diff --git a/src/backend/BSRedis.pm b/src/backend/BSRedis.pm index e6b5657edc2..9a47a29b348 100644 --- a/src/backend/BSRedis.pm +++ b/src/backend/BSRedis.pm @@ -28,17 +28,35 @@ use POSIX; use BSRPC; +use strict; + +my $tossl; + +sub import { + if (grep {$_ eq ':tls'} @_) { + require BSSSL; + $tossl = \&BSSSL::tossl; + } +} + my $tcpproto = getprotobyname('tcp'); sub new { my ($class, %opt) = @_; my $self = { %opt }; die("need to specify a redis server\n") unless $self->{'server'}; - $self->{'port'} ||= 6379; + $self->{'port'} ||= $self->{'tls'} ? 6380 : 6379; bless $self, $class || 'BSRedis'; return $self; } +sub verify_sslfingerprint { + my ($self, $sock) = @_; + die("bad sslpeerfingerprint '$self->{'sslpeerfingerprint'}'\n") unless $self->{'sslpeerfingerprint'} =~ /^(.*?):(.*)$/s; + my $pfp = tied(*{$sock})->peerfingerprint($1); + die("peer fingerprint does not match: $2 != $pfp\n") if $2 ne $pfp; +} + sub connect { my ($self) = @_; return if $self->{'sock'}; @@ -48,6 +66,11 @@ sub connect { socket($sock, PF_INET, SOCK_STREAM, $tcpproto) || die("socket: $!\n"); setsockopt($sock, SOL_SOCKET, SO_KEEPALIVE, pack("l",1)); connect($sock, sockaddr_in($self->{'port'}, $hostaddr)) || die("connect to $self->{'server'}:$self->{'port'}: $!\n"); + if ($self->{'tls'}) { + die("tls not supported\n") unless $self->{'tossl'} || $tossl; + ($self->{'tossl'} || $tossl)->($sock, $self->{'ssl_keyfile'}, $self->{'certfile'}, 1, $self->{'service'}); + verify_sslfingerprint($self, $sock) if $self->{'sslpeerfingerprint'}; + } $self->{'sock'} = $sock; $self->{'buf'} = ''; $self->run('AUTH', $self->{'password'}) if defined $self->{'password'}; @@ -108,6 +131,7 @@ sub recv_blob { my $sock = $self->{'sock'}; die unless $sock; while (length($self->{'buf'}) < $len) { + my $r = sysread($sock, $self->{'buf'}, 4096, length($self->{'buf'})); if (!$r) { $self->close_and_die("redis: received truncated answer: $!\n") if !defined($r) && $! != POSIX::EINTR && $! != POSIX::EWOULDBLOCK; $self->close_and_die("redis: received truncated answer\n") if defined $r; diff --git a/src/backend/BSRevision.pm b/src/backend/BSRevision.pm index 03a2ed1e317..00791aad682 100644 --- a/src/backend/BSRevision.pm +++ b/src/backend/BSRevision.pm @@ -397,14 +397,11 @@ sub undelete_rev { my $rev = $rev[-1]; my $user = defined($cgi->{'user'}) ? str2utf8xml($cgi->{'user'}) : 'unknown'; my $comment = defined($cgi->{'comment'}) ? str2utf8xml($cgi->{'comment'}) : ''; - my $nrev = { 'srcmd5' => $rev->{'srcmd5'}, 'time' => time(), 'user' => $user, 'comment' => $comment, 'requestid' => $cgi->{'requestid'} }; + my $nrev = { 'rev' => $rev->{'rev'} + 1, 'srcmd5' => $rev->{'srcmd5'}, 'time' => time(), 'user' => $user, 'comment' => $comment, 'requestid' => $cgi->{'requestid'} }; $nrev->{'vrev'} = $rev->{'vrev'} if defined $rev->{'vrev'}; $nrev->{'version'} = $rev->{'version'} if defined $rev->{'version'}; - if (defined($rev->{'version'}) && defined($rev->{'vrev'}) && $rev->{'vrev'} ne '') { - # bump vrev - $rev->{'vrev'} = $1 . ($2 + 1) if $rev->{'vrev'} =~ /^(.