Having looked at this, I think the necessary pieces are:
dgit-repos-server
In the list of ways to invoke the policy hook,
add a new "publicx remote query" option.
infra/dgit-ssh-dispatch
Add an option to invoke the policy hook remote query.
(Use the git-check as an example of a non-git ssh command.)
infra/dgit-repos-policy-debian
Define a remote query "tainted objects for package P"
and implement it. It should check P syntax and return a list of:
git object type
git object id
timestamp (unix time_t probably, not proper JSON time)
reason
taint override deliberately string(s) if any
Probably the format should be JSON.
dgit
In dopush, after $dgithead is calculated, but before
we commit (probably, after the deliberately_not_fast_forward check):
Check the config to see if we should (access_cfg 'taint-check')
If enabled:
Run the remote query (suitable ssh rune)
For each thing that's returned, check to see if we have that local
object at all. If not, we can disregard that line.
If the server mentions tainted objects that we actually have, run
git-rev-list --objects --in-commit-order --pretty=format: $dgithead
The output is rather strange, but I think unambiguous.
I tested creating a file named "a\nb" with a literal newline,
and the output (a bit bizarrely) claimed the path was just "a".
For each line, see if the objectid was in the tainted list.
If so, check to see if any of the user-specified
deliberatelies were in the server's list for this taint.
If no deliberately applies, forceable_fail, reporting:
The object type and id.
If the object type was a tree or blob, the preceding commitid.
in the rev-list output (ie, the most recent commit that contains it)
The timestamp and reason.
*Don't* print the precise --deliberately, even though we have it
available. That avoids setting up the user for the mistake of
just pasting the force option from the error message into the
command line.
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
