Ian Jackson writes ("Bug#1051137: bookworm-pu: package dgit/10.7+deb12u2"):
> Two users separately disscovered a misssing safety catch in dgit:
In the absence of a negative response, and conscious of the upcoming
stable release, I've uploaded this.
dgit push-source spotted that I had botched the suite name in the
d/changelog. Therefore I made an additional commit to fix that.
Please find attached the incremental diff, and a complete revised diff
of the actual upload.
Thanks,
Ian.
>From f31976ecdc0c4ce1d451bc2f138f0b9d5a3689c1 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijack...@chiark.greenend.org.uk>
Date: Fri, 29 Sep 2023 11:28:51 +0100
Subject: [PATCH] changelog: fix wrong suite
Signed-off-by: Ian Jackson <ijack...@chiark.greenend.org.uk>
---
debian/changelog | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 55aca1076..14b122146 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-dgit (10.7+deb12u2) unstable; urgency=medium
+dgit (10.7+deb12u2) bookworm; urgency=medium
* Prevent pushing older versions than is in the archive.
Closes: #1050711. [Reports from Helmut Grohne and Phil Hands]
--
2.20.1
diff --git a/debian/changelog b/debian/changelog
index bf03d2744..14b122146 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+dgit (10.7+deb12u2) bookworm; urgency=medium
+
+ * Prevent pushing older versions than is in the archive.
+ Closes: #1050711. [Reports from Helmut Grohne and Phil Hands]
+ Backported from dgit 11.3.
+
+ -- Ian Jackson <ijack...@chiark.greenend.org.uk> Sun, 03 Sep 2023 00:49:57
+0100
+
dgit (10.7+deb12u1) bookworm; urgency=medium
* Use the old /updates security map only for buster. Fixes fetching from
diff --git a/debian/tests/control b/debian/tests/control
index a22400b17..99ef53414 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -100,7 +100,7 @@ Tests: trustingpolicy-replay
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot,
build-essential, chiark-utils-bin, bc, faketime, liburi-perl, dput-ng
-Tests: absurd-gitapply badcommit-rewrite build-modes build-modes-long
build-modes-source checkout clone-clogsigpipe debpolicy-dbretry
debpolicy-newreject debpolicy-quilt-gbp debpolicy-taintrm defdistro-rpush
defdistro-setup distropatches-reject dpkgsourceignores-correct
drs-push-masterupdate drs-push-rejects dsd-divert fetch-localgitonly
fetch-somegit-notlast forcesplit-linear forcesplit-overwrite gbp-orig gitconfig
gitworktree import-dsc import-maintmangle import-native import-nonnative
import-tarbomb inarchivecopy mismatches-contents mismatches-dscchanges
multisuite orig-include-exclude orig-include-exclude-chkquery overwrite-chkclog
overwrite-junk overwrite-splitbrains overwrite-version pbuilder protocol-compat
push-buildproductsdir push-newpackage push-newrepeat push-nextdgit push-source
push-source-with-changes quilt quilt-gbp quilt-gbp-build-modes
quilt-include-binaries quilt-singlepatch quilt-splitbrains quilt-useremail
rpush rpush-quilt rpush-source sourceonlypolicy tag-updates unrepresentable
unrepresentable-single-dpkg unrepresentable-single-git version-opt
+Tests: absurd-gitapply badcommit-rewrite build-modes build-modes-long
build-modes-source checkout clone-clogsigpipe debpolicy-dbretry
debpolicy-newreject debpolicy-quilt-gbp debpolicy-taintrm defdistro-rpush
defdistro-setup distropatches-reject dpkgsourceignores-correct
drs-push-masterupdate drs-push-rejects dsd-divert fetch-localgitonly
fetch-somegit-notlast forcesplit-linear forcesplit-overwrite gbp-orig gitconfig
gitworktree import-dsc import-maintmangle import-native import-nonnative
