4 files changed, 104 insertions, 11 deletions
diff --git a/brep/handler/submit/submit-git.bash.in b/brep/handler/submit/submit-git.bash.in
index 2508a79..cf7300d 100644
--- a/brep/handler/submit/submit-git.bash.in
+++ b/brep/handler/submit/submit-git.bash.in
@@ -59,6 +59,10 @@ function owners_dir () # <repo-dir>
 # Check if a repository already contains the package. Respond with the
 # 'duplicate submission' result manifest and exit if that's the case.
 #
+# Also check if the repository contains newer revision of this package
+# version. Respond with the 'newer revision is present' result manifest and
+# exit if that's the case.
+#
 function check_package_duplicate () # <name> <version> <repo-dir>
 {
   trace_func "$@"
@@ -72,13 +76,21 @@ function check_package_duplicate () # <name> <version> <repo-dir>
 
   run source "$rep/submit.config.bash"
 
-  # Check for duplicate package in all sections. Use <name>-<version>.*
-  # without .tar.gz in case we want to support more archive types later.
+  local rev
+  rev="$(version_revision "$ver")"
+
+  # Check for duplicate package and its newer revisions in all sections. Use
+  # <name>-<version>.* without .tar.gz in case we want to support more archive
+  # types later.
   #
   local s
   for s in "${!sections[@]}"; do
+    local d="$rep/${sections[$s]}"
+
+    # Check for duplicate.
+    #
     local p
-    run pkg_find_archive "$nam-$ver.*" "$rep/${sections[$s]}" | readarray -t p
+    run pkg_find_archive "$nam-$ver.*" "$d" | readarray -t p
 
     if [ "${#p[@]}" -ne 0 ]; then
       local n="${p[1]}"
@@ -92,6 +104,26 @@ function check_package_duplicate () # <name> <version> <repo-dir>
         exit_with_manifest 422 "submission conflicts with $n/$v"
       fi
     fi
+
+    # Check for newer revision.
+    #
+    local arcs
+    run pkg_find_archives "$nam" "$ver*" "$d" | readarray -t arcs
+
+    local f
+    for f in "${arcs[@]}"; do
+      local p
+      pkg_verify_archive "$f" | readarray -t p
+
+      local v="${p[1]}"
+
+      local rv
+      rv="$(version_revision "$v")"
+
+      if [ "$rv" -gt "$rev" ]; then
+        exit_with_manifest 422 "newer revision $nam/$v is present"
+      fi
+    done
   done
 }
 
diff --git a/brep/handler/submit/submit-git.in b/brep/handler/submit/submit-git.in
index 8bf6a07..c882b84 100644
--- a/brep/handler/submit/submit-git.in
+++ b/brep/handler/submit/submit-git.in
@@ -405,7 +405,7 @@ function git_add () # <repo-dir> <path>...
   local d="$1"
   shift
 
-  run git -C "$d" add $gvo "$@" >&2
+  run git -C "$d" add --force $gvo "$@" >&2
 }
 
 # For now we make 10 re-tries to add the package and push to target. Push can
diff --git a/brep/handler/submit/submit-pub.in b/brep/handler/submit/submit-pub.in
index ea12a29..42d478d 100644
--- a/brep/handler/submit/submit-pub.in
+++ b/brep/handler/submit/submit-pub.in
@@ -12,7 +12,7 @@
 #
 # Specifically, the handler performs the following steps:
 #
-# - Lock the repository directory for the duraton of the package submission.
+# - Lock the repository directory for the duration of the package submission.
 #
 # - Check for the package duplicate.
 #
@@ -257,6 +257,8 @@ else
   message_suffix=": $name/$version"
 fi
 
