does now.
* Make "dgit rpush" a configurable alias, which by default warns about
future incompatibility and then runs "dgit rpush-built".
(This was done for "dgit push" in dgit 10.0.)
Bugfixes to dgit:
* Be more conservative about when to run "git-debrebase make-patches".
Closes:#1025451. [Report from Sean Whitton]
* Cope with packages using "3.0 (quilt)" "include-binaries" feature.
Closes:#1024233. [Report from Peter Green]
* Cope with certain packages where dpkg-source guesses wrong about
patch application status. (Perms-only patches may be implicated?)
Closes:#1025694. [Report from Matthew Vernon]
Minor improvements:
* dgit(1): Promote push-source even more, rather than push-built.
* git-debrebase --noop-ok: support --no-noop-ok.
* Fix a typo "build" for "build" in the changelog entry for 10.1.
Debugging fixes and internal changes:
* dgit: Fix a direct use of chdir, should be changedir
* git-debrebase --noop-ok: use default destination
-- Ian Jackson Mon, 12 Dec 2022 01:15:55 +0000
dgit (10.1) unstable; urgency=medium
Bugfixes to dgit:
* dgit push-built: Populate the split brain cache if necessary
Closes:#1019454. [Report from Simon McVittie]
Bugfixes to git-debrebase [reports from David Bremner]:
* git-debrebase: Fix "stripeoch" bug in convert-from-dgit-view.
* git-debrebase: Fix handling of tag during convert-from-dgit-view.
* git-debrebase: convert-from-dgit-view: Bail if output is wrong
eg due to lack of appropriate d/patches.
Documentation and messages:
* dgit: Soften message about source-only uploads to NEW.
[Report from Simon McVittie] Improves #983056 a bit.
* dgit(1): Be more encouraging about --new. Closes:#941323.
* dgit(1): Remove obsolete documentation of dgit-tag-format
[Remark from Philip Hands in #1023468]
* dgit-maint-debrebase(7): add --pretty example for generating
hash tags for upstream versions. [Philip Hands]
* git-debrebase: conversion: bail a little earlier on snags.
Infrastructure (dgit-repos, server side):
* get-dm-txt: Handle abolition of archive-query-tls-curl-ca-args
(fixes incompatibility with deployed production configuration).
Packaging:
* New elements to test cases to test some of the fixes.
* changelog: Fix misindented line in entry for 9.11.
* changelog: Retrospectively xref to #950612 in entry for 9.11.
-- Ian Jackson Fri, 11 Nov 2022 23:53:28 +0000
dgit (10.0) unstable; urgency=medium
Major command line change - dgit push vs push-built:
* Introduce "dgit push-built", meaning what "dgit push" does now.
* Make "dgit push" a configurable alias, which by default warns about
future incompatibility and then runs "dgit push-built". See dgit(1).
* Docs: generally recommend "push-source" rather than "push".
[Report from Osamu Aoki] Closes:#992606.
New feature, and change to recommended usage:
* Provide --quilt=single, and no longer recommend single-debian-patch
anywhere (since it can go badly wrong). Closes:#1018984.
Handling of unusual kinds of change to upstream files, during quilt fixup:
* Don't use dpkg-source --commit, but git diff.
* Handle exectutability changes. Closes:#995056. [Report from Peter Green]
* Reject all changes to symlinks (including symlink creation).
* With dpkg single-debian-patch, pass --include-removal to dpkg-source -b.
* Now we can make any diff that dpkg-source can cope with. Closes:#1018143.
Changes related to --dry-run and --damp-run:
* dgit(1): Demote, and add caveats describing their behaviours.
Closes:#973896. [Report from Wookey]
* dry run: Fix a handful of bugs (and improve a message).
Other:
* dgit: Pass require_valid_signature to Dpkg::Source::Package
in the correct manner. Closes: #964286. [Guillem Jover]
Internal:
* Refactorings and commentary, to support the other changes.
* Consequential updates to tests.
* More comprehensive testing of unusual upstream changes.
-- Ian Jackson Sun, 04 Sep 2022 13:43:34 +0100
dgit (9.16) unstable; urgency=medium
Compatibility with git-buildpackage gbp pq 0.9.26 (Closes:#1005873):
* dgit: Move .pc aside while running gbp pq import
* git-debrebase: convert-from-dgit-view: Disable ignore-new where needed
Other changes:
* Fix typo in changelog for 9.14, noting that we closed #987304.
* playtrees (for dgit and git-debrebase): Provide a gbp.conf.
* tests: gdr: Provide a way to pass --diagnose.
-- Ian Jackson Sat, 28 May 2022 22:49:53 +0100
dgit (9.15) unstable; urgency=medium
* dgit: pseudomerge_version_check: Check for unfinalised changelog entry.
* tests: Set FILTER_BRANCH_SQUELCH_WARNING=1
* tests: Use t-debchange in some places instead of dch
* tests: Update all using tests/update-db-compat. Closes: #1002927.
-- Ian Jackson Sun, 02 Jan 2022 12:20:23 +0000
dgit (9.14) unstable; urgency=medium
Bugfixes:
* Tolerate git config init.defaultBranch. Closes:#972098.
Reports from Didier 'OdyX' Raboud, Osamu Aoki.
Diagnosis by Stig Sandbeck Mathisen.
* dgit: Tolerate making quilt patches creating +x files.
Closes:#949675. Report from peter green.
* dgit: Avoid use of GZIP environment variable.
Closes: #975624. Report from Stéphane Glondu.
* Tolerate git config diff.noprefix.
Closes:#973881; report from Didier 'OdyX' Raboud.
Documentation and diagnostics:
* Clarify git-debrabase --anchor, -fanchor-treated.
Closes:#977426. Report from Wookey .
* dgit: Better message for dirty trees. Closes:#930930.
Report and suggestions from Sean Whitton.
git-debpush, tag2upload:
* Add missing dependency. Closes:#940589; report from Andrej Shadura.
* Fix version unmangling. Closes:#987304; report from Wolfgang Silbermayr.
Tests:
* Introduce t-debchange and set DEBEMAIL.
* Add init.defaultBranch to two test cases and diff.noprefix to one.
* Test creation of new symlink is treated as unrepresentable.
* Increase the nproc -> make -j factor.
-- Ian Jackson Wed, 08 Sep 2021 01:30:53 +0100
dgit (9.13) unstable; urgency=medium
* gitattributes defuse: work even if .git/info/attributes missing
(Closes: #981344)
* dgit-maint-*(7): Advice for git-debpush users.
Closes:#932520. [Sean Whitton]
* dgit.1: drop remark about sbuild not building arch-independent.
Closes:#952442. [Helmut Grohne]
-- Ian Jackson Fri, 12 Feb 2021 12:48:15 +0000
dgit (9.12) unstable; urgency=medium
Bugfixes:
* dgit-mirror-ssh-wrap: Cope with yet another new rsync rune.
Closes:#968635. [Sergio Durigan Junior]
-- Ian Jackson Wed, 19 Aug 2020 17:25:45 +0100
dgit (9.11) unstable; urgency=medium
Bugfixes:
* git-debrebase, git-debpush: fail when looking for upstream tag if
there is more than one candidate. Closes:#961682. [Sean Whitton]
* git-debrebase: Fix error message for wrong use of -i
* git-debrebase: new-upstream: Do not treat late options as version
Documentation:
* dgit-maint-debrebase(7): Drop some bad advice about the upstream/ tag
case. Closes:#961683. [Sean Whitton]
* git-debrebase(1): Fix new-upstream -i docs. Closes:#950612.
dgit-infrastructure:
* dgit-mirror-ssh-wrap: Cope with new rsync rune. Closes:#963489.
* dgit-mirror-ssh-wrap: Clarify the error message
Test suite:
* Cope with buster & eatmydata (ie, work around #963508)
* Provide navigation banner in log when exiting nonzero
* Print pwd in failure trap to help with diagnosis
-- Ian Jackson Mon, 22 Jun 2020 19:09:17 +0100
dgit (9.10) unstable; urgency=medium
dgit bugfix:
* Work around gbp metadata handling bug which can prevent import
of some anomalous source packages. Closes:#950326.
Report from Peter Green.
git-debpush bugfix:
* avoid a pipefail problem. Closes:#940588. [Sean Whitton]
Documentation:
* Terminology: Change "rewind" to "rewrite" where appropriate
* dgit(1): Cover more cases of --overwrite and --deliberately
Closes:#928473.
* dgit(1): Do not talk about `intermediate' uploads.
* d-m-{merge,debrebase}(7): Use an 'upstream/' tag prefix in
gbp.conf; set `merge' in gbp.conf; import tarball before
committing gbp.conf. Closes:#932954. [Sean Whitton]
i18n:
* Updated nl.po file. Closes:#945356. [Frans Spiesschaert]
-- Ian Jackson Mon, 03 Feb 2020 08:41:10 +0000
dgit (9.9) unstable; urgency=medium
Documentation:
* dgit-maint-{merge,debrebase}(7): Suggest a better rune.
(`git fetch --tags upstream') Closes:#939679. [Sean Whitton]
* git-debpush(1) minor improvements. Closes:#935084. [Sean Whitton]
* dgit(1): Fix a typo (found by lintian)
* dgit-maint-bpo(7): Mention occasional need for --new. Closes:#935443.
* git-debrebase: Extend extended description for this .deb.
Infrastructure:
* New script dgit-mirror-ssh-wrap suitable for use as restricted
command on repos mirror target hosts, and corresponding test.
Packaging niggles:
* control: Add missing dependency on liburl-perl (dgit and tests)
* control: Drop redundant Priority field for dgit-infrastruture
* control: update Vcs-Git to end in .git
* lintian: Override some checks
* control: Bump Standards-Version to 4.4.0.0.
-- Ian Jackson Sat, 14 Sep 2019 21:34:13 +0100
dgit (9.8) unstable; urgency=medium
dgit, important bugfixes for bugs introduced in 9.6:
* Once again cope with archive skew. Closes:#935874.
[Initial report from Colin Watson]
* Follow http[s] redirects again. Closes:#939564.
dgit, useful new behaviours and fixes:
* Use distro-info-data to resolve unknown suites. Closes:#931212.
[Suggestion from Simon McVittie]
* Try to warn about misplacement of dgit options. Closes:#934807.
[Useability report from Félix Sipma]
* Fail early when the archive/ tag already exists, ie when version
needs to be not reused. Closes:#935802.
[Useability report from IOhannes m zmölnig]
* Do not mistakely reject .asc and .sig files with push-source -C.
Closes:#939280. [Report from Simon McVittie]
docs:
* dgit-maint-{merge,debrebase}(7): Suggest git fetch --all --tags
as it handles tags better. [Sean Whitton] Closes:#939504.
* git-debrebase(5): Tiny typo fix.
* dgit(1): Some semantic linefeeds (no change to rendered output)
Supporting changes:
* test suite: New test for http mirror and archive skew
* test suite: Test already-tagged check
* test suite: Add --force-reusing-version to many tests as now needed
* Dgit: Minor refactoring of a regexp.
-- Ian Jackson Fri, 06 Sep 2019 23:42:15 +0100
dgit (9.7) unstable; urgency=medium
dgit general bugfixes:
* Correctly test for presence of git repo on dgit git server.
Fixes behaviour following mixed dgit/non-dgit uploads. Closes:#934126.
(Was badly broken by http fetching rework in dgit 9.6.)
* Fix use on NFS, by closing a file which is going to be deleted.
[Report and fix from Stéphane Glondu] Closes:#933827.
dgit vcs-git bugfixes:
* Strip [] (used eg by Debian Haskell Team). Closes:#932699.
* update-vcs-git: Cope if url is unchanged.
* update-vcs-git: Strip -b (as it always should have done).
Test suite:
* New facilities for http testing, including mock webservers.
* New test cases for http, and for bugs fixed in this version.
* Switch to using http git check in three existing tests.
* Improve debian/tests/control generator.
* Limited refactoring to support other changes.
Other minor changes:
* dgit: Slightly more debugging for check_for_git with http[s]
* changelog: Fix a typo in the entry for 9.6.
* i18n (messages) updated, following message changes.
-- Ian Jackson Sun, 11 Aug 2019 01:11:01 +0100
dgit (9.6) unstable; urgency=medium
* git-playtree-setup had a spurious set -x so many programs spewed
debugging output. This is now fixed. Closes:#932959.
dgit:
* Drop support for configuring old, not currently enabled, methods
of TLS key/cert pinning. We are going to revisit this soon.
* Provide a --for-push option (useful in for certain special users).
* Reduce variety in HTTP clients we use. Specifically, use WWW::Curl
for accessing (i) the ftpmaster API, (ii) the http dgit git server
mirror (iii) downloading the .dsc.
Administrivia:
* Add missing Closes of #932476 to changelog entry for 9.5
-- Ian Jackson Thu, 25 Jul 2019 13:12:08 +0100
dgit (9.5) unstable; urgency=medium
git-debpush [Sean Whitton]:
* Support ignoring individual checks with --force=check. Closes:#932459.
* Check upstream source is identical in the upstream tag. Closes:#932476.
* Check that patches are (un)applicable. Closes:#932477.
* Check for an unstitched git-debrebase branch. Closes:#932612.
* Check for explicitly pushing detached HEAD.
dgit clone [Ian Jackson]:
* No longer create an "origin" remote. Closes:#932694.
Documentation:
* dgit-maint-bpo(7): new manpage for maintainers of official Debian
backports. Closes:#857490. [Sean Whitton]
* git-debrebase(1): make this manpage a less intimidating entry point.
Closes:#926656.
[Sean Whitton & Ian Jackson; prompted by feedback from Sam Hartman]
Miscellaneous:
* Correct the description of --force in git-debpush(1) [Sean Whitton].
* git-debrebase(*): fix some crossreferences [Sean Whitton].
Closes:#932536.
* Break out git-playtree-setup and rewrite in shell. [Ian Jackson]
* Fix organisation copyright attribution for Matthew Vernon's
contributions. Closes:#932630.
* HACKING: new document for helping people work on the code. [Ian Jackson]
* Update Vcs-Git etc. to point to salsa.
-- Sean Whitton Mon, 22 Jul 2019 21:38:19 +0100
dgit (9.4) unstable; urgency=medium
dgit:
* Support the Ubuntu Cloud Archive [Matthew Vernon]. Closes:#932322.
test suite:
* tag-to-upload tests: Tolerate a changed git message. Closes:#932475.
administrivia:
* debian/copyright: Add some missing credtis
* Update copyright notices in many files
-- Ian Jackson Sat, 20 Jul 2019 16:26:32 +0100
dgit (9.3) unstable; urgency=medium
dgit and git-debrebase bugfixes:
* No longer crash if .git/logs does not exist when we need it.
* Report the upstream tag, rather than commit id, in tags/commits,
if the user explicitly specifies refs/tags/...
tag-to-upload, git-debpush [Sean Whitton]:
* Several new checks designed to prevent broken uploads.
- Including: Check that upstream tag is ancestor of branch to be tagged.
Closes:#932096
* Cope with spaces in user-supplied upstream tag.
tag-to-upload, server side:
* Fix non-default quilt modes. These were all previously broken.
* Arrange to report the upstream tag in dgit-generated commits/tags.
dgit archive query improvements [Matthew Vernon]:
* dgit(1): document the presence of the aptget method. Closes:#932321.
minor supporting changes:
* New tests tagupl-baredebian and tagupl-gbp.
* Tiny addition to debugging output and test suite output.
* Test suite rearrangements.
-- Ian Jackson Thu, 18 Jul 2019 03:10:25 +0100
dgit (9.2) unstable; urgency=medium
* No change upload to force rebuild on buildd.
-- Ian Jackson Tue, 09 Jul 2019 22:01:25 +0100
dgit (9.1) unstable; urgency=medium
New tools for a "git-push-to-upload" workflow [Ian Jackson & Sean Whitton]:
* New script in a new binary package: git-debpush.
The new binary package is small, but
+ git-debpush needs to be in src:dgit, because its test suite is the
dgit test suite; however,
+ git-debpush is functionally and conceptually independent of dgit,
so should not go into bin:dgit; in particular
+ git-debpush's dependencies are quite different to the other
binary packages.
* New dgit-infrastructure subcommand, tag2upload, to process tags made
by git-debpush.
Please see git-debpush(1) for a sketch of the workflow.
dgit:
* Allow the -p option to be used with various push modes.
* Include dgit tag metadata in maintainer view tags.
For consistency with, and use by, git-debpush.
* Include quilt metadata in the archive/ (dgit view) tag.
* rpush protocol: Version 6, which includes split brain information
for maintainer view tags. And, actually use newer version
(was broken in 9.0, which would prefer to select 4 not 5).
* Add some missing blank lines to tag messages.
* Some other refactoring.
Other documentation:
* dgit(1): fix a reference in the description of --quilt=auto [Sean
Whitton].
Translations:
* Do not translate tag subject lines, because these are parsed by
dgit-repos-server.
Test suite:
* Test cases for new tools for "git-push-to-upload" workflow.
* drs-git-ext: honour DGIT_DRS_MODE.
* Provide a stunt sendmail and a stunt dgit.
* Unset CDPATH in case caller has it set.
* Some other refactoring.
Administrivia:
* Update d/copyright years to include 2019 [Sean Whitton].
-- Ian Jackson Sun, 07 Jul 2019 14:28:27 +0100
dgit (9.0) unstable; urgency=medium
dgit - low-impact incompatible change:
* Drop support for, and testing of, dgit versions which use old tag name
(debian/V; now that is maintainer view and dgit is archive/debian/V).
The new tags came in in dgit 2.0 in October 2016. No version of dgit
without them was in any Debian release. We don't expect there are any
sites using old servers which do not support the new format, or anyone
using a dgit client older than 2.x who cannot upgrade.
git-debrebase fixes [Niko Tyni]:
* Fix `git-debrebase convert-from-dgit-view ', which
would crash due to an argument parser bug. Closes:#930214.
* git-debrebase(1): typo fix. Closes:#930215.
dgit - new capabilities:
* Support split view with native packages, and with all quilt modes.
Now we distinguish "split view" (meaning separate dgit branch) from
"splitting quilt modes" (eg --quilt-unapplied).
[Prompted in part by enquiries from Sam Hartman] Closes:#926640.
* Support for bare debian/ directory (aka packaging-only) git branches
Ie, --quilt=baredebian[+tarball]. [Thanks for info from Shengjing
Zhu, and docs and UI contributions/review from Sean Whitton.]
Closes:#903392. Closes:#931253.
dgit - bugfixes:
* Fix --dgit-view-save option alias, which never worked.
(--save-dgit-view worked, and still does, though.)
* i18n: Do not translate import commit messages.
dgit - other documentation improvements [Sean Whitton]:
* Expand on description of --include-dirty. New text may help
user avoid unexpected file deletion. Closes:#930922.
* dgit-maint-*(7): Suggest --name-status --diff-filter. Closes:#930956.
* dgit-maint-*(7): Using untagged upstream commits. Closes:#930964.
dgit - minor consequences of these other changes:
* Actually properly reject invalid quilt modes found in git config.
(Previously they might be accepted and then cause malfunctions.)
* Reject split brain quilt modes with single-debian-patch.
(Previously this would malfunction; now we reject it.)
* i18n: Add translator notes about ASCII art changes display.
* Drop "dgit view: changes are required..." message.
* Some other minor changes to quilt fixup error handling.
* Changes to debugging output related to quilt modes and split view.
* Introduce rpush protocol version 5. Minimum version is now 4.
* Considerable internal rearrangement of quilt fixup code.
* Considerable test suite work including new tests.
dgit test suite:
* dgit-repos-policy-debian: Test taint removal. Closes:#929249.
-- Ian Jackson Tue, 02 Jul 2019 16:55:15 +0100
dgit (8.6~) UNRELEASED; urgency=medium
* dgit: rpush: Work in splitting quilt modes, again. Closes:#931213.
-- Ian Jackson Tue, 02 Jul 2019 14:36:47 +0100
dgit (8.5) unstable; urgency=medium
* Replace `confess $!' with `confess "$!"', to actually print errno
when crashing. Closes:#929549.
-- Ian Jackson Mon, 27 May 2019 00:20:58 +0100
dgit (8.4) unstable; urgency=medium
Bugfixes:
* dgit: import-dsc: Handle relative symlinks correctly.
Closes:#913259.
* dgit: Do not misrecognise some initial packaging as
gdr-compatible. Closes:#922446. [Report from Sean Whitton]
* git-debrebase: convert-*: Fix two broken error messages.
Closes:#922462. [Report from Didier 'OdyX' Raboud]
Documentation:
* [nl] translations updated. Closes:#921088. [Frans Spiesschaert]
* Many manpage typo fixes. Closes:#918384. [Paul Hardy]
* dgit(1): Write the leading dash of an option as '\-'.
Closes:#921965. [Bjarni Ingi Gislason]
Test suite:
* dgit: import-dsc: New test for abs/rel dsc component links
Internal changes:
* dgit: cmd_import_dsc: comment on lack of is_orig_file check
* git-debrebase: resolve_upstream_version: Return $used too
-- Ian Jackson Fri, 01 Mar 2019 21:53:40 +0000
dgit (8.3) unstable; urgency=medium
dgit - Behavioural changes with compatibility implications:
* Pass --no-source-only-changes to pbuilder and cowbuilder
Closes:#904862. This option was only recently added to
pbuilder. For compatibility with old pbuilder, say, eg
`dgit --pbuilder!:--no-source-only-changes'.
* With --clean=git etc, check the tree is clean even before building
source in dgit's private directory. Specifically, with eg dgit sbuild
or dgit build-source. dgit prior to 6.0 would always clean the tree.
dgit 6.0 to 8.1 would ignore untracked files completely, leading to
occasional lossage. The pre-6.0 behaviour can be requested with
--clean=git,always etc. (aka -wga, -wgfa). Closes:#914317.
dgit - New features, bugfixes and improved behaviours:
* Allow uppercase (ascii) letters in multi-orig components,
as is allowed by the spec in dpkg-source(1). Closes:#916926.
* Honour --program!:option to suppress options passed by default.
* clone: Create destination directory before using network.
* Check early that build-products-dir is accessible. Closes:#913648.
* Look for origs in `..' as well as build-products-dir, and
there are any, link them into the bpd. Closes:#904878.
* Provide new --git[-ff],always clean mode (as discussed above).
i18n - new translations [Frans Spiesschaert]:
* nl, dgit-user(7). Closes:#918253.
* nl, messages. Closes:#917148.
Documentation:
* dgit(1): Fix documentation of .quilt-mode config.
* dgit(1): Fix a formatting typo (spurious .TP). Closes:#917194.
* dgit-user(7): Fix formatting error in comment about multi-arch.
* dgit-maint-debrebase(7): handle DFSG-filtering for a new package.
[Sean Whitton] Closes:#915973.
Error message improvements:
* dgit: When reporting no such package, say `source package'.
* dgit: Fix reference to -wdn/-wddn in a message.
* dgit: cleaning: Minorly improved handling of note about ignores.
* dgit-repos-policy-debian: Remove duplicated text from force
report message. Closes:#913676.
i18n infrastructure:
* po/README: Fix reference to dgit-user_7.pot.
* po4a, pairwise-pocheck: Fix recognition of bare `<...>'.
* Update po and pot files.
Internal changes;
* dgit: Remove foolish uses of $b, which is very special in perl.
* Modest refactoring to support the other changes.
* test suite: pretend-pbuilder: Reject unknown options.
* Test suite: examplegit setup: Do not leave the tree dirty.
-- Ian Jackson Mon, 07 Jan 2019 00:14:05 +0000
dgit (8.1) unstable; urgency=medium
git-debrebase;
* convert-from-unapplied: Provide aa an alias for convert-from-gbp
and document its scope properly, etc. Closes:#905433.
* dgit-maint-debrebase(7): discuss -fdiverged with convert-from-*,
and (prompted) dgit --overwrite. Closes:#903377. [Sean Whitton]
i18n support:
* Check pod translations for a common class of syntax error.
(using new machinery for pairwise checking of pod translations.)
* po4a: Add -LUTF-8 to the config.
* po4a/.gitignore: actually ignore right .po4a.LANG.cfg.
test suite:
* Run everything with LC_CTYPE=C.UTF-8.
* manpages-format: pass --warnings.
* NOTES.podchecker: Document why we're not using podchecker.
-- Ian Jackson Thu, 08 Nov 2018 02:09:05 +0000
dgit (8.0) unstable; urgency=medium
dgit - Behavioural change with compatibility implications:
* Check (with --clean=dpkg-source[-d], ie, by default) that rules
clean does not leave untracked files (ie, trip if it looks like
a `git add' may have been forgotten). dgit will now fail in
some situations where previously it would have just carried on.
* Honour new clean modes --dpkg-source[-d],no-check aka -wdn / -wddn
which suppress this check. (Whether the untracked files are
used or disregarded depends on --include-dirty.)
* Honour new .clean-mode-newer access config option, to allow git
configs to be compatible with both new and old dgits.
See relevant parts of dgit(1) for more information.
dgit - Improved behaviours:
* Better handling of cross-filesystem operations, including
build-products-dir on a different fs. Closes:#910730.
* Change to git toplevel dir before starting. Closes:#910724.
* Provide --clean=check,ignores aka -wci.
* Provide --clean=dpkg-source[-d],all-check aka -wda / -wdda.
dgit - Important bugfixes:
* Check that tree does not contain untracked files (depending on clean
mode) when building source using git branch rather than using working
tree. In particular, honour --clean=check. Closes:#910705.
* Also apply that new cleanliness check during build-source or
push-source etc. with --clean=dpkg-source; even though rules
clean was not run. See above. Again, -wdn / -wddn may be needed.
* dgit: Forbid source building with --include-dirty and non-.. bpd,
which can seriously malfunction. Closes:#910725; see #910740.
dgit - Additional sanity checks:
* quilt linearisation: Stop at debian/source/format changes.
* quilt fixup: Cope if gdr analysis finds origin. Closes:#910687.
* Add missing error check in single-debian-patch handling.
* Refuse to work if critical files have uncommitted changes.
* Reject all git config options containing newlines.
* Better error message for not in git tree. (For git-debrebase too.)
dgit - Minor bugfixes:
* Fix spelling errors etc. in messages.
* Replace mention of alioth by salsa in a message.
* clean_tree: confess rather than die on unknown clean mode.
* Add missing \n to crash from git_cat_file. (git-debrebase too.)
Documentation:
* dgit(1): Document that cleaning is sometimes not needed and
is therefore not done.
* README.md: Add this document for the benefit of Salsa.
* po/README: Mention -k10 threshold.
* po/README: Give a pointer to salsa; remind the translator to commit.
* dgit(1): Fix spelling errors.
* dgit(7): Fix spelling errors.
* dgit-sponsorship(7): Fix spelling error.
Consequential changes:
* Internal refactoring to support all these changes.
* Tests adjusted to correspond to, and somewhat test, these changes.
* Slight reorganisation to documentation of --clean=dpkg-source etc.
Build system:
* Makefile: Provide i18n-commit target.
* po/list-documents: Set translation threshold to 10%.
-- Ian Jackson Sat, 13 Oct 2018 23:56:35 +0100
dgit (7.0) unstable; urgency=medium
Bugfixes:
* dgit: Do not sometimes crash in quilt-fixup if git-debrebase
is not installed. Closes:#910221.
* git-debrebase: new-upstream: Drop `sleep 2' (!)
* git-debrebase: anchor: Print the anchor, not the breakwater tip (!)
* Get rid of perl warning "Statement unlikely to be reached"
(introduced in 7.0~pre1).
* git-debrebase: merges: Make warnings of lossage less overblown
i18n (translation):
* Support message translation for git-debrebase. (Re #904883.)
* Support document translation. Closes:#904883.
* po: Rename `all-po' target to `pofiles'
Error message improvements (prompted by i18n work)
* Replaced `die' with `confess' in many unexpected syscall errors
and internal error cases.
* git-debrebase; Print a proper message for failure to opendir
the bpd and for failure to chdir to the toplevel.
Internal changes:
* Minor refactoring to support translation.
* i18n-diff-auditor: New script to support translation markup.
Packaging:
* Use dh_missing --fail-missing
* Add missing build-dependency on xgettext
Test suite:
* gdr-makepatches7: Fixes to dgit/git-debrebase interaction
* gdr-makepatches7: Test dgit with missing git-debrebase
* Test that the binary packages can be built
-- Ian Jackson Thu, 04 Oct 2018 20:33:12 +0100
dgit (7.0~pre1) experimental; urgency=medium
* i18n: Support messgae translation for the program dgit.
