Supply Chain Integrity, Transparency, and Trust (IETF SCITT)
Always set push URL on tap, not just on first clone
set-url --push only ran in the clone branch. On subsequent runs
the tap directory already existed, so the pull branch ran instead,
leaving the origin push URL as HTTPS. Now sets the push URL every
time before pull, so pushes always use the configured SSH URL.
+9
-10
+9
-10
lib/vds.ml
+9
-10
lib/vds.ml
···
255
255
leaves : (string, string) Hashtbl.t;
256
256
mutable leaves_order : string list;
257
257
empty_hash : string;
258
-
mu : Mutex.t;
258
+
mu : Eio.Mutex.t;
259
259
}
260
260
261
-
let with_lock t f =
262
-
Mutex.lock t.mu;
263
-
Fun.protect ~finally:(fun () -> Mutex.unlock t.mu) f
261
+
let with_lock t f = Eio.Mutex.use_rw ~protect:true t.mu f
264
262
265
263
let algorithm_id t = Hash.id t.hash
266
264
let proof_format _ = Hash.Rfc9162
···
322
320
leaves = Hashtbl.create 256;
323
321
leaves_order = [];
324
322
empty_hash = hash.Hash.digest "";
325
-
mu = Mutex.create ();
323
+
mu = Eio.Mutex.create ();
326
324
}
327
325
end
326
+
327
+
(* Note: both backends use Eio.Mutex, which requires an Eio event loop.
328
+
Tests must run inside Eio_main.run. *)
328
329
329
330
(* -- Sqlite backend -- *)
330
331
···
338
339
mutable entry_count : int;
339
340
compact : Compact.t;
340
341
ncache : Node_cache.t;
341
-
mu : Mutex.t;
342
+
mu : Eio.Mutex.t;
342
343
}
343
344
344
-
let with_lock t f =
345
-
Mutex.lock t.mu;
346
-
Fun.protect ~finally:(fun () -> Mutex.unlock t.mu) f
345
+
let with_lock t f = Eio.Mutex.use_rw ~protect:true t.mu f
347
346
348
347
let algorithm_id t = Hash.id t.hash
349
348
let proof_format _ = Hash.Rfc9162
···
435
434
entry_count = !entry_count;
436
435
compact;
437
436
ncache = Node_cache.v hash read_hash;
438
-
mu = Mutex.create ();
437
+
mu = Eio.Mutex.create ();
439
438
}
440
439
end
441
440