From 92ce9a3681fa939f1b39326abad62bb264bcd6ac Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Mon, 4 Apr 2022 15:48:51 +0300
Subject: Fix submit-git handler to deny submission of older package version
 revision

---
 brep/handler/submit/submit-git.bash.in | 53 ++++++++++++++++++++++++++++++++--
 1 file changed, 50 insertions(+), 3 deletions(-)

(limited to 'brep/handler')

diff --git a/brep/handler/submit/submit-git.bash.in b/brep/handler/submit/submit-git.bash.in
index 2508a79..1c50adb 100644
--- a/brep/handler/submit/submit-git.bash.in
+++ b/brep/handler/submit/submit-git.bash.in
@@ -56,9 +56,28 @@ function owners_dir () # <repo-dir>
   echo "$r"
 }
 
+# Extract the revision part from the package version. Return 0 if the version
+# doesn't contain revision.
+#
+function version_revision () # version
+{
+  local r
+  r="$(sed -n -re 's%^(\+?[^+]+)(\+([0-9]+))?$%\3%p' <<<"$1")"
+
+  if [ -z "$r" ]; then
+    r="0"
+  fi
+
+  echo "$r"
+}
+
 # Check if a repository already contains the package. Respond with the
 # 'duplicate submission' result manifest and exit if that's the case.
 #
+# Also check if the repository contains newer revision of this package
+# version. Respond with the 'newer revision is present' result manifest and
+# exit if that's the case.
+#
 function check_package_duplicate () # <name> <version> <repo-dir>
 {
   trace_func "$@"
@@ -72,13 +91,21 @@ function check_package_duplicate () # <name> <version> <repo-dir>
 
   run source "$rep/submit.config.bash"
 
-  # Check for duplicate package in all sections. Use <name>-<version>.*
-  # without .tar.gz in case we want to support more archive types later.
+  local rev
+  rev="$(version_revision "$ver")"
+
+  # Check for duplicate package and its newer revisions in all sections. Use
+  # <name>-<version>.* without .tar.gz in case we want to support more archive
+  # types later.
   #
   local s
   for s in "${!sections[@]}"; do
+    local d="$rep/${sections[$s]}"
+
+    # Check for duplicate.
+    #
     local p
-    run pkg_find_archive "$nam-$ver.*" "$rep/${sections[$s]}" | readarray -t p
+    run pkg_find_archive "$nam-$ver.*" "$d" | readarray -t p
 
     if [ "${#p[@]}" -ne 0 ]; then
       local n="${p[1]}"
@@ -92,6 +119,26 @@ function check_package_duplicate () # <name> <version> <repo-dir>
         exit_with_manifest 422 "submission conflicts with $n/$v"
       fi
     fi
+
+    # Check for newer revision.
+    #
+    local arcs
+    run pkg_find_archives "$nam" "$ver*" "$d" | readarray -t arcs
+
+    local f
+    for f in "${arcs[@]}"; do
+      local p
+      pkg_verify_archive "$f" | readarray -t p
+
+      local v="${p[1]}"
+
+      local rv
+      rv="$(version_revision "$v")"
+
+      if [ "$rv" -gt "$rev" ]; then
+        exit_with_manifest 422 "newer revision $nam/$v is present"
+      fi
+    done
   done
 }
 
-- 
cgit v1.1