(Working towards #904883.)
-- Ian Jackson Tue, 02 Oct 2018 13:20:24 +0100
dgit (6.12) unstable; urgency=medium
* test suite: t-check-only-bpd: Check $tmp/.. not .. . Fixes bogus
failure in Ubuntu CI. Thanks to Mattia Rizzolo for the report.
-- Ian Jackson Fri, 28 Sep 2018 18:17:36 +0100
dgit (6.11) unstable; urgency=medium
* dgit-maint-debrebase(7): move and improve the section
"Inspecting the history". [Sean Whitton]
* Makefile: Adjust scope of dgit(7) pod rule.
* local-pod-man: developer script, obsoleteed by `make %.view': drop it.
-- Ian Jackson Sun, 26 Aug 2018 14:59:32 +0100
dgit (6.10) unstable; urgency=medium
git-debrebase bugfixes:
* Patches in subdirectories: fix malfunctions. Closes:#907202,#907206.
* new-upstream changelog entry: Use debchange. Closes:#905888.
* Empty patch queues: Fix some malfunctions and infelicities.
* convert-to-gbp: Actually base the result on the breakwater, not HEAD.
dgit bugfixes:
* *build*: Cope with new-style --build= specifications
* Pass --no-source to sbuild (always). Closes:#904966.
* build: Squash $buildproductsdir. Closes:#906786.
dgit improvements for git-debrebase compatibility:
* Do not try split brain git-debrebase make-patches. Closes:#906908.
* Do not abandon quilt fixup at git-debrebase split commits.
* Check for git-debrebase with a history walker, not debrebase-last.
This can avoids using dpkg-source --commit. Closes:#907208.
git-debrebase improvements:
* convert-from-*: snag on discarding comments in series. Closes:#907198.
* forget-was-ever-debrebase: New subcommand.
* Make all commit message annotations have a COMMIT-TYPE.
git-debrebase documentation:
* dgit-maint-debrebase(7): Add runes for inspecting. Closes:#907190.
* git-debrebase(5): Warn against renaming branch while unstitched
* git-debrebase(5): Document new understanding of debrebase-last
test suite behavioural changes for ad-hoc runs:
* run-all: Without --progressive, rm and recreate tests/tmp
* run-all: Honour DGIT_TESTS_TMPDIR
* run-all: Understand `:' specially
test suite:
* Tests for the bugfixes and improvements.
* lib-gdr: Be more defensive about unexpected states/args
* lib-gdr: Check that we made patches with git-debrebase
* Honour DGIT_TEST_RUN_PFX env var.
* Test dgit calling git-debrebase on new debianisation.
* gdr-new-upstream: Check changelog is exactly right.
* debchange: Widespread better handling of the time seen by dch.
Freeze time. Work around faketime TZ bug (#907264).
* test-list-uptodate: Drop imports and dependencies
* git-debrebase: gdr-merge-conflicts: Call git merge --no-edit
* build-modes-*: Provide stunt dpkg-deb to pass -Znone, for speed.
* build-products-dir: Check nothing in ../
* Work if $tmp is on a different filesystem.
* Internal changes and refactoring to support other changes.
-- Ian Jackson Sun, 26 Aug 2018 14:58:18 +0100
dgit (6.9) unstable; urgency=medium
* dgit: do not crash on push of a new gdr package. Closes:#906784.
* dgit: Remove unsubstituted $changesfile from message Closes:906787.
* dgit-maint-debrebase(7): improve "Converting an existing package",
and refer to "ILLEGAL OPERATIONS" in git-debrebase(5).
Closes:#905573. [ Sean Whitton ]
* test suite: Update debian/tests/control following dependency fix.
-- Ian Jackson Tue, 21 Aug 2018 14:36:36 +0100
dgit (6.8) unstable; urgency=medium
* test suite: Fix dependencies of new gdr-merge-conflicts test.
-- Ian Jackson Mon, 20 Aug 2018 14:52:03 +0100
dgit (6.7) unstable; urgency=medium
git-debrebase, bugfixes:
* make-patches: Do not bail if there aren't any.
* scrap: works properly when it does only rebase --abort.
* On rebase: always save ffq-prev even if we were both stitched and
laundered. Closes:#905975.
git-debrebase, improvements:
* Speed: improve laundry performance by a factor of ~55:1,
and analysis performance by factor of ~4.2:1. Closes:#905995.
* prepush: this is now a silent no-op if the branch is
unstitched. This is more friendly.
* convert-from-*: Snag on patches in d/patches which are not in series,
because they will be deleted. Closes:#904997.
* Highly experimental merge resolution support, enabled only with
special command line option.
* Lots of internal changes to support merge, and other work.
* convert-from-*: Check whether ffq-prev or debrebase-last indicate that
we are already in gdr format.
* convert-from-*: leave debrebase-last refs to hint to everyone that
this is now a gdr branch.
git-debrebase, improved messages:
* Improve ffq head recording message.
* Better (less copious by default) debug output.
* convert-from-gbp: Improve messages. Closes:#906641.
* Provide hints for unprocessable commits, depending on the apparent
branch ffq state, including possible suggestion to use convert-from-*.
Closes:#905005. Closes:#905279.
dgit, improved messages:
* Mention bad origs as possible cause of quilt fixup failure,
in both dgit(7) and in error messages. No longer suggest
--quilt=smash or dpkg-source --commit in the error message.
Closes:906196.
* Do not suggest --quilt modes if quilt fixup "stopped at"
a commit made by git-debrebase. Closes:#906197.
* Mention gitattributes as a potential problem in quilt linearisation
failure, when appropriate. Closes:#906199.
dgit, documentation:
* dgit(1): Encourage --overwrite rather than --overwrite=version.
* Document that we do not suppress attributes which affect git-archive.
This is related to #906199.
test suite:
* test suite: Set DEBFULLNAME
* test suite: unset GIT_EDITOR, so it works if user has that set.
Packaging:
* changelog: Add close note for #905400 to changelog entry for 6.5.
-- Ian Jackson Mon, 20 Aug 2018 02:30:06 +0100
dgit (6.6) unstable; urgency=medium
* test suite: Fix gdr's calls to dgit when run formally in
autopkgtest. (Affects gdr-import-dgitview.)
-- Ian Jackson Sun, 05 Aug 2018 10:42:01 +0100
dgit (6.5) unstable; urgency=medium
git-debrebase new features:
* git-debrebase: Provide new convert-from-dgit-view operation.
The output is, unavoidably, not very pretty. Closes:#905322.
* git-debrebase: New subcommand `scrap'. Closes:#905063.
git-debrebase error handling improvements:
* git-debrebase: Properly reject bare dgit dsc imports. Closes:905400.
* git-debrebase: Improve some error message formatting.
* git-debrebase: Check for git-rebase in progress and abort most operations.
dgit improvements:
* dgit: Improve error message for unknown suite, to suggest -d.
* dgit: Rename --dgit-view-save to --save-dgit-view, leaving an alias.
* dgit: Provide print-unapplied-treeish subcommand.
Test suite changes:
* test suite: Add t-tstunt-parsechangelog to many gdr tests.
* test suite: editing a test script overrides DGIT_TESTS_PROGRESSIVE.
* test suite: gdr-import-dgitview: New test for dgit dsc imports.
-- Ian Jackson Sat, 04 Aug 2018 17:53:57 +0100
dgit (6.4) unstable; urgency=medium
* git-debrebase(1): Fix typo "unappled". Closes:#905064.
-- Ian Jackson Thu, 02 Aug 2018 08:24:32 +0100
dgit (6.3) unstable; urgency=medium
* git-debrebase: breakwater: Fix error message for unprocessable
commits. Closes:#905003.
* git-debrebase: new-upstream: Fix error message for new version
with bad syntax.
* git-debrebase test suite: Test messages about unprocessable commits.
* git-debrebase: new-upstream: Fix handling of epochs.
* git-debrebase: convert-from-gbp: Use same algorithm for finding
upstream commitish as new-upstream. Closes:#905062.
* git-debrebase: Improve error messages for bad options.
* git-debrebase: Improve error message for convert-from-gbp
upstream discrepancy. Closes:#905078.
* git-debrebase(5): Add ILLEGAL OPERATIONS section. (Re#905004.)
* git-debrebase(1): Warn against plain git rebase. (Re#905004.)
* dgit-maint-debrebase(7): Warn more against plain git rebase.
Closes:#905004.
* git-debrebase: Implement --help, providing a summary.
Closes:#904990.
-- Ian Jackson Thu, 02 Aug 2018 03:45:40 +0100
dgit (6.2) unstable; urgency=medium
* dgit(1): Improve and correct --build-products-dir description.
* dgit: Minor code cleanup.
* dgit build: Warn if --build-products-dir is not `..'. Closes:#904859.
* test suite: Test dgit import-dsc --build-products-dir.
[Sean Whitton]
* manpages: alioth->salsa
* manpages: add references to pbuilder and cowbuilder
* dgit-maint-gbp(7): discuss dgit.default.build-products-dir
* dgit-maint-gbp(7): update references to --*-dirty
* dgit-sponsorship(7): add references to push-source
* dgit-maint-debrebase(7): fix command to just launder
-- Ian Jackson Sun, 29 Jul 2018 12:57:26 +0100
dgit (6.1) unstable; urgency=medium
New feature:
* 'pbuilder' and 'cowbuilder' subcommands (Closes: #844125).
- Suggest sbuild | pbuilder | cowbuilder.
Minor fixes:
* Fix an error message to refer to the build products dir instead of
just the parent directory.
-- Sean Whitton Sat, 28 Jul 2018 20:14:23 +0800
dgit (6.0) unstable; urgency=medium
New features [Sean Whitton]:
* Introduce dgit.default.build-products-dir git configuration key.
Closes:#857316.
* Die earlier, and with a more helpful message, if the user tries to
include dirty changes when building a source package in split brain
mode.
dgit behavioural changes:
* dgit: Always build the source package ourselves, rather than
sometimes leaving that to the builder command. dgit will now
usually generate *_multi.changes rather than *_$arch.changes.
* dgit: Build source packages in a private directory, except when
the user passes --include-dirty [Sean Whitton].
- dgit push-source no longer cleans the tree [Sean Whitton].
* dgit: Rename --ignore-dirty to --include-dirty (leaving the old
name supported as a deprecated alias).
Test suite improvements:
* test suite: unset VISUAL, which interferes. Closes:#904308.
* Honour DGIT_SCHROOT_CHROOT to set the schroot to use for the sbuild
tests.
* Support tests/run-all --progressive.
* Drop now-obsolete *-asplit tests.
Other improvements:
* apt-get method: when apt does not update release files,
unconditionally print hint about noatime. Closes:#851873.
* messages: Be a lot more friendly about NEW in particular,
and also add a couple of `please's. Closes:#904448.
* Make --build-products-dir (and the new config key) actually work.
Closes:#863582. [ Ian and Sean. ]
* dgit: Many important internal rearrangemnts relating to source
package production and building.
-- Ian Jackson Thu, 26 Jul 2018 14:43:47 +0100
dgit (5.10) unstable; urgency=medium
* Merge the experimental branch.
* test suite: Drop a couple of useless test log output lines.
* infrastructure: Run git gc --auto before mirroring. Closes:#841414.
-- Ian Jackson Sat, 14 Jul 2018 18:07:02 +0100
dgit (5.9+exp4) experimental; urgency=medium
* test suite: Use dch -r -D sid '' not dch -r sid. Closes:#903441.
* test suite: Save a tarball of much of the working area of each test
in $AUTOPKGTEST_ARTIFACTS.
* Separate changelog entries for the following test attempts
in experimental have been elided:
dgit (5.9+exp3) experimental; urgency=medium
dgit (5.9+exp2) experimental; urgency=medium
dgit (5.9+exp1) experimental; urgency=medium
-- Ian Jackson Thu, 12 Jul 2018 13:45:07 +0100
dgit (5.9) unstable; urgency=medium
* git-debrebase convert-from-gbp: Look for dgit-generated tags so we can
usually make the new branch ff of the dgit view. Closes:#903132.
* git-debrebase convert-from-gbp: Check that the result will not
count as having diverged. This will usually turn failures to make
the ff pseudomerge into -fdiverged. Related to #903132.
* git-debrebase, Dgit.pm, git: some internal reorganisation to
support git-debrebase changes.
* dgit-downstream-dsc(7): New manpage. Closes:#842643,#851194.
* git-debrebase(5): Document best gitk options. Closes:#901927.
-- Ian Jackson Thu, 12 Jul 2018 13:37:12 +0100
dgit (5.8) unstable; urgency=medium
Bugfixes:
* dgit, git-debrebase: Properly make patches even if an awkward
.gitignore ignores the things in debian/patches. Closes:#903130.
* git-debrebase status: Fix commit reporting. Closes:903131.
* git-debrebase new-upstream: Add a -1 revision if the user
didn't supply one. Closes:#903127.
* git-debrebase: Improve grammar if one blocking snag.
* dgit(1): Unscramble push[-source] descriptions. Closes:#903116.
-- Ian Jackson Sun, 08 Jul 2018 11:42:41 +0100
dgit (5.7) unstable; urgency=medium
New feature:
* dgit checkout: new subcommand. Closes:#878443.
* dgit: Check that entirely-new uploads to Debian are not
source-only-uploads, as those are REJECTed. Closes:#801435.
Bugfixes:
* dgit(7): Mention git-debrebase and gbp pq alongside git-dpm,
in the comment about handling patch stacks.
* dgit update-vcs-git: Honour --package properly.
* test suite: Always pass LC_COLLATE=C to sort(1). Closes:#903006.
* test suite: Fix trustingpolicy-replay & dput-ng. Closes:#903007.
* test suite: Test dput-ng compatibility.
-- Ian Jackson Thu, 05 Jul 2018 15:02:21 +0100
dgit (5.6) unstable; urgency=medium
* Merge the experimental branch containing the fianl
version of the test suite gnupg workarounds. Empirically,
- The tests now pass (most of the time, at least) in
current Debian unstable, whereas 5.5's fail utterly.
- There is still occasional lossage. So when running tests
in a loop (eg to test ever commit), it is still good to set
DGIT_TEST_RETRY_COUNT=3 (say).
* test suite: Test that manpages format with only expected warnings.
-- Ian Jackson Sun, 01 Jul 2018 00:41:20 +0100
dgit (5.5+exp9) experimental; urgency=medium
* test suite: Explicitly start/stop the gnupg agent, around
each call to gnupg. Apropos of #902316 (and #868550).
* Separate changelog entries for the following test attempts
in experimental have been elided:
dgit (5.5+exp8) experimental; urgency=medium
dgit (5.5+exp7) experimental; urgency=medium
dgit (5.5+exp6) experimental; urgency=medium
dgit (5.5+exp5) experimental; urgency=medium
dgit (5.5+exp4) experimental; urgency=medium
dgit (5.5+exp3) experimental; urgency=medium
dgit (5.5+exp2) experimental; urgency=medium
dgit (5.4+exp1) experimental; urgency=medium
-- Ian Jackson Sat, 30 Jun 2018 19:03:00 +0100
dgit (5.5) unstable; urgency=medium
* Add missing comma in debian/control. Closes:#902578.
* dgit(1): Fix a wrong reference to \fp, which should be \fP.
-- Ian Jackson Thu, 28 Jun 2018 13:25:21 +0100
dgit (5.4) unstable; urgency=medium
Improvements:
* dgit(1): Better description of --overwrite. Somewhat
apropos of discussion in #902534.
Bugfixes:
* test suite: gdr-viagit, gdr-newupstream: Do not spuriously
fail if gnupg not serendipitously installed. Closes:#902559.
* Fix bug ref to #865444 in previous changelog entry.
-- Ian Jackson Wed, 27 Jun 2018 23:13:42 +0100
dgit (5.3) unstable; urgency=medium
Bugfixes:
* dgit: Do not introduce duplicate origs in .changes files,
eg if the .changes already has that orig. Closes:#869146.
* Honour GIT_REFLOG_ACTION everywhere. Closes:#901935.
* git-debrebase new-upstream: Provide better reflog entries
by setting GIT_REFLOG_ACTION. Closes:#901925.
Improvements:
* Better message formatting when --overwrite may be needed,
and a note about first dgit push in dgit(1). Closes:891031.
* dgit(7): Add discussion of quilt fixup error messages,
and add cross-references to dgit(1) and the actual error.
Somewhat apropos of #865444.
-- Ian Jackson Wed, 27 Jun 2018 14:00:31 +0100
dgit (5.2) unstable; urgency=medium
dgit bugfixes:
* When all Debian changes vanish with single-debian-patch,
do not fail to commit the patch queue removal. Closes:#877036.
* When build fails because the network is offline, mention
that this is because --since-version was not specified.
Closes:#883340.
* When quilt fixup fails because of discrepancies, print a
git diff rune which will show them. Closes:#865446.
* When fetch or push wants git fetch (other than in a situation where it
happes to be a noop) but --dry-run was specified, fail with an
explanation, rather than looping with a false coplaint about git
fetch. Closes:#871317.
* --overwrite now no longer crashes if there is nothing to overwrite
(eg, when used with --new). Instead, it is simply ignored, as it is
ignored in situations where the push is fast forward. Closes:#863576.
dgit/git-debrebase interop bugfixes:
* git-debrebase interop: Add a missing debugcmd debugging print.
* git-debrebase interop: Actually tolerate git-debrebase make-patches
exiting with status 7.
dgit vcs-git handling improvements:
* Provide `update-vcs-git' subcommand, for creating and adjusting the
vcs-git remote url. Useful for transition from alioth to salsa.
Closes:#902006.
* Print a warning to stderr on `dgit fetch sid', if your vcs-git
remote url disagrees with what's in sid's .dsc.
documentation:
* dgit(1): Mention under `dgit build' that it uses the network.
* dgit(1): Clarify that --overwrite does nothing if not needed.
Closes:#863578.
* dgit-user(7): Recommend sbuild-debian-developer-setup.
[ Sean Whitton. ] Closes:895779.
test suite:
* Use nproc(1) rather than Sys::CPU. This is more portable and does not
depend on libsys-cpu-perl being installed. Closes:888496.
-- Ian Jackson Sun, 24 Jun 2018 23:33:28 +0100
dgit (5.1) unstable; urgency=medium
dgit gitattributes handling:
* Squash the working-tree-encoding attribute too.
* Update an existing `dgit-defuse-attrs' macro in .git/info/attributes.
* Test the working-tree-encoding attribute squashing properly.
Closes:#901900.
git-debrebase fixes:
* new-upstream: fix (this time for sure) ff check handling
of multi-piece upstreams.
* Suppress gbp pq export output, except in case of error.
Closes:#901809.
* Manpages: Fix typos and etc.
* Fix a typo in the package description.
Test suite:
* Triger ci.debian.net autopkgtests on: gnupg diffutils patch.
(A dummy test is used to add to Testsuite-Triggers.)
-- Ian Jackson Wed, 20 Jun 2018 23:20:57 +0100
dgit (5.0) unstable; urgency=low
Major new facility:
* git-debrebase, a new git workflow tool, in its own package.
* dgit will now, when appropriate, check if it should call
git-debrebase.
[ Thanks to Sean Whitton for much useful input, and for
dgit-maint-debrebase(7). ]
dgit bugfixes:
* Fix the exit status of programs in dgit.deb, to avoid the Perl
misfeature which sometimes copies $! to the exit status.
* When checking that the tree is clean, check the git index too.
* In quilt_fixup_multipatch, work around git checkout paths
not deleting files. (Hypothetical bug AFAIAA.)
* Respect --quilt=nofix even if single-debian-patch.
dgit minor fixes:
* "confess" when we die due to a warning, rather than symply dieing.
Internal changes:
* Move $playground global to dgit.
* Break git_get_symref and $extra_orig_namepart_re out into Dgit.pm.
* Changes to support git-debrebase.
-- Ian Jackson Mon, 18 Jun 2018 00:29:44 +0100
dgit (4.4) unstable; urgency=high
Test suite bugfix:
* Use full key hash rather than short keyid. Closes:#896653.
[ report: Paul Gevers; fix: Chris Lamb ]
-- Ian Jackson Mon, 23 Apr 2018 13:18:51 +0100
dgit (4.3) unstable; urgency=high
Documentation improvements:
* dgit(7): Discuss file executability. Closes:#886444.
* dgit(7): Discuss git-unrepresentable properties of source trees.
* dgit-maint-merge(7): Don't suggest using debian/source/patch-header
for 1.0 source format. Closes:#887850. [Sean Whitton]
Bugfixes:
* dgit archive-api-query: Avoid crashing due to lack of $isuite.
This breaks the infrastructure. Closes:#886592.
-- Ian Jackson Thu, 25 Jan 2018 00:33:56 +0000
dgit (4.2) unstable; urgency=low
* Upload dgit 4.x series to unstable.
New features [Sean Whitton]:
* New 'push-source' subcommand for source-only uploads. Closes:#848931
* When dgit builds a source package, such as in the 'build-source'
subcommand, it now bypasses dpkg-buildpackage and invokes dpkg-source
directly. This avoids a _source.buildinfo file in the .changes, which
doesn't make sense when using dgit. See
.
Documentation improvements:
* dgit(1): Add a bit more rationale (polemic, even). Closes:#874221.
* Recommend mk-build-deps rather than apt-get build-dep.
Suggestion from Nikolaus Rath. Closes:#863361.
* dgit-maint-merge(7): many updates. [Sean Whitton]
Closes:#864873,#878433.
* dgit-*(7): Mention first upload trick. [Andrew Shadura,
Sean Whitton] Closes:#856402.
Minor fixes:
* When source discrepancy involves file mode changes, report them
specially. Closes:#886442.
* In split brain mode, with unexpected diffs, print dgit view
commitid in suggested diff rune. (HEAD is wrong.) Closes:#886443.
* Fix message about missing quilt cache entry to refer to
HEAD rather than tree, since dgit needs a commit. Closes:#884646.
* Fix grammar error in 4.1 changelog entry. [Sean Whitton]
* Remove some whitespace "errors". [Sean Whitton]
Packaging:
* Remove dependency alternative on realpath (package last existed in
Debian wheezy). Closes:#877552.
Test suite:
* dpkgsourceignores-docs: Correct restriction (so autopkgtest
won't try to run it).
* Additional workarounds for gnupg races (#868550) including
retrying each individual test once, and more sophisticated
wrapper for gpg (with locking and, sometimes saves stdin).
* oldnewtagalt: Fix regression when running outside git tree,
introduced in 4.1.
-- Ian Jackson Sun, 07 Jan 2018 21:45:29 +0000
dgit (3.13) unstable; urgency=high
Important bugfixes to dgit:
* Add missing `use' for Dpkg::Compression et al.
Thanks to report from Didier 'OdyX' Raboud. (Closes:#879526.)
Test suite:
* Add missing `chiark-utils-bin' to Test-Depends.
-- Ian Jackson Sun, 22 Oct 2017 17:51:12 +0100
dgit (4.1) experimental; urgency=medium
Important improvements to dgit:
* Support for `git worktree' worktrees. There may still be
bugs; the tests for this are not very comprehensive. And
worktrees on different filesystems may not work; that's a
matter for the future. Closes:#868515.
* Change the dpkg-source -i argument to exclude exactly the right
set of things. (Sadly this is not a simple rune.)
Other improvements to dgit:
* New print-dpkg-source-ignores option to print the big rune
you need to pass to dpkg-source to make it work exactly right.
* Properly shell-quote the --git-builder argument to gbp.
Documentation:
* dgit-user(7): Provide information about how to use sbuild.
Quite ugly due to #868527. Closes:#868526.
* dgit-user(7): Fixed example rune to use curl (which prints
to stdout, as the rune expects). [reported by Simon Tatham]
Minor improvements:
* Do not leave many clog-* files in .git/dgit.
Internal changes:
* using-these: New script to help with ad-hoc-testing.
* Refactoring in preparation for push-source [Sean Whitton].
Test suite:
* sbuild-gitish: New test case to check running sbuild from git
* Work around gnupg agent connection races by having our stunt
gpg wrapper simply try running gpg again, once, if it exits 2.
This does not fully suppress the bug but it does significantly reduce
the probability.
* Other tests for new features.
* Various refactoring.
-- Ian Jackson Mon, 14 Aug 2017 09:31:03 +0100
dgit (4.0) experimental; urgency=low
* dgit: --deliberately-not-fast-forward works properly in
split view quilt modes (suppressing the pseudomerge).
-- Ian Jackson Sun, 12 Feb 2017 22:22:31 +0000
dgit (3.12) unstable; urgency=high
Important bugfixes to dgit:
* Pass --no-renames to git diff-tree -z, avoiding potential trouble.
* Defend against commit subject lines which would generate patches which
look like series files, etc. Involves adding .patch to all generated
patch filenames.
* dgit import: Defend against broken symlinks in ..
* dgit import: Right error message for missing files in ..
* dgit import: Avoid making broken symlinks in ..
* quilt fixup: Tolerate deletion of executable files.
* quilt fixup: Tolerate symlink creation (make patches). Closes:#857382.
Important bugfixes to other components:
* dgit-repos-server: Do not reject commits with no author/committer
email address (but still insist on date, and hence on the actual
committer and author commit header fields). Peter Green reports that
eg 66c65d90db100435 in upstream linux.git is such a commit (and is
accepted by github). Closes:#863353.
Test suite:
* t-report-fail: print $PWD as part of failure message.
* import-dsc: Test missing files, particularly in ..
* run git gc on tests/worktrees/example_1.0.tar.
* quilt fixup: Check we can delete files with funny modes
* quilt fixup: Check that funny changes are represented properly
-- Ian Jackson Sun, 16 Jul 2017 21:36:24 +0100
dgit (3.11~deb9u1) stretch; urgency=high
* Rebuild and upload to stretch.
-- Ian Jackson Tue, 11 Jul 2017 09:28:15 +0100
dgit (3.11) unstable; urgency=high
Important bugfixes to dgit:
* Fix rpush+buildinfo: Transfer buildinfos for signing. Closes:#867693.
* Cope if the archive server sends an HTTP redirect,
by passing -L to curl. Closes:#867185,#867309.
* Cope with newer git which hates --local outside a tree. Closes:#865863.
* rpush: Honour local git config from build host working tree.
* Tolerate compressor terminating with SIGPIPE. Closes:#857694.
* Honour more pre-tree git config options in our private trees sharing
the user's object store. In particular, core.sharedRepository.
Prompted by #867603.
* Clone multisuite works even without --no-rm-on-error. Closes:#867434.
* Work if "git init" does not create $GIT/info. Closes:#858054.
* Actually understand foo,-security (!) Closes:#867189.
Important bugfixes to other components:
* dgit-badcommit-fixup: Honour core.sharedRepository. Closes:#867603.
* infrastructure: Cope with new git-receive-pack which has
quarantine feature: ie, work around #867702.
Test suite:
* Cope with git restricting ext:: protocols.
* multisuite: Test clone without --rm-on-error.
-- Ian Jackson Sat, 08 Jul 2017 22:40:15 +0100
dgit (3.10) unstable; urgency=medium
Bugfixes:
* dgit: Copy several user.* settings from main tree git local config
to dgit private workarea. Closes:#853085.
* dgit: Strip initial newline from Changes line from dpkg-parsechangelog
so as to avoid blank line in commit messages. Closes:#853093.
* dgit: Do not fail when run with detached HEAD. Closes:#853022.
* dgit: Be much better about commas in maintainer changelog names.
Closes:#852661.
Test suite:
* quilt-useremail: New test for user config copying (#853085).
* lib-import-chk: Test that commits have smae authorship as appears in
the changelog. (Or, at least, the same authorship set.)
* import-maintmangle: New test for changelog Maintainer mangling.
Documentation:
* Fix typos. Closes:#853125. [Nicholas D Steeves]
-- Ian Jackson Mon, 06 Feb 2017 17:49:39 +0000
dgit (3.9) unstable; urgency=medium
Improvements:
* dgit --overwrite: Check that the overwritten version's changelog entry
is not UNRELEASED. This could easily happen if this release was being
made from a git branch which predates the previous package upload.
Documentation:
* dgit-maint-merge(7): Get git clone url right. Closes:#852609.
* dgit-maint-merge(7): Quote sample clone commands. Closes:#852615.
Test suite:
* overwrite-chkclog: test UNRELEASED handling.
-- Ian Jackson Wed, 25 Jan 2017 16:21:53 +0000
dgit (3.8) unstable; urgency=medium
Bugfixes:
* Make dgit-setup-* work in default distro.
