Eli Schwartz via arch-projects
2018-12-02 19:28:22 UTC
A semi-common pattern is for one maintainer to stage a rebuild of a
package due to e.g. cascading repository-wide python/boost/whatever
rebuilds, and then for the original maintainer of the package to not
notice and update the package in the stable repo, leaving an out of date
rebuild in staging or testing.
Then the the out of date package gets moved and ends up breaking things,
possibly via a package downgrade, possibly via breaking compatibility
with a much more targeted rebuild uploaded all at once. Ultimately,
Things Happen™ and the repository hierarchy gets broken.
Prevent this by enforcing for all packages that exist in
multiple levels of the repo: staging -> testing -> stable
That updates to one must come with an update to all the others.
Signed-off-by: Eli Schwartz <***@archlinux.org>
---
db-functions | 21 +++++++++++++++++++++
db-update | 5 +++++
test/cases/db-update.bats | 13 +++++++++++++
3 files changed, 39 insertions(+)
diff --git a/db-functions b/db-functions
index 7aeedced..b47ad570 100644
--- a/db-functions
+++ b/db-functions
@@ -374,6 +374,27 @@ check_pkgrepos() {
return 0
}
+check_stagingrepos() {
+ local pkgfile=${1}
+ local pkgrepo=${2}
+ local pkgname=$(getpkgname "${pkgfile}")
+ local pkgarch=$(getpkgarch "${pkgfile}")
+ local candidate
+
+ if in_array "${pkgrepo}" "${STABLE_REPOS[@]}"; then
+ candidate=$(find_repo_for_package "${pkgname}" "${pkgarch}" "${TESTING_REPOS[@]}") || return 0
+ elif in_array "${pkgrepo}" "${TESTING_REPOS}"; then
+ candidate=$(find_repo_for_package "${pkgname}" "${pkgarch}" "${STAGING_REPOS[@]}") || return 0
+ fi
+
+ printf '%s\n' "${candidate%-*}"
+ for candidate in "${STAGING}/${candidate%-*}"/*${PKGEXTS}; do
+ [[ ${pkgname} = $(getpkgname "${candidate}" 2>/dev/null) ]] && return 0
+ done
+
+ return 1
+}
+
#usage: chk_license ${license[@]}"
chk_license() {
local l
diff --git a/db-update b/db-update
index 313fb999..f07a8a45 100755
--- a/db-update
+++ b/db-update
@@ -52,6 +52,11 @@ for repo in "${repos[@]}"; do
if ! check_pkgrepos "${pkg}"; then
die "Package %s already exists in another repository" "$repo/${pkg##*/}"
fi
+ set -x
+ if ! missing_repo="$(check_stagingrepos "${pkg}" "${repo}")"; then
+ die "Package %s in %s needs to be updated in unstable repos as well: %s" "${pkg}" "${repo}" "${missing_repo}"
+ fi
+ set +x
if ! check_packager "${pkg}"; then
die "Package %s does not have a valid packager" "$repo/${pkg##*/}"
fi
diff --git a/test/cases/db-update.bats b/test/cases/db-update.bats
index 9ee06321..f2e7fcab 100644
--- a/test/cases/db-update.bats
+++ b/test/cases/db-update.bats
@@ -87,6 +87,19 @@ load ../lib/common
checkPackage testing pkg-any-a 1-2
}
+@test "update any package to stable repo without updating testing package fails" {
+ releasePackage extra pkg-any-a
+ db-update
+ updatePackage pkg-any-a
+ releasePackage testing pkg-any-a
+ db-update
+ updatePackage pkg-any-a
+ releasePackage extra pkg-any-a
+
+ run db-update
+ [ "$status" -ne 0 ]
+}
+
@test "update same any package to same repository fails" {
releasePackage extra pkg-any-a
db-update
package due to e.g. cascading repository-wide python/boost/whatever
rebuilds, and then for the original maintainer of the package to not
notice and update the package in the stable repo, leaving an out of date
rebuild in staging or testing.
Then the the out of date package gets moved and ends up breaking things,
possibly via a package downgrade, possibly via breaking compatibility
with a much more targeted rebuild uploaded all at once. Ultimately,
Things Happen™ and the repository hierarchy gets broken.
Prevent this by enforcing for all packages that exist in
multiple levels of the repo: staging -> testing -> stable
That updates to one must come with an update to all the others.
Signed-off-by: Eli Schwartz <***@archlinux.org>
---
db-functions | 21 +++++++++++++++++++++
db-update | 5 +++++
test/cases/db-update.bats | 13 +++++++++++++
3 files changed, 39 insertions(+)
diff --git a/db-functions b/db-functions
index 7aeedced..b47ad570 100644
--- a/db-functions
+++ b/db-functions
@@ -374,6 +374,27 @@ check_pkgrepos() {
return 0
}
+check_stagingrepos() {
+ local pkgfile=${1}
+ local pkgrepo=${2}
+ local pkgname=$(getpkgname "${pkgfile}")
+ local pkgarch=$(getpkgarch "${pkgfile}")
+ local candidate
+
+ if in_array "${pkgrepo}" "${STABLE_REPOS[@]}"; then
+ candidate=$(find_repo_for_package "${pkgname}" "${pkgarch}" "${TESTING_REPOS[@]}") || return 0
+ elif in_array "${pkgrepo}" "${TESTING_REPOS}"; then
+ candidate=$(find_repo_for_package "${pkgname}" "${pkgarch}" "${STAGING_REPOS[@]}") || return 0
+ fi
+
+ printf '%s\n' "${candidate%-*}"
+ for candidate in "${STAGING}/${candidate%-*}"/*${PKGEXTS}; do
+ [[ ${pkgname} = $(getpkgname "${candidate}" 2>/dev/null) ]] && return 0
+ done
+
+ return 1
+}
+
#usage: chk_license ${license[@]}"
chk_license() {
local l
diff --git a/db-update b/db-update
index 313fb999..f07a8a45 100755
--- a/db-update
+++ b/db-update
@@ -52,6 +52,11 @@ for repo in "${repos[@]}"; do
if ! check_pkgrepos "${pkg}"; then
die "Package %s already exists in another repository" "$repo/${pkg##*/}"
fi
+ set -x
+ if ! missing_repo="$(check_stagingrepos "${pkg}" "${repo}")"; then
+ die "Package %s in %s needs to be updated in unstable repos as well: %s" "${pkg}" "${repo}" "${missing_repo}"
+ fi
+ set +x
if ! check_packager "${pkg}"; then
die "Package %s does not have a valid packager" "$repo/${pkg##*/}"
fi
diff --git a/test/cases/db-update.bats b/test/cases/db-update.bats
index 9ee06321..f2e7fcab 100644
--- a/test/cases/db-update.bats
+++ b/test/cases/db-update.bats
@@ -87,6 +87,19 @@ load ../lib/common
checkPackage testing pkg-any-a 1-2
}
+@test "update any package to stable repo without updating testing package fails" {
+ releasePackage extra pkg-any-a
+ db-update
+ updatePackage pkg-any-a
+ releasePackage testing pkg-any-a
+ db-update
+ updatePackage pkg-any-a
+ releasePackage extra pkg-any-a
+
+ run db-update
+ [ "$status" -ne 0 ]
+}
+
@test "update same any package to same repository fails" {
releasePackage extra pkg-any-a
db-update
--
2.19.2
2.19.2