+revision="$(version_revision "$version")"
+
 # Open the reading file descriptor and lock the repository. Fail if unable to
 # lock before timeout.
 #
@@ -330,9 +332,24 @@ run rsync -rtO --exclude 'packages.manifest' --link-dest="$repo_old" \
 # Remove the package version revision archives that may exist in the
 # repository.
 #
+# But first check if the repository contains newer revision of this package
+# version. Respond with the 'newer revision is present' result manifest and
+# exit if that's the case.
+#
 run pkg_find_archives "$name" "$version*" "$repo_new/1" | readarray -t arcs
 
 for f in "${arcs[@]}"; do
+  pkg_verify_archive "$f" | readarray -t p
+
+  v="${p[1]}"
+  rv="$(version_revision "$v")"
+
+  if [ "$rv" -gt "$revision" ]; then
+    exit_with_manifest 422 "newer revision $name/$v is present"
+  fi
+done
+
+for f in "${arcs[@]}"; do
   run rm "$f"
 done
 
diff --git a/brep/handler/submit/submit.bash.in b/brep/handler/submit/submit.bash.in
index 667bbc1..7826809 100644
--- a/brep/handler/submit/submit.bash.in
+++ b/brep/handler/submit/submit.bash.in
@@ -47,12 +47,29 @@ function extract_package_manifest () # <archive> <manifest>
   local arc="$1"
   local man="$2"
 
-  # Pass the --deep option to make sure that the *-file manifest values are
-  # resolvable, so rep-create will not fail due to this package down the road.
-  # Note that we also make sure that all the manifest values are known (see
-  # bpkg-pkg-verify for details).
+  # Pass the --deep option to make sure that the bootstrap buildfile is
+  # present and the *-file manifest values are resolvable, so rep-create will
+  # not fail due to this package down the road. Note that we also make sure
+  # that all the manifest values are known (see bpkg-pkg-verify for details).
   #
-  if ! run_silent bpkg pkg-verify --deep --manifest "$arc" >"$man"; then
+  local cmd=(bpkg pkg-verify --deep --manifest "$arc")
+  trace_cmd "${cmd[@]}"
+
+  # Note that we used to just advise the user to run bpkg-pkg-verify locally
+  # for the details on the potential failure. That, however, may not always be
+  # helpful since the user can use a different version of the toolchain and so
+  # may observe a different behavior. Thus, we add the bpkg-pkg-verify error
+  # message to the response, turning it into an info. This way the user may
+  # potentially see the following bdep-publish diagnostics:
+  #
+  # error: package archive is not valid
+  #   info: unable to satisfy constraint (build2 >= 0.17.0-) for package libhello-1.0.0.tar.gz
+  #   info: available build2 version is 0.16.0
+  #   info: run bpkg pkg-verify for details
+  #   info: reference: 308e155764c8
+  #
+  local e
+  if ! e="$("${cmd[@]}" 2>&1 >"$man")"; then
 
     # Perform the sanity check to make sure that bpkg is runnable.
     #
@@ -60,6 +77,33 @@ function extract_package_manifest () # <archive> <manifest>
       error "unable to run bpkg"
     fi
 
-    exit_with_manifest 400 "archive is not a valid package (run bpkg pkg-verify for details)"
+    # Note that bpkg-pkg-verify diagnostics may potentially contain the
+    # archive absolute path. Let's sanitize this diagnostics by stripping the
+    # archive directory path, if present. Also note that to use sed for that
+    # we first need to escape the special regex characters and slashes in the
+    # archive directory path (see sed's basic regular expressions for
+    # details).
+    #
+    local d="$(sed 's/[[\.*^$/]/\\&/g' <<<"$(dirname "$arc")/")"
+
+    e="$(sed -e "s/$d//g" -e 's/^error:/  info:/' <<<"$e")"
+    e=$'package archive is not valid\n'"$e"$'\n  info: run bpkg pkg-verify for details'
+
+    exit_with_manifest 400 "$e"
   fi
 }
+
+# Extract the revision part from the package version. Return 0 if the version
+# doesn't contain revision.
+#
+function version_revision () # version
+{
+  local r
+  r="$(sed -n -re 's%^(\+?[^+]+)(\+([0-9]+))?$%\3%p' <<<"$1")"
+
+  if [ -z "$r" ]; then
+    r="0"
+  fi
+
+  echo "$r"
+}