Test suite:
* defdistro-setup: Test that setup-* functions distro selection works.
-- Ian Jackson Mon, 23 Jan 2017 16:21:30 +0000
dgit (3.7) unstable; urgency=medium
Bugfixes:
* Fix clone-dgit-repos-server and print-dgit-repos-server-print-url.
Closes:#851906.
Documentation:
* dgit-maint-merge(7): Explain when workflow is unsuitable
(Closes:#852090) and improve the patch-header (Closes:#851897.)
Internal changes:
* New %.view target: `make dgit-maint-merge.7.view' runs `man -l ...'
Test suite:
* defdistro-dsd-clone-drs: New test which would have detected
#851906 (and hopefully #850521).
-- Ian Jackson Sun, 22 Jan 2017 17:30:24 +0000
dgit (3.6) unstable; urgency=medium
Bugfixes:
* Actually use the url from a Dgit .dsc field naming an unknown distro.
Closes:#851728.
* Add dummy implementation of file_in_archive_aptget copied from
file_in_archive_dummycat. Re:#851697. [ Peter Green ]
Minor improvements:
* Use `confess' to print a stack trace in a couple of internal error
rcases.
Infrastructure:
* Properly honour NOCOMMITCHECK policy hook exit status.
Closes:#851800.
* Do not reject commits with no author/committer name (but still insist
on email address and date). Peter Green reports that eg
71e128629ec786f3 in upstream xen.git is such a commit (and is accepted
by github). Closes:#851716.
Test suite:
* downstream-gitless: Test import of .dsc from unknown distro.
* downstream-gitless: Test import of .dsc with unsafe url.
-- Ian Jackson Thu, 19 Jan 2017 01:15:03 +0000
dgit (3.5) unstable; urgency=medium
Bugfixes:
* gitattributes: Defuse gitattributes in private working area even if we
don't do it in the user's tree (because of user configuration).
* gitattributes: When cloning, do not print spurious warning about
actually-defused gitattributes. Closes:#851624.
* gitattributes: Improve comment left in .git/info/attributes.
Test suite:
* gitattributes: Many improvements to test case.
-- Ian Jackson Tue, 17 Jan 2017 22:36:01 +0000
dgit (3.4) unstable; urgency=low
Test suite:
* drs-push-rejects: Set origin's url to an ad-hoc expression
which produces the right ext:: rune, as dgit would.
Closes:#851580.
* Replace references to /home/ian in various worktrees with
references to /nonexistent, to catch inadvertant accesses.
-- Ian Jackson Mon, 16 Jan 2017 17:27:35 +0000
dgit (3.3) unstable; urgency=medium
Behavioural changes to work around gitattributes file transformations:
* Suppress file-transforming gitattributes in private work areas.
* Configure suppression in user's trees in dgit clone and setup-new-tree.
* Provide dgit setup-gitattributes to do this explicitly.
* Documentation.
Bugfixes:
* dgit: Remove a leftover debugging print.
* dgit: Set default dsc import distro when there is no Dgit field.
* dgit: Set default dsc import distro when suppressing Dgit field.
* dgit: Option parsing: Fix undefined $suite in some import-dsc.
Closes:#851213.
Packaging:
* Remove redundant use of List::Util qw(any). Closes:#851280.
* Remove redundant Recommends on libtext-iconv-perl.
Test suite:
* Move default dsc distro config setting to lib. We need this
for the .dscs we have in tests/pkg-srcs/.
* defdistro-import-dsc: Drop this test.
* protocol-compat: check that we use the right distro
information when importing.
* Internal change: fix handling of nonempty distro=
* gitattributes: New test for .gitattributes handling.
-- Ian Jackson Mon, 16 Jan 2017 10:03:08 +0000
dgit (3.2) unstable; urgency=medium
Bugfixes:
* dgit: Do not execute END blocks in children. So far symptoms of this
bug seem to be limited to duplicated error messages but I have not
done a thorough analysis. Closes:#850052.
* dgit-infrastructure: dgit-repos-policy-debian: Remirror a package when
it becomes public (ie, make the repo available much more promptly when
the package passes NEW). Closes:#849789.
* dgit: Fix a warning message about ref (mainly, tag) updates.
Documentation:
* dgit-maint-merge(7): Use git-deborig(1).
[Sean Whitton] Closes:#850953.
* dgit-user(7): Fix some typos.
Internals:
* Fix a typo in a comment.
Test suite:
* infra: mirroring and policy hooks: Improve some debugging output.
* infra: mirror-private: test that package becomes public. (#849789)
-- Ian Jackson Thu, 12 Jan 2017 02:11:34 +0000
dgit (3.1) unstable; urgency=medium
Bugfixes:
* dgit import-dsc: Do not crash with undefined $isuite. Closes:#850781.
* dgit build: Do not sometimes crash with undefined $isuite.
* dgit: Do not nedlessly re-fetch the rewrite map.
* dgit: After downloading .debian.* files, save them in `..', too
(ie do this not just for .origs).
* dgit: When fetching, refetch files with hash mismatches (and save them
as `...,fetch'), so we can distinguish them from any built locally.
Closes:#850824.
Test suite:
* Add test for import-dsc with default distro. (Detects #850781.)
Administrivia:
* Fix a dgit 3.0 changelog bullet referring to refs/dgit-fetch/DISTRO.
-- Ian Jackson Tue, 10 Jan 2017 17:50:27 +0000
dgit (3.0) unstable; urgency=medium
Protocol change:
* Dgit: field now records the nominal distro name, and a hint
for a tag and url where the git objects (including any rewrite
map) can be fetched.
* Use this information, where provided. Closes:#850431.
Bugfixes:
* dgit config handling: Honour command-line and context-provided
suite and distro more reliably and consistently.
* Parsing of extended Dgit fields by import-dsc was broken;
and is now fixed even for more-extended ones.
* dgit clone-dgit-repos-server uses readonly access.
Closes:#850521.
* fetch and pull ignore the changelog suite when it is UNRELEASED.
Closes:#848646.
* dgit-badcommit-fixup: Do not investigate symrefs. Closes:#850547.
Minor new feature:
* distro alias facility in config space. (Primarily for testing.)
* Undocumented --config-lookup-explode= feature. (For testing.)
* Provide `dgit print-dgit-repos-server-source-url'. Re:#850521.
* Honour dgit-distro.*.default-suite and dgit.default.default-suite.
Other improvements:
* Improve debugging output a bit.
* Use refs/dgit-fetch/DISTRO rather than refs/dgit-fetch/SUITE,
which leads to less duplication and so less clutter.
* Enforce a reasonable syntax for nominal distro names.
* When generating orig+debian/patches view, copy debian/ from
HEAD. This makes less noise in diffs. Closes:#850095.
Docuentation [Sean Whitton and Ian Jackson]:
* dgit-sponsorship(7): Use --no-dep14tag. Closes:#849105.
* dgit-maint-merge(7): Use debian/source/patch-header. Closes:849120.
* dgit(7): Updated `trouble' section to suggest having dpkg-source
delete the autotools output (with a patch if necessary).
* dgit(1): Several minor updates and fixes. Closes:#850519.
Test suite:
* Internal improvements.
* badcommit-rewrite: Fix operation using installed version of fixup.
* Arrange to pass --debug-quick-random to gpg-agent.
* Strip block count out of find -ls output - it is unstable!
* gbp-orig: Add a missing -m, without which git would run an
editor if stdout was a tty (!)
* Add t-stunt-parsechangelog to a few tests which were missing it.
* Tests for the new protocol feature.
* Fail tests if we look up any configuration relating to Debian.
-- Ian Jackson Mon, 09 Jan 2017 16:43:10 +0000
dgit (2.16.2) unstable; urgency=low
dgit-badcommit-fixup:
* Fix crash when running for 2nd time in bare repo.
* In --check mode, exit with status 2 if things are not fine.
-- Ian Jackson Sat, 07 Jan 2017 13:31:50 +0000
dgit (2.16.1) UNRELEASED; urgency=low
* dgit-badcommit-fixup: New mode --check which is readonly.
-- Ian Jackson Sat, 07 Jan 2017 13:04:49 +0000
dgit (2.16) unstable; urgency=low
Dealing with fallout from #849041:
* Provide dgit-badcommit-fixup history-rewriting script.
* New rewrite map feature, which allows dgit git server to adjust
clients' interpretation of Dgit fields, so that history-rewriting is
effective. (Feature is only partially implemented right now -
enough to dig current Debian users out of the hole.) Re:#850431.
Test suite:
* New test case for history-rewriting.
* Change `local foo=$(bar)' idiom to `local foo; foo=$(bar)' since
the former does not trip set -e even if bar fails :-(.
-- Ian Jackson Fri, 06 Jan 2017 20:46:30 +0000
dgit (2.15) UNRELEASED; urgency=high
Infastructure:
* Prevent introduction of new commits which lack `committer'
information. Ie, prevent the reception of new commits afflicted by
#849041. Existing commits are tolerated.
Test suite:
* Be much stricter about messages from git-fsck.
-- Ian Jackson Thu, 05 Jan 2017 18:20:23 +0000
dgit (2.14) unstable; urgency=critical
CRITICAL BUGFIX:
* Do not generate bogus commits with --overwrite or import-dsc.
Closes:#849041.
Test suite:
* Run a lot of git-fsck.
-- Ian Jackson Wed, 04 Jan 2017 22:52:55 +0000
dgit (2.13) unstable; urgency=high
Changed behaviour:
* quilt fixup: Permit creation of patches which delete files, by psssing
--include-removal to dpkg-source, and tolerating it when we do our
quilt fixup analysis. dpkg-source has supported this since at least
stretch. Closes:#848901.
Error messages:
* Improve "cannot represent change" message: print the git old and new
modes too.
Bugfix:
* Import: Switch back to unpa branch on patch import iterations.
In particular, do not fail utterly if dpkg-source and gbp disagree.
Closes:#848843.
Documentation [Sean Whitton]:
* dgit-maint-gbp(7): Remove reference to closed bug. Closes:#848725.
* dgit-sponsorship(7): Update in light of fixed #844129. Closes:#848789.
-- Ian Jackson Wed, 21 Dec 2016 01:32:41 +0000
dgit (2.12) unstable; urgency=high
Changed behaviours:
* By default, generate a DEP-14 tag as well as a dgit archive/*
tag, even in non-split-view quilt modes. Closes:#844129.
* Version tags mangling: Protect dots, as per proposed update to DEP-14.
Documentation:
* dgit-maint-merge(7): Explain how to change to this workflow
from an existing git workflow. [Sean Whitton] Closes:#847807.
* dgit-maint-native(7): Clarify that we mean native source format.
[Phil Hands] Closes:#847987.
Error messages:
* Slightly better message when .dsc not found. Apropos of #844128.
* Give better advice if .dsc/.changes signing fails: if no changes
are needed to the package, user may indeed just debsign and dput.
Closes:#844131.
* Produce better error reporting when absurd git wrapper fails
on a patch during .dsc import. Apropos of #848391.
Bugfixes:
* If we cannot hardlink origs into our extraction area, use symlinks
instead. Closes:#844570.
* Suppress some leftover debugging output from import-dsc.
Closes:#847658.
* Do not fail when cloning a package containing dangling symlinks.
Closes:#848512.
* Do not fail to import a .dsc containing patches which patch files
multiple times, due to #848611. Closes:#848391.
* Do not fail to import a .dsc containing patches to .git/ (!)
* infra: dgit-repos-policy-debian which broke due to recent git setting
GIT_ALTERNATE_OBJECT_DIRECTORIES in the pre-receive-hook.
(fixes test suite regression in stretch).
Test suite:
* Provide and use stunt lintian and debuild, to avoid lintian
complaining about our stupid test packages.
(fixes test suite regression in stretch).
-- Ian Jackson Mon, 19 Dec 2016 17:35:18 +0000
dgit (2.11) unstable; urgency=medium
Documentation:
* dgit-user(7): Better explanation of combined suites (comma syntax).
Thanks to Sean Whitton for review and suggestions.
* dgit(1), dgit(7): Better reference docs for combined suites.
* dgit(1): Improve formatting of rpush section.
Test suite:
* Replace make in Test-Depends with build-essential. Most of the tests
do in fact run dpkg-buildpackage which bombs out if build-essential is
missing.
-- Ian Jackson Tue, 08 Nov 2016 22:41:29 +0000
dgit (2.10) unstable; urgency=medium
New features:
* Support the Debian *-security suites.
* New comma-separated multiple-suite merging facility (readonly),
so that users can easily track "jessie, or jessie-security".
* dgit-user(7): Suggest `dgit clone P jessie,-security'.
Bugfixes:
* Cope when an orig tarball is a tarbomb. Ie, if it contains
other than one single directory toplevel. Closes:#843422.
* Actually honour the branch name, if we are on dgit branch, to specify
the suite, as documented in the manpage.
* When cloning a distro which has no git server, correctly leave
the user on the local dgit branch, not on `master'.
* Fix an unconditional print that was supposed to be a printdebug:
origs .orig.tar.gz f.same=1 #f._differ=-1
* Print a slightly better message if .git found in orig tarball(s).
Test suite:
* Test suite: Add fakeroot and make to Test-Depends. These aren't
necessarily pulled in by anything else. (dpkg-dev Recommends
build-essential. But we don't actually need build-essential.)
-- Ian Jackson Tue, 08 Nov 2016 01:08:51 +0000
dgit (2.9) unstable; urgency=medium
New features:
* During push, automatically calculate which .origs are required,
so user never needs [--ch:]-sa or [--ch:]-sd. Closes:#829116.
* New import-dsc feature.
* New option --dgit-view-save= for split view quilt modes.
In particular, means that the output of a split view quilt-fixup
is left somewhere useful.
* dgit clone: Set timestamps in cloned tree to a single unified time.
This makes it less likely that the user will trip over any
timestamp-dependent FTBFS bugs (eg #842452).
* Support dgit --delayed= push (with a warning in the manpage
about possible skew).
* dgit gbp-build will arrange to let gbp buildpackage generate
.orig tarballs if it seems applicable. Closes:#841094.
Documentation improvements:
* dgit-*(7). Many new tutorial manpages, several written and many
improved by Sean Whitton.
* dgit(7): Substantial updates, including documenting split view.
* dgit(1): Better cross-references.
* dgit(1): Remove obsolete workflow information.
* dgit(1): Improved BUGS section.
* Fix changelog entry for SIGPIPE to correctly mention
Closes:#841090.
Bugfixes:
* Split brain mode: Fix --new. Closes:#842577.
* Properly look for .origs etc. in .., fetching them less often.
Closes:#842386.
* Reject `dgit pull' in split view quilt modes, to avoid
creating unfortunate wreckage on non-dgit-view branches.
Closes:#842608.
* Cope when cloning suite which doesn't receive uploads,
like testing. Closes:#842621.
* Properly fetch all archive dgit view tags, as we intended.
* Actually provide a -p (--package=) option (!)
Test suite fixes:
* Test suite: Explicitly configure user.name and user.email, so
that tests work when environment doesn't have defaults.
Closes:#842279 (I hope).
-- Ian Jackson Mon, 31 Oct 2016 12:47:18 +0000
dgit (2.8) unstable; urgency=medium
* When in split build mode for `gbp-build' or `build', run
mergechanges as is required. Closes:#841990.
* Test suite: build-mode-*: Check that right .changes comes out
(detects #841990).
* Defend against debian/patches/series being an unusual object, in case
dpkg-source doesn't, in absurd git-apply fallback.
-- Ian Jackson Tue, 25 Oct 2016 17:29:23 +0100
dgit (2.7) unstable; urgency=medium
Absurd bugfix for serious bug:
* Work around `git-apply' problems (eg #841865, #829067) exposed by
`gbp pq import' (#841866) by sometimes falling back to an emulation of
git-apply in terms of dpkg-source --before-build. Closes:#841867.
Minor changes:
* dgit(1): Reorder the options, moving more important ones earlier.
* dgit(1): Some more info about --deliberately.
* Provide various --force-something options. Please don't use them.
-- Ian Jackson Mon, 24 Oct 2016 02:37:28 +0100
dgit (2.6) unstable; urgency=medium
Fixes to HTTP handling:
* Check for non-2xx HTTP status codes from ftpmaster api server.
* Always honour --curl= and --curl:.
-- Ian Jackson Sun, 23 Oct 2016 14:57:22 +0100
dgit (2.5) unstable; urgency=low
Substantive changes:
* Do not crash in split brain quilt modes when the two brains are
actually identical. (Eg --quilt=gbp with no patches.) Closes:#841770.
* Switch to new archive/ tag format by default, even in
non-split-brain mode.
* Provide --gbp and --dpm as aliases for --quilt=gbp and --quilt=dpm.
Documentation:
* dgit-maint-merge(7): New tutorial manpage from Sean Whitton.
Test suite:
* Introduce setup/gnupg, to help work around gnupg2 bug #841143
and improve performance by amortising gnupg migration cost.
* Various bugfixes.
-- Ian Jackson Sun, 23 Oct 2016 13:20:23 +0100
dgit (2.4) unstable; urgency=low
Bugfixes:
* split brain cache: Fix a wrong implicit reference to $_.
Closes:#841383.
* split brain cache: Make sure to write reflog entries for cache updates
even if the eventual tree (and therefore commit) is the same.
Otherwise, after updating dgit, the cache might have the right answer
but not be refreshed even by a build.
* dgit gbp-build: No longer invent a --git-debian-branch option.
Usually the user is a maintainer using split brain, and we should rely
on their own gbp configuration to specify the right check.
Closes:#841100.
Minor docs fix:
* dgit(1): Document which --ch: options are a good idea.
-- Ian Jackson Thu, 20 Oct 2016 16:31:54 +0100
dgit (2.3) unstable; urgency=low
* With --overwrite, do not check all sorts of tags (which may
not exist, or might contain wrong things). Closes:#841101.
* When generating pseudomerge in quilt split brain mode due to
--overwrite, actually include the version number in the commit
message.
-- Ian Jackson Tue, 18 Oct 2016 01:58:05 +0100
dgit (2.2) unstable; urgency=low
* Fix config relating to Debian to actually make split brain mode
work. Closes:#841085.
* Detect SIGPIPE (and SIGCHLD) being blocked or ignored.
Closes:#841090.
-- Ian Jackson Mon, 17 Oct 2016 17:31:18 +0100
dgit (2.1) unstable; urgency=low
* Do not crash due in clone to failure to handle dpkg-parsechangelog
SIGPIPE. Closes:#840989. Avoids:
dgit: failed command: dpkg-parsechangelog --format rfc822 --all
dgit: subprocess died due to fatal signal PIPE
* git- prefixes: Fix some occurrences of `git-foo' in infrastructure,
messages, and test suite. Filter out .../git-core from PATH in
test suite so that we catch future occurrences.
-- Ian Jackson Sun, 16 Oct 2016 19:05:14 +0100
dgit (2.0) unstable; urgency=low
Incompatible change:
* dgit sbuild: does not pass -A to sbuild. Consequently the default
build is now simply sbuild's default. With older sbuilds it was
possible to override dgit's -A by passing another option. But this
has been changed recently and now this default setting is very awkward
to change for the dgit user.
* dgit gbp-build: Make --quilt=gbp the default. (See below.)
* New tag format (for dgit view) archive/debian/VERSION.
Major new feature:
* --quilt=gbp, --quilt=dpm, --quilt=unpacked: Introduce facility for
split view (dgit/mainiainer view), to improve compatibility with some
workflow tools.
New checks and improved behaviours in dgit:
* When running dpkg-buildpackage, cope if user specified -g or -G.
* dgit sbuild: check that the set of .changes files found is as we
expect, before calling mergechanges. Re:#800060.
* dgit sbuild: Rename the used-up .changes files to `.inmulti' to
avoid accidental use of the wrong one (by software, or by users).
* dgit sbuild: Check that the binary .changes file doesn't contain a
.dsc.
* Introduce --rm-old-changes to delete previous builds' changes files.
* Remove any pre-existing _source.changes file before building source,
as a safety check.
* No longer tolerate a multitude of .changes files when doing push.
Instead, insist on a single one. Closes:#800110.
* dgit sbuild no longer deletes extranious .changes files; instead
we rely on --rm-old-changes, or failing that, fail early.
* When doing quilt linearisation, treat upstream .gitignores not
in the toplevel the same way we treat ones in the toplevel.
* When automatically generating quilt patch, honour GIT_COMMITTER_DATE
for filename creation (makes filename deterministic in test suite).
* New --overwrite option, replaces need to for user to use
git merge -s ours. Closes:#838718.
* When generating quilt patches from git commits, make patches that
look quite like git-format-patch output (rather than strange things
based on an obselete interpretation of DEP-3).
* When generating quilt patches from git commits, honour (and strip)
any Gbp-Pq headers (that we understand).
* Several dgit-generated commits now have slightly better annotations
from dgit about what it was doing.
* Before committing to push, check that .dsc and .changes correspond.
Closes:#800060.
* Better error message if non-split-brain patch stack no longer
applies (due to new upstream version, or user messing with it).
Closes:#833025.
* Better error message if HEAD contains changes unrepresentable
by `3.0 (quilt)'. Closes:#834618.
* Much better error message when HEAD and .dsc do not match.
Closes:#809516.
Infrastructure:
* dgit-repos-policy-debian: Better error handling.
* dgit-repos-policy-debian.: fix git-cat-file-handling with multiple
taints in db (!).
* dgit-infrastructure has, and uses, its own copies of the perl modules.
This avoids introducing a versioned dependency between dgit and
dgit-infrastructure (and also makes it easier to test cross-version
compatibility).
Documentation:
* Document the dgit-distro.DISTRO.quilt-mode config setting.
* Clarify the --clean= options' documentation. Closes:#800054.
* Discourage use of the --PROGRAM:OPTION escape hatch. (Apropos
of various bug reports including #800060 and #833025.)
* Document the expected form of HEAD for each --quilt= mode.
Bugfixes:
* When cleaning up after failed clone, stat the to-be-cleaned-up
directory before running rmtree on it. Closes:#796773.
* Do not call "warn" on failure of cleanup handler in END block
(since warn has been made fatal and aborts the cleanup chain).
* Print better error message (with `fail' rather than `die') if
`dgit clone' cannot create the destination directory.
* Properly substitute $changesfile in one of the `You can retry'
messages. Closes:#800078.
* Pass --ch:* and -v options to dpkg-buildpackage when building
source. Fixes bad Perl poetry syntax. Closes:#829121.
* When synthesing a commit from a .dsc from the archive, stop
internal git reset from printing a confusing message about HEAD.
* Turn off git gc in the private working areas.
* Do not fail to do some important quilt processing in some
--quilt modes.
* Fix two calls to chdir without proper error checking.
* Fix a couple of bugs in error reporting.
* Fix several bugs in .orig detection/recognition.
* Tidy up refs/dgit-fetch/ after dgit fetch (if successful).
* Fix handling of in-archive copies.
* Don't break if user has push.followTags=true. Closes:#827878.
* Arrange for the special dgit remote to be skipped by git fetch --all
etc. And no longer configure a fetch spec, since it won't work
anyway. Closes:#827892.
* Allow local git config options to override user-global ones,
as is proper. Closes:#835858.
* When generating patch filenames from titles, first transliterate
them (lossily) to ascii. Closes:#834807.
Test suite:
* When sbuild fails, do not crash due to sed not finding the log
file. Instead, simply tolerate the absence of the log file.
* Put --no-arch-all in build-modes-sbuild act, not only its real_act.
Cosmetic change only.
* Set GIT_COMMITTER_DATE and GIT_AUTHOR_DATE and increment them
explicitly in drs-push-rejects test. This avoids date dependencies
which can cause that test to fail on fast computers.
* Remove some spurios .debs from the example_1.0.tar.
* Increase sqlite_busy_timeout in debpolicy-dbretry, because old
zealot is very slow and we need to give the other processes time
to rollback and release the lock.
* Test quilt single-debian-patch.
* Provide `tartree-edit gitfetchinfo' etc. to help with comparing
different test case git working tree tarballs.
* Test dgit-repos-policy-debian with multiple (identical, as it happens)
existing taints.
* Provide better log output for certain failures.
* Many new tests (especially for new functionality).
* Add missing debhelper (>=8) to test suite's global Depends.
* tstunt arrangements: Fix mishandling of PERLLIB, etc.
* tstunt-parsechangelog: Produce Timestamp field (like official one
does, now).
* Do not fail when git requires --allow-unrelated-histories.
-- Ian Jackson Sun, 16 Oct 2016 12:12:50 +0100
dgit (1.4) unstable; urgency=high
Bugfixes:
* Unbreak --dry-run (`exiting subroutine via next', broken in
ac221d67, bug released in 0.22).
* When running git-add in commit-quilty-patch, properly escape
filenames (which git-add treats as glob patterns).
* When running git-add in commit-quilty-patch, use -f and sometimes -A,
so as to avoid being broken by any .gitignore, etc.
* When quilt linearisation fails, print the right information in
the error message. (This has been broken forever.)
* Cope properly with `3.0 (quilt)' with single-debian-patch.
Closes:#796016. (Still does not work with wheezy's dpkg-source, so
no test case yet.)
* With dgit sbuild, pass our -d before the user's arguments, so that
the user can override it. Closes:#796019.
New checks and improved behaviours:
* Detect and reject git trees containing debian/source/local-options
or debian/source/local-patch-header.
* In --dry-run mode, _do_ actually run dpkg-source --commit so that we
actually do construct the quilt fixup commit; instead, honour
--dry-run by avoiding pulling it back to your HEAD.
* quilt-fixup checks that the git tree is clean, as for build-prep.
Documentation:
* In dgit(7), discuss binaries and documentation present in upstream but
removed by rules clean.
Test suite:
* Run quilt-fixup with -wgf in distropatches-reject,
so that we don't need build-depends.
-- Ian Jackson Sat, 22 Aug 2015 15:31:02 +0100
dgit (1.3) unstable; urgency=high
Important bugfixes:
* In option parser test `@ARGV' not `length @ARGV'. Closes:#795710.
* Properly quote package name when constructing regexp in
complete_file_from_dsc. Closes:#795736. Also, grep the code for
likely similar problems elsewhere and improve a (harmless) instance in
dgit-repos-server.
Other improvements:
* If a .orig in .. is a symlink, hardlink the link target into our
private unpack directory, rather than the link itself (since latter
won't work if the symlink is relative). Closes:#795665.
* Test suite: Fix t-restriction-x-dgit-schroot-build in non-adt mode.
* Infrastructure: Improve an error message in dgit-repos-policy-debian.
-- Ian Jackson Sun, 16 Aug 2015 17:51:02 +0100
dgit (1.2) unstable; urgency=high
Improvements:
* Honour *.clean-mode configuration setting for --clean= mode.
* No longer require option values to be cuddled: support `--opt val' and
`-o val'. Closes:#763332.
Manpages:
* Fix typos.
* Document that tags are in DEP-14 format, and that they
are used for authenticating pushes.
* Correct cross-reference to point to browse.d.d.o.
* Move dgit.default.* to main CONFIGURATION section.
Administrivia:
* Add missing close of #793060 to changelog for version 1.1.
-- Ian Jackson Fri, 14 Aug 2015 18:27:20 +0100
dgit (1.1) unstable; urgency=medium
Bugfixes:
* When source package contains things called .git (even files, and even
in subdirectories), remove them. Closes:#793671.
* Work around curl -sS -I printing `HTTP/1.0 200 Connection established'
before the actual header, so dgit works with https_proxy set (!)
* --new is needed for read access to packages in NEW, too. Document
this, and make it work properly.
* Work around #793471 (madness with $SIG{__WARN__} and Perl's system
builtin): move $SIG{} setting into setup_sigwarn in Dgit.pm, and
check getppid.
* When invoking git-buildpackage via dgit gbp-build, consider our
command line arguments when massaging the dpkg-buildpackage arguments,
so that we don't end up giving dpkg-buildpackage contradictory
instructions.
* Cope with new git-buildpackage which provides gbp, rather than the
eponymous command, on PATH.
Configurability:
* Honour dgit-distros.DISTRO.cmd-CMD and .opts-CMD. Closes:#793427.
* Make configuration able to prevent dpkg-mergechangelogs setup.
* Provide dgit setup-new-tree (like dpkg-setup-mergechangelogs
but only does it if not disabled in config).
* Set up git user.email and user.name from distro access config
or DEBEMAIL/DEBFULLNAME. Closes:#793410.
* When key to use not specified any other way, use the debian/changelog
trailer line. Closes:#793423.
