aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKaren Arutyunov <karen@codesynthesis.com>2022-04-04 20:34:20 +0300
committerKaren Arutyunov <karen@codesynthesis.com>2022-04-04 22:48:11 +0300
commitb8f351516e4c8cabe808c13e3e47e35ccddc4571 (patch)
tree3246ba5cca9b8fba20e74ec810658d00b172f14f
parent92ce9a3681fa939f1b39326abad62bb264bcd6ac (diff)
Fix submit-pub handler to deny submission of older package version revision
-rw-r--r--brep/handler/submit/submit-git.bash.in15
-rw-r--r--brep/handler/submit/submit-pub.in17
-rw-r--r--brep/handler/submit/submit.bash.in15
-rw-r--r--tests/submit/submit-pub.testscript46
4 files changed, 69 insertions, 24 deletions
diff --git a/brep/handler/submit/submit-git.bash.in b/brep/handler/submit/submit-git.bash.in
index 1c50adb..cf7300d 100644
--- a/brep/handler/submit/submit-git.bash.in
+++ b/brep/handler/submit/submit-git.bash.in
@@ -56,21 +56,6 @@ function owners_dir () # <repo-dir>
echo "$r"
}
-# Extract the revision part from the package version. Return 0 if the version
-# doesn't contain revision.
-#
-function version_revision () # version
-{
- local r
- r="$(sed -n -re 's%^(\+?[^+]+)(\+([0-9]+))?$%\3%p' <<<"$1")"
-
- if [ -z "$r" ]; then
- r="0"
- fi
-
- echo "$r"
-}
-
# Check if a repository already contains the package. Respond with the
# 'duplicate submission' result manifest and exit if that's the case.
#
diff --git a/brep/handler/submit/submit-pub.in b/brep/handler/submit/submit-pub.in
index ea12a29..f4a3c2d 100644
--- a/brep/handler/submit/submit-pub.in
+++ b/brep/handler/submit/submit-pub.in
@@ -257,6 +257,8 @@ else
message_suffix=": $name/$version"
fi
+revision="$(version_revision "$version")"
+
# Open the reading file descriptor and lock the repository. Fail if unable to
# lock before timeout.
#
@@ -330,9 +332,24 @@ run rsync -rtO --exclude 'packages.manifest' --link-dest="$repo_old" \
# Remove the package version revision archives that may exist in the
# repository.
#
+# But first check if the repository contains newer revision of this package
+# version. Respond with the 'newer revision is present' result manifest and
+# exit if that's the case.
+#
run pkg_find_archives "$name" "$version*" "$repo_new/1" | readarray -t arcs
for f in "${arcs[@]}"; do
+ pkg_verify_archive "$f" | readarray -t p
+
+ v="${p[1]}"
+ rv="$(version_revision "$v")"
+
+ if [ "$rv" -gt "$revision" ]; then
+ exit_with_manifest 422 "newer revision $name/$v is present"
+ fi
+done
+
+for f in "${arcs[@]}"; do
run rm "$f"
done
diff --git a/brep/handler/submit/submit.bash.in b/brep/handler/submit/submit.bash.in
index f7e5124..30a09f8 100644
--- a/brep/handler/submit/submit.bash.in
+++ b/brep/handler/submit/submit.bash.in
@@ -63,3 +63,18 @@ function extract_package_manifest () # <archive> <manifest>
exit_with_manifest 400 "archive is not a valid package (run bpkg pkg-verify for details)"
fi
}
+
+# Extract the revision part from the package version. Return 0 if the version
+# doesn't contain revision.
+#
+function version_revision () # version
+{
+ local r
+ r="$(sed -n -re 's%^(\+?[^+]+)(\+([0-9]+))?$%\3%p' <<<"$1")"
+
+ if [ -z "$r" ]; then
+ r="0"
+ fi
+
+ echo "$r"
+}
diff --git a/tests/submit/submit-pub.testscript b/tests/submit/submit-pub.testscript
index 07517be..c5d435f 100644
--- a/tests/submit/submit-pub.testscript
+++ b/tests/submit/submit-pub.testscript
@@ -84,14 +84,8 @@ clone_root_rep = cp --no-cleanup -r $root_rep ./ &pkg-1/*** &?pkg.lock
$clone_root_rep;
ln -s pkg-1 pkg;
- # Add the libhello/0.1.0+1 package revision to the repository.
+ # Initial submission.
#
- mkdir --no-cleanup pkg-1/1/hello;
- tar -xf $~/$data_dir/libhello-0.1.0.tar.gz &libhello-0.1.0/***;
- sed -i -e 's/(version: 0.1.0)/\1+1/' libhello-0.1.0/manifest;
- mv libhello-0.1.0 libhello-0.1.0+1;
- tar cfz pkg-1/1/hello/libhello-0.1.0+1.tar.gz libhello-0.1.0+1;
-
$* $~/pkg $~/$data_dir &!pkg-1/*** &pkg-*/*** >>"EOO";
: 1
status: 200
@@ -99,7 +93,6 @@ clone_root_rep = cp --no-cleanup -r $root_rep ./ &pkg-1/*** &?pkg.lock
reference: $checksum
EOO
- test -f pkg/1/hello/libhello-0.1.0+1.tar.gz == 1;
test -f pkg/1/hello/libhello-0.1.0.tar.gz;
# While at it, test the duplicate submission.
@@ -113,7 +106,42 @@ clone_root_rep = cp --no-cleanup -r $root_rep ./ &pkg-1/*** &?pkg.lock
reference: $checksum
EOO
- test -f pkg/1/hello/libhello-0.1.0.tar.gz
+ test -f pkg/1/hello/libhello-0.1.0.tar.gz;
+
+ # Revision submission.
+ #
+ # Here we test that the handler removes the previous revision.
+ #
+ tar -xf $~/$data_dir/libhello-0.1.0.tar.gz;
+ sed -i -e 's/(version: 0.1.0)/\1+1/' libhello-0.1.0/manifest;
+ mv libhello-0.1.0 libhello-0.1.0+1;
+ tar cfz $~/$data_dir/libhello-0.1.0+1.tar.gz libhello-0.1.0+1;
+ rm -r libhello-0.1.0+1;
+ rm $~/$data_dir/libhello-0.1.0.tar.gz;
+ sed -i -e 's/(archive: libhello-0.1.0)(.tar.gz)/\1+1\2/' $data_dir/request.manifest;
+
+ $* $~/pkg $~/$data_dir >>"EOO";
+ : 1
+ status: 200
+ message: package is published: libhello/0.1.0+1
+ reference: $checksum
+ EOO
+
+ test -f pkg/1/hello/libhello-0.1.0.tar.gz == 1;
+ test -f pkg/1/hello/libhello-0.1.0+1.tar.gz;
+
+ # While at it, test the older revision submission.
+ #
+ $clone_root_data_clean;
+
+ $* $~/pkg $~/$data_dir >>"EOO";
+ : 1
+ status: 422
+ message: newer revision libhello/0.1.0+1 is present
+ reference: $checksum
+ EOO
+
+ test -f pkg/1/hello/libhello-0.1.0+1.tar.gz
}
: result-url