*?)(\d+)$/; - } - $nrev->{'rev'} = $rev->{'rev'} + 1; + # bump vrev + $nrev->{'vrev'} = $1 . ($2 + 1) if defined($nrev->{'version'}) && defined($nrev->{'vrev'}) && $nrev->{'vrev'} =~ /^(.*?)(\d+)$/; if ($cgi->{'time'}) { if ($cgi->{'time'} == 1) { $nrev->{'time'} = $rev->{'time'} if $rev->{'time'}; diff --git a/src/backend/BSSched/BuildJob/Channel.pm b/src/backend/BSSched/BuildJob/Channel.pm index 5bfd021bbbc..79c50b95587 100644 --- a/src/backend/BSSched/BuildJob/Channel.pm +++ b/src/backend/BSSched/BuildJob/Channel.pm @@ -318,6 +318,7 @@ sub build { if (!@s || "$s[9]/$s[7]/$s[1]" ne $bi->{'id'}) { BSUtil::cleandir($jobdatadir); rmdir($jobdatadir); + $ctx->rebuild_gbininfo("$projid/$arepoid"); # the bininfo is wrong. trigger a rebuild return ('broken', "id mismatch in $arepoid/$apackid $s[9]/$s[7]/$s[1] $bi->{'id'}"); } my $tfilename = $bi->{'filename'}; diff --git a/src/backend/BSSched/Checker.pm b/src/backend/BSSched/Checker.pm index cac1c9a8827..d8798fcdc21 100644 --- a/src/backend/BSSched/Checker.pm +++ b/src/backend/BSSched/Checker.pm @@ -1547,6 +1547,19 @@ sub read_gbininfo { return $gbininfo; } +sub rebuild_gbininfo { + my ($ctx, $prp) = @_; + my $gctx = $ctx->{'gctx'}; + my $myarch = $gctx->{'arch'}; + my $reporoot = $gctx->{'reporoot'}; + my $dir = "$reporoot/$prp/$myarch"; + my $gbininfo = $ctx->read_gbininfo($prp); + unlink("$dir/$_/.bininfo") for sort keys %{$gbininfo || {}}; + my $gbininfo_cache = $ctx->{'gbininfo_cache'}; + delete $gbininfo_cache->{"$prp/$myarch"} if $gbininfo_cache; + BSSched::BuildResult::rebuild_gbininfo($dir); +} + sub writejob { return BSSched::BuildJob::writejob(@_); } diff --git a/src/backend/bs_redis b/src/backend/bs_redis index efd8600465b..054329bb2cd 100755 --- a/src/backend/bs_redis +++ b/src/backend/bs_redis @@ -36,7 +36,7 @@ use Time::HiRes; use BSConfiguration; use BSUtil; -use BSRedis; +use BSRedis ':tls'; use strict; @@ -257,9 +257,9 @@ sysopen(PING, "$myeventdir/.ping", POSIX::O_RDWR) || die("$myeventdir/.ping: $!" my $retry; die("No redis server configured\n") unless $BSConfig::redisserver; -die("Redis server must be of scheme redis://[:port]\n") unless $BSConfig::redisserver =~ /^redis:\/\/(?:([^\/\@]*)\@)?([^\/:]+)(:\d+)?$/; +die("Redis server must be of scheme redis[s]://[:port]\n") unless $BSConfig::redisserver =~ /^(rediss?):\/\/(?:([^\/\@]*)\@)?([^\/:]+)(:\d+)?$/; -$red = BSRedis->new('server' => $2, 'port' => $3, 'password' => $1); +$red = BSRedis->new('server' => $3, 'port' => $4, 'password' => $2, 'tls' => ($1 eq 'rediss' ? 1 : 0)); if (-e "$myeventdir/queue.send") { print "resuming transmission of old data\n";