* Honour --git= (mostly).
Documentation:
* Fix some manpage typos. [ Richard Hartmann ]
* Manpage said that --clean=check was -wn but that is --clean=none;
correctly document that --clean=check is actually -wc.
* Document that up to -DDDD (not just -DD) is meaningfully different.
* Document that -cname=value applies only for this run.
* Improve manpage comment about defining a new distro.
* Document that --quilt=linear is the default for Debian.
* Fix a formatting problem in --build-products-dir= doc.
* In manpage, do not seem to imply that NMU should be of only one
new commit.
* Qualify to Debian the manpage comment about how to do NMU.
* In discussion on how to start using dgit when already using git, do
not imply/assume that existing git history will have identical trees
to dgit history.
* Remove stray sentence in config section of manpage.
* Manpage: Clarify wording of readonly config.
* Manpage: Better cross-references for -k and keyid.
* dgit(7): No longer say that dgit-repos lives on Alioth.
Improvements:
* Introduce more sophisticated protocol negotiation for rpush.
* Do not quote `:' in shellquote.
* Print a supplementary message when push fails, giving advice to
the user about how to retry. Closes:#793144.
* Slurp in entire git config, for better performance.
* Rename `git-build' operation to `gbp-build' to make it clearer what
it's for. Keep the old name as an alias.
* Show `dgit sbuild' in usage message.
* When we are using dpkg-buildpackage to clean before using it to also
do the build, let it do its cleaning thing as part of its run, rather
than running it twice. When we are _not_ supposed to be using
dpkg-buildpackage to clean, but we are running it to do the build,
pass -nc. Closes:#793060.
* Also suppress spurious runs of the clean target when building using
git-buildpackage.
* When exec fails, always print the program name in the error message.
Infrastructure:
* Infrastructure: Get mirroring right for fresh repos of existing
packages (!)
Packaging, cleanups, debugging and test suite:
* Fix Vcs-Git and Vcs-Browse to refer to chiark. (The dgit-repos on
alioth aren't suitable right now because the master there can
currently only be updated with an actual upload, ie dgit push.)
* Make warnings fatal in dpkg-repos-admin-debian, dgit-ssh-dispatch
(using setup_sigwarn).
* tstunt/dpkg-parsechangelog: Make warnings fatal (directly).
* tstunt/dpkg-parsechangelog: Do not complain if PERLLIB is empty.
* Test suite: Honour DGIT_TEST_DEBUG=''.
* With -DDDD, print out all gitcfg references (copious!)
* Fix a debug message in the obsolete sshpsql archive access driver.
* Test suite: More automatic enumeration of tests.
* Test suite: Provide tests which check that all our various build
operations run the right targets as expected (ie, that we are massaging
the arguments to dpkg-buildpackage, and suppressing our clean target,
etc., correctly).
-- Ian Jackson Mon, 27 Jul 2015 16:34:31 +0100
dgit (1.0) unstable; urgency=medium
Improvements:
* Switch to new production git repositories for reading.
(this can no longer divert to alioth). Public readonly access
now works. Closes:#791447.
* Memoise git config lookups (big speedup!)
* Provide -wdd aka --clean=dpkg-source-d. Closes:#792433.
* Provide -wc aka --clean=check.
Manpage updates:
* Remove some obsolete caveats from BUGS.
* Reorganise and complete the configuration section.
* Remove obselete comment about DMs not being able to push.
We have, for now, a way to add keys manually. Closes:#720173.
Access machinery:
* Remove configuration relating to alioth.
* Provide for different access mechanisms when pushing.
* Provide for configurable git url suffix.
* Allow git-url to be '' to force fallback to git-proto etc.
* Provide for checking git presence via http[s].
* Do some quoting on debug output (needed if the server might not
be trustworthy and might send us bad stuff).
* Talk to push.dgit.debian.org, rather than the .debian.net alias.
Infrastructure:
* Provide for mirroring git updates to a different server.
* Provide cgit-regen-config command for cgi-grnet-01.
* Make dgit-ssh-dispatch not spew (harmless) warnings if caller
tries for a shell session (ie SSH_ORIGINAL_COMMAND not set).
Cleanups:
* Remove an obsolete comment from the code.
* Improve an error message from dgit-repos-policy-debian.
* Test suite: Break out t-make-hook-link.
* Fix a manpage typo.
-- Ian Jackson Sun, 19 Jul 2015 22:15:53 +0100
dgit (0.30) unstable; urgency=high
INCOMPATIBLE CHANGES:
* Client uses new infrastructure:
- Check for new dgit git service on dgit-git.debian.net (ie
gideon.debian.org), with transition plan based on diversion feature.
Closes:#720172.
- Old versions of dgit will stop working when the server-side handle is
pulled.
* dgit git trees no longer contain .pc for format `3.0 (quilt)' source
packages. Closes:#764606.
- It is deleted whenever we find it.
- Older versions of dgit will choke on trees without .pc.
- (When doing quilt fixup, we recreate a suitable .pc in a temporary
directory so that we can do dpkg-source --comit.)
* All users are urged to upgrade ASAP.
Other significant improvements:
* When generating quilt patches, try to linearise the git history into a
series of individual new patches for debian/patches. Closes:#770710.
* When receiving a push with dgit-repos-server, update the server's
refs/heads/master if we are pushing to what the distro regards as a
relevant branch, and the push would ff master. Closes:#728209.
* For non-Debian distros, distro version release tags contain distro
name a la DEP-14 (rather than hardcoding `debian/').
* Set up a merge driver for debian/changelog. Closes:#769291.
* --clean=git and --clean=none cause dgit to pass -nc to
dpkg-buildpackage, suppressing calls to the package's clean target.
Also, expand the documentation in this area slightly. Closes:#768590.
* Provide --clean=git-ff (aka -wgf), which is useful for dgit itself (!)
Minor improvements:
* Reduce some noise output and improve the clarity of some messages.
* Be more careful about tag updates during fetch: only update tags
referring to uploads to distro we are trying to fetch from.
* Change realpath dependency to `coreutils (>= 8.23-1~) | realpath'
(Closes:#786955.)
Bugfixes:
* Fix handling of rmadison-based and gitless distros (e.g., Ubuntu).
* Add missing `gpgv' to test dependencies in debian/tests/control.
* Strip `-b ' from contents of Vcs-Git header, when setting up
the vcs-git remote. Closes:#759374.
* Do not offer wget as an alternative dependency to curl. We always
unconditionally invoke curl and have no code to use wget.
Closes:#760805.
* Complain about lack of cuddled values for value-taking single-letter
options, rather than thinking the user meat an empty value.
Closes:#763332.
* Reject (rather than ignoring) further options merged witth -wn, -wg,
-wd.
* Fix inaccurate error message when archive's git hash is not an
ancestor of git repo's git hash.
* Detect and bomb out on vendor-specific `3.0 (quilt)' patch series.
* Fix the rules clean target to remove test results and output.
Documentation improvements:
* Break out dgit(7) from dgit(1).
* Provide example workflow for dgit rpush. Closes:#763334.
(Also part of the fix for #768470.)
* Document that dgit repos are cloneable with git, in dgit(1)
section MODEL. [Andreas Barth.] Closes:#768470.
* Better documentation for quilt series handling.
* Document under `dgit push' that it is best to build with dgit too.
Closes:#763333.
* Other minor clarifications and improvements.
Behind-the-scenes work:
* Use ftpmasterapi archive query method.
(Closes:#727702. Also partly obsoletes #768470.)
* New dgit-infrastructure binary package containing dgit-repos-server et
al. Client users probably don't want this stuff. Also, it provides a
convenient way to publish the dependencies.
* Many many bugfixes to the server side (dpkg-repos-server et al.).
* Add :..; prefix to ssh remote commands, for the benefit of future
forced command wrappers. Implicitly, this defines a new ssh-based
command protocol. Closes:#720174, #720175.
* Distro access configuration handling changes (should not be noticeable
to most users).
* In places, significant restructuring or tidying up.
* Turn all perl warnings into errors using $SIG{__WARN__}.
-- Ian Jackson Sun, 05 Jul 2015 01:34:55 +0100
dgit (0.22.1) unstable; urgency=high
* Use Dpkg::Version::version_compare everywhere, not
Dpkg::Version::version_compare_string. The latter is entirely wrong,
meaning that dgit would get many version comparisons wrong.
Closes:#768038.
-- Ian Jackson Tue, 04 Nov 2014 12:46:40 +0000
dgit (0.22) unstable; urgency=medium
Bugfixes:
* Clone removes destination directory on error. Closes:#736153.
* Work with wheezy-backports (and keep squeeze-backports working too).
Closes:#736524.
* Work in read-only no-git-history mode with Ubuntu. You still have
to pass -dubuntu. Closes:#751781.
* Use mirror.ftp-master.debian.org DNS alias rather than coccia.
Closes:#752602.
* Check hashes of files ourselves rather than running dget to
re-retreive the .dsc.
* Check SHA-256 of .dsc against hash from archive_query (ie projectb)
rather than letting dpkg-source do a signature verification.
Closes:#737619. Closes:#737625.
* Treat .dsc as bytes, just like everything else, rather than letting
HTTP::Message convert it to a Perl unicode string which the rest of
the program mishandles. Closes:#738536.
Minor improvements:
* Include canonicalised suite name in signed tag message.
* Mention cross-version dgit rpush incompatibility in manpage.
* Check for rpush protocol version incompatibility and crash early
if incompatible.
* New script tests/using-intree for running tests on the source tree.
* Do not spew diff output to terminal (by default). Print sensible
message instead. Closes:#736526.
* Print better message for lack of configuration settings.
* Document that dgit rpush needs gnupg and your public key on the build
host. Closes:#736529.
* Fix a manpage reference to `--dget=' where `--dgit=' was intended.
* Provide t-archive-process-incoming and t-archive-query subroutines for
regression test scripts to use.
* Print better message for unknown operations.
* Provide `dgit clean'. Closes:#736527.
* When cloning, set up a remote `vcs-git' from the package's Vcs-Git
(and put an appropriate caveat in the manpage). Closes:#740687.
Closes:#740721.
* Improve error message for .dsc having already been signed (iff
using libdpkg-perl 1.17.x). Closes:#731635.
* Improve error message for .dsc parsing failures more generally.
* Better reporting of child exit statuses (esp. deaths due to signals).
* In rpush, on protocol error talking to build host, check if the
subprocess died and report differently if so. Closes:#736528.
* Fixed a manpage typo.
* When tests invoke dgit, use --dgit= so that subprocesses use our
dgit rather than system one.
* Add a test for dgit rpush.
Major new feature, currently stalled awaiting server infrastructure:
* dgit-repos-server: New program for receiving signed-tag-based
pushes. Corresponding support in dgit itself, but not currently
used by default for any distro.
* Bring forward push of the version tag ref so it happens alongside
the push of the suite branch ref.
* New git-check and git-create methods "true" which are no-ops.
* test-dummy-drs `distro': for testing dgit and dgit-repos-server.
-- Ian Jackson Tue, 19 Aug 2014 11:24:02 +0100
dgit (0.21) unstable; urgency=medium
Bugfixes relating to unclean trees:
* Run a clean (of the specified type) before any build operation; do
this with `dpkg-buildpackage -T' clean if necessary, so -wd now works
with all the building methods.
* Refuse to do quilt fixup (explicitly requested, or as a result of
build) if the tree contains ignored files. Closes:#731632.
Error message improvements:
* Use failedcmd to report errors when ssh psql fails. Closes:#734281.
* failedcmd prints $us, not $_[0] - ie, dgit doesn't pretend,
in the error message, to be its child.
* Do not report the (irrelevant) $? when madison parsing fails.
Better workflow flexibility:
* Provide --build-products-dir option (and corresponding semantics
for -C) to specify where to find the files to upload. Closes:#731633.
Support for Debian backports suites:
* New quirks infrastructure in configuration and internals,
for suites (or perhaps distros) which are a bit like others.
* Use correct default archive location.
* Compute "-v" option default value correctly.
* Closes:#733954.
Packaging improvement:
* Add `Testsuite: autopkgtest' to debian/control. (This will only have
the right effect with recent enought dpkg; it will generate a harmless
warning with earlier versions of dpkg.)
-- Ian Jackson Sun, 19 Jan 2014 02:14:25 +0000
dgit (0.20) unstable; urgency=high
* Use newest (not oldest) version currently in suite when calculating
what value to use for -v by default. Closes:#732781.
-- Ian Jackson Sat, 21 Dec 2013 19:13:56 +0000
dgit (0.19) unstable; urgency=low
Testing facilities:
* Provide "test-dummy" distro with "dummycat" access method.
* Provide a selection of autopkgtest (DEP-8) tests.
-- Ian Jackson Wed, 27 Nov 2013 18:27:17 +0000
dgit (0.18.2) unstable; urgency=high
Bump archive upload urgency to high.
-- Ian Jackson Sun, 24 Nov 2013 17:42:57 +0000
dgit (0.18.1) unstable; urgency=low
Bugfixes:
* sshpsql archive query method passes LANG=C. Closes:#729788.
* Subcommand program or argument options containing hyphens work.
(Eg, --dpkg-buildpackage:blah was previously incorrectly rejected.)
Packaging fixes:
* Depend on dput.
* Depend on curl | wget, as dget needs one of those. (The dput package,
which contains dget, doesn't require them because dput itself works
without.)
-- Ian Jackson Sun, 24 Nov 2013 17:36:03 +0000
dgit (0.18) unstable; urgency=low
Major new feature:
* Remote push (dgit rpush), a la debsign -r. Closes:#721185.
Improved behaviours:
* dgit build, by default, uses the archive to find out what the correct
-v option is to pass to dpkg-genchanges. Closes:#727200.
* Abolish the sshdakls method and replace it with sshpsql: that is, ssh
(to coccia, by default) and run sql commands on the ftpmaster
database. This is faster and has fewer bugs but is vulnerable to db
schema changes. Closes:#726955. Closes:#720170. Closes:#720176.
* When generating git tags, quote the (uncanonicalised) changelog's
Distribution field as the suite.
* Command execution reports from --dry-run go to stderr.
Other new features:
* Support --gpg=... to provide a replacement command for gpg.
* Support --ssh=... and --ssh:... to affect how we run ssh.
Bugfixes:
* When using sbuild, pass the arguments to mergechanges in the right
order so that we use the correct Description (the _source one,
not the one from sbuild which didn't get e.g. -v).
* push actually takes an optional suite, like it says in the synopsis.
Closes:#727125.
* Fix dgit --damp-run sbuild to actually work.
* Fix the "shellquote" internal subroutine. The bugs in it ought not to
have caused any real trouble in previous versions of dgit.
Documentation and message fixes:
* manpage: Clarify comments about orig tarballs. Closes: #723605.
* manpage: Remove comment in BUGS about lack of policy docs
for Dgit field, which is specified now. Closes:#720201.
* manpage: Make discussion of --existing-package less scary. The
default archive access method no longer needs it. Closes:#720171.
* Mention "git merge", not "git-merge", in helpful message.
Closes:#725632.
Internal and debugging improvements:
* Report chdir actions in debugging output.
* Improvements to implementation of --dry-run and --damp-run.
* Some code motion and cleanups.
Note: changelog entries for the following versions, which were uploaded
to Debian experimental, have been collapsed into this single entry:
0.18~experimental2 0.18~experimental1
0.17~experimental7 0.17~experimental6 0.17~experimental5
0.17~experimental4 0.17~experimental3 0.17~experimental2
0.17~experimental1
0.16~experimental3 0.16~experimental2 0.16~experimental1
We do describe here all the changes since 0.17.
-- Ian Jackson Sat, 09 Nov 2013 10:12:13 +0000
dgit (0.17) unstable; urgency=high
* Do not grobble around in .git/refs/; instead, use git-show-ref.
This avoids breaking when git makes packed refs. Closes:728893.
* Clarify error message for missing refs/remotes/dgit/dgit/.
-- Ian Jackson Thu, 07 Nov 2013 00:02:47 +0000
dgit (0.16) unstable; urgency=high
* Format `(3.0) quilt' fixup does not mind extraneous other files
in the build tree (e.g., build products and logs). Closes: #727053.
* Set autoflush on stdout, to get better ordering of debugging
etc. output when stdout is redirected.
* New --damp-run mode, for more convenient and fuller testing etc.
-- Ian Jackson Tue, 22 Oct 2013 13:06:54 +0100
dgit (0.15) unstable; urgency=low
* Better handling of packages pushed using dgit and stuck in NEW.
(And, use of `--new' is not needed with fetch.) Closes: #722199.
* More comprehensive warnings in many cases of archive skew.
* Implement `dgit help' as well as `--help'. Closes: #721661.
* Provide `dgit version' and `--version'. Closes: #721654.
-- Ian Jackson Thu, 12 Sep 2013 00:14:05 +0100
dgit (0.14) unstable; urgency=low
* Include package name in tag message.
* Create directory .git/dgit when needed during build. Closes: #721428.
* Add Vcs-Git and Vcs-Browser [Richard Hartmann]. Closes: #721404.
These fields refer to the development branch, "master", on alioth,
not to the dgit suite refs (which are not accessible to git clone).
-- Ian Jackson Sun, 01 Sep 2013 18:30:44 +0100
dgit (0.13) unstable; urgency=low
* Reuse already-downloaded .orig files after checking their hashes.
Closes: #720526. (This introduces a dependency on Digest::SHA.)
* Do not always pointlessly fetch the .dsc twice. (That code was
erroneously duplicated during editing, apparently.)
* Remove DGET_UNPACK from the environment in case the user has set it.
* Remove scary warning from Description.
* When uploading to Debian, tell dput to upload to "ftp-master". This
avoids problems with derivatives whose dput has a different default.
Closes: #720958.
* Fix some bugs in dgit fetch --dry-run which made dgit push
--dry-run often not work at all.
* Update the local tracking branch for the dgit remote, when pushing.
Closes: #720956.
* Fix references in manpage to old Vcs-Dgit-Master field name.
* Reorganise manpage sections to be in a more conventional order.
* New manpage section on FILES IN THE SOURCE PACKAGE BUT NOT IN GIT.
Closes: #721186.
-- Ian Jackson Thu, 29 Aug 2013 00:27:23 +0100
dgit (0.12) unstable; urgency=low
* Cope with packages with epoch. Closes: #720897.
* Improve error message for non-fast-forward push. Closes: #720896.
* New --ignore-dirty option to skip noncritical check. Closes: #720895.
* New --no-quilt-fixup option to suppress quilt fixup. RTFM.
* Add Closes line for #720595 to changelog entry for 0.11.
-- Ian Jackson Mon, 26 Aug 2013 16:50:39 +0100
dgit (0.11) unstable; urgency=low
* Location of dgit-repos is now git.debian.org:/git/dgit-repos/repos.
Closes: #720525. The rename on the server side will break older
versions of dgit.
* Fix bug which would make quilt patch fixup fail if git status
produced "M" lines.
* Autogenerated quilt patch fixup patch Description contains several
recent git commits, rather than implying that the patch corresponds
exactly to the top git commit.
* Use "ftp.debian.org" not "http.debian.net" as the default Debian
archive. (http.debian.net tends to defeat certain kinds of cacheing,
and can also have more skew.)
* dgit build uses dpkg-buildpackage; there is a dgit git-build
for using git-buildpackage. Closes: #720595.
* Better error message for use of UNRELEASED suite. Closes: #720523.
* Do not canonicalise suite more than once. Related to: #720526.
* Fix a badly open-coded copy of check_not_dirty. Closes: #720524.
* Fix some bugs in building (eg build-source would fail to do the quilt
fixup; the --clean check in build was wrong).
* Add missing dependency on realpath.
* git-build (git-buildpackage wrapper) does not bother canonicalising
the suite if --git-ignore-branch is used.
-- Ian Jackson Sun, 25 Aug 2013 17:00:43 +0100
dgit (0.10) unstable; urgency=low
* Create .pc/applied-patches - do not empty it (!)
-- Ian Jackson Sun, 25 Aug 2013 00:51:50 +0100
dgit (0.9) unstable; urgency=low
* New cleaning arrangements.
* More comprehensive workaround for `3.0 (quilt)'.
* In push, double-check the .changes against the changelog.
* Better error when source package contains .git. Closes: #720555.
* Change our .dsc field name to `Dgit'. Relevant to #720201.
* Fix bug handling our synthetic merges when we see them in
the remote suite branch.
* `3.0 (quilt)' fixup creates .pc/applied-patches since modern
dpkg-source creates it even though old ones didn't always.
-- Ian Jackson Sat, 24 Aug 2013 18:49:02 +0100
dgit (0.8) unstable; urgency=low
* Fix comparison of archive's .dsc's hash and git branch head
to DTRT.
* When creating repos in dgit-repos (using the ssh-cmd method),
copy _template rather than using mkdir and git init.
Closes: #720522.
* In push, do git fetch as well as archive fetch, or archive
fetch can fail.
-- Ian Jackson Fri, 23 Aug 2013 12:24:09 +0100
dgit (0.7) unstable; urgency=low
* If dak ls, or rmadison, reports multiple versions, look for them
all, and pick the newest .dsc that doesn't give 404.
* Manpage formatting fix.
* Name the local remote tracking branch remotes/dgit/dgit/
so that we avoid a warning from git about ambiguous branch names.
-- Ian Jackson Thu, 22 Aug 2013 18:29:10 +0100
dgit (0.6) unstable; urgency=low
* Allow fetching when archive has out-of-date git hash in .dsc.
Closes: #720490.
-- Ian Jackson Thu, 22 Aug 2013 16:02:10 +0100
dgit (0.5) unstable; urgency=low
* Upload to unstable, as this version mostly works. (All the RC
bugs of which I'm aware are now properly represented in the BTS.)
-- Ian Jackson Thu, 22 Aug 2013 15:38:00 +0100
dgit (0.4~pre2) experimental; urgency=low
* Mangle debian/ tags the way git-buildpackage does
(as of git-buildpackage 0.5.5, 3c6bbd0f4992f8da).
* Support dgit-distro..keyid config option.
* Revert change to ssh to alioth CNAME, as the recommended CNAME
is to something with no write access to the fs and the new CNAME
has not yet been set up. This reintroduces #720172 :-/.
-- Ian Jackson Thu, 22 Aug 2013 15:31:17 +0100
dgit (0.4~pre1) experimental; urgency=low
* Use dgit.debian.net vhost on alioth. Closes:#720172.
* Usage message. Closes:#720085.
* Provide "dgit sbuild".
* Assorted manpage fixes and improvements.
* Fail if a required config item is missing.
* Much better error messages.
* Better error checking when parsing RFC822-style control data.
* Better checking that the supplied .dsc and debian/changes correspond.
* Ordering improvement in push: don't add dsc field until git push done.
* New --distro option (helps with unknown suites).
* Bugfixes.
-- Ian Jackson Thu, 22 Aug 2013 13:36:44 +0100
dgit (0.3) experimental; urgency=low
* New version which appears to be able to sort of work at least
some of the time.
-- Ian Jackson Sat, 17 Aug 2013 09:18:04 +0100
dgit (0.2) experimental; urgency=low
* New version which might actually work but probably won't.
-- Ian Jackson Fri, 16 Aug 2013 16:52:17 +0100
dgit (0.1) experimental; urgency=low
* Initial experimental (partial) version.
-- Ian Jackson Thu, 15 Aug 2013 12:09:01 +0100
work/debian/control 0000664 0000000 0000000 00000005417 15007402510 011556 0 ustar Source: dgit
Section: devel
Priority: optional
Maintainer: Debian tag2upload Delegates
Uploaders:
Ian Jackson ,
Sean Whitton
Standards-Version: 4.4.0.0
Build-Depends: debhelper-compat (= 12), gettext, po4a, tcl
Vcs-Git: https://salsa.debian.org/dgit-team/dgit.git
Vcs-Browser: https://salsa.debian.org/dgit-team/dgit
Package: dgit
Depends: perl, libdpkg-perl, git-core, devscripts, dpkg-dev,
${misc:Depends}, git-buildpackage, liblist-moreutils-perl,
liblocale-gettext-perl,
coreutils (>= 8.23-1~),
libdigest-sha-perl, dput, curl, apt,
libjson-perl, ca-certificates,
libtext-iconv-perl, libtext-glob-perl, libwww-curl-perl,
libtext-csv-perl, python3
Recommends: ssh-client, distro-info-data, liburi-perl
Suggests: sbuild | pbuilder | cowbuilder
Architecture: all
Description: git interoperability with the Debian archive
dgit (with the associated infrastructure) makes it possible to
treat the Debian archive as a git repository.
.
dgit push constructs uploads from git commits
.
dgit clone and dgit fetch construct git commits from uploads.
Package: git-debrebase
Depends: perl, git-core, libdpkg-perl, libfile-fnmatch-perl, devscripts,
liblocale-gettext-perl,
${misc:Depends}
Recommends: dgit, git-buildpackage
Architecture: all
Description: rebasing git workflow tool for Debian packaging
git-debrebase is a tool for representing in git, and manipulating,
Debian packages based on upstream source code.
.
git-debrebase is an alternative to workflows including git-dpm,
gbp pq, and direct use of quilt patches.
Package: git-debpush
Depends: devscripts, git, gnupg, libgit-wrapper-perl,
${misc:Depends}
Architecture: all
Description: client script for git pushing to Debian-style archives
git-debpush is a script to create and push a specially formatted
signed git tag. The metadata in the tag indicates that the tagged
commit should be pushed (or "uploaded") to a Debian-style archive.
.
Tags generated by this script can be read by an intermediary service,
which performs any conversion that's needed (such as producing and
signing a .dsc and .changes), and then uploads the result to the
Debian-style archive on your behalf.
Package: dgit-infrastructure
Depends: ${misc:Depends}, perl, git-core, gpgv, chiark-utils-bin,
libjson-perl, libdigest-sha-perl, libdbd-sqlite3-perl, sqlite3,
libdpkg-perl,
liburi-perl,
liblocale-gettext-perl
Recommends: dgit (>= 11.7~)
Architecture: all
Description: dgit server backend infrastructure
This package contains tools which are useful for setting up a dgit
git depository. You probably want dgit, the client package, instead
of dgit-infrastructure.
work/debian/copyright 0000664 0000000 0000000 00000010415 15007402510 012100 0 ustar dgit
Integration between git and Debian-style archives
Copyright (C)2013-2025 Ian Jackson
Copyright (C)2016-2020,2023-2025 Sean Whitton
Copyright (C)2018-2019 Frans Spiesschaert
Copyright (C)2019 Matthew Vernon / Genome Research Limited
Copyright (C)2019 Paul Hardy
Copyright (C)1999-2010 Joey Hess
Copyright (C)2004-2010 Colin Watson
Copyright (C)2004-2015 Best Practical Solutions, LLC
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
A copy of the GNU General Public License v3 can be found in
/usr/share/common-licenses/GPL-3.
The tests/ directory contains a complete copy of the source code for
the pari-extra 3-1 package. This is a dummy package containing only
Debian metadata, by Bill Alombert, with a licence statement saying
it's GPL (implicitly GPLv3 compatible).
Some of the i18n build system was copied from the Debian debconf
package, which has the BSD-2-clause (GPLv3-compatible) licence:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
.
THIS SOFTWARE IS PROVIDED BY AUTHORS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
Contributions are accepted upstream under the same terms; please sign
off your patches (by writing an appropriate Signed-Off-By tag in your
commit message or patch submission) to indicate your attestation that
the Developer Certificate of Origin (version 1.1) applies.