import-pushold import-tarbomb inarchivecopy mismatches-contents
mismatches-dscchanges multisuite orig-include-exclude
orig-include-exclude-chkquery overwrite-chkclog overwrite-junk
overwrite-splitbrains overwrite-version pbuilder protocol-compat
push-buildproductsdir push-newpackage push-newrepeat push-nextdgit push-source
push-source-with-changes quilt quilt-gbp quilt-gbp-build-modes
quilt-include-binaries quilt-singlepatch quilt-splitbrains quilt-useremail
rpush rpush-quilt rpush-source sourceonlypolicy tag-updates unrepresentable
unrepresentable-single-dpkg unrepresentable-single-git version-opt
Tests-Directory: tests/tests
Depends: dgit, dgit-infrastructure, devscripts, debhelper (>=8), fakeroot,
build-essential, chiark-utils-bin, bc, faketime, liburi-perl
diff --git a/dgit b/dgit
index 541420921..dd2b301a6 100755
--- a/dgit
+++ b/dgit
@@ -103,7 +103,7 @@ our $chase_dsc_distro=1;
our %forceopts = map { $_=>0 }
qw(unrepresentable unsupported-source-format
dsc-changes-mismatch changes-origs-exactly
- uploading-binaries uploading-source-only
+ uploading-binaries uploading-old-version uploading-source-only
reusing-version
push-tainted
import-gitapply-absurd
@@ -4680,6 +4680,7 @@ END
git_fetch_us();
}
my $archive_hash = fetch_from_archive();
+ my $archive_dsc = $dsc;
if (!$archive_hash) {
$new_package or
fail __ "package appears to be new in this suite;".
@@ -4737,6 +4738,16 @@ END
my $upstreamversion = upstreamversion $clogp->{Version};
+ if (defined $archive_dsc &&
+ version_compare($archive_dsc->{Version}, $cversion) >= 0 &&
+ !forceing [qw(uploading-old-version)]) {
+ fail f_ <<'END', $archive_dsc->{Version}, $csuite, $cversion;
+You seem to be trying to push an old version.
+Version current in archive: %s (in suite %s)
+Version you are trying to upload: %s
+END
+ }
+
if (madformat_wantfixup($format)) {
# user might have not used dgit build, so maybe do this now:
if (do_split_brain()) {
diff --git a/tests/tests/dpkgsourceignores-correct
b/tests/tests/dpkgsourceignores-correct
index f71c3a46e..f3d70fa7b 100755
--- a/tests/tests/dpkgsourceignores-correct
+++ b/tests/tests/dpkgsourceignores-correct
@@ -48,6 +48,6 @@ git add .
git commit -m 'want these'
t-dgit --quilt=smash -wgf build-source
-t-dgit -wgf push-built
+t-dgit --force-uploading-old-version -wgf push-built
t-ok
diff --git a/tests/tests/gitworktree b/tests/tests/gitworktree
index e0f0e0d7e..e8963b70b 100755
--- a/tests/tests/gitworktree
+++ b/tests/tests/gitworktree
@@ -22,6 +22,6 @@ git add modification
git commit -m 'want this'
t-dgit -wgf quilt-fixup
-t-dgit -wgf --quilt=nofix push-source
+t-dgit -wgf --quilt=nofix push-source --force-uploading-old-version
t-ok
diff --git a/tests/tests/import-pushold b/tests/tests/import-pushold
new file mode 100755
index 000000000..ed73fa34c
--- /dev/null
+++ b/tests/tests/import-pushold
@@ -0,0 +1,37 @@
+#!/bin/bash
+set -e
+. tests/lib
+
+t-tstunt-parsechangelog
+
+p=example
+old=1.0-1
+current=1.0-1.100
+
+t-archive $p $current
+t-git-none
+
+mkdir $p
+cd $p
+git init
+t-dgit import-dsc $troot/pkg-srcs/${p}_${old}.dsc main
+git checkout main
+
+t-dgit fetch
+
+: "attempt push of old"
+
+t-expect-fail 'trying to push an old version' \
+t-dgit push-source --deliberately-not-fast-forward --overwrite
+
+: "attempt push of current"
+
+t-dgit checkout sid
+
+t-expect-fail 'trying to push an old version' \
+t-dgit push-source --deliberately-not-fast-forward --overwrite
+
+t-dgit push-source --force-uploading-old-version
+t-pushed-good dgit/sid
+
+t-ok
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
