# # # patch "database.cc" # from [ef99937af2d57f2726d80037bdb20e82faedf4e9] # to [c97e0bb077c83bd904ac55680379c18730aa5d2c] # # patch "database.hh" # from [c0ae9e7cf842b2d639e95d2dff57ad34984621ec] # to [bbc87341c6faac646e2852cbf15072630dea02a6] # # patch "policies/delegation.cc" # from [b8d40b10773d64081b0d73f558e297eb5c6d459b] # to [9e22466ab58c50473fd6cdfa1bca95c1765999f2] # # patch "policies/delegation.hh" # from [e97d2d4daae6a861c4ad757fcf973a92157accc4] # to [7d8bd5854f0781c3dea00dfe08da5b9bb9ffbae5] # # patch "policies/editable_policy.cc" # from [3fb66a38bd9a95f45328f4f1cd21477691901825] # to [d9bdbd2e50c5cc7ca087ab9aa54c813ecb423b33] # # patch "policies/editable_policy.hh" # from [0912f223df29917545e07711078413526735cbe6] # to [6c22ef4e400ff2487af125981e6793d4b52f280f] # # patch "policies/policy.hh" # from [39b9f928af538c226e68e330e8a137abca2df16b] # to [348069fc28357eacce1794788612981b04114fa3] # # patch "policies/policy_branch.cc" # from [7d4f1e12cfd4790e8c65a6f47fc99cf883f1ec6a] # to [6d95a6cc71244cb0422646db3dc5781ecb97a947] # # patch "policies/policy_branch.hh" # from [7be6faa4845ed692714c3af3ee1b0a44f341c402] # to [36a136a09c869d51293887a3ab8e223e40a51a46] # # patch "project.cc" # from [32b0904af4c80522a15f14526dc7631c36f9981b] # to [956426498a850ba2b0fc1624fbc05b9f434b0c63] # # patch "project.hh" # from [2375749bafc6d8f9adcf56b4f46470f84e9193d7] # to [c6f8307ef3ef22b1b246c6957b90483f439ed394] # ============================================================ --- database.cc ef99937af2d57f2726d80037bdb20e82faedf4e9 +++ database.cc c97e0bb077c83bd904ac55680379c18730aa5d2c @@ -3717,7 +3717,7 @@ namespace { // the lua hook wants key_identity_info, but all that's been // pulled from the certs is key_id. So this is needed to translate. // use pointers for project and lua so bind() doesn't make copies - bool check_revision_cert_trust(project_t * const project, + bool check_revision_cert_trust(project_t const * const project, lua_hooks * const lua, set const & signers, id const & hash, @@ -3761,7 +3761,7 @@ void } // anonymous namespace void -database::erase_bogus_certs(project_t & project, vector & certs) +database::erase_bogus_certs(project_t const & project, vector & certs) { erase_bogus_certs_internal(certs, *this, boost::bind(&check_revision_cert_trust, ============================================================ --- database.hh c0ae9e7cf842b2d639e95d2dff57ad34984621ec +++ database.hh bbc87341c6faac646e2852cbf15072630dea02a6 @@ -316,7 +316,7 @@ public: cert_name const &, cert_value const &)> cert_trust_checker; // this takes a project_t so it can translate key names for the trust hook - void erase_bogus_certs(project_t & project, std::vector & certs); + void erase_bogus_certs(project_t const & project, std::vector & certs); // permit alternative trust functions void erase_bogus_certs(std::vector & certs, cert_trust_checker const & checker); ============================================================ --- policies/delegation.cc b8d40b10773d64081b0d73f558e297eb5c6d459b +++ policies/delegation.cc 9e22466ab58c50473fd6cdfa1bca95c1765999f2 @@ -12,6 +12,7 @@ #include "policies/delegation.hh" #include "basic_io.hh" +#include "policies/policy_branch.hh" #include "transforms.hh" using std::string; @@ -85,6 +86,27 @@ namespace policies { type = branch_type; branch_desc.deserialize(in); } + + boost::shared_ptr + delegation::resolve(project_t const & project, + boost::shared_ptr parent) const + { + switch (type) + { + case revision_type: + return policy_from_revision(project, parent, revid); + case branch_type: + { + policy_branch br(project, parent, branch_desc); + E(br.size() == 1, origin::no_fault, + F("Policy branch '%s' has %d heads; need 1 head") + % branch_desc.get_uid() % br.size()); + return *br.begin(); + } + break; + } + I(false); + } } // Local Variables: ============================================================ --- policies/delegation.hh e97d2d4daae6a861c4ad757fcf973a92157accc4 +++ policies/delegation.hh 7d8bd5854f0781c3dea00dfe08da5b9bb9ffbae5 @@ -20,6 +20,7 @@ class external_key_name; class app_state; class external_key_name; +class project_t; namespace policies { class policy; @@ -43,7 +44,8 @@ namespace policies { void serialize(std::string & out) const; void deserialize(std::string