-8<-
Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
work/debian/dgit-infrastructure.lintian-overrides 0000664 0000000 0000000 00000000207 15007402510 017530 0 ustar # These are self-installing crontabs.
unusual-interpreter /usr/bin/crontab [usr/share/dgit-infrastructure/debian/tag2upload-*-crontab]
work/debian/dgit-infrastructure.tag2upload-oracled.user.service 0000664 0000000 0000000 00000006543 15007402510 022170 0 ustar [Unit]
Description=tag2upload Oracle daemon
Documentation=https://salsa.debian.org/dgit-team/dgit/-/blob/master/TAG2UPLOAD-DESIGN.txt
Documentation=https://salsa.debian.org/dgit-team/dgit-infra-notes-scripts/-/blob/main/README.t2u-oracle.update
Documentation=https://salsa.debian.org/dgit-team/tag2upload-service-manager/-/blob/main/INSTALL.md
Documentation=https://salsa.debian.org/dgit-team/dgit-infra-notes-scripts/-/blob/main/README.t2u-builder.update
[Service]
# Re --workers=1: This is because tag2upload-builder-01 has just
# one core, at present.
#
# Re --reply-to: We want to catch miscellaneous queries and
# problem reports. Currently we think that using
# this @packages.d.o address will be an effective
# way to do this. Also cf. #1089757.
#
# Re --noreply: Use role address here because lists.d.o rejects
# mail From @packages.d.o.
#
# Re --force-production: This option should NEVER APPEAR in the version
# of this file committed to src:dgit's repository.
#
# It may be added only to an uncommitted copy of
# this file made on tag2upload-oracle-01 in
# ~tag2upload-oracle/.config/systemd/user/.
ExecStart=/usr/bin/tag2upload-oracled \
--processing-timeout=2000 \
--workers=1 \
--autopkgtest-virt=autopkgtest-virt-podman \
--autopkgtest-arg=localhost/autopkgtest/debian:bookworm \
--autopkgtest-arg=-- \
--autopkgtest-arg=--network=host \
--manager=tag2upload-manager@tag2upload-manager-01.debian.org \
--manager-socket=/srv/manager.tag2upload.debian.org/run/o2m.s \
--builder=tag2upload-builder@tag2upload-builder-01.debian.org \
--noreply="Debian tag2upload service " \
--reply-to=git-debpush@packages.debian.org \
--copies=debian-tag2upload@lists.debian.org \
debian \
/srv/oracle.tag2upload.debian.org/distro=debian \
"/srv/keyring.debian.org/keyrings/debian-keyring.gpg,a:/srv/keyring.debian.org/keyrings/debian-maintainers.gpg,m/srv/oracle.tag2upload.debian.org/data/dm.txt:/srv/keyring.debian.org/keyrings/debian-nonupload.gpg,m/srv/oracle.tag2upload.debian.org/data/dm.txt"
IgnoreSIGPIPE=false
# Let workers finish up any builds they might be doing.
# tag2upload-oracled is designed such that upon receipt of SIGTERM,
# the workers will finish their builds but not take on any new jobs.
TimeoutStopSec=2000
StandardInput=null
StandardOutput=journal
StandardError=journal
# This deals with two things:
#
# (1) 'podman exec' on (at least) bookworm fails to set HOME.
# Git in the container immediately errors out in that case.
# su starting a login shell handles that.
#
# (2) Appending --autopkgtest-arg=--user=builder:builder above means
# that after sending 'open', autopkgtest-virt-podman dies, because
# it gets EPERM when it tries to create the temporary directory.
#
# What's encoded here is |su - builder -- -ec 'exec "$@";x' --|.
# If we need more, consider
# echo '-e$ENV{HOME}//="/nonexistent";...;exec @ARGV' \
# | perl -MURI::Escape \
# -wlne'$_ = uri_escape $_; s#%2F#/#g; s#%#%%#g; print ",perl,$_"'
Environment=DGIT_DRS_T2U_VIRT_EXEC_CMD_SUFFIX=,su,-,builder,--,-ec,exec%%20%%22%%24%%40%%22%%3Bx,--
[Install]
WantedBy=default.target
work/debian/dgit.install 0000664 0000000 0000000 00000000224 15007402510 012461 0 ustar usr/share/locale/*/LC_MESSAGES/dgit.mo
usr/share/man/*/man*/dgit*.[1-9]
# ^ translated manpages. This has to be commented if they should go away.
work/debian/dgit.lintian-overrides 0000664 0000000 0000000 00000000142 15007402510 014450 0 ustar manpage-has-errors-from-man usr/share/man/man1/dgit.1.gz file '', around line 51:
work/debian/git-debpush.install 0000664 0000000 0000000 00000000052 15007402510 013744 0 ustar git-playtree-setup /usr/share/git-debpush
work/debian/git-debrebase.install 0000664 0000000 0000000 00000000244 15007402510 014231 0 ustar usr/share/locale/*/LC_MESSAGES/git-debrebase.mo
# usr/share/man/*/man*/git-debrebase.[1-9]
# ^ translated manpages. This has to be un-commented when they appear.
work/debian/rules 0000775 0000000 0000000 00000006272 15007402510 011233 0 ustar #!/usr/bin/make -f
# dgit
# Integration between git and Debian-style archives
#
# Copyright (C)2013-2019 Ian Jackson
# Copyright (C)2019 Sean Whitton
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
export prefix=/usr
%:
dh $@
override_dh_gencontrol:
dh_gencontrol
set -e; \
cd debian/dgit; \
v=$$(perl -ne 'print if s/^version:\s+//i' DEBIAN/control); \
perl -i -pe "s/UNRELEASED/$$v/g if m/###substituted###/" usr/bin/dgit
override_dh_auto_clean:
dh_auto_clean
make -C po clean
globalperl=/usr/share/perl5
override_dh_auto_install: specpkg_install_gdp \
specpkg_install_gdr \
specpkg_install_infra
make install prefix=/usr DESTDIR=debian/dgit
make -C po install prefix=/usr DESTDIR=../debian/tmp \
SUPPRESS_PO_UPDATE=1 S=''
mv debian/dgit/usr/bin/git-playtree-setup debian/dgit/usr/share/dgit
make -C po4a install DESTDIR=../debian/tmp S=''
override_dh_installsystemduser:
dh_installsystemduser --name=tag2upload-oracled --no-enable
override_dh_missing:
dh_missing --fail-missing
specpkg_install_gdp: p=git-debpush
specpkg_install_gdr: p=git-debrebase
specpkg_install_gdr: pm=GDR
specpkg_install_infra: p=dgit-infrastructure
specpkg_install_infra: pm=Infra
define specpkg_install_common
make install-$(tok) prefix=/usr DESTDIR=debian/$(p) perldir=$(specperl)
endef
specpkg_install_gdp: tok=gdp
specpkg_install_gdp: specperl=/usr/share/dgit/gdp/perl5
specpkg_install_gdp:
$(specpkg_install_common)
set -x; perl -i -pe 'next unless m/###substituted###/;' \
-e 's{^(git_playtree_setup)=.*}{$$1=/usr/share/$p/git-playtree-setup};' \
debian/$(p)/usr/bin/*
specpkg_install_%: tok=$*
specpkg_install_%: specperl=/usr/share/dgit/$(tok)/perl5
specpkg_install_%:
$(specpkg_install_common)
# # Most of the Perl modules in this package live in
# # $(specperl). The exception is Debian::Dgit::Infra, which
# # lives in $(globalperl) and adds $(specperl) to @INC.
# # We also abuse this for git-playtree-setup. In .debs, this
# # goes in the per-.deb @INC dir. See Dgit.pm::playtree_setup.
set -ex; \
base=debian/$(p); \
mod=Debian/Dgit/$(pm).pm; \
src=$${base}$(specperl)/$${mod}; \
dst=$${base}$(globalperl)/$${mod}; \
mkdir -p $${dst%/*}; \
mv -f $$src $$dst; \
install -m 755 git-playtree-setup $${base}$(specperl); \
perl -i -p -e 'next unless m/###substituted###/;' \
-e 'next unless s/^# (?=unshift \@INC,)//;' \
-e 'die unless s{q\{\S+\}}{q{$(specperl)}};' \
$$dst
debian/tests/control: tests/enumerate-tests debian/tests/control.in
$< gencontrol >$@.new && mv -f $@.new $@
debian/tests/control: tests/lib-core tests/lib-restricts
debian/tests/control: tests/tests $(wildcard tests/tests/*[^~#])
work/debian/source/ 0000775 0000000 0000000 00000000000 15007402510 011444 5 ustar work/debian/source/lintian-overrides 0000664 0000000 0000000 00000000226 15007402510 015025 0 ustar #file-contains-trailing-whitespace debian/changelog *
unknown-runtime-tests-restriction x-dgit-*
missing-debian-source-format
older-source-format 1.0
work/debian/tests/ 0000775 0000000 0000000 00000000000 15007402510 011306 5 ustar work/debian/tests/control 0000664 0000000 0000000 00000021273 15007402510 012716 0 ustar Tests: baredebian-multitar baredebian-plusgit baredebian-push baredebian-tarball
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, quilt, git-debrebase, git-buildpackage, libdpkg-perl, libgit-wrapper-perl, liblist-compare-perl, libstring-shellquote-perl, libtry-tiny-perl
Tests: build-modes-gbp
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, git-buildpackage
Tests: clone-reprepro downstream-gitless
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, reprepro
Tests: dpkgsourceignores-docs
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl
Restrictions: x-dgit-intree-only
Tests: defdistro-dsd-clone-drs dsd-clone-drs
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl
Restrictions: x-dgit-intree-only x-dgit-git-only
Tests: alternating-dgit clone-gitnosuite clone-nogit clone-skew drs-clone-nogit dsd-clone-nogit ftpmasterapi-http
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, libhttp-server-simple-static-perl
Tests: gdr-import-dgit
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, git-debrebase, git-buildpackage, libhttp-server-simple-static-perl
Tests: gdr-merge-conflicts
Tests-Directory: tests/tests
Depends: chiark-utils-bin, faketime, git-debrebase, git-buildpackage, quilt
Tests: cmd-override gdr-diverge-nmu gdr-diverge-nmu-dgit gdr-edits gdr-fresh gdr-import-dgitview gdr-import-nostitch gdr-makepatches7 gdr-merge gdr-subcommands gdr-unprocessable gdr-unprocessable-hints
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, git-debrebase, git-buildpackage
Tests: gdr-newupstream gdr-viagit
Tests-Directory: tests/tests
Depends: chiark-utils-bin, faketime, git-debrebase, git-buildpackage
Tests: gitattributes
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, bsdgames, man-db, git-man
Tests: hint-testsuite-triggers
Tests-Directory: tests/tests
Depends: gnupg, patch, diffutils
Restrictions: hint-testsuite-triggers
Tests: i18n-messages
Tests-Directory: tests/tests
Depends: chiark-utils-bin, faketime, git-debrebase, git-buildpackage, locales-all
Tests: import-linkorigs
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, xz-utils
Tests: manpages-format
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, man-db, make, groff, git-debrebase, git-debpush
Tests: mini-git-tag-fsck-utils
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, python3
Tests: defdistro-mirror mirror mirror-debnewgit mirror-private
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, rsync
Tests: build-modes-sbuild quilt-gbp-build-modes-sbuild
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, sbuild
Restrictions: x-dgit-schroot-build
Tests: sbuild-gitish
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, sbuild, man-db
Restrictions: x-dgit-schroot-build
Tests: i18n-po4a-uptodate package-build spelling
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl
Restrictions: x-dgit-git-only
Tests: t2u
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, git-debpush, autopkgtest, python3-pygit2, netcat-openbsd, libdpkg-perl, libgit-wrapper-perl, liblist-compare-perl, libstring-shellquote-perl, libtry-tiny-perl, mpack
Tests: t2u-baredebian
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, git-debpush, autopkgtest, python3-pygit2, netcat-openbsd, quilt, git-debrebase, git-buildpackage, libdpkg-perl, libgit-wrapper-perl, liblist-compare-perl, libstring-shellquote-perl, libtry-tiny-perl
Tests: t2u-email
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, git-debpush, autopkgtest, python3-pygit2, netcat-openbsd, mpack
Tests: t2u-gbp
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, git-debpush, autopkgtest, python3-pygit2, netcat-openbsd, libdpkg-perl, libgit-wrapper-perl, liblist-compare-perl, libstring-shellquote-perl, libtry-tiny-perl
Tests: t2u-gdr
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, git-debpush, autopkgtest, python3-pygit2, netcat-openbsd, libdpkg-perl, libgit-wrapper-perl, liblist-compare-perl, libstring-shellquote-perl, libtry-tiny-perl, git-debrebase, git-buildpackage
Tests: t2u-integration
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, git-debpush, autopkgtest, python3-pygit2, netcat-openbsd, jq
Restrictions: x-tag2upload-service-manager
Tests: t2u-native
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, git-debpush, autopkgtest, python3-pygit2, netcat-openbsd
Tests: tag2upload-oracled
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, autopkgtest, netcat-openbsd
Tests: tag2upload-oracled-systemd-unit
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, systemd
Tests: test-list-uptodate
Tests-Directory: tests/tests
Depends: git
Tests: trustingpolicy-replay
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl, dput-ng
Tests: absurd-gitapply build-modes build-modes-long build-modes-source checkout clone-clogsigpipe debpolicy-dbretry debpolicy-newreject debpolicy-quilt-gbp debpolicy-taintrm defdistro-rpush defdistro-setup distropatches-reject dpkgsourceignores-correct drs-push-masterupdate drs-push-rejects dsd-divert fetch-localgitonly fetch-somegit-notlast forcesplit-linear forcesplit-overwrite gbp-orig gitconfig gitworktree import-dsc import-maintmangle import-native import-nonnative import-pushold import-r1clog import-tarbomb inarchivecopy mismatches-contents mismatches-dscchanges multisuite orig-include-exclude orig-include-exclude-chkquery overwrite-chkclog overwrite-junk overwrite-splitbrains overwrite-version pbuilder protocol-compat push-buildproductsdir push-delayed push-extra-fields push-newpackage push-newrepeat push-nextdgit push-source push-source-with-changes quilt quilt-colour quilt-gbp quilt-gbp-build-modes quilt-include-binaries quilt-singlepatch quilt-splitbrains quilt-useremail rpush rpush-quilt rpush-source sourceonlypolicy tag-updates unrepresentable unrepresentable-single-dpkg unrepresentable-single-git version-opt
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot, build-essential, chiark-utils-bin, bc, faketime, liburi-perl
work/debian/tests/control.in 0000664 0000000 0000000 00000000047 15007402510 013317 0 ustar Tests-Directory: tests/tests
Depends:
work/dgit 0000775 0000000 0000000 00001015334 15007402510 007606 0 ustar #!/usr/bin/perl -w
# dgit
# Integration between git and Debian-style archives
#
# Copyright (C)2013-2024 Ian Jackson
# Copyright (C)2017-2019,2023-2025 Sean Whitton
# Copyright (C)2019 Matthew Vernon / Genome Research Limited
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
END { $? = $Debian::Dgit::ExitStatus::desired // -1; };
use Debian::Dgit::ExitStatus;
use Debian::Dgit::I18n;
use 5.024;
use strict;
use Debian::Dgit qw(:DEFAULT :playground);
setup_sigwarn();
use IO::Handle;
use Data::Dumper;
use WWW::Curl::Easy;
use Dpkg::Control::Hash;
use File::Path qw(mkpath);
use File::Spec;
use File::Temp qw(tempdir);
use File::Basename;
use File::Copy ();
use Dpkg::Version;
use Dpkg::Compression;
use Dpkg::Compression::Process;
use POSIX;
use Locale::gettext;
use IPC::Open2;
use Digest::SHA;
use Digest::MD5;
use List::MoreUtils qw(pairwise);
use Text::Glob qw(match_glob);
use Text::CSV;
use Fcntl qw(:DEFAULT :flock);
use Carp;
use Debian::Dgit;
use Debian::Dgit::ProtoConn;
our $our_version = 'UNRELEASED'; ###substituted###
our $absurdity = undef; ###substituted###
$SIG{INT} = 'DEFAULT'; # work around #932841
our @rpushprotovsn_support = qw(7 6 5 4); # Reverse order!
our $protovsn;
our $rpush_verb; # "push" or "push-source"
our $cmd;
our $subcommand;
our $isuite;
our $idistro;
our $package;
our $expected_suite;
our $expected_version;
our @ropts;
our $allow_unrelated_histories = 0;
our $sign = 1;
our $dryrun_level = 0;
our $changesfile;
our $buildproductsdir;
our $bpd_glob;
our $new_package = 0;
our $includedirty = 0;
our $t2u_bmode = 0;
our $t2u_upstream;
our $t2u_upstreamc;
our $rmonerror = 1;
our @deliberatelies;
our %previously;
our $existing_package = 'dpkg';
our $cleanmode;
our $changes_since_version;
our $rmchanges;
our $keep_playground;
our $overwrite_version; # undef: not specified; '': check changelog
our $quilt_mode;
our $quilt_upstream_commitish;
our $quilt_upstream_commitish_used;
our $quilt_upstream_commitish_message;
our $quilt_options_re = 'gbp|dpm|baredebian(?:\+tarball|\+git)?';
our $quilt_modes_re = "linear|smash|try-linear|auto|single|nofix|nocheck|unapplied|$quilt_options_re";
our $splitview_mode;
our $splitview_modes_re = qr{auto|always|never};
our $dodep14tag;
our $dep14tag_reuse;
our $dep14tag_reuse_re = qr{replace|replace-unsuitable|if-exists|must};
our $dep14tag_verify;
our %internal_object_save;
our $we_are_responder;
our $we_are_initiator;
our $initiator_tempdir;
our $patches_applied_dirtily = 00;
our $chase_dsc_distro=1;
our %forceopts = map { $_=>0 }
qw(unrepresentable unsupported-source-format
dsc-changes-mismatch changes-origs-exactly
uploading-binaries uploading-old-version uploading-source-only
reusing-version
push-tainted
import-gitapply-absurd
import-gitapply-no-absurd
import-dsc-with-dgit-field);
our %format_ok = map { $_=>1 } ("1.0","3.0 (native)","3.0 (quilt)");
our $cleanmode_re = qr{(?: dpkg-source (?: -d )? (?: ,no-check | ,all-check )?
| (?: git | git-ff ) (?: ,always )?
| check (?: ,ignores )?
| none
)}x;
our $git_authline_re = '^([^<>]+) \<(\S+)\> (\d+ [-+]\d+)$';
our $splitbraincache = 'dgit-intern/quilt-cache';
our $rewritemap = 'dgit-rewrite/map';
our @dpkg_source_ignores = qw(-i(?:^|/)\.git(?:/|$) -I.git);
our (@dget) = qw(dget);
our (@curl) = (qw(curl --proto-redir), '-all,http,https', qw(-L));
our (@dput) = qw(dput);
our (@debsign) = qw(debsign);
our (@gpg) = qw(gpg);
our (@sbuild) = (qw(sbuild --no-source --no-source-only-changes));
our (@ssh) = 'ssh';
our (@dgit) = qw(dgit);
our (@git_debrebase) = qw(git-debrebase);
our (@aptget) = qw(apt-get);
our (@aptcache) = qw(apt-cache);
our (@dpkgbuildpackage) = (qw(dpkg-buildpackage), @dpkg_source_ignores);
our (@dpkgsource) = (qw(dpkg-source), @dpkg_source_ignores);
our (@dpkggenchanges) = qw(dpkg-genchanges);
our (@dpkggenbuildinfo) = qw(dpkg-genbuildinfo);
our (@dpkgquery) = qw(dpkg-query);
our (@mergechanges) = qw(mergechanges -f);
our (@gbp_build) = ('');
our (@gbp_pq) = ('gbp pq');
our (@changesopts) = ('');
our (@pbuilder) = ("sudo -E pbuilder","--no-source-only-changes");
our (@cowbuilder) = ("sudo -E cowbuilder","--no-source-only-changes");
our (@mgtf) = qw(mini-git-tag-fsck);
# Commands that we run and that the user can override with --PROGRAM=...
# We also honour access-cfg settings.
# If not in `%opts_opt_cmdonly`, also support --PROGRAM:... & --PROGRAM...
# If ->[0] is the empty string, we don't support overriding the command.
our %opts_opt_map = ('dget' => \@dget, # accept for compatibility
'curl' => \@curl,
'dput' => \@dput,
'debsign' => \@debsign,
'gpg' => \@gpg,
'sbuild' => \@sbuild,
'ssh' => \@ssh,
'dgit' => \@dgit,
'git' => \@git,
'git-debrebase' => \@git_debrebase,
'apt-get' => \@aptget,
'apt-cache' => \@aptcache,
'dpkg-source' => \@dpkgsource,
'dpkg-buildpackage' => \@dpkgbuildpackage,
'dpkg-genchanges' => \@dpkggenchanges,
'dpkg-genbuildinfo' => \@dpkggenbuildinfo,
'dpkg-query' => \@dpkgquery,
'gbp-build' => \@gbp_build,
'gbp-pq' => \@gbp_pq,
'ch' => \@changesopts,
'mergechanges' => \@mergechanges,
'pbuilder' => \@pbuilder,
'cowbuilder' => \@cowbuilder,
'mini-git-tag-fsck' => \@mgtf);
our %opts_opt_cmdonly = ('gpg' => 1, 'git' => 1);
our %opts_opt_orig = map { $_, [ @{ $opts_opt_map{$_} } ] } keys %opts_opt_map;
our @cmd_opts_opts;
sub parseopts_late_defaults();
sub quiltify_trees_differ ($$;$$$);
sub setup_gitattrs(;$);
sub check_gitattrs($$);
our $playground;
our $keyid;
autoflush STDOUT 1;
our $rpush_conn;
our $rparent_conn;
our $supplementary_message = '';
our $made_splitbrain_playtree = 0;
our $do_split_brain;
# Interactions between quilt mode and split brain
# (currently, split brain only implemented iff
# madformat_wantfixup && quiltmode_splitting)
#
# source format | sane `3.0 (quilt)'
# | madformat_wantfixup()
# |
# quilt mode | normal quiltmode
# | (eg linear) _splitbrain
# |
# -------------------+-------------------------------------------------
# |
# no split | no q cache no q cache forbidden,
# brain | PM on master q fixup on master prevented
# !do_split_brain() | PM on master
# |
# split brain | no q cache q fixup cached, to dgit view
# | PM in dgit view PM in dgit view
#
# PM = pseudomerge to make ff, due to overwrite (or split view)
# "no q cache" = do not record in cache on build, do not check cache
# `3.0 (quilt)' with --quilt=nocheck is treated as sane format
END {
local ($@, $?);
return unless forkcheck_mainprocess();
print STDERR "! $_\n" foreach $supplementary_message =~ m/^.+$/mg;
}
our $remotename = 'dgit';
our @ourdscfield = qw(Dgit Vcs-Dgit-Master);
our $csuite;
our $instead_distro;
our %control_add;
our %i_param;
if (!defined $absurdity) {
$absurdity = $0;
$absurdity =~ s{/[^/]+$}{/absurd} or die;
}
sub madformat ($) { $_[0] eq '3.0 (quilt)' }
sub lbranch () { return "$branchprefix/$csuite"; }
my $lbranch_re = '^refs/heads/'.$branchprefix.'/([^/.]+)$';
sub lref () { return "refs/heads/".lbranch(); }
sub lrref () { return "refs/remotes/$remotename/".server_branch($csuite); }
sub rrref () { return server_ref($csuite); }
sub srcfn ($$) {
my ($vsn, $sfx) = @_;
return &source_file_leafname($package, $vsn, $sfx);
}
sub is_orig_file_of_vsn ($$) {
my ($f, $upstreamvsn) = @_;
return is_orig_file_of_p_v($f, $package, $upstreamvsn);
}
sub dscfn ($) {
my ($vsn) = @_;
return srcfn($vsn,".dsc");
}
sub changespat ($;$) {
my ($vsn, $arch) = @_;
return "${package}_".(stripepoch $vsn)."_".($arch//'*').".changes";
}
our $us = 'dgit';
initdebug('');
our @end;
END {
local ($?);
return unless forkcheck_mainprocess();
foreach my $f (@end) {
eval { $f->(); };
print STDERR "$us: cleanup: $@" if length $@;
}
};
sub badcfg {
print STDERR f_ "%s: invalid configuration: %s\n", $us, "@_";
finish 12;
}
sub forceable_fail ($$) {
my ($forceoptsl, $msg) = @_;
fail $msg unless grep { $forceopts{$_} } @$forceoptsl;
print STDERR +(__ "warning: overriding problem due to --force:\n"). $msg;
}
sub forceing ($) {
my ($forceoptsl) = @_;
my @got = grep { $forceopts{$_} } @$forceoptsl;
return 0 unless @got;
print STDERR f_
"warning: skipping checks or functionality due to --force-%s\n",
$got[0];
}
sub no_such_package () {
print STDERR f_ "%s: source package %s does not exist in suite %s\n",
$us, $package, $isuite;
finish 4;
}
sub deliberately ($) {
my ($enquiry) = @_;
return !!grep {
$_ eq "--deliberately-$enquiry" or
$_ eq "--deliberately-TEST-dgit-only-$enquiry"
} @deliberatelies;
}
sub deliberately_not_fast_forward () {
foreach (qw(not-fast-forward fresh-repo)) {
return 1 if deliberately($_);
}
}
sub quiltmode_splitting () {
$quilt_mode =~ m/gbp|dpm|unapplied|baredebian/;
}
sub format_quiltmode_splitting ($) {
my ($format) = @_;
return madformat_wantfixup($format) && quiltmode_splitting();
}
sub do_split_brain () { !!($do_split_brain // confess) }
sub opts_opt_multi_cmd {
my $extra = shift;
my @cmd;
push @cmd, split /\s+/, shift @_;
push @cmd, @$extra;
push @cmd, @_;
@cmd;
}
sub gbp_pq {
return opts_opt_multi_cmd [], @gbp_pq;
}
sub gbp_pq_pc_aside (&) {
my ($f) = @_;
my $undo = rename ".pc", "../pc-aside";
confess "$!" unless $undo || $!==ENOENT;
$f->();
if ($undo) {
rename "../pc-aside", ".pc", or confess $!;
}
}
sub dgit_privdir () {
our $dgit_privdir_made //= ensure_a_playground 'dgit';
}
sub bpd_abs () {
my $r = $buildproductsdir;
$r = "$maindir/$r" unless $r =~ m{^/};
return $r;
}
sub get_tree_of_commit ($) {
my ($commitish) = @_;
my $cdata = cmdoutput @git, qw(cat-file commit), $commitish;
$cdata =~ m/\n\n/; $cdata = $`;
$cdata =~ m/^tree (\w+)$/m or confess "cdata $cdata ?";
return $1;
}
sub branch_gdr_info ($$) {
my ($symref, $head) = @_;
my ($status, $msg, $current, $ffq_prev, $gdrlast) =
gdr_ffq_prev_branchinfo($symref);
return () unless $status eq 'branch';
$ffq_prev = git_get_ref $ffq_prev;
$gdrlast = git_get_ref $gdrlast;
$gdrlast &&= is_fast_fwd $gdrlast, $head;
return ($ffq_prev, $gdrlast);
}
sub branch_is_gdr_unstitched_ff ($$$) {
my ($symref, $head, $ancestor) = @_;
my ($ffq_prev, $gdrlast) = branch_gdr_info($symref, $head);
return 0 unless $ffq_prev;
return 0 unless !defined $ancestor or is_fast_fwd $ancestor, $ffq_prev;
return 1;
}
sub branch_is_gdr ($) {
my ($head) = @_;
# This is quite like git-debrebase's keycommits.
# We have our own implementation because:
# - our algorighm can do fewer tests so is faster
# - it saves testing to see if gdr is installed
# NB we use this just for deciding whether to run gdr make-patches
# Before reusing this algorithm for something else, its
# suitability should be reconsidered.
my $walk = $head;
local $Debian::Dgit::debugcmd_when_debuglevel = 3;
printdebug "branch_is_gdr $head...\n";
my $get_patches = sub {
my $t = git_cat_file "$_[0]:debian/patches", [qw(missing tree)];
return $t // '';
};
my $tip_patches = $get_patches->($head);
WALK:
for (;;) {
my $cdata = git_cat_file $walk, 'commit';
my ($hdrs,$msg) = $cdata =~ m{\n\n} ? ($`,$') : ($cdata,'');
if ($msg =~ m{^\[git-debrebase\ (
anchor | changelog | make-patches |
merged-breakwater | pseudomerge
) [: ] }mx) {
# no need to analyse this - it's sufficient
# (gdr classifications: Anchor, MergedBreakwaters)
# (made by gdr: Pseudomerge, Changelog)
printdebug "branch_is_gdr $walk gdr $1 YES\n";
return 1;
}
my @parents = ($hdrs =~ m/^parent (\w+)$/gm);
if (@parents==2) {
my $walk_tree = get_tree_of_commit $walk;
foreach my $p (@parents) {
my $p_tree = get_tree_of_commit $p;
if ($p_tree eq $walk_tree) { # pseudomerge contriburor
# (gdr classification: Pseudomerge; not made by gdr)
printdebug "branch_is_gdr $walk unmarked pseudomerge\n"
if $debuglevel >= 2;
$walk = $p;
next WALK;
}
}
# some other non-gdr merge
# (gdr classification: VanillaMerge, DgitImportUnpatched, ?)
printdebug "branch_is_gdr $walk ?-2-merge NO\n";
return 0;
}
if (@parents>2) {
# (gdr classification: ?)
printdebug "branch_is_gdr $walk ?-octopus NO\n";
return 0;
}
if (!@parents) {
printdebug "branch_is_gdr $walk origin\n";
return 0;
