From dd554e20b999fbd24ae15e7ee96556ff52d9f0cc Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 10 Jun 2014 15:49:17 -0400 Subject: [PATCH] When git gpg signature of a fetched git branch cannot be verified, propellor will now continue running, but without merging in that branch. This way, propellor doesn't stop enforcing properties just because its new configuration isn't ready. It just uses the old configuration. --- debian/changelog | 2 ++ src/Propellor/CmdLine.hs | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index b7303cb..58ab7ba 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ propellor (0.7.0) UNRELEASED; urgency=medium failure. * Attr is renamed to Info. * Renamed wrapper to propellor to make cabal installation of propellor work. + * When git gpg signature of a fetched git branch cannot be verified, + propellor will now continue running, but without merging in that branch. -- Joey Hess Sat, 07 Jun 2014 00:12:44 -0400 diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs index 06a5921..32e9731 100644 --- a/src/Propellor/CmdLine.hs +++ b/src/Propellor/CmdLine.hs @@ -132,6 +132,8 @@ updateFirst cmdline next = do void $ actionMessage "Git fetch" $ boolSystem "git" [Param "fetch"] + oldsha <- getCurrentGitSha1 branchref + whenM (doesFileExist keyring) $ do {- To verify origin branch commit's signature, have to - convince gpg to use our keyring. While running git log. @@ -153,10 +155,9 @@ updateFirst cmdline next = do then do putStrLn $ "git branch " ++ originbranch ++ " gpg signature verified; merging" hFlush stdout - else errorMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it!" + void $ boolSystem "git" [Param "merge", Param originbranch] + else warningMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)" - oldsha <- getCurrentGitSha1 branchref - void $ boolSystem "git" [Param "merge", Param originbranch] newsha <- getCurrentGitSha1 branchref if oldsha == newsha