Hi,
On 17/07/2019 23:37, Ian Jackson wrote:
23:27 <Diziet> Woah, not sure relaxing suite_re is safe
23:29 <Diziet> Is / allowed in git config variable names ? I think so, cf
insteadOf
^ the above was prompted by the fact that dgit constructs git config
setting names from suite names
git-config(1) says that git config setting names have three parts:
section: Only alphanumeric characters, - and . are allowed in section names
subsection: case sensitive and can contain any characters except newline
name (after the last .): variable names are case-insensitive, allow only
alphanumeric characters and -, and must start with an alphabetic character.
AFAICS, suite names are only used in "subsections" (e.g.
dgit-suite.$isuite.distro) so this is legitimate.
23:32 <Diziet> Did you do any kind of audit to check that relaxing that re was
OK ? In the general case such an audit is necessary and it
would be actually helpful to have two people do it...
23:32 <Diziet> Can you split that change out into its own commit and provide
not just an explanation of why it's needed but also why you
think it is OK ?
23:32 <Diziet> There's a suite map thing (see the debian-security config) which
could be used to get rid of the /
In the meantime I will see if I can do my own audit to see whether /
is OK. Please let me know the list of necessary changes. A cursory
glance has found one place already where / would cause trouble; it
needs a code change but it would not affect your use case.
I am far from an expert on the internals of dgit, and lazily I mostly
only looked at clone/fetch (since Ubuntu is a read-only distro from a
dgit pov anyway); and having stared at the code for much of this
afternoon I am more rather than less confused.
I'll rebase the branch I sent you out-of-band to have the suite_re
change in a separate commit. The suite map thing is no help here, since
the suite_map check is done first (L1442) before suite_rmap is applied
(L1445).
Even assuming we tweaked the code to allow / in Codename but not
elsewhere, I don't think you could do something like the suite-rmap used
for debian-security without having a separate dgit "distribution" for
each OpenStack release represented in the UCA - suite-rmap can just put
"-security" on to the Suite presented in the Release file, but with UCA
you might want "-train", "-queens", and so on.
[I think you could require the user to specify e.g.
bionic-proposed-train as a suite and then have suite-map convert this to
bionic-proposed/train for the apt source file, but I think that wouldn't
be very user-friendly?]
Regards,
Matthew
--
The Wellcome Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