}
if ($get_patches->($walk) ne $tip_patches) {
# Our parent added, removed, or edited patches, and wasn't
# a gdr make-patches commit. gdr make-patches probably
# won't do that well, then.
# (gdr classification of parent: AddPatches or ?)
printdebug "branch_is_gdr $walk ?-patches NO\n";
return 0;
}
if ($tip_patches eq '' and
!defined git_cat_file "$walk~:debian" and
!quiltify_trees_differ "$walk~", $walk
) {
# (gdr classification of parent: BreakwaterStart We cannot
# process this using git-debrebase, because this can misrecognise
# other kinds of branch contents, eg as in #1025451. Not doing
# this via gdr is OK, because the normal quilt linearisation will
# do - doing it via gdr is just an optimisation.
printdebug "branch_is_gdr $walk unmarked BreakwaterStart NO\n";
return 0;
}
# (gdr classification: Upstream Packaging Mixed Changelog)
printdebug "branch_is_gdr $walk plain\n"
if $debuglevel >= 2;
$walk = $parents[0];
}
}
#---------- remote protocol support, common ----------
# remote push initiator/responder protocol:
#
# (We see this from the POV of the responder, which mostly drives
# the protocol. So `>` is "from responder to initiator".)
#
# $ dgit remote-push-source-build-host ... ...
# where is ,... ...
# > dgit-remote-push-source-ready
#
# Or for push-built,
# $ dgit remote-push-build-host ... ...
# > dgit-remote-push-ready
#
# occasionally:
#
# > progress NBYTES
# [NBYTES message]
#
# > supplementary-message NBYTES
# [NBYTES message]
#
# main sequence:
#
# > file parsed-changelog
# [indicates that output of dpkg-parsechangelog follows]
# > data-block NBYTES
# > [NBYTES bytes of data (no newline)]
# [maybe some more blocks]
# > data-end
#
# > file dsc
# [etc]
#
# > file changes
# [etc]
#
# > param head DGIT-VIEW-HEAD
# > param csuite SUITE
# > param tagformat new # $protovsn == 4
# > param splitbrain 0|1 # $protovsn >= 6
# > param maint-view MAINT-VIEW-HEAD
#
# > param buildinfo-filename P_V_X.buildinfo # zero or more times
# > file buildinfo # for buildinfos to sign
#
# > previously REFNAME=OBJNAME # if --deliberately-not-fast-forward
# # goes into tag, for replay prevention
#
# > param dep14tag 0|1 # responder needs initiator to make a DEP-14 tag ?
# # if unsent, use `1`.
# # (older responders don't ever send it)
# # must be honoured in $protovsn >= 7;
# # otherwise, uses dep14tag cfg and param splitbrain
#
# > want signed-tag
# [indicates that signed tag is wanted]
#
# < data-block NBYTES
# < [NBYTES bytes of dgit view tag data (no newline)]
# [maybe some more blocks]
# < data-end
#
# < data-block NBYTES # if we're making
# < [NBYTES bytes of DEP-14 tag data (no newline)] # a new DEP-14 tag
# [maybe some more blocks] #
# < data-end #
#
# < files-end
#
# > want signed-dsc-changes
# < data-block NBYTES [transfer of signed dsc]
# [etc]
# < data-block NBYTES [transfer of signed changes]
# [etc]
# < data-block NBYTES [transfer of each signed buildinfo
# [etc] same number and order as "file buildinfo"]
# ...
# < files-end
#
# > complete
our $i_child_pid;
our @i_child_cmd;
sub i_child_report ($) {
my ($wflags) = @_;
# Sees if our child has died, and reap it if so. Returns a string
# describing how it died if it failed, or undef otherwise.
return undef unless $i_child_pid;
my $got = waitpid $i_child_pid, $wflags;
return undef if $got <= 0;
die unless $got == $i_child_pid;
$i_child_pid = undef;
return undef unless $?;
failedcmd @i_child_cmd;
return f_ "build host child %s", waitstatusmsg();
}
#---------- remote protocol support, responder ----------
sub responder_send_command ($) {
my ($command) = @_;
return unless $we_are_responder;
# called even without $we_are_responder
$rparent_conn->send($command);
}
sub responder_send_file ($$) {
my ($keyword, $ourfn) = @_;
return unless $we_are_responder;
printdebug "]] $keyword $ourfn\n";
responder_send_command "file $keyword";
$rparent_conn->send_file($ourfn);
}
sub responder_receive_files ($@) {
my ($keyword, @ourfns) = @_;
die unless $we_are_responder;
printdebug "[[ $keyword @ourfns\n";
responder_send_command "want $keyword";
foreach my $fn (@ourfns) {
$rparent_conn->receive_file($fn);
}
printdebug "[[\$\n";
$rparent_conn->expect(sub { m/^files-end$/ });
}
#---------- remote protocol support, initiator ----------
sub initiator_expect (&) {
my ($match) = @_;
$rpush_conn->expect($match);
}
#---------- end remote code ----------
sub progress {
if ($we_are_responder) {
my $m = join '', @_;
$rparent_conn->send_counted_message("progress", $m);
} else {
print @_, "\n";
}
}
our $ua;
our ($dscdata,$dscurl,$dsc,$dsc_checked,$skew_warning_vsn);
sub act_local () { return $dryrun_level <= 1; }
sub act_scary () { return !$dryrun_level; }
sub printdone {
if (!$dryrun_level) {
progress f_ "%s ok: %s", $us, "@_";
} else {
progress f_ "would be ok: %s (but dry run only)", "@_";
}
}
sub dryrun_report {
printcmd(\*STDERR,$debugprefix."#",@_);
}
sub runcmd_ordryrun {
if (act_scary()) {
runcmd @_;
} else {
dryrun_report @_;
}
}
sub runcmd_ordryrun_local {
if (act_local()) {
runcmd @_;
} else {
dryrun_report @_;
}
}
our $helpmsg = i_ < sign tag and package with instead of default
--dry-run -n do not change anything, but go through the motions
--damp-run -L like --dry-run but make local changes, without signing
--new -N allow introducing a new package
--debug -D increase debug level
-c= set git config option (used directly by dgit too)
END
our $later_warning_msg = i_ < 'debian',
'dgit.default.default-suite' => 'unstable',
'dgit.default.old-dsc-distro' => 'debian',
'dgit-suite.*-security.distro' => 'debian-security',
'dgit.default.username' => '',
'dgit.default.archive-query-default-component' => 'main',
'dgit.default.ssh' => 'ssh',
'dgit.default.archive-query' => 'madison:',
'dgit.default.sshpsql-dbname' => 'service=projectb',
'dgit.default.aptget-components' => 'main',
'dgit.default.source-only-uploads' => 'ok',
'dgit.default.policy-query-supported-ssh' => 'unknown',
'dgit.dsc-url-proto-ok.http' => 'true',
'dgit.dsc-url-proto-ok.https' => 'true',
'dgit.dsc-url-proto-ok.git' => 'true',
'dgit.vcs-git.suites', => 'sid', # ;-separated
'dgit.default.dsc-url-proto-ok' => 'false',
# When changing to "source", probably after trixie, update:
# - usage summary in the usage message
# - usage summary in dgit(1)
# + (I.e., restore plain 'push' to the summaries.
# We removed it to avoid having anything in the usage
# summary which would generate warnings.)
# - principal documentation in dgit(1)
# - maybe change push-source to push in workflow(7) (grep)
'dgit.default.push-subcmd' => 'warn,built',
'dgit-distro.debian.archive-query' => 'ftpmasterapi:',
'dgit-distro.debian.git-check' => 'url',
'dgit-distro.debian.git-check-suffix' => '/info/refs',
'dgit-distro.debian.new-private-pushers' => 't',
'dgit-distro.debian.source-only-uploads' => 'not-wholly-new',
'dgit-distro.debian.policy-query-supported-ssh' => 'true',
'dgit-distro.debian/push.git-url' => '',
'dgit-distro.debian/push.git-host' => 'push.dgit.debian.org',
'dgit-distro.debian/push.git-user-force' => 'dgit',
'dgit-distro.debian/push.git-proto' => 'git+ssh://',
'dgit-distro.debian/push.git-path' => '/dgit/debian/repos',
'dgit-distro.debian/push.git-create' => 'true',
'dgit-distro.debian/push.git-check' => 'ssh-cmd',
'dgit-distro.debian.archive-query-url', 'https://api.ftp-master.debian.org/',
# 'dgit-distro.debian.archive-query-tls-key',
# '/etc/ssl/certs/%HOST%.pem:/etc/dgit/%HOST%.pem',
# ^ this does not work because curl is broken nowadays
# Fixing #790093 properly will involve providing providing the key
# in some pacagke and maybe updating these paths.
#
# 'dgit-distro.debian.archive-query-tls-curl-args',
# '--ca-path=/etc/ssl/ca-debian',
# ^ this is a workaround but works (only) on DSA-administered machines
'dgit-distro.debian.git-url' => 'https://git.dgit.debian.org',
'dgit-distro.debian.git-url-suffix' => '',
'dgit-distro.debian.upload-host' => 'ftp-master', # for dput
'dgit-distro.debian.mirror' => 'http://ftp.debian.org/debian/',
'dgit-distro.debian-security.archive-query' => 'aptget:',
'dgit-distro.debian-security.mirror' => 'http://security.debian.org/debian-security/',
'dgit-distro.debian-security.aptget-suite-map' => 's#buster-security$#buster/updates#',
'dgit-distro.debian-security.aptget-suite-rmap' => 's#buster$#buster-security#',
'dgit-distro.debian-security.nominal-distro' => 'debian',
'dgit-distro.debian.backports-quirk' => '(squeeze)-backports*',
'dgit-distro.debian-backports.mirror' => 'http://backports.debian.org/debian-backports/',
'dgit-distro.ubuntu.git-check' => 'false',
'dgit-distro.ubuntu.mirror' => 'http://archive.ubuntu.com/ubuntu',
'dgit-distro.ubuntucloud.git-check' => 'false',
'dgit-distro.ubuntucloud.nominal-distro' => 'ubuntu',
'dgit-distro.ubuntucloud.archive-query' => 'aptget:',
'dgit-distro.ubuntucloud.mirror' => 'http://ubuntu-cloud.archive.canonical.com/ubuntu',
'dgit-distro.ubuntucloud.aptget-suite-map' => 's#^([^-]+):([^:]+)$#${1}-updates/$2#; s#^(.+)-(.+):(.+)#$1-$2/$3#;',
'dgit-distro.ubuntucloud.aptget-suite-rmap' => 's#/(.+)$#-$1#',
'dgit-distro.test-dummy.ssh' => "$td/ssh",
'dgit-distro.test-dummy.username' => "alice",
'dgit-distro.test-dummy.git-check' => "ssh-cmd",
'dgit-distro.test-dummy.git-create' => "ssh-cmd",
'dgit-distro.test-dummy.git-url' => "$td/git",
'dgit-distro.test-dummy.git-host' => "git",
'dgit-distro.test-dummy.git-path' => "$td/git",
'dgit-distro.test-dummy.archive-query' => "dummycatapi:",
'dgit-distro.test-dummy.archive-query-url' => "file://$td/aq/",
'dgit-distro.test-dummy.mirror' => "file://$td/mirror/",
'dgit-distro.test-dummy.upload-host' => 'test-dummy',
);
our %gitcfgs;
our @gitcfgsources = qw(cmdline local global system);
our $invoked_in_git_tree = 1;
sub git_slurp_config () {
# This algorithm is a bit subtle, but this is needed so that for
# options which we want to be single-valued, we allow the
# different config sources to override properly. See #835858.
foreach my $src (@gitcfgsources) {
next if $src eq 'cmdline';
# we do this ourselves since git doesn't handle it
$gitcfgs{$src} = git_slurp_config_src $src;
}
}
sub git_get_config ($) {
my ($c) = @_;
foreach my $src (@gitcfgsources) {
my $l = $gitcfgs{$src}{$c};
confess "internal error ($l $c)" if $l && !ref $l;
printdebug"C $c ".(defined $l ?
join " ", map { messagequote "'$_'" } @$l :
"undef")."\n"
if $debuglevel >= 4;
$l or next;
@$l==1 or badcfg
f_ "multiple values for %s (in %s git config)", $c, $src
if @$l > 1;
$l->[0] =~ m/\n/ and badcfg f_
"value for config option %s (in %s git config) contains newline(s)!",
$c, $src;
return $l->[0];
}
return undef;
}
sub cfg {
foreach my $c (@_) {
return undef if $c =~ /RETURN-UNDEF/;
printdebug "C? $c\n" if $debuglevel >= 5;
my $v = git_get_config($c);
return $v if defined $v;
my $dv = $defcfg{$c};
if (defined $dv) {
printdebug "CD $c $dv\n" if $debuglevel >= 4;
return $dv;
}
}
badcfg f_
"need value for one of: %s\n".
"%s: distro or suite appears not to be (properly) supported",
"@_", $us;
}
sub not_necessarily_a_tree () {
# needs to be called from pre_*
@gitcfgsources = grep { $_ ne 'local' } @gitcfgsources;
$invoked_in_git_tree = 0;
}
sub access_basedistro__noalias () {
if (defined $idistro) {
return $idistro;
} else {
my $def = cfg("dgit-suite.$isuite.distro", 'RETURN-UNDEF');
return $def if defined $def;
foreach my $src (@gitcfgsources, 'internal') {
my $kl = $src eq 'internal' ? \%defcfg : $gitcfgs{$src};
next unless $kl;
foreach my $k (keys %$kl) {
next unless $k =~ m#^dgit-suite\.(.*)\.distro$#;
my $dpat = $1;
next unless match_glob $dpat, $isuite;
return $kl->{$k};
}
}
foreach my $csvf () {
my $csv_distro =
$csvf =~ m{/(\w+)\.csv$} ? $1 : do {
printdebug "skipping $csvf\n";
next;
};
my $csv = Text::CSV->new({ binary => 1, auto_diag => 2 }) or die;
my $fh = new IO::File $csvf, "<:encoding(utf8)"
or die "open $csvf: $!";
while (my $cols = $csv->getline($fh)) {
next unless $cols->[2] eq $isuite;
return $csv_distro;
}
die "$csvf $!" if $fh->error;
close $fh;
}
return cfg("dgit.default.distro");
}
}
sub access_basedistro () {
my $noalias = access_basedistro__noalias();
my $canon = cfg("dgit-distro.$noalias.alias-canon",'RETURN-UNDEF');
return $canon // $noalias;
}
sub access_nomdistro () {
my $base = access_basedistro();
my $r = cfg("dgit-distro.$base.nominal-distro",'RETURN-UNDEF') // $base;
$r =~ m/^$distro_re$/ or badcfg
f_ "bad syntax for (nominal) distro \`%s' (does not match %s)",
$r, "/^$distro_re$/";
return $r;
}
sub access_quirk () {
# returns (quirk name, distro to use instead or undef, quirk-specific info)
my $basedistro = access_basedistro();
my $backports_quirk = cfg("dgit-distro.$basedistro.backports-quirk",
'RETURN-UNDEF');
if (defined $backports_quirk) {
my $re = $backports_quirk;
$re =~ s/[^-0-9a-z_\%*()]/\\$&/ig;
$re =~ s/\*/.*/g;
$re =~ s/\%/([-0-9a-z_]+)/
or $re =~ m/[()]/ or badcfg __ "backports-quirk needs \% or ( )";
if ($isuite =~ m/^$re$/) {
return ('backports',"$basedistro-backports",$1);
}
}
return ('none',undef);
}
our $access_forpush;
sub parse_cfg_bool ($$$) {
my ($what,$def,$v) = @_;
$v //= $def;
return
$v =~ m/^[ty1]/ ? 1 :
$v =~ m/^[fn0]/ ? 0 :
badcfg f_ "%s needs t (true, y, 1) or f (false, n, 0) not \`%s'",
$what, $v;
}
sub access_forpush_config () {
my $d = access_basedistro();
return 1 if
$new_package &&
parse_cfg_bool('new-private-pushers', 0,
cfg("dgit-distro.$d.new-private-pushers",
'RETURN-UNDEF'));
my $v = cfg("dgit-distro.$d.readonly", 'RETURN-UNDEF');
$v //= 'a';
return
$v =~ m/^[ty1]/ ? 0 : # force readonly, forpush = 0
$v =~ m/^[fn0]/ ? 1 : # force nonreadonly, forpush = 1
$v =~ m/^[a]/ ? '' : # auto, forpush = ''
badcfg __
"readonly needs t (true, y, 1) or f (false, n, 0) or a (auto)";
}
sub access_forpush () {
$access_forpush //= access_forpush_config();
return $access_forpush;
}
sub default_from_access_cfg ($$$;$) {
my ($var, $keybase, $defval, $permit_re) = @_;
return if defined $$var;
$$var = access_cfg("$keybase-newer", 'RETURN-UNDEF');
$$var = undef if $$var && $$var !~ m/^$permit_re$/;
$$var //= access_cfg($keybase, 'RETURN-UNDEF');
$$var //= $defval;
badcfg f_ "unknown %s \`%s'", $keybase, $$var
if defined $permit_re and $$var !~ m/$permit_re/;
}
sub pushing () {
confess +(__ 'internal error').' '.Dumper($access_forpush)," ?" if
defined $access_forpush and !$access_forpush;
badcfg __ "pushing but distro is configured readonly"
if access_forpush_config() eq '0';
$access_forpush = 1;
$supplementary_message = __ <<'END' unless $we_are_responder;
Push failed, before we got started.
You can retry the push, after fixing the problem, if you like.
END
parseopts_late_defaults();
}
sub notpushing () {
parseopts_late_defaults();
}
sub determine_whether_split_brain ($) {
my ($format) = @_;
{
local $access_forpush;
default_from_access_cfg(\$splitview_mode, 'split-view', 'auto',
$splitview_modes_re);
$do_split_brain = 1 if $splitview_mode eq 'always';
}
printdebug "format $format, quilt mode $quilt_mode\n";
if (format_quiltmode_splitting $format) {
$splitview_mode ne 'never' or
fail f_ "dgit: quilt mode \`%s' (for format \`%s')".
" implies split view, but split-view set to \`%s'",
$quilt_mode, $format, $splitview_mode;
$do_split_brain = 1;
}
$do_split_brain //= 0;
}
sub supplementary_message ($) {
my ($msg) = @_;
if (!$we_are_responder) {
$supplementary_message = $msg;
return;
} else {
$rparent_conn->send_counted_message("supplementary-message", $msg);
}
}
sub access_distros () {
# Returns list of distros to try, in order
#
# We want to try:
# 0. `instead of' distro name(s) we have been pointed to
# 1. the access_quirk distro, if any
# 2a. the user's specified distro, or failing that } basedistro
# 2b. the distro calculated from the suite }
my @l = access_basedistro();
my (undef,$quirkdistro) = access_quirk();
unshift @l, $quirkdistro;
unshift @l, $instead_distro;
@l = grep { defined } @l;
push @l, access_nomdistro();
if (access_forpush()) {
@l = map { ("$_/push", $_) } @l;
}
@l;
}
sub access_cfg_cfgs (@) {
my (@keys) = @_;
my @cfgs;
# The nesting of these loops determines the search order. We put
# the key loop on the outside so that we search all the distros
# for each key, before going on to the next key. That means that
# if access_cfg is called with a more specific, and then a less
# specific, key, an earlier distro can override the less specific
# without necessarily overriding any more specific keys. (If the
# distro wants to override the more specific keys it can simply do
# so; whereas if we did the loop the other way around, it would be
# impossible to for an earlier distro to override a less specific
# key but not the more specific ones without restating the unknown
# values of the more specific keys.
my @realkeys;
my @rundef;
# We have to deal with RETURN-UNDEF specially, so that we don't
# terminate the search prematurely.
foreach (@keys) {
if (m/RETURN-UNDEF/) { push @rundef, $_; last; }
push @realkeys, $_
}
foreach my $d (access_distros()) {
push @cfgs, map { "dgit-distro.$d.$_" } @realkeys;
}
push @cfgs, map { "dgit.default.$_" } @realkeys;
push @cfgs, @rundef;
return @cfgs;
}
sub access_cfg (@) {
my (@keys) = @_;
my (@cfgs) = access_cfg_cfgs(@keys);
my $value = cfg(@cfgs);
return $value;
}
sub access_cfg_bool ($$) {
my ($def, @keys) = @_;
parse_cfg_bool($keys[0], $def, access_cfg(@keys, 'RETURN-UNDEF'));
}
sub string_to_ssh ($) {
my ($spec) = @_;
if ($spec =~ m/\s/) {
return qw(sh -ec), 'exec '.$spec.' "$@"', 'x';
} else {
return ($spec);
}
}
sub access_cfg_ssh () {
my $gitssh = access_cfg('ssh', 'RETURN-UNDEF');
if (!defined $gitssh) {
return @ssh;
} else {
return string_to_ssh $gitssh;
}
}
sub access_runeinfo ($) {
my ($info) = @_;
return ": dgit ".access_basedistro()." $info ;";
}
sub access_someuserhost ($) {
my ($some) = @_;
my $user = access_cfg("$some-user-force", 'RETURN-UNDEF');
defined($user) && length($user) or
$user = access_cfg("$some-user",'username');
my $host = access_cfg("$some-host");
return length($user) ? "$user\@$host" : $host;
}
sub access_gituserhost () {
return access_someuserhost('git');
}
sub access_giturl (;$) {
my ($optional) = @_;
my $url = access_cfg('git-url','RETURN-UNDEF');
my $suffix;
if (!length $url) {
my $proto = access_cfg('git-proto', 'RETURN-UNDEF');
return undef unless defined $proto;
$url =
$proto.
access_gituserhost().
access_cfg('git-path');
} else {
$suffix = access_cfg('git-url-suffix','RETURN-UNDEF');
}
$suffix //= '.git';
return "$url/$package$suffix";
}
sub commit_getclogp ($) {
# Returns the parsed changelog hashref for a particular commit
my ($objid) = @_;
our %commit_getclogp_memo;
my $memo = $commit_getclogp_memo{$objid};
return $memo if $memo;
my $mclog = dgit_privdir()."clog";
runcmd shell_cmd "exec >$mclog", @git, qw(cat-file blob),
"$objid:debian/changelog";
$commit_getclogp_memo{$objid} = parsechangelog("-l$mclog");
}
sub parse_dscdata () {
my $dscfh = new IO::File \$dscdata, '<' or confess "$!";
printdebug Dumper($dscdata) if $debuglevel>1;
$dsc = parsecontrolfh($dscfh,$dscurl,1);
printdebug Dumper($dsc) if $debuglevel>1;
}
our %rmad;
sub archive_query ($;@) {
my ($method) = shift @_;
fail __ "this operation does not support multiple comma-separated suites"
if $isuite =~ m/,/;
my $query = access_cfg('archive-query','RETURN-UNDEF');
$query =~ s/^(\w+):// or badcfg "invalid archive-query method \`$query'";
my $proto = $1;
my $data = $'; #';
{ no strict qw(refs); &{"${method}_${proto}"}($proto,$data,@_); }
}
sub archive_query_prepend_mirror {
my $m = access_cfg('mirror');
return map { [ $_->[0], $m.$_->[1], @$_[2..$#$_] ] } @_;
}
sub pool_dsc_subpath ($$) {
my ($vsn,$component) = @_; # $package is implicit arg
my $prefix = substr($package, 0, $package =~ m/^l/ ? 4 : 1);
return "/pool/$component/$prefix/$package/".dscfn($vsn);
}
sub cfg_apply_map ($$$) {
my ($varref, $what, $mapspec) = @_;
return unless $mapspec;
printdebug "config $what EVAL{ $mapspec; }\n";
$_ = $$varref;
eval "package Dgit::Config; $mapspec;";
die $@ if $@;
$$varref = $_;
}
sub url_fetch ($;@) {
my ($url, %xopts) = @_;
# Ok404 => 1 means give undef for 404
# AccessBase => 'archive-query' (eg)
# CurlOpts => { key => value }
my $curl = WWW::Curl::Easy->new;
my $setopt = sub {
my ($k,$v) = @_;
my $x = $curl->setopt($k, $v);
confess "$k $v ".$curl->strerror($x)." ?" if $x;
};
my $response_body = '';
$setopt->(CURLOPT_FOLLOWLOCATION, 1);
$setopt->(CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTPS|CURLPROTO_HTTP);
$setopt->(CURLOPT_URL, $url);
$setopt->(CURLOPT_NOSIGNAL, 1);
$setopt->(CURLOPT_WRITEDATA, \$response_body);
my $xcurlopts = $xopts{CurlOpts} // { };
keys %$xcurlopts;
while (my ($k,$v) = each %$xcurlopts) { $setopt->($k,$v); }
if ($xopts{AccessBase} && $url =~ m#^https://([-.0-9a-z]+)/#) {
foreach my $k ("$xopts{AccessBase}-tls-key",
"$xopts{AccessBase}-tls-curl-ca-args") {
fail "config option $k is obsolete and no longer supported"
if defined access_cfg($k, 'RETURN-UNDEF');
}
}
printdebug "query: fetching $url...\n";
local $SIG{PIPE} = 'IGNORE';
my $x = $curl->perform();
fail f_ "fetch of %s failed (%s): %s",
$url, $curl->strerror($x), $curl->errbuf
if $x;
my $code = $curl->getinfo(CURLINFO_HTTP_CODE);
if ($code eq '404' && $xopts{Ok404}) { return undef; }
fail f_ "fetch of %s gave HTTP code %s", $url, $code
unless $url =~ m#^file://# or $code =~ m/^2/;
confess unless defined $response_body;
return $response_body;
}
#---------- `ftpmasterapi' archive query method (nascent) ----------
sub api_query_raw ($;$) {
my ($subpath, $ok404) = @_;
my $url = access_cfg('archive-query-url');
$url .= $subpath;
return url_fetch $url,
Ok404 => $ok404,
AccessBase => 'archive-query';
}
sub api_query ($$;$) {
my ($data, $subpath, $ok404) = @_;
use JSON;
badcfg __ "ftpmasterapi archive query method takes no data part"
if length $data;
my $json = api_query_raw $subpath, $ok404;
return undef unless defined $json;
return decode_json($json);
}
sub canonicalise_suite_ftpmasterapi {
my ($proto,$data) = @_;
my $suites = api_query($data, 'suites');
my @matched;
foreach my $entry (@$suites) {
next unless grep {
my $v = $entry->{$_};
defined $v && $v eq $isuite;
} qw(codename name);
push @matched, $entry;
}
fail f_ "unknown suite %s, maybe -d would help", $isuite
unless @matched;
my $cn;
eval {
@matched==1 or die f_ "multiple matches for suite %s\n", $isuite;
$cn = "$matched[0]{codename}";
defined $cn or die f_ "suite %s info has no codename\n", $isuite;
$cn =~ m/^$suite_re$/
or die f_ "suite %s maps to bad codename\n", $isuite;
};
die +(__ "bad ftpmaster api response: ")."$@\n".Dumper(\@matched)
if length $@;
return $cn;
}
sub archive_query_ftpmasterapi {
my ($proto,$data) = @_;
my $info = api_query($data, "dsc_in_suite/$isuite/$package");
my @rows;
my $digester = Digest::SHA->new(256);
foreach my $entry (@$info) {
eval {
my $vsn = "$entry->{version}";
my ($ok,$msg) = version_check $vsn;
die f_ "bad version: %s\n", $msg unless $ok;
my $component = "$entry->{component}";
$component =~ m/^$component_re$/ or die __ "bad component";
my $filename = "$entry->{filename}";
$filename && $filename !~ m#[^-+:._~0-9a-zA-Z/]|^[/.]|/[/.]#
or die __ "bad filename";
my $sha256sum = "$entry->{sha256sum}";
$sha256sum =~ m/^[0-9a-f]+$/ or die __ "bad sha256sum";
push @rows, [ $vsn, "/pool/$component/$filename",
$digester, $sha256sum ];
};
die +(__ "bad ftpmaster api response: ")."$@\n".Dumper($entry)
if length $@;
}
@rows = sort { -version_compare($a->[0],$b->[0]) } @rows;
return archive_query_prepend_mirror @rows;
}
sub file_in_archive_ftpmasterapi {
my ($proto,$data,$filename) = @_;
my $pat = $filename;
$pat =~ s/_/\\_/g;
$pat = "%/$pat";
$pat =~ s#[^-+_.0-9a-z/]# sprintf '%%%02x', ord $& #ge;
my $info = api_query($data, "file_in_archive/$pat", 1);
}
sub package_not_wholly_new_ftpmasterapi {
my ($proto,$data,$pkg) = @_;
my $info = api_query($data,"madison?package=${pkg}&f=json");
return !!@$info;
}
#---------- `aptget' archive query method ----------
our $aptget_base;
our $aptget_releasefile;
our $aptget_configpath;
sub aptget_aptget () { return @aptget, qw(-c), $aptget_configpath; }
sub aptget_aptcache () { return @aptcache, qw(-c), $aptget_configpath; }
sub aptget_cache_clean {
runcmd_ordryrun_local qw(sh -ec),
'cd "$1"; find -atime +30 -type f -print0 | xargs -0r rm --',
'x', $aptget_base;
}
sub aptget_lock_acquire () {
my $lockfile = "$aptget_base/lock";
open APTGET_LOCK, '>', $lockfile or confess "open $lockfile: $!";
flock APTGET_LOCK, LOCK_EX or confess "lock $lockfile: $!";
}
sub aptget_prep ($) {
my ($data) = @_;
return if defined $aptget_base;
badcfg __ "aptget archive query method takes no data part"
if length $data;
my $cache = $ENV{XDG_CACHE_DIR} // "$ENV{HOME}/.cache";
ensuredir $cache;
ensuredir "$cache/dgit";
my $cachekey =
access_cfg('aptget-cachekey','RETURN-UNDEF')
// access_nomdistro();
$aptget_base = "$cache/dgit/aptget";
ensuredir $aptget_base;
my $quoted_base = $aptget_base;
confess "$quoted_base contains bad chars, cannot continue"
if $quoted_base =~ m/["\\]/; # apt.conf(5) says no escaping :-/
ensuredir $aptget_base;
aptget_lock_acquire();
aptget_cache_clean();
$aptget_configpath = "$aptget_base/apt.conf#$cachekey";
my $sourceslist = "source.list#$cachekey";
my $aptsuites = $isuite;
cfg_apply_map(\$aptsuites, 'suite map',
access_cfg('aptget-suite-map', 'RETURN-UNDEF'));
open SRCS, ">", "$aptget_base/$sourceslist" or confess "$!";
printf SRCS "deb-src %s %s %s\n",
access_cfg('mirror'),
$aptsuites,
access_cfg('aptget-components')
or confess "$!";
ensuredir "$aptget_base/cache";
ensuredir "$aptget_base/lists";
open CONF, ">", $aptget_configpath or confess "$!";
print CONF <) {
next unless stat_exists $oldlist;
my ($mtime) = (stat _)[9];
utime $oldatime, $mtime, $oldlist or die "$oldlist $!";
}
runcmd_ordryrun_local aptget_aptget(), qw(update);
my @releasefiles;
foreach my $oldlist (<$aptget_base/lists/*Release>) {
next unless stat_exists $oldlist;
my ($atime) = (stat _)[8];
next if $atime == $oldatime;
push @releasefiles, $oldlist;
}
my @inreleasefiles = grep { m#/InRelease$# } @releasefiles;
@releasefiles = @inreleasefiles if @inreleasefiles;
if (!@releasefiles) {
fail f_ <{$name};
if (defined $val) {
printdebug "release file $name: $val\n";
cfg_apply_map(\$val, 'suite rmap',
access_cfg('aptget-suite-rmap', 'RETURN-UNDEF'));
$val =~ m/^$suite_re$/o or fail f_
"Release file (%s) specifies intolerable %s",
$aptget_releasefile, $name;
return $val
}
}
return $isuite;
}
sub archive_query_aptget {
my ($proto,$data) = @_;
aptget_prep($data);
ensuredir "$aptget_base/source";
foreach my $old (<$aptget_base/source/*.dsc>) {
unlink $old or die "$old: $!";
}
my $showsrc = cmdoutput aptget_aptcache(), qw(showsrc), $package;
return () unless $showsrc =~ m/^package:\s*\Q$package\E\s*$/mi;
# avoids apt-get source failing with ambiguous error code
runcmd_ordryrun_local
shell_cmd 'cd "$1"/source; shift', $aptget_base,
aptget_aptget(), qw(--download-only --only-source source), $package;
my @dscs = <$aptget_base/source/*.dsc>;
fail __ "apt-get source did not produce a .dsc" unless @dscs;
fail f_ "apt-get source produced several .dscs (%s)", "@dscs"
unless @dscs==1;
my $pre_dsc = parsecontrol $dscs[0], $dscs[0], 1;
use URI::Escape;
my $uri = "file://". uri_escape $dscs[0];
$uri =~ s{\%2f}{/}gi;
return [ (getfield $pre_dsc, 'Version'), $uri ];