const & in); - boost::shared_ptr resolve(boost::shared_ptr parent) const; + boost::shared_ptr resolve(project_t const & project, + boost::shared_ptr parent) const; }; } ============================================================ --- policies/editable_policy.cc 3fb66a38bd9a95f45328f4f1cd21477691901825 +++ policies/editable_policy.cc d9bdbd2e50c5cc7ca087ab9aa54c813ecb423b33 @@ -17,6 +17,11 @@ namespace policies { : policy(p) { } + void editable_policy::set_parent(boost::weak_ptr const & parent) + { + this->parent = parent; + } + void editable_policy::set_key(key_name const & name, key_id const & value) { ============================================================ --- policies/editable_policy.hh 0912f223df29917545e07711078413526735cbe6 +++ policies/editable_policy.hh 6c22ef4e400ff2487af125981e6793d4b52f280f @@ -20,6 +20,8 @@ namespace policies { editable_policy(); explicit editable_policy(policy const & p); + void set_parent(boost::weak_ptr const & parent); + void set_key(key_name const & name, key_id const & ident); void remove_key(key_name const & name); ============================================================ --- policies/policy.hh 39b9f928af538c226e68e330e8a137abca2df16b +++ policies/policy.hh 348069fc28357eacce1794788612981b04114fa3 @@ -21,6 +21,8 @@ namespace policies { #include "policies/delegation.hh" namespace policies { + class policy; + typedef boost::shared_ptr policy_ptr; class policy { public: @@ -61,7 +63,7 @@ namespace policies { virtual bool outdated() const { return false; } - boost::shared_ptr get_parent() const; + policy_ptr get_parent() const; }; } ============================================================ --- policies/policy_branch.cc 7d4f1e12cfd4790e8c65a6f47fc99cf883f1ec6a +++ policies/policy_branch.cc 6d95a6cc71244cb0422646db3dc5781ecb97a947 @@ -87,13 +87,17 @@ namespace { return &value; } }; - typedef policies::policy_branch::policy_ptr policy_ptr; - policy_ptr policy_from_revision(project_t & project, +} + +namespace policies { + policy_ptr policy_from_revision(project_t const & project, + policy_ptr owner, revision_id const & rev) { roster_t the_roster; project.db.get_roster(rev, the_roster); policies::editable_policy pol; + pol.set_parent(owner); for (item_lister i(the_roster, file_path_internal("branches"), @@ -137,11 +141,8 @@ namespace { return policy_ptr(new policies::policy(pol)); } -} - -namespace policies { - policy_branch::policy_branch(project_t & project, - policy_branch::policy_ptr parent_policy, + policy_branch::policy_branch(project_t const & project, + policy_ptr parent_policy, branch const & b) : spec_owner(parent_policy), spec(b) { @@ -160,8 +161,12 @@ namespace policies { { return policies.end(); } + size_t policy_branch::size() const + { + return policies.size(); + } - void policy_branch::reload(project_t & project) + void policy_branch::reload(project_t const & project) { policies.clear(); std::set heads; @@ -189,7 +194,7 @@ namespace policies { for (std::set::const_iterator i = heads.begin(); i != heads.end(); ++i) { - policies.insert(policy_from_revision(project, *i)); + policies.insert(policy_from_revision(project, spec_owner, *i)); } } } ============================================================ --- policies/policy_branch.hh 7be6faa4845ed692714c3af3ee1b0a44f341c402 +++ policies/policy_branch.hh 36a136a09c869d51293887a3ab8e223e40a51a46 @@ -20,20 +20,22 @@ namespace policies { class project_t; namespace policies { + policy_ptr policy_from_revision(project_t const & project, + policy_ptr owner, + revision_id const & rev); class policy_branch { public: - typedef boost::shared_ptr policy_ptr; typedef std::set policy_set; private: policy_ptr spec_owner; branch spec; policy_set policies; - void reload(project_t & project); + void reload(project_t const & project); public: typedef policy_set::const_iterator iterator; - policy_branch(project_t & project, + policy_branch(project_t const & project, policy_ptr parent_policy, branch const & b); //policy_branch(delegation const & d); @@ -44,6 +46,7 @@ namespace policies { iterator begin() const; iterator end() const; + size_t size() const; void commit(policy const & p, utf8 const & changelog, iterator parent_1, iterator parent_2); ============================================================ --- project.cc 32b0904af4c80522a15f14526dc7631c36f9981b +++ project.cc 956426498a850ba2b0fc1624fbc05b9f434b0c63 @@ -99,7 +99,8 @@ typedef map > child_policy_map; // walk the tree of policies, resolving children if needed -void walk_policies(shared_ptr root, +void walk_policies(project_t const & project, + shared_ptr root, child_policy_map & children, boost::function, string, policies::delegation const &)> fn, @@ -124,11 +125,12 @@ void walk_policies(shared_ptr ro if (c == children.end()) { pair x = - children.insert(make_pair(child_key, i->second.resolve(root))); + children.insert(make_pair(child_key, + i->second.resolve(project, root))); c = x.first; } - walk_policies(c->second, children, fn, child_prefix, i->second); + walk_policies(project, c->second, children, fn, child_prefix, i->second); } } @@ -266,28 +268,28 @@ public: return *policy; } - void all_branches(set & branches) + void all_branches(project_t const & project, set & branches) { branches.clear(); if (!policy) return; map branch_map; - walk_policies(policy, child_policies, branch_lister(branch_map)); + walk_policies(project, policy, child_policies, branch_lister(branch_map)); for (map::iterator i = branch_map.begin(); i != branch_map.end(); ++i) { branches.insert(i->first); } } - void all_branches(set & branches) + void all_branches(project_t const & project, set & branches) { branches.clear(); if (!policy) return; map branch_map; - walk_policies(policy, child_policies, branch_lister(branch_map)); + walk_policies(project, policy, child_policies, branch_lister(branch_map)); for (map::iterator i = branch_map.begin(); i != branch_map.end(); ++i) { @@ -295,19 +297,19 @@ public: } } - void all_tags(set & tags) + void all_tags(project_t const & project, set & tags) { tags.clear(); if (!policy) return; - walk_policies(policy, child_policies, tag_lister(tags)); + walk_policies(project, policy, child_policies, tag_lister(tags)); } - branch_uid translate_branch(branch_name const & name) + branch_uid translate_branch(project_t const & project, branch_name const & name) { map branch_map; - walk_policies(policy, child_policies, branch_lister(branch_map)); + walk_policies(project, policy, child_policies, branch_lister(branch_map)); map::const_iterator i = branch_map.find(name); if (i != branch_map.end()) { @@ -316,10 +318,10 @@ public: I(false); } - branch_name translate_branch(branch_uid const & uid) + branch_name translate_branch(project_t const & project, branch_uid const & uid) { map branch_map; - walk_policies(policy, child_policies, branch_lister(branch_map)); + walk_policies(project, policy, child_policies, branch_lister(branch_map)); for (map::iterator i = branch_map.begin(); i != branch_map.end(); ++i) { @@ -329,11 +331,12 @@ public: I(false); } - void lookup_branch(branch_name const & name, + void lookup_branch(project_t const & project, + branch_name const & name, branch_uid & uid, set & signers) { map branch_map; - walk_policies(policy, child_policies, branch_lister(branch_map)); + walk_policies(project, policy, child_policies, branch_lister(branch_map)); map::const_iterator i = branch_map.find(name); if (i != branch_map.end()) { @@ -356,17 +359,19 @@ public: I(false); } - void find_governing_policy(std::string const & of_what, + void find_governing_policy(project_t const & project, + std::string const & of_what, policy_chain & info) { - walk_policies(policy, child_policies, + walk_policies(project, policy, child_policies, policy_finder(of_what, info)); } - void list_policies(branch_name const & base, + void list_policies(project_t const & project, + branch_name const & base, set & children) { - walk_policies(policy, child_policies, + walk_policies(project, policy, child_policies, policy_lister(base, children)); } }; @@ -443,7 +448,7 @@ project_t::get_subpolicies(branch_name c if (project_policy->passthru) return; - project_policy->list_policies(name, names); + project_policy->list_policies(*this, name, names); } @@ -453,7 +458,7 @@ project_t::get_branch_list(setpassthru) { - project_policy->all_branches(names); + project_policy->all_branches(*this, names); return; } if (indicator.outdated()) @@ -489,7 +494,7 @@ project_t::get_branch_list(globish const if (!project_policy->passthru) { set