From 05eeac08b63449925cc2e12d2fdaf937d5fa1bbc Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Tue, 28 Aug 2018 17:34:24 +0300 Subject: Fix submit-git to respond with 422 (client) error if fail to git-clone control URL --- brep/handler/submit/submit-git.bash.in | 22 +++++++++++++++------- brep/handler/submit/submit-git.in | 29 ++++++++++++----------------- 2 files changed, 27 insertions(+), 24 deletions(-) (limited to 'brep/handler/submit') diff --git a/brep/handler/submit/submit-git.bash.in b/brep/handler/submit/submit-git.bash.in index 2fd26b0..c77f18d 100644 --- a/brep/handler/submit/submit-git.bash.in +++ b/brep/handler/submit/submit-git.bash.in @@ -299,15 +299,20 @@ function url_scheme () # sed -n -e 's%^\(.*\)://.*$%\L\1%p' <<<"$1" } -# Checks that the repository properly responds to the probing request before +# Check that the repository properly responds to the probing request before # the timeout (in seconds). Noop for protocols other than HTTP(S). # -function check_connectivity () # +# If the repository is other than ours (e.g., control) then don't log a +# failure and respond with the 422 (client) rather than 503 (server) HTTP +# error. +# +function check_connectivity () # { trace_func "$@" local url="$1" local tmo="$2" + local our="$3" local s s="$(url_scheme "$url")" @@ -324,11 +329,14 @@ function check_connectivity () # u="$u/info/refs$q&service=git-upload-pack" fi - # This function is called on repositories other than ours (e.g., control) - # so we don't want a failure to be logged. - # - if ! run_silent curl -S -s --max-time "$tmo" "$u" >/dev/null; then - exit_with_manifest 503 "submission service temporarily unavailable" + local cmd=(curl -S -s --max-time "$tmo" "$u") + + if [ "$our" ]; then + if ! run "${cmd[@]}" >/dev/null; then + exit_with_manifest 503 "submission service temporarily unavailable" + fi + elif ! run_silent "${cmd[@]}" >/dev/null; then + exit_with_manifest 422 "repository $url unavailable" fi fi } diff --git a/brep/handler/submit/submit-git.in b/brep/handler/submit/submit-git.in index 461aab4..a403377 100644 --- a/brep/handler/submit/submit-git.in +++ b/brep/handler/submit/submit-git.in @@ -387,18 +387,6 @@ function git_add () # ... run git -C "$d" add $gvo "$@" >&2 } -function git_clone () # ... -{ - local url="$1" - shift - - local dir="$1" - shift - - check_connectivity "$url" "$git_timeout" - run git "${git_http_timeout[@]}" clone $gqo $gvo "$@" "$url" "$dir" >&2 -} - # Dor now we make 10 re-tries to add the package and push to target. Push can # fail due to the target-to-reference information move race (see the above # notes for details) or because concurrent submissions. We may want to make it @@ -411,7 +399,10 @@ for i in {1..11}; do # Clone the target repository. # tgt_dir="$data_dir/target" - git_clone "$tgt_repo" "$tgt_dir" --single-branch --depth 1 + check_connectivity "$tgt_repo" "$git_timeout" true + + run git "${git_http_timeout[@]}" clone $gqo $gvo --single-branch --depth 1 \ +"$tgt_repo" "$tgt_dir" >&2 check_package_duplicate "$name" "$version" "$tgt_dir" @@ -435,7 +426,7 @@ for i in {1..11}; do # Pull the reference repository. # - check_connectivity "$remote_url" "$git_timeout" + check_connectivity "$remote_url" "$git_timeout" true run git "${git_http_timeout[@]}" -C "$ref_repo" pull $gqo $gvo >&2 # Check the package duplicate. @@ -600,8 +591,12 @@ for i in {1..11}; do # ctl_dir="$data_dir/control" - git_clone "$control" "$ctl_dir" --single-branch --depth 1 \ - --branch "build2-control" + check_connectivity "$control" "$git_timeout" "" + + if ! run_silent git "${git_http_timeout[@]}" clone $gqo $gvo --depth 1 \ +--single-branch --branch "build2-control" "$control" "$ctl_dir" >&2; then + exit_with_manifest 422 "failed to git-clone $control" + fi if [ ! -f "$ctl_dir/submit/${sha256sum:0:16}" ]; then exit_with_manifest 401 "package publishing authorization failed" @@ -638,7 +633,7 @@ Add $name/$version to $s/$project $(cat "$data_dir/request.manifest") EOF - check_connectivity "$tgt_repo" "$git_timeout" + check_connectivity "$tgt_repo" "$git_timeout" true # Try to push the target modifications. If this succeeds then we are done. # Otherwise, drop the target directory and re-try the whole -- cgit v1.1