From 92ce9a3681fa939f1b39326abad62bb264bcd6ac Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Mon, 4 Apr 2022 15:48:51 +0300
Subject: Fix submit-git handler to deny submission of older package version
 revision

---
 brep/handler/submit/submit-git.bash.in | 53 ++++++++++++++++++++++++++++++--
 tests/submit/submit-git.testscript     | 55 ++++++++++++++++++++++++++--------
 2 files changed, 93 insertions(+), 15 deletions(-)

diff --git a/brep/handler/submit/submit-git.bash.in b/brep/handler/submit/submit-git.bash.in
index 2508a79..1c50adb 100644
--- a/brep/handler/submit/submit-git.bash.in
+++ b/brep/handler/submit/submit-git.bash.in
@@ -56,9 +56,28 @@ function owners_dir () # <repo-dir>
   echo "$r"
 }
 
+# Extract the revision part from the package version. Return 0 if the version
+# doesn't contain revision.
+#
+function version_revision () # version
+{
+  local r
+  r="$(sed -n -re 's%^(\+?[^+]+)(\+([0-9]+))?$%\3%p' <<<"$1")"
+
+  if [ -z "$r" ]; then
+    r="0"
+  fi
+
+  echo "$r"
+}
+
 # Check if a repository already contains the package. Respond with the
 # 'duplicate submission' result manifest and exit if that's the case.
 #
+# Also check if the repository contains newer revision of this package
+# version. Respond with the 'newer revision is present' result manifest and
+# exit if that's the case.
+#
 function check_package_duplicate () # <name> <version> <repo-dir>
 {
   trace_func "$@"
@@ -72,13 +91,21 @@ function check_package_duplicate () # <name> <version> <repo-dir>
 
   run source "$rep/submit.config.bash"
 
-  # Check for duplicate package in all sections. Use <name>-<version>.*
-  # without .tar.gz in case we want to support more archive types later.
+  local rev
+  rev="$(version_revision "$ver")"
+
+  # Check for duplicate package and its newer revisions in all sections. Use
+  # <name>-<version>.* without .tar.gz in case we want to support more archive
+  # types later.
   #
   local s
   for s in "${!sections[@]}"; do
+    local d="$rep/${sections[$s]}"
+
+    # Check for duplicate.
+    #
     local p
-    run pkg_find_archive "$nam-$ver.*" "$rep/${sections[$s]}" | readarray -t p
+    run pkg_find_archive "$nam-$ver.*" "$d" | readarray -t p
 
     if [ "${#p[@]}" -ne 0 ]; then
       local n="${p[1]}"
@@ -92,6 +119,26 @@ function check_package_duplicate () # <name> <version> <repo-dir>
         exit_with_manifest 422 "submission conflicts with $n/$v"
       fi
     fi
+
+    # Check for newer revision.
+    #
+    local arcs
+    run pkg_find_archives "$nam" "$ver*" "$d" | readarray -t arcs
+
+    local f
+    for f in "${arcs[@]}"; do
+      local p
+      pkg_verify_archive "$f" | readarray -t p
+
+      local v="${p[1]}"
+
+      local rv
+      rv="$(version_revision "$v")"
+
+      if [ "$rv" -gt "$rev" ]; then
+        exit_with_manifest 422 "newer revision $nam/$v is present"
+      fi
+    done
   done
 }
 
diff --git a/tests/submit/submit-git.testscript b/tests/submit/submit-git.testscript
index 8cdb29a..19650c5 100644
--- a/tests/submit/submit-git.testscript
+++ b/tests/submit/submit-git.testscript
@@ -466,21 +466,14 @@ pkg_ctl="$prj_ctl/hello.git"
       sections['*']=1/alpha
       EOI
 
-    # Add the libhello/0.1.0+1 package revision to the target repository.
-    #
-    tar -xf $data_dir/libhello-0.1.0.tar.gz &libhello-0.1.0/***;
-    sed -i -e 's/(version: 0.1.0)/\1+1/' libhello-0.1.0/manifest;
-    mv libhello-0.1.0 libhello-0.1.0+1;
-    mkdir -p tgt/1/alpha/hello/;
-    tar cfz tgt/1/alpha/hello/libhello-0.1.0+1.tar.gz libhello-0.1.0+1;
-    $g -C tgt add 1/;
-
     $g -C tgt config user.name 'Test Script';
     $g -C tgt config user.email 'testscript@example.com';
     $g -C tgt commit -am 'Add config and archive';
     $g -C tgt push;
 
-    $* "file:///$~/tgt.git" $data_dir >>"EOO" &tgt/1/alpha/hello/libhello-0.1.0.tar.gz;
+    # Initial submission.
+    #
+    $* "file:///$~/tgt.git" $data_dir >>"EOO";
       : 1
       status: 200
       message: package submission is queued: libhello/0.1.0
@@ -489,8 +482,46 @@ pkg_ctl="$prj_ctl/hello.git"
 
     $g -C tgt pull;
 
-    test -f tgt/1/alpha/hello/libhello-0.1.0+1.tar.gz == 1;
-    test -f tgt/1/alpha/hello/libhello-0.1.0.tar.gz
+    test -f tgt/1/alpha/hello/libhello-0.1.0.tar.gz;
+
+    # Revision submission.
+    #
+    # Here we test that the handler removes the previous revision.
+    #
+    $clone_root_data_clean;
+
+    tar -xf $~/$data_dir/libhello-0.1.0.tar.gz;
+    sed -i -e 's/(version: 0.1.0)/\1+1/' libhello-0.1.0/manifest;
+    mv libhello-0.1.0 libhello-0.1.0+1;
+    tar cfz $~/$data_dir/libhello-0.1.0+1.tar.gz libhello-0.1.0+1;
+    rm -r libhello-0.1.0+1;
+    rm $~/$data_dir/libhello-0.1.0.tar.gz;
+    sed -i -e 's/(archive: libhello-0.1.0)(.tar.gz)/\1+1\2/' $data_dir/request.manifest;
+
+    $* "file:///$~/tgt.git" $data_dir >>"EOO" &tgt/1/alpha/hello/libhello-0.1.0+1.tar.gz;
+      : 1
+      status: 200
+      message: package submission is queued: libhello/0.1.0+1
+      reference: $checksum
+      EOO
+
+    $g -C tgt pull;
+
+    test -f tgt/1/alpha/hello/libhello-0.1.0.tar.gz == 1;
+    test -f tgt/1/alpha/hello/libhello-0.1.0+1.tar.gz;
+
+    # While at it, test the older revision submission.
+    #
+    $clone_root_data_clean;
+
+    $* "file:///$~/tgt.git" $data_dir >>"EOO";
+      : 1
+      status: 422
+      message: newer revision libhello/0.1.0+1 is present
+      reference: $checksum
+      EOO
+
+    test -f tgt/1/alpha/hello/libhello-0.1.0+1.tar.gz
   }
 
   : section-fallback
-- 
cgit v1.1