all_names; - project_policy->all_branches(all_names); + project_policy->all_branches(*this, all_names); for (set::const_iterator i = all_names.begin(); i != all_names.end(); ++i) @@ -535,7 +540,7 @@ project_t::get_branch_list(std::setall_branches(branch_ids); + project_policy->all_branches(*this, branch_ids); } branch_uid @@ -544,7 +549,7 @@ project_t::translate_branch(branch_name if (project_policy->passthru) return typecast_vocab(name); else - return project_policy->translate_branch(name); + return project_policy->translate_branch(*this, name); } branch_name @@ -553,24 +558,24 @@ project_t::translate_branch(branch_uid c if (project_policy->passthru) return typecast_vocab(uid); else - return project_policy->translate_branch(uid); + return project_policy->translate_branch(*this, uid); } namespace { struct not_in_branch : public is_failure { - project_t & project; + project_t const & project; branch_uid const & branch; bool is_managed; set trusted_signers; - not_in_branch(project_t & project, + not_in_branch(project_t const & project, branch_uid const & branch) : project(project), branch(branch), is_managed(false) {} - not_in_branch(project_t & project, + not_in_branch(project_t const & project, branch_uid const & branch, set const & signers) : project(project), @@ -611,15 +616,15 @@ namespace struct suspended_in_branch : public is_failure { - project_t & project; + project_t const & project; branch_uid const & branch; bool is_managed; set trusted_signers; - suspended_in_branch(project_t & project, + suspended_in_branch(project_t const & project, branch_uid const & branch) : project(project), branch(branch), is_managed(false) {} - suspended_in_branch(project_t & project, + suspended_in_branch(project_t const & project, branch_uid const & branch, set const & signers) : project(project), @@ -659,7 +664,7 @@ namespace }; void do_get_branch_heads(pair > & branch, - project_t & project, + project_t const & project, branch_uid const & uid, set const * const signers, bool ignore_suspend_certs, @@ -710,7 +715,8 @@ project_t::get_branch_heads(branch_uid c std::set const & signers, std::set & heads, bool ignore_suspend_certs, - std::multimap *inverse_graph_cache_ptr) + std::multimap + *inverse_graph_cache_ptr) const { branch_heads_key cache_index(uid, ignore_suspend_certs, signers, true); @@ -729,7 +735,8 @@ project_t::get_branch_heads(branch_name project_t::get_branch_heads(branch_name const & name, set & heads, bool ignore_suspend_certs, - multimap * inverse_graph_cache_ptr) + multimap + *inverse_graph_cache_ptr) const { branch_uid uid; set signers; @@ -738,7 +745,7 @@ project_t::get_branch_heads(branch_name uid = typecast_vocab(name); else { - project_policy->lookup_branch(name, uid, signers); + project_policy->lookup_branch(*this, name, uid, signers); sign_ptr = &signers; } @@ -781,7 +788,7 @@ project_t::revision_is_in_branch(revisio { branch_uid uid; set signers; - project_policy->lookup_branch(branch, uid, signers); + project_policy->lookup_branch(*this, branch, uid, signers); not_in_branch p(*this, uid, signers); return !p(id); @@ -947,7 +954,7 @@ project_t::get_tags(set & tags) } else { - project_policy->all_tags(tags); + project_policy->all_tags(*this, tags); return outdated_indicator(); } } @@ -957,7 +964,7 @@ project_t::find_governing_policy(string policy_chain & info) const { I(!project_policy->passthru); - project_policy->find_governing_policy(of_what, info); + project_policy->find_governing_policy(*this, of_what, info); } void @@ -970,7 +977,7 @@ project_t::put_tag(key_store & keys, else { policy_chain info; - project_policy->find_governing_policy(name, info); + project_policy->find_governing_policy(*this, name, info); E(!info.empty(), origin::user, F("Cannot find policy for tag '%s'") % name); E(info.back().delegation.is_branch_type(), origin::user, @@ -1116,7 +1123,7 @@ project_t::lookup_key_by_name(key_store project_t::lookup_key_by_name(key_store * const keys, lua_hooks & lua, key_name const & name, - key_id & id) + key_id & id) const { set ks_match_by_local_name; set db_match_by_local_name; @@ -1199,7 +1206,7 @@ project_t::get_canonical_name_of_key(key void project_t::get_canonical_name_of_key(key_store * const keys, key_id const & id, - key_name & name) + key_name & name) const { if (keys && keys->key_pair_exists(id)) { @@ -1221,7 +1228,7 @@ project_t::complete_key_identity(key_sto void project_t::complete_key_identity(key_store * const keys, lua_hooks & lua, - key_identity_info & info) + key_identity_info & info) const { MM(info.id); MM(info.official_name); @@ -1248,14 +1255,14 @@ project_t::complete_key_identity(key_sto void project_t::complete_key_identity(key_store & keys, lua_hooks & lua, - key_identity_info & info) + key_identity_info & info) const { complete_key_identity(&keys, lua, info); } void project_t::complete_key_identity(lua_hooks & lua, - key_identity_info & info) + key_identity_info & info) const { complete_key_identity(0, lua, info); } @@ -1264,7 +1271,7 @@ project_t::get_key_identity(key_store * project_t::get_key_identity(key_store * const keys, lua_hooks & lua, external_key_name const & input, - key_identity_info & output) + key_identity_info & output) const { try { @@ -1286,7 +1293,7 @@ project_t::get_key_identity(key_store & project_t::get_key_identity(key_store & keys, lua_hooks & lua, external_key_name const & input, - key_identity_info & output) + key_identity_info & output) const { get_key_identity(&keys, lua, input, output); } @@ -1294,7 +1301,7 @@ project_t::get_key_identity(lua_hooks & void project_t::get_key_identity(lua_hooks & lua, external_key_name const & input, - key_identity_info & output) + key_identity_info & output) const { get_key_identity(0, lua, input, output); } @@ -1303,7 +1310,7 @@ project_t::get_key_identity(key_store & project_t::get_key_identity(key_store & keys, lua_hooks & lua, arg_type const & input, - key_identity_info & output) + key_identity_info & output) const { get_key_identity(&keys, lua, typecast_vocab(input), output); } @@ -1311,7 +1318,7 @@ project_t::get_key_identity(lua_hooks & void project_t::get_key_identity(lua_hooks & lua, arg_type const & input, - key_identity_info & output) + key_identity_info & output) const { get_key_identity(0, lua, typecast_vocab(input), output); } ============================================================ --- project.hh 2375749bafc6d8f9adcf56b4f46470f84e9193d7 +++ project.hh c6f8307ef3ef22b1b246c6957b90483f439ed394 @@ -117,9 +117,9 @@ private: private: boost::shared_ptr project_policy; - std::map > - > branch_heads; + mutable std::map > + > branch_heads; std::set branches; outdated_indicator indicator; @@ -153,13 +153,15 @@ public: std::set const & signers, std::set & heads, bool ignore_suspend_certs, - std::multimap *inverse_graph_cache_ptr = NULL); + std::multimap + *inverse_graph_cache_ptr = NULL) const; void get_branch_heads(branch_name const & name, std::set & heads, bool ignore_suspend_certs, - std::multimap *inverse_graph_cache_ptr = NULL); + std::multimap + *inverse_graph_cache_ptr = NULL) const; outdated_indicator get_tags(std::set & tags); void put_tag(key_store & keys, @@ -231,38 +233,38 @@ private: void lookup_key_by_name(key_store * const keys, lua_hooks & lua, key_name const & name, - key_id & id); + key_id & id) const; // get the name given when creating the key void get_canonical_name_of_key(key_store * const keys, key_id const & id, - key_name & name); + key_name & name) const; void complete_key_identity(key_store * const keys, lua_hooks & lua, - key_identity_info & info); + key_identity_info & info) const; void get_key_identity(key_store * const keys, lua_hooks & lua, external_key_name const & input, - key_identity_info & output); + key_identity_info & output) const; public: void complete_key_identity(key_store & keys, lua_hooks & lua, - key_identity_info & info); + key_identity_info & info) const; void complete_key_identity(lua_hooks & lua, - key_identity_info & info); + key_identity_info & info) const; void get_key_identity(key_store & keys, lua_hooks & lua, external_key_name const & input, - key_identity_info & output); + key_identity_info & output) const; void get_key_identity(lua_hooks & lua, external_key_name const & input, - key_identity_info & output); + key_identity_info & output) const; void get_key_identity(key_store & keys, lua_hooks & lua, arg_type const & input, - key_identity_info & output); + key_identity_info & output) const; void get_key_identity(lua_hooks & lua, arg_type const & input, - key_identity_info & output); + key_identity_info & output) const; }; std::string