From a823c54d04289fc13ecf8a2cf3931d47d24be407 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Wed, 16 Mar 2016 17:38:07 -0400 Subject: [PATCH] Use https for URL / Source as well as smaller tar.xz files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Using https URL's for source files provides a little more security for those downloading the code. Packagers, of course, should be verifying the GPG signature files before pushing new releases to Fedora's source cache¹. While we're changing the source URL's, we might as well use the smaller tar.xz files which upstream provides. (This requires minor adjustments to the unpacking of prebuilt html and man tarballs; tar on el5 does not know how to automatically filter via xz.) ¹ Replace .xz with .sign for the signatures, which are made against the uncompressed tarballs. --- .gitignore | 2 +- git.spec | 17 ++++++++++------- sources | 6 +++--- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index fb22a75..7b240da 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ *~ *.rpm -*.tar.gz +*.tar.xz /.build*.log /git-*/ /results_git/ diff --git a/git.spec b/git.spec index 9313a1b..db5914e 100644 --- a/git.spec +++ b/git.spec @@ -50,19 +50,19 @@ Name: git Version: 2.7.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Fast Version Control System License: GPLv2 Group: Development/Tools -URL: http://git-scm.com/ -Source0: http://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.gz +URL: https://git-scm.com/ +Source0: https://www.kernel.org/pub/software/scm/git/%{name}-%{version}.tar.xz Source2: git-init.el Source3: git.xinetd.in Source4: git.conf.httpd Source5: git-gui.desktop Source6: gitweb.conf.in -Source10: http://www.kernel.org/pub/software/scm/git/%{name}-manpages-%{version}.tar.gz -Source11: http://www.kernel.org/pub/software/scm/git/%{name}-htmldocs-%{version}.tar.gz +Source10: https://www.kernel.org/pub/software/scm/git/%{name}-manpages-%{version}.tar.xz +Source11: https://www.kernel.org/pub/software/scm/git/%{name}-htmldocs-%{version}.tar.xz Source12: git@.service Source13: git.socket Patch0: git-1.8-gitweb-home-link.patch @@ -345,8 +345,8 @@ Requires: emacs-git = %{version}-%{release} %if %{use_prebuilt_docs} mkdir -p prebuilt_docs/{html,man} -tar xf %{SOURCE10} -C prebuilt_docs/man -tar xf %{SOURCE11} -C prebuilt_docs/html +xz -dc %{SOURCE10} | tar xf - -C prebuilt_docs/man +xz -dc %{SOURCE11} | tar xf - -C prebuilt_docs/html # Remove non-html files find prebuilt_docs/html -type f ! -name '*.html' | xargs rm find prebuilt_docs/html -type d | xargs rmdir --ignore-fail-on-non-empty @@ -697,6 +697,9 @@ rm -rf %{buildroot} # No files for you! %changelog +* Sun Mar 27 2016 Todd Zullinger - 2.7.4-2 +- Use https for URL / Source and smaller tar.xz files + * Tue Mar 22 2016 Konrad Scherer - Workaround missing git subtree documentation in prebuilt docs (bug 1320210) - Only add git-cvsserver binary once if the core dir matches the bin dir as it diff --git a/sources b/sources index cb124dc..f029bfa 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -c64012d491e24c7d65cd389f75383d91 git-2.7.4.tar.gz -8cb6a341e1add5c622488ff44093bbe6 git-htmldocs-2.7.4.tar.gz -58020dc13a5801c49f7986fef7027535 git-manpages-2.7.4.tar.gz +b0219fcb6d73104361f4fbdba3741d00 git-2.7.4.tar.xz +d37654c45897afa4501fe7bc138b576f git-htmldocs-2.7.4.tar.xz +52507ee81f9aac0abf85160398cd3e81 git-manpages-2.7.4.tar.xz