}
sub file_in_archive_aptget () { return undef; }
sub package_not_wholly_new_aptget () { return undef; }
#---------- `dummyapicat' archive query method ----------
# (untranslated, because this is for testing purposes etc.)
sub archive_query_dummycatapi { archive_query_ftpmasterapi @_; }
sub canonicalise_suite_dummycatapi { canonicalise_suite_ftpmasterapi @_; }
sub dummycatapi_run_in_mirror ($@) {
# runs $fn with FIA open onto rune
my ($rune, $argl, $fn) = @_;
my $mirror = access_cfg('mirror');
$mirror =~ s#^file://#/# or die "$mirror ?";
my @cmd = (qw(sh -ec), 'cd "$1"; shift'."\n".$rune,
qw(x), $mirror, @$argl);
debugcmd "-|", @cmd;
open FIA, "-|", @cmd or confess "$!";
my $r = $fn->();
close FIA or ($!==0 && $?==141) or die failedcmd @cmd;
return $r;
}
sub file_in_archive_dummycatapi ($$$) {
my ($proto,$data,$filename) = @_;
my @out;
dummycatapi_run_in_mirror '
find -name "$1" -print0 |
xargs -0r sha256sum
', [$filename], sub {
while () {
chomp or die;
printdebug "| $_\n";
m/^(\w+) (\S+)$/ or die "$_ ?";
push @out, { sha256sum => $1, filename => $2 };
}
};
return \@out;
}
sub package_not_wholly_new_dummycatapi {
my ($proto,$data,$pkg) = @_;
dummycatapi_run_in_mirror "
find -name ${pkg}_*.dsc
", [], sub {
local $/ = undef;
!!;
};
}
#---------- `madison' archive query method ----------
sub archive_query_madison {
return archive_query_prepend_mirror
map { [ @$_[0..1] ] } madison_get_parse(@_);
}
sub madison_get_parse {
my ($proto,$data) = @_;
die unless $proto eq 'madison';
if (!length $data) {
$data= access_cfg('madison-distro','RETURN-UNDEF');
$data //= access_basedistro();
}
$rmad{$proto,$data,$package} ||= cmdoutput
qw(rmadison -asource),"-s$isuite","-u$data",$package;
my $rmad = $rmad{$proto,$data,$package};
my @out;
foreach my $l (split /\n/, $rmad) {
$l =~ m{^ \s*( [^ \t|]+ )\s* \|
\s*( [^ \t|]+ )\s* \|
\s*( [^ \t|/]+ )(?:/([^ \t|/]+))? \s* \|
\s*( [^ \t|]+ )\s* }x or die "$rmad ?";
$1 eq $package or die "$rmad $package ?";
my $vsn = $2;
my $newsuite = $3;
my $component;
if (defined $4) {
$component = $4;
} else {
$component = access_cfg('archive-query-default-component');
}
$5 eq 'source' or die "$rmad ?";
push @out, [$vsn,pool_dsc_subpath($vsn,$component),$newsuite];
}
return sort { -version_compare($a->[0],$b->[0]); } @out;
}
sub canonicalise_suite_madison {
# madison canonicalises for us
my @r = madison_get_parse(@_);
@r or fail f_
"unable to canonicalise suite using package %s".
" which does not appear to exist in suite %s;".
" --existing-package may help",
$package, $isuite;
return $r[0][2];
}
sub file_in_archive_madison { return undef; }
sub package_not_wholly_new_madison { return undef; }
#---------- `sshpsql' archive query method ----------
# (untranslated, because this is obsolete)
sub sshpsql ($$$) {
my ($data,$runeinfo,$sql) = @_;
if (!length $data) {
$data= access_someuserhost('sshpsql').':'.
access_cfg('sshpsql-dbname');
}
$data =~ m/:/ or badcfg "invalid sshpsql method string \`$data'";
my ($userhost,$dbname) = ($`,$'); #';
my @rows;
my @cmd = (access_cfg_ssh, $userhost,
access_runeinfo("ssh-psql $runeinfo").
" export LC_MESSAGES=C; export LC_CTYPE=C;".
" ".shellquote qw(psql -A), $dbname, qw(-c), $sql);
debugcmd "|",@cmd;
open P, "-|", @cmd or confess "$!";
while () {
chomp or die;
printdebug(">|$_|\n");
push @rows, $_;
}
$!=0; $?=0; close P or failedcmd @cmd;
@rows or die;
my $nrows = pop @rows;
$nrows =~ s/^\((\d+) rows?\)$/$1/ or die "$nrows ?";
@rows == $nrows+1 or die "$nrows ".(scalar @rows)." ?";
@rows = map { [ split /\|/, $_ ] } @rows;
my $ncols = scalar @{ shift @rows };
die if grep { scalar @$_ != $ncols } @rows;
return @rows;
}
sub sql_injection_check {
foreach (@_) { die "$_ $& ?" if m{[^-+=:_.,/0-9a-zA-Z]}; }
}
sub archive_query_sshpsql ($$) {
my ($proto,$data) = @_;
sql_injection_check $isuite, $package;
my @rows = sshpsql($data, "archive-query $isuite $package", <[0],$b->[0]) } @rows;
my $digester = Digest::SHA->new(256);
@rows = map {
my ($vsn,$component,$filename,$sha256sum) = @$_;
[ $vsn, "/pool/$component/$filename",$digester,$sha256sum ];
} @rows;
return archive_query_prepend_mirror @rows;
}
sub canonicalise_suite_sshpsql ($$) {
my ($proto,$data) = @_;
sql_injection_check $isuite;
my @rows = sshpsql($data, "canonicalise-suite $isuite", <[0] } @rows;
fail "unknown suite $isuite" unless @rows;
die "ambiguous $isuite: @rows ?" if @rows>1;
return $rows[0];
}
sub file_in_archive_sshpsql ($$$) { return undef; }
sub package_not_wholly_new_sshpsql ($$$) { return undef; }
#---------- `dummycat' archive query method ----------
# (untranslated, because this is for testing purposes etc.)
sub canonicalise_suite_dummycat ($$) {
my ($proto,$data) = @_;
my $dpath = "$data/suite.$isuite";
if (!open C, "<", $dpath) {
$!==ENOENT or die "$dpath: $!";
printdebug "dummycat canonicalise_suite $isuite $dpath ENOENT\n";
return $isuite;
}
$!=0; $_ = ;
chomp or die "$dpath: $!";
close C;
printdebug "dummycat canonicalise_suite $isuite $dpath = $_\n";
return $_;
}
sub archive_query_dummycat ($$) {
my ($proto,$data) = @_;
canonicalise_suite();
my $dpath = "$data/package.$csuite.$package";
if (!open C, "<", $dpath) {
$!==ENOENT or die "$dpath: $!";
printdebug "dummycat query $csuite $package $dpath ENOENT\n";
return ();
}
my @rows;
while () {
next if m/^\#/;
next unless m/\S/;
die unless chomp;
printdebug "dummycat query $csuite $package $dpath | $_\n";
my @row = split /\s+/, $_;
@row==2 or die "$dpath: $_ ?";
push @rows, \@row;
}
C->error and die "$dpath: $!";
close C;
return archive_query_prepend_mirror
sort { -version_compare($a->[0],$b->[0]); } @rows;
}
sub file_in_archive_dummycat () { return undef; }
sub package_not_wholly_new_dummycat () { return undef; }
#---------- archive query entrypoints and rest of program ----------
sub canonicalise_suite () {
return if defined $csuite;
fail f_ "cannot operate on %s suite", $isuite if $isuite eq 'UNRELEASED';
$csuite = archive_query('canonicalise_suite');
if ($isuite ne $csuite) {
progress f_ "canonical suite name for %s is %s", $isuite, $csuite;
} else {
progress f_ "canonical suite name is %s", $csuite;
}
}
sub get_archive_dsc () {
canonicalise_suite();
my @vsns = archive_query('archive_query');
foreach my $vinfo (@vsns) {
my ($vsn,$vsn_dscurl,$digester,$digest) = @$vinfo;
$dscurl = $vsn_dscurl;
$dscdata = url_fetch($dscurl, Ok404 => 1 );
if (!$dscdata) {
$skew_warning_vsn = $vsn if !defined $skew_warning_vsn;
next;
}
if ($digester) {
$digester->reset();
$digester->add($dscdata);
my $got = $digester->hexdigest();
$got eq $digest or
fail f_ "%s has hash %s but archive told us to expect %s",
$dscurl, $got, $digest;
}
parse_dscdata();
my $fmt = getfield $dsc, 'Format';
$format_ok{$fmt} or forceable_fail [qw(unsupported-source-format)],
f_ "unsupported source format %s, sorry", $fmt;
$dsc_checked = !!$digester;
printdebug "get_archive_dsc: Version ".(getfield $dsc, 'Version')."\n";
return;
}
$dsc = undef;
printdebug "get_archive_dsc: nothing in archive, returning undef\n";
}
sub check_for_git ();
sub check_for_git () {
# returns 0 or 1
my $how = access_cfg('git-check');
if ($how eq 'ssh-cmd') {
my @cmd =
(access_cfg_ssh, access_gituserhost(),
access_runeinfo("git-check $package").
" set -e; cd ".access_cfg('git-path').";".
" if test -d $package.git; then echo 1; else echo 0; fi");
my $r= cmdoutput @cmd;
if (defined $r and $r =~ m/^divert (\w+)$/) {
my $divert=$1;
my ($usedistro,) = access_distros();
# NB that if we are pushing, $usedistro will be $distro/push
$instead_distro= cfg("dgit-distro.$usedistro.diverts.$divert");
$instead_distro =~ s{^/}{ access_basedistro()."/" }e;
progress f_ "diverting to %s (using config for %s)",
$divert, $instead_distro;
return check_for_git();
}
failedcmd @cmd unless defined $r and $r =~ m/^[01]$/;
return $r+0;
} elsif ($how eq 'url') {
my $prefix = access_cfg('git-check-url','git-url');
my $suffix = access_cfg('git-check-suffix','git-suffix',
'RETURN-UNDEF') // '.git';
my $url = "$prefix/$package$suffix";
my $result = url_fetch $url,
CurlOpts => { CURLOPT_NOBODY() => 1 },
Ok404 => 1,
AccessBase => 'git-check';
$result = defined $result;
printdebug "dgit-repos check_for_git => $result.\n";
return $result;
} elsif ($how eq 'true') {
return 1;
} elsif ($how eq 'false') {
return 0;
} else {
badcfg f_ "unknown git-check \`%s'", $how;
}
}
sub create_remote_git_repo () {
my $how = access_cfg('git-create');
if ($how eq 'ssh-cmd') {
runcmd_ordryrun
(access_cfg_ssh, access_gituserhost(),
access_runeinfo("git-create $package").
"set -e; cd ".access_cfg('git-path').";".
" cp -a _template $package.git");
} elsif ($how eq 'true') {
# nothing to do
} else {
badcfg f_ "unknown git-create \`%s'", $how;
}
}
our ($dsc_hash,$lastpush_mergeinput);
our ($dsc_distro, $dsc_hint_tag, $dsc_hint_url);
sub prep_ud () {
dgit_privdir(); # ensures that $dgit_privdir_made is based on $maindir
$playground = fresh_playground 'dgit/unpack';
}
sub mktree_in_ud_here () {
playtree_setup();
}
sub git_write_tree () {
my $tree = cmdoutput @git, qw(write-tree);
$tree =~ m/^\w+$/ or die "$tree ?";
return $tree;
}
sub git_add_write_tree () {
runcmd @git, qw(add -Af .);
return git_write_tree();
}
sub git_diff_programmatic (@) {
# Ideally we would unset various git.diff config options here,
# but there doesn't seem to be a way to *unset*
# something on the command line
(@git, qw(-c color.ui=never diff --no-ext-diff), @_)
}
sub remove_stray_gits ($) {
my ($what) = @_;
my @gitscmd = qw(find -name .git -prune -print0);
debugcmd "|",@gitscmd;
open GITS, "-|", @gitscmd or confess "$!";
{
local $/="\0";
while () {
chomp or die;
print STDERR f_ "%s: warning: removing from %s: %s\n",
$us, $what, (messagequote $_);
rmdir_r $_;
}
}
$!=0; $?=0; close GITS or failedcmd @gitscmd;
}
sub mktree_in_ud_from_only_subdir ($;$) {
my ($what,$raw) = @_;
# changes into the subdir
my (@dirs) = <*/.>;
confess "expected one subdir but found @dirs ?" unless @dirs==1;
$dirs[0] =~ m#^([^/]+)/\.$# or die;
my $dir = $1;
changedir $dir;
remove_stray_gits($what);
mktree_in_ud_here();
if (!$raw) {
my $format = get_source_format();
if (madformat($format)) {
rmdir_r '.pc';
}
}
my $tree=git_add_write_tree();
return ($tree,$dir);
}
our @files_csum_info_fields =
(['Checksums-Sha256','Digest::SHA', 'new(256)', 'sha256sum'],
['Checksums-Sha1', 'Digest::SHA', 'new(1)', 'sha1sum'],
['Files', 'Digest::MD5', 'new()', 'md5sum']);
sub dsc_files_info () {
foreach my $csumi (@files_csum_info_fields) {
my ($fname, $module, $method) = @$csumi;
my $field = $dsc->{$fname};
next unless defined $field;
eval "use $module; 1;" or die $@;
my @out;
foreach (split /\n/, $field) {
next unless m/\S/;
m/^(\w+) (\d+) (\S+)$/ or
fail f_ "could not parse .dsc %s line \`%s'", $fname, $_;
my $digester = eval "$module"."->$method;" or die $@;
push @out, {
Hash => $1,
Bytes => $2,
Filename => $3,
Digester => $digester,
};
}
return @out;
}
fail f_ "missing any supported Checksums-* or Files field in %s",
$dsc->get_option('name');
}
sub dsc_files () {
map { $_->{Filename} } dsc_files_info();
}
sub files_compare_inputs (@) {
my $inputs = \@_;
my %record;
my %fchecked;
my $showinputs = sub {
return join "; ", map { $_->get_option('name') } @$inputs;
};
foreach my $in (@$inputs) {
my $expected_files;
my $in_name = $in->get_option('name');
printdebug "files_compare_inputs $in_name\n";
foreach my $csumi (@files_csum_info_fields) {
my ($fname) = @$csumi;
printdebug "files_compare_inputs $in_name $fname\n";
my $field = $in->{$fname};
next unless defined $field;
my @files;
foreach (split /\n/, $field) {
next unless m/\S/;
my ($info, $f) = m/^(\w+ \d+) (?:\S+ \S+ )?(\S+)$/ or
fail "could not parse $in_name $fname line \`$_'";
printdebug "files_compare_inputs $in_name $fname $f\n";
push @files, $f;
my $re = \ $record{$f}{$fname};
if (defined $$re) {
$fchecked{$f}{$in_name} = 1;
$$re eq $info or
fail f_
"hash or size of %s varies in %s fields (between: %s)",
$f, $fname, $showinputs->();
} else {
$$re = $info;
}
}
@files = sort @files;
$expected_files //= \@files;
"@$expected_files" eq "@files" or
fail f_ "file list in %s varies between hash fields!",
$in_name;
}
$expected_files or
fail f_ "%s has no files list field(s)", $in_name;
}
printdebug "files_compare_inputs ".Dumper(\%fchecked, \%record)
if $debuglevel>=2;
grep { keys %$_ == @$inputs-1 } values %fchecked
or fail f_ "no file appears in all file lists (looked in: %s)",
$showinputs->();
}
sub is_orig_file_in_dsc ($$) {
my ($f, $dsc_files_info) = @_;
return 0 if @$dsc_files_info <= 1;
# One file means no origs, and the filename doesn't have a "what
# part of dsc" component. (Consider versions ending `.orig'.)
return 0 unless $f =~ m/\.$orig_f_tail_re$/o;
return 1;
}
# This function determines whether a .changes file is source-only from
# the point of view of dak. Thus, it permits *_source.buildinfo
# files.
#
# It does not, however, permit any other buildinfo files. After a
# source-only upload, the buildds will try to upload files like
# foo_1.2.3_amd64.buildinfo. If the package maintainer included files
# named like this in their (otherwise) source-only upload, the uploads
# of the buildd can be rejected by dak. Fixing the resultant
# situation can require manual intervention. So we block such
# .buildinfo files when the user tells us to perform a source-only
# upload (such as when using the push-source subcommand with the -C
# option, which calls this function).
#
# Note, though, that when dgit is told to prepare a source-only
# upload, such as when subcommands like build-source and push-source
# without -C are used, dgit has a more restrictive notion of
# source-only .changes than dak: such uploads will never include
# *_source.buildinfo files. This is because there is no use for such
# files when using a tool like dgit to produce the source package, as
# dgit ensures the source is identical to git HEAD.
# (An exception to this is when --tag2upload-builder-mode.)
sub test_source_only_changes ($) {
my ($changes) = @_;
my $arch = getfield $changes, 'Architecture';
unless ($arch eq 'source') {
print STDERR f_
"purportedly source-only changes has Architecture: %s\n",
$arch;
return 0;
}
foreach my $l (split /\n/, getfield $changes, 'Files') {
$l =~ m/\S+$/ or next;
# \.tar\.[a-z0-9]+ covers orig.tar and the tarballs in native packages
$_ = $&;
next if m/(?:\.dsc|\.diff\.gz|$tarball_f_ext_re)$/;
next if m/_source\.buildinfo$/;
print STDERR
f_ "purportedly source-only changes polluted by %s\n", $&;
return 0;
}
return 1;
}
sub changes_update_origs_from_dsc ($$$$) {
my ($dsc, $changes, $upstreamvsn, $changesfile) = @_;
my %changes_f;
printdebug "checking origs needed ($upstreamvsn)...\n";
$_ = getfield $changes, 'Files';
m/^\w+ \d+ (\S+ \S+) \S+$/m or
fail __ "cannot find section/priority from .changes Files field";
my $placementinfo = $1;
my %changed;
printdebug "checking origs needed placement '$placementinfo'...\n";
foreach my $l (split /\n/, getfield $dsc, 'Files') {
$l =~ m/\S+$/ or next;
my $file = $&;
printdebug "origs $file | $l\n";
next unless is_orig_file_of_vsn $file, $upstreamvsn;
printdebug "origs $file is_orig\n";
my $have = archive_query('file_in_archive', $file);
if (!defined $have) {
print STDERR __ <{$archivefield};
$_ = $dsc->{$fname};
next unless defined;
m/^(\w+) .* \Q$file\E$/m or
fail f_ ".dsc %s missing entry for %s", $fname, $file;
if ($h->{$archivefield} eq $1) {
$same++;
} else {
push @differ, f_
"%s: %s (archive) != %s (local .dsc)",
$archivefield, $h->{$archivefield}, $1;
}
}
confess "$file ".Dumper($h)." ?!" if $same && @differ;
$found_same++
if $same;
push @found_differ,
f_ "archive %s: %s", $h->{filename}, join "; ", @differ
if @differ;
}
printdebug "origs $file f.same=$found_same".
" #f._differ=$#found_differ\n";
if (@found_differ && !$found_same) {
fail join "\n",
(f_ "archive contains %s with different checksum", $file),
@found_differ;
}
# Now we edit the changes file to add or remove it
foreach my $csumi (@files_csum_info_fields) {
my ($fname, $module, $method, $archivefield) = @$csumi;
next unless defined $changes->{$fname};
if ($found_same) {
# in archive, delete from .changes if it's there
$changed{$file} = "removed" if
$changes->{$fname} =~ s/\n.* \Q$file\E$(?:)$//m;
} elsif ($changes->{$fname} =~ m/^.* \Q$file\E$(?:)$/m) {
# not in archive, but it's here in the .changes
} else {
my $dsc_data = getfield $dsc, $fname;
$dsc_data =~ m/^(.* \Q$file\E$)$/m or die "$dsc_data $file ?";
my $extra = $1;
$extra =~ s/ \d+ /$&$placementinfo /
or confess "$fname $extra >$dsc_data< ?"
if $fname eq 'Files';
$changes->{$fname} .= "\n". $extra;
$changed{$file} = "added";
}
}
}
if (%changed) {
foreach my $file (keys %changed) {
progress f_
"edited .changes for archive .orig contents: %s %s",
$changed{$file}, $file;
}
my $chtmp = "$changesfile.tmp";
$changes->save($chtmp);
if (act_local()) {
rename $chtmp,$changesfile or die "$changesfile $!";
} else {
progress f_ "[new .changes left in %s]", $changesfile;
}
} else {
progress f_ "%s already has appropriate .orig(s) (if any)",
$changesfile;
}
}
sub clogp_authline ($) {
my ($clogp) = @_;
my $author = getfield $clogp, 'Maintainer';
if ($author =~ m/^[^"\@]+\,/) {
# single entry Maintainer field with unquoted comma
$author = ($& =~ y/,//rd).$'; # strip the comma
}
# git wants a single author; any remaining commas in $author
# are by now preceded by @ (or "). It seems safer to punt on
# "..." for now rather than attempting to dequote or something.
$author =~ s#,.*##ms unless $author =~ m/"/;
my $date = getfield($clogp,'Date');
# try to pass through the changelog entry's timezone offset
my $tz = $date =~ m{ ([-+]\d{4})$} ? $1 : " +0000";
$date = cmdoutput qw(date), '+%s', qw(-d), $date;
my $authline = "$author $date $tz";
$authline =~ m/$git_authline_re/o or
fail f_ "unexpected commit author line format \`%s'".
" (was generated from changelog Maintainer field)",
$authline;
return ($1,$2,$3) if wantarray;
return $authline;
}
sub vendor_patches_distro ($$) {
my ($checkdistro, $what) = @_;
return unless defined $checkdistro;
my $series = "debian/patches/\L$checkdistro\E.series";
printdebug "checking for vendor-specific $series ($what)\n";
if (!open SERIES, "<", $series) {
confess "$series $!" unless $!==ENOENT;
return;
}
while () {
next unless m/\S/;
next if m/^\s+\#/;
print STDERR __ <error;
close SERIES;
}
sub check_for_vendor_patches () {
# This dpkg-source feature doesn't seem to be documented anywhere!
# But it can be found in the changelog (reformatted):
# commit 4fa01b70df1dc4458daee306cfa1f987b69da58c
# Author: Raphael Hertzog
# Date: Sun Oct 3 09:36:48 2010 +0200
# dpkg-source: correctly create .pc/.quilt_series with alternate
# series files
#
# If you have debian/patches/ubuntu.series and you were
# unpacking the source package on ubuntu, quilt was still
# directed to debian/patches/series instead of
# debian/patches/ubuntu.series.
#
# debian/changelog | 3 +++
# scripts/Dpkg/Source/Package/V3/quilt.pm | 4 +++-
# 2 files changed, 6 insertions(+), 1 deletion(-)
use Dpkg::Vendor;
vendor_patches_distro($ENV{DEB_VENDOR}, "DEB_VENDOR");
vendor_patches_distro(Dpkg::Vendor::get_current_vendor(),
__ "Dpkg::Vendor \`current vendor'");
vendor_patches_distro(access_basedistro(),
__ "(base) distro being accessed");
vendor_patches_distro(access_nomdistro(),
__ "(nominal) distro being accessed");
}
sub check_bpd_exists () {
stat $buildproductsdir
or fail f_ "build-products-dir %s is not accessible: %s\n",
$buildproductsdir, $!;
}
sub dotdot_bpd_transfer_origs ($$$) {
my ($bpd_abs, $upstreamversion, $wanted) = @_;
# checks is_orig_file_of_vsn and if
# calls $wanted->{$leaf} and expects boolish
my $dotdot = $maindir;
$dotdot =~ s{/[^/]+$}{};
my %dupes;
my $dupe_scan = sub {
my ($dir, $why_token) = @_;
if (!opendir SD, $dir) {
return if $! == ENOENT;
fail "opendir $why_token ($dir): $!";
}
while ($!=0, defined(my $leaf = readdir SD)) {
next unless is_orig_file_of_vsn $leaf, $upstreamversion;
next if $leaf =~ m{$orig_f_sig_re$};
next unless $leaf =~ m{\.tar(?:\.\w+)?$};
my $base = "$`.tar";
push @{ $dupes{$base}{$leaf} }, [$why_token, $dir];
}
die "$dir; $!" if $!;
};
$dupe_scan->($dotdot, "..");
$dupe_scan->(bpd_abs(), 'build-products-dir') if $buildproductsdir ne '..';
my $dupes_found = 0;
foreach my $base (sort keys %dupes) {
my $leaves = $dupes{$base};
next if keys(%$leaves) == 1;
$dupes_found = 1;
print STDERR f_
"%s: multiple representations of similar orig %s:\n",
$us, $base;
foreach my $leaf (keys %$leaves) {
foreach my $found (@{ $leaves->{$leaf} }) {
print STDERR f_ " %s: in %s (%s)\n",
$leaf, @$found;
}
}
}
fail __ "Duplicate/inconsistent orig tarballs. Delete the spurious ones."
if $dupes_found;
return if $buildproductsdir eq '..';
my $warned;
opendir DD, $dotdot or fail "opendir .. ($dotdot): $!";
while ($!=0, defined(my $leaf = readdir DD)) {
{
local ($debuglevel) = $debuglevel-1;
printdebug "DD_BPD $leaf ?\n";
}
next unless is_orig_file_of_vsn $leaf, $upstreamversion;
next unless $wanted->($leaf);
next if lstat "$bpd_abs/$leaf";
print STDERR f_
"%s: found orig(s) in .. missing from build-products-dir, transferring:\n",
$us
unless $warned++;
$! == &ENOENT or fail f_
"check orig file %s in bpd %s: %s", $leaf, $bpd_abs, $!;
lstat "$dotdot/$leaf" or fail f_
"check orig file %s in ..: %s", $leaf, $!;
if (-l _) {
stat "$dotdot/$leaf" or fail f_
"check target of orig symlink %s in ..: %s", $leaf, $!;
my $ltarget = readlink "$dotdot/$leaf" or
die "readlink $dotdot/$leaf: $!";
if ($ltarget !~ m{^/}) {
$ltarget = "$dotdot/$ltarget";
}
symlink $ltarget, "$bpd_abs/$leaf"
or die "$ltarget $bpd_abs $leaf: $!";
print STDERR f_
"%s: cloned orig symlink from ..: %s\n",
$us, $leaf;
} elsif (link "$dotdot/$leaf", "$bpd_abs/$leaf") {
print STDERR f_
"%s: hardlinked orig from ..: %s\n",
$us, $leaf;
} elsif ($! != EXDEV) {
fail f_ "failed to make %s a hardlink to %s: %s",
"$bpd_abs/$leaf", "$dotdot/$leaf", $!;
} else {
symlink "$bpd_abs/$leaf", "$dotdot/$leaf"
or die "$bpd_abs $dotdot $leaf $!";
print STDERR f_
"%s: symmlinked orig from .. on other filesystem: %s\n",
$us, $leaf;
}
}
die "$dotdot; $!" if $!;
closedir DD;
}
sub import_r1authline ($$) {
my ($clogp_r, $upstreamv) = @_;
my $r1clogp;
my @clogcmd = qw(dpkg-parsechangelog --format rfc822 --all);
printdebug "import clog search...\n";
parsechangelog_loop \@clogcmd, (__ "package changelog"), sub {
my ($thisstanza, $desc) = @_;
no warnings qw(exiting);
$$clogp_r //= $thisstanza;
printdebug "import clog $thisstanza->{version} $desc...\n";
# We look for the first (most recent) changelog entry whose
# version number is lower than the upstream version of this
# package. Then the last (least recent) previous changelog
# entry is treated as the one which introduced this upstream
# version and used for the synthetic commits for the upstream
# tarballs.
# One might think that a more sophisticated algorithm would be
# necessary. But: we do not want to scan the whole changelog
# file. Stopping when we see an earlier version, which
# necessarily then is an earlier upstream version, is the only
# realistic way to do that. Then, either the earliest
# changelog entry we have seen so far is indeed the earliest
# upload of this upstream version; or there are only changelog
# entries relating to later upstream versions (which is not
# possible unless the changelog and .dsc disagree about the
# version). Then it remains to choose between the physically
# last entry in the file, and the one with the lowest version
# number. If these are not the same, we guess that the
# versions were created in a non-monotonic order rather than
# that the changelog entries have been misordered.
printdebug "import clog $thisstanza->{version} vs $upstreamv...\n";
last if version_compare($thisstanza->{version}, $upstreamv) < 0;
$r1clogp = $thisstanza;
printdebug "import clog $r1clogp->{version} becomes r1\n";
};
$r1clogp //= $$clogp_r; # maybe there's only one entry;
return clogp_authline $r1clogp;
}
sub import_tarball_tartrees ($$) {
my ($upstreamv, $dfi) = @_;
# cwd should be the playground
# We unpack and record the orig tarballs first, so that we only
# need disk space for one private copy of the unpacked source.
# But we can't make them into commits until we have the metadata
# from the debian/changelog, so we record the tree objects now and
# make them into commits later.
my @tartrees;
my $orig_f_base = srcfn $upstreamv, '';
foreach my $fi (@$dfi) {
# We actually import, and record as a commit, every tarball
# (unless there is only one file, in which case there seems
# little point.
my $f = $fi->{Filename};
printdebug "import considering $f ";
(printdebug "not tar\n"), next unless $f =~ m/\.tar(\.\w+)?$/;
(printdebug "signature\n"), next if $f =~ m/$orig_f_sig_re$/o;
my $compr_ext = $1;
my ($orig_f_part) =
$f =~ m/^\Q$orig_f_base\E\.([^._]+)?\.tar(?:\.\w+)?$/;
printdebug "Y ", (join ' ', map { $_//"(none)" }
$compr_ext, $orig_f_part
), "\n";
my $path = $fi->{Path} // $f;
my $input = new IO::File $f, '<' or die "$f $!";
my $compr_pid;
my @compr_cmd;
if (defined $compr_ext) {
my $cname =
Dpkg::Compression::compression_guess_from_filename $f;
fail "Dpkg::Compression cannot handle file $f in source package"
if defined $compr_ext && !defined $cname;
my $compr_proc =
new Dpkg::Compression::Process compression => $cname;
@compr_cmd = $compr_proc->get_uncompress_cmdline();
my $compr_fh = new IO::Handle;
my $compr_pid = open $compr_fh, "-|" // confess "$!";
if (!$compr_pid) {
open STDIN, "<&", $input or confess "$!";
exec @compr_cmd;
die "dgit (child): exec $compr_cmd[0]: $!\n";
}
$input = $compr_fh;
}
rmdir_r "_unpack-tar";
mkdir "_unpack-tar" or confess "$!";
my @tarcmd = qw(tar -x -f -
--no-same-owner --no-same-permissions
--no-acls --no-xattrs --no-selinux);
my $tar_pid = fork // confess "$!";
if (!$tar_pid) {
chdir "_unpack-tar" or confess "$!";
open STDIN, "<&", $input or confess "$!";
exec @tarcmd;
die f_ "dgit (child): exec %s: %s", $tarcmd[0], $!;
}
$!=0; (waitpid $tar_pid, 0) == $tar_pid or confess "$!";
!$? or failedcmd @tarcmd;
close $input or
(@compr_cmd ? ($?==SIGPIPE || failedcmd @compr_cmd)
: confess "$!");
# finally, we have the results in "tarball", but maybe
# with the wrong permissions
runcmd qw(chmod -R +rwX _unpack-tar);
changedir "_unpack-tar";
remove_stray_gits($f);
mktree_in_ud_here();
my ($tree) = git_add_write_tree();
my $tentries = cmdoutput @git, qw(ls-tree -z), $tree;
if ($tentries =~ m/^\d+ tree (\w+)\t[^\000]+\000$/s) {
$tree = $1;
printdebug "one subtree $1\n";
} else {
printdebug "multiple subtrees\n";
}
changedir "..";
rmdir_r "_unpack-tar";
my $ent = [ $f, $tree ];
push @tartrees, {
Orig => !!$orig_f_part,
Sort => (!$orig_f_part ? 2 :
$orig_f_part =~ m/-/g ? 1 :
0),
OrigPart => $orig_f_part, # 'orig', 'orig-XXX', or undef
F => $f,
Tree => $tree,
};
}
@tartrees = sort {
# put any without "_" first (spec is not clear whether files
# are always in the usual order). Tarballs without "_" are
# the main orig or the debian tarball.
$a->{Sort} <=> $b->{Sort} or
$a->{F} cmp $b->{F}
} @tartrees;
@tartrees;
}
sub import_tarball_commits ($$) {
my ($tartrees, $upstreamv) = @_;
# cwd should be a playtree which has a relevant debian/changelog
# fills in $tt->{Commit} for each one
my $any_orig = grep { $_->{Orig} } @$tartrees;
my $clogp;
my $r1authline;
if ($any_orig) {
if (!eval {
local $failmsg_prefix = ' ';
$r1authline = import_r1authline(\$clogp, $upstreamv);
$clogp or fail __ "package changelog has no entries!";
1;
}) {
chomp $@;
print STDERR f_ <{F} $tt->{Tree}\n";
# untranslated so that different people's imports are identical
my $mbody = sprintf "Import %s", $tt->{F};
$tt->{Commit} = hash_commit_text($tt->{Orig} ? <{Tree}
author $r1authline
committer $r1authline
$mbody
[dgit import orig $tt->{F}]
END_O
tree $tt->{Tree}
author $authline
committer $authline
$mbody
[dgit import tarball $package $cversion $tt->{F}]
END_T
}
}
return ($authline, $r1authline, $clogp, $changes);
}
sub generate_commits_from_dsc () {
# See big comment in fetch_from_archive, below.
# See also README.dsc-import.
prep_ud();
changedir $playground;
my $bpd_abs = bpd_abs();
my $upstreamv = upstreamversion $dsc->{version};
my @dfi = dsc_files_info();
dotdot_bpd_transfer_origs $bpd_abs, $upstreamv,
sub { grep { $_->{Filename} eq $_[0] } @dfi };
foreach my $fi (@dfi) {
my $f = $fi->{Filename};
die "$f ?" if $f =~ m#/|^\.|\.dsc$|\.tmp$#;
my $upper_f = "$bpd_abs/$f";
printdebug "considering reusing $f: ";
if (link_ltarget "$upper_f,fetch", $f) {
printdebug "linked (using ...,fetch).\n";
} elsif ((printdebug "($!) "),
$! != ENOENT) {
fail f_ "accessing %s: %s", "$buildproductsdir/$f,fetch", $!;
} elsif (link_ltarget $upper_f, $f) {
printdebug "linked.\n";
} elsif ((printdebug "($!) "),
$! != ENOENT) {
fail f_ "accessing %s: %s", "$buildproductsdir/$f", $!;
} else {
printdebug "absent.\n";
}
my $refetched;
complete_file_from_dsc('.', $fi, \$refetched)
or next;
printdebug "considering saving $f: ";
if (!act_local()) {
printdebug "no - dry run.\n";
} elsif (rename_link_xf 1, $f, $upper_f) {
printdebug "linked.\n";
} elsif ((printdebug "($@) "),
$! != EEXIST) {
fail f_ "saving %s: %s", "$buildproductsdir/$f", $@;
} elsif (!$refetched) {
printdebug "no need.\n";
} elsif (rename_link_xf 1, $f, "$upper_f,fetch") {
printdebug "linked (using ...,fetch).\n";
} elsif ((printdebug "($@) "),
$! != EEXIST) {
fail f_ "saving %s: %s", "$buildproductsdir/$f,fetch", $@;
} else {
printdebug "cannot.\n";
}
}
my @tartrees;
@tartrees = import_tarball_tartrees($upstreamv, \@dfi)
unless @dfi == 1; # only one file in .dsc
my $dscfn = "$package.dsc";
my $treeimporthow = 'package';
open D, ">", $dscfn or die "$dscfn: $!";
print D $dscdata or die "$dscfn: $!";
close D or die "$dscfn: $!";
my @cmd = qw(dpkg-source);
push @cmd, '--no-check' if $dsc_checked;
if (madformat $dsc->{format}) {
push @cmd, '--skip-patches';
$treeimporthow = 'unpatched';
}
push @cmd, qw(-x --), $dscfn;
runcmd @cmd;
my ($tree,$dir) = mktree_in_ud_from_only_subdir(__ "source package");
if (madformat $dsc->{format}) {
check_for_vendor_patches();
}
my $dappliedtree;
if (madformat $dsc->{format}) {
my @pcmd = qw(dpkg-source --before-build .);
runcmd shell_cmd 'exec >/dev/null', @pcmd;
rmdir_r '.pc';
$dappliedtree = git_add_write_tree();
}
my ($authline, $r1authline, $clogp, $changes) =
import_tarball_commits(\@tartrees, $upstreamv);
my $cversion = getfield $clogp, 'Version';
printdebug "import main commit\n";
open C, ">../commit.tmp" or confess "$!";
print C <{Commit}
END
print C <{format}) {
printdebug "import apply patches...\n";
# regularise the state of the working tree so that
# the checkout of $rawimport_hash works nicely.
my $dappliedcommit = hash_commit_text(<../../absurd-apply-warnings" or die $!;
close T or die $!;
progress f_ "%s: trying slow absurd-git-apply...", $us;
rename "../../gbp-pq-output","../../gbp-pq-output.0"
or $!==ENOENT
or confess "$!";
}
eval {
die "forbid absurd git-apply\n" if $use_absurd
&& forceing [qw(import-gitapply-no-absurd)];
die "only absurd git-apply!\n" if !$use_absurd
&& forceing [qw(import-gitapply-absurd)];
local $ENV{DGIT_ABSURD_DEBUG} = $debuglevel if $use_absurd;
local $ENV{PATH} = $path if $use_absurd;
if ($use_absurd) {
# We filter the series file, to contain only things
# that are actually requests to apply a patch.
#
# This is needed because sometimes a series file can
# contain strange things that gbp pq cannot cope with.
# Eg, form feeds. See #1030093.
rename "debian/patches/series", "../series.orig"
or confess "$!";
open OS, "../series.orig" or confess $!;
open NS, ">debian/patches/series" or confess $!;
while () {
s/\#.*//;
s/^\s+//;
s/\s+$//;
next unless m/\S/;
print NS "$_\n" or confess $!;
}
confess $! if OS->error;
close NS or confess $!;
runcmd @git, qw(add debian/patches/series);
# This commit is spurious, but we must commit for gbp
# pq to work. We filter it out of the branch later.
runcmd @git, qw(commit --quiet --allow-empty -m), </dev/null 2>../../gbp-pq-output', @showcmd;
gbp_pq_pc_aside(sub {
debugcmd "+",@realcmd;
if (system @realcmd) {
die f_ "%s failed: %s\n",
+(shellquote @showcmd),
failedcmd_waitstatus();
}
});
if ($use_absurd) {
# Perhaps we should be using git-filter-branch,
# but that's really considerably more awkward.
runcmd_quieten
@git, qw(rebase --keep-empty --allow-empty-message
--onto unpa~1 unpa);
}
my $gapplied = git_rev_parse('HEAD');
my $gappliedtree = cmdoutput @git, qw(rev-parse HEAD:);
$gappliedtree eq $dappliedtree or
fail f_ < $rawimport_hash,
Info => __ "Import of source package",
};
my @output = ($rawimport_mergeinput);
if ($lastpush_mergeinput) {
my $oldclogp = mergeinfo_getclogp($lastpush_mergeinput);
my $oversion = getfield $oldclogp, 'Version';
my $vcmp =
version_compare($oversion, $cversion);
if ($vcmp < 0) {
@output = ($rawimport_mergeinput, $lastpush_mergeinput,
{ ReverseParents => 1,
# untranslated so that different people's pseudomerges
# are not needlessly different (although they will
# still differ if the series of pulls is different)
Message => (sprintf < 0) {
print STDERR f_ <{Filename}"
# and will set $$refetched=1 if it did so (or tried to).
my $f = $fi->{Filename};
my $tf = "$dstdir/$f";
my $downloaded = 0;
my $got;
my $checkhash = sub {
open F, "<", "$tf" or die "$tf: $!";
$fi->{Digester}->reset();
$fi->{Digester}->addfile(*F);
F->error and confess "$!";
$got = $fi->{Digester}->hexdigest();
return $got eq $fi->{Hash};
};
if (stat_exists $tf) {
if ($checkhash->()) {
progress f_ "using existing %s", $f;
return 1;
}
if (!$refetched) {
fail f_ "file %s has hash %s but .dsc demands hash %s".
" (perhaps you should delete this file?)",
$f, $got, $fi->{Hash};
}
progress f_ "need to fetch correct version of %s", $f;
unlink $tf or die "$tf $!";
$$refetched = 1;
} else {
printdebug "$tf does not exist, need to fetch\n";
}
my $furl = $dscurl;
$furl =~ s{/[^/]+$}{};
$furl .= "/$f";
die "$f ?" unless $f =~ m/^\Q${package}\E_/;
die "$f ?" if $f =~ m#/#;
runcmd_ordryrun_local @curl,qw(-f -o),$tf,'--',"$furl";
return 0 if !act_local();
$checkhash->() or
fail f_ "file %s has hash %s but .dsc demands hash %s".
" (got wrong file from archive!)",
$f, $got, $fi->{Hash};
return 1;
}
sub ensure_we_have_orig () {
my @dfi = dsc_files_info();
foreach my $fi (@dfi) {
my $f = $fi->{Filename};
next unless is_orig_file_in_dsc($f, \@dfi);
complete_file_from_dsc($buildproductsdir, $fi)
or next;
}
}
#---------- git fetch ----------
sub lrfetchrefs () { return "refs/dgit-fetch/".access_basedistro(); }
sub lrfetchref () { return lrfetchrefs.'/'.server_branch($csuite); }
# We fetch some parts of lrfetchrefs/*. Ideally we delete these
# locally fetched refs because they have unhelpful names and clutter
# up gitk etc. So we track whether we have "used up" head ref (ie,
# whether we have made another local ref which refers to this object).
#
# (If we deleted them unconditionally, then we might end up
# re-fetching the same git objects each time dgit fetch was run.)
#
# So, each use of lrfetchrefs needs to be accompanied by arrangements
# in git_fetch_us to fetch the refs in question, and possibly a call
# to lrfetchref_used.
our (%lrfetchrefs_f, %lrfetchrefs_d);
# $lrfetchrefs_X{lrfetchrefs."/heads/whatever"} = $objid
sub lrfetchref_used ($) {
my ($fullrefname) = @_;
my $objid = $lrfetchrefs_f{$fullrefname};
$lrfetchrefs_d{$fullrefname} = $objid if defined $objid;
}
sub git_lrfetch_sane {
my ($url, $supplementary, @specs) = @_;
# Make a 'refs/'.lrfetchrefs.'/*' be just like on server,
# at least as regards @specs. Also leave the results in
# %lrfetchrefs_f, and arrange for lrfetchref_used to be
# able to clean these up.
#
# With $supplementary==1, @specs must not contain wildcards
# and we add to our previous fetches (non-atomically).
# This is rather miserable:
# When git fetch --prune is passed a fetchspec ending with a *,
# it does a plausible thing. If there is no * then:
# - it matches subpaths too, even if the supplied refspec
# starts refs, and behaves completely madly if the source
# has refs/refs/something. (See, for example, Debian #NNNN.)
# - if there is no matching remote ref, it bombs out the whole
# fetch.
# We want to fetch a fixed ref, and we don't know in advance
# if it exists, so this is not suitable.
#
# Our workaround is to use git ls-remote. git ls-remote has its
# own qairks. Notably, it has the absurd multi-tail-matching
# behaviour: git ls-remote R refs/foo can report refs/foo AND
# refs/refs/foo etc.
#
# Also, we want an idempotent snapshot, but we have to make two
# calls to the remote: one to git ls-remote and to git fetch. The
# solution is use git ls-remote to obtain a target state, and
# git fetch to try to generate it. If we don't manage to generate
# the target state, we try again.
printdebug "git_lrfetch_sane suppl=$supplementary specs @specs\n";
my $specre = join '|', map {
my $x = $_;
$x =~ s/\W/\\$&/g;
my $wildcard = $x =~ s/\\\*$/.*/;
die if $wildcard && $supplementary;
"(?:refs/$x)";
} @specs;
printdebug "git_lrfetch_sane specre=$specre\n";
my $wanted_rref = sub {
local ($_) = @_;
return m/^(?:$specre)$/;
};
my $fetch_iteration = 0;
FETCH_ITERATION:
for (;;) {
printdebug "git_lrfetch_sane iteration $fetch_iteration\n";
if (++$fetch_iteration > 10) {
fail __ "too many iterations trying to get sane fetch!";
}
my @look = map { "refs/$_" } @specs;
my @lcmd = (@git, qw(ls-remote -q --refs), $url, @look);
debugcmd "|",@lcmd;
my %wantr;
open GITLS, "-|", @lcmd or confess "$!";
while () {
printdebug "=> ", $_;
m/^(\w+)\s+(\S+)\n/ or die "ls-remote $_ ?";
my ($objid,$rrefname) = ($1,$2);
if (!$wanted_rref->($rrefname)) {
print STDERR f_ <($rrefname)) {
printdebug <';
my $want = $wantr{$rrefname};
next if $got eq $want;
if (!defined $objgot{$want}) {
fail f_ <{Clogp} exists and returns it
my ($mi) = @_;
$mi->{Clogp} = commit_getclogp($mi->{Commit});
}
sub mergeinfo_version ($) {
return getfield( (mergeinfo_getclogp $_[0]), 'Version' );
}
sub fetch_from_archive_record_1 ($) {
my ($hash) = @_;
runcmd git_update_ref_cmd "dgit fetch $csuite", 'DGIT_ARCHIVE', $hash;
cmdoutput @git, qw(log -n2), $hash;
# ... gives git a chance to complain if our commit is malformed
}
sub fetch_from_archive_record_2 ($) {
my ($hash) = @_;
my @upd_cmd = (git_update_ref_cmd 'dgit fetch', lrref(), $hash);
if (act_local()) {
cmdoutput @upd_cmd;
} else {
dryrun_report @upd_cmd;
}
}
sub parse_dsc_field_def_dsc_distro () {
$dsc_distro //= cfg qw(dgit.default.old-dsc-distro
dgit.default.distro);
}
sub parse_dsc_field ($$) {
my ($dsc, $what) = @_;
my $f;
foreach my $field (@ourdscfield) {
$f = $dsc->{$field};
last if defined $f;
}
if (!defined $f) {
progress f_ "%s: NO git hash", $what;
parse_dsc_field_def_dsc_distro();
} elsif (($dsc_hash, $dsc_distro, $dsc_hint_tag, $dsc_hint_url)
= $f =~ m/^(\w+)\s+($distro_re)\s+($versiontag_re)\s+(\S+)(?:\s|$)/) {
progress f_ "%s: specified git info (%s)", $what, $dsc_distro;
$dsc_hint_tag = [ $dsc_hint_tag ];
} elsif ($f =~ m/^\w+\s*$/) {
$dsc_hash = $&;
parse_dsc_field_def_dsc_distro();
$dsc_hint_tag = [ debiantags +(getfield $dsc, 'Version'),
$dsc_distro ];
progress f_ "%s: specified git hash", $what;
} else {
fail f_ "%s: invalid Dgit info", $what;
}
}
sub resolve_dsc_field_commit ($$) {
my ($already_distro, $already_mapref) = @_;
return unless defined $dsc_hash;
my $mapref =
defined $already_mapref &&
($already_distro eq $dsc_distro || !$chase_dsc_distro)
? $already_mapref : undef;
my $do_fetch;
$do_fetch = sub {
my ($what, @fetch) = @_;
local $idistro = $dsc_distro;
my $lrf = lrfetchrefs;
if (!$chase_dsc_distro) {
progress f_ "not chasing .dsc distro %s: not fetching %s",
$dsc_distro, $what;
return 0;
}
progress f_ ".dsc names distro %s: fetching %s", $dsc_distro, $what;
my $url = access_giturl();
if (!defined $url) {
defined $dsc_hint_url or fail f_ <((__ "rewrite map"), $rewritemap) or return;
$mapref = $lrf.'/'.$rewritemap;
}
my $rewritemapdata = git_cat_file $mapref.':map';
if (defined $rewritemapdata
&& $rewritemapdata =~ m/^$dsc_hash(?:[ \t](\w+))/m) {
progress __
"server's git history rewrite map contains a relevant entry!";
$dsc_hash = $1;
if (defined $dsc_hash) {
progress __ "using rewritten git hash in place of .dsc value";
} else {
progress __ "server data says .dsc hash is to be disregarded";
}
}
}
if (!defined git_cat_file $dsc_hash) {
my @tags = map { "tags/".$_ } @$dsc_hint_tag;
my $lrf = $do_fetch->((__ "additional commits"), @tags) &&
defined git_cat_file $dsc_hash
or fail f_ < $lastpush_hash,
Info => (__ "dgit suite branch on dgit git server"),
};
my $lastfetch_hash = git_get_ref(lrref());
printdebug "fetch_from_archive: lastfetch=$lastfetch_hash\n";
my $lastfetch_mergeinput = $lastfetch_hash && {
Commit => $lastfetch_hash,
Info => (__ "dgit client's archive history view"),
};
my $dsc_mergeinput = $dsc_hash && {
Commit => $dsc_hash,
Info => (__ "Dgit field in .dsc from archive"),
};
my $cwd = getcwd();
my $del_lrfetchrefs = sub {
changedir $cwd;
my $gur;
printdebug "del_lrfetchrefs...\n";
foreach my $fullrefname (sort keys %lrfetchrefs_d) {
my $objid = $lrfetchrefs_d{$fullrefname};
printdebug "del_lrfetchrefs: $objid $fullrefname\n";
if (!$gur) {
$gur ||= new IO::Handle;
open $gur, "|-", qw(git update-ref --stdin) or confess "$!";
}
printf $gur "delete %s %s\n", $fullrefname, $objid;
}
if ($gur) {
close $gur or failedcmd "git update-ref delete lrfetchrefs";
}
};
if (defined $dsc_hash) {
ensure_we_have_orig();
if (!$lastpush_hash || $dsc_hash eq $lastpush_hash) {
@mergeinputs = $dsc_mergeinput
} elsif (is_fast_fwd($dsc_hash,$lastpush_hash)) {
print STDERR f_ <{Commit};
$h and is_fast_fwd($lastfetch_hash, $h);
# If true, one of the existing parents of this commit
# is a descendant of the $lastfetch_hash, so we'll
# be ff from that automatically.
} @mergeinputs
) {
# Otherwise:
push @mergeinputs, $lastfetch_mergeinput;
}
printdebug "fetch mergeinfos:\n";
foreach my $mi (@mergeinputs) {
if ($mi->{Info}) {
printdebug " commit $mi->{Commit} $mi->{Info}\n";
} else {
printdebug sprintf " ReverseParents=%d Message=%s",
$mi->{ReverseParents}, $mi->{Message};
}
}
my $compat_info= pop @mergeinputs
if $mergeinputs[$#mergeinputs]{Message};
@mergeinputs = grep { defined $_->{Commit} } @mergeinputs;
my $hash;
if (@mergeinputs > 1) {
# here we go, then:
my $tree_commit = $mergeinputs[0]{Commit};
my $tree = get_tree_of_commit $tree_commit;;
# We use the changelog author of the package in question the
# author of this pseudo-merge. This is (roughly) correct if
# this commit is simply representing aa non-dgit upload.
# (Roughly because it does not record sponsorship - but we
# don't have sponsorship info because that's in the .changes,
# which isn't in the archivw.)
#
# But, it might be that we are representing archive history
# updates (including in-archive copies). These are not really
# the responsibility of the person who created the .dsc, but
# there is no-one whose name we should better use. (The
# author of the .dsc-named commit is clearly worse.)
my $useclogp = mergeinfo_getclogp $mergeinputs[0];
my $author = clogp_authline $useclogp;
my $cversion = getfield $useclogp, 'Version';
my $mcf = dgit_privdir()."/mergecommit";
open MC, ">", $mcf or die "$mcf $!";
print MC <{Commit} } @mergeinputs;
@parents = reverse @parents if $compat_info->{ReverseParents};
print MC <{Commit}
END
print MC <