The git-gui Makefile does not follow the INSTALL_SYMLINKS setting.
Until it does, manually symlink git-citool to git-gui.
Test that the files are identical before linking, to avoid issues if
they begin to differ in the future.
The documentation tools respect these variables when generating dates in
the man and html docs. This is a small step toward making the package
builds reproducible.
An alternate method to set SOURCE_DATE_EPOCH would be to set the rpm
%source_date_epoch_from_changelog macro. Using the version file from
the tarball is a little nicer as the date is printed in the man pages.
We'd still need to set TZ anyway, as the html documentation sets the
'last updated' footer entry based on the timestamp of the corresponding
txt file.
[Note: It is possible to avoid the 'last updated' footer entirely by
setting the asciidoc footer-style attribute to none. This would need to
be done via sed or a patch, as there's not currently a way to set this
in config.mak -- but perhaps there should be.]
Reference: https://reproducible-builds.org/specs/source-date-epoch/
TEST_SHELL_PATH was added in 62f562d ("Use 'prove' as test harness,
enable shell tracing", 2018-01-18). Shortly afterward, upstream commit
a5bf824f3b ("t: prevent '-x' tracing from interfering with test helpers'
stderr", 2018-02-25)¹ removed the need to use bash to get the benefits of
running the test suite with '-x' tracing.
¹ https://github.com/git/git/commit/a5bf824f3b
The Makefiles for contrib/{contacts,subtree} don't include various
asciidoc, docbook, and xmlto options which are added to docs built from
the Documentation dir. Without these options the man page generated
for git-contacts has formatting issues.
Move the contrib/{contacts,subtree} docs to the Documentation dir to be
built along with the other doc files.
It is useful to check the output of the test suite for skipped tests.
This reveals tests which may have missing BuildRequires or other issues.
Doing so can be tedious due to the many legitimate tests we skip. Keep
a list of patterns matching tests we skip intentionally.
To use this list to process a build.log, run something like the
following:
$ egrep '# SKIP|skipped:' build.log | egrep -v -f git.skip-test-patterns
There should be no output. Any output should be checked and the tests
fixed or added to the skip patterns file.
Now that Fedora 30 defaults to gnupg2 as /bin/gpg we don't need to
install gnupg for the test suite. We already require gnupg2 to verify
the source files.
Having the output of the config.mak file in the build output is very
convenient, particularly when building in koji or copr where it is not
possible to directly access the buildroot.
GnuPG2 requires gpg-agent and tries to start it on demand. The agent
uses a socket for communication and the path to this socket must be
shorter than sun_path [108 characters, per unix(7)].
Adjust the location of the temporary directories used by the test suite
by passing the --root option via GIT_TEST_OPTS.
One potential downside to this is that we use mktemp to create the
directory and this will differ between builds. If/when we want to make
our builds entirely reproducible we will need to revisit this. With
luck, gnupg will be better behaved by that time¹.
An alternate solution I tested was to rename the two problematic tests
(t5573 and t7612). This is a brittle solution as new tests may be added
which cause the same path length issue for gpg-agent.
Also drop the redundant killing of gpg-agent. This doesn't break
anything but it can only slow the test suite (however slightly).
¹ A ticket was filed to improve gpg-agent's handling of long paths in
GNUPGHOME (but it's nearly 2 years old): https://dev.gnupg.org/T2964.
In addition to the gnupg2-smime BR, patch an issue which prevents the
gpgsm tests from running. Only include gpgsm on Fedora and RHEL > 8.
On RHEL < 8 the gnupg2-smime package is too old to run the tests.
Drop the subshell used to create the string of dashes (and rename the
variable to "sep" at the same time). Replace $(cat file) with the
equivalent but faster $(< file).
The test suite uses is_IS.UTF-8 and is_IS.ISO8859-1 (via the
GETTEXT_LOCALE and GETTEXT_ISO_LOCALE prereq's. Ensure these locales
are available. Installing glibc-langpack-is is insufficient as it does
not provide is_IS.ISO8859-1, glibc-all-langpacks is also needed.
Now that we're installing additional langpacks, update the macro name
which was added in a6a24cf ("Add glibc-langpack-en BuildRequires for
en_US.UTF-8 locale", 2018-11-05).
The pcre BR was added in 6dc6285 ("Improve test suite coverage",
2017-11-10), which seems to have been an oversight. The test suite
improvements were worked on over a long period of time. It is quite
likely that the pcre BR was needed before 6dc6285 was finalized.
Regardless, we began building against pcre2 in 595b682 ("Use pcre2
library", 2017-07-22).
Note that pcre remains in the minimal buildroot due to dependencies in
glib2 and grep.
When preparing the srpm in mock or other minimal environments, the use
of %{_emacs_version} causes a spurious warning:
Possible unexpanded macro in: Requires: emacs-filesystem >= %{_emacs_version}
Prevent the warning with a check that the macro is defined before use.
(There is another use of %{_emacs_version}, but it only applies to EL-6
where the warning is not present. Just ignore it.)
Make it easier to tell what %if conditions are being ended. This is
particularly useful with nested conditions since we lack any indentation
to visually denote the conditional blocks.
The %{without ...} macro is easier to read than '! %{with ...}', use it
consistently.
(Note that using %without_* and %_without_* macros is still not
advised.)
The verification was simplified slightly in 903d8f3 ("Remove EL-5 and
old Fedora conditionals", 2017-07-22).
Further simplifications:
- do away with unneeded variables
- drop '--batch' and '>/dev/null' from gpg2 --dearmor
- check tarball signature via stdin
The "noisy output from GnuPG 2.0" alluded to on EL <= 7 is no longer
present. This has been tested in mock for el6, el7, and fedora
releases.
The chroot is a bit quicker to create and slightly smaller when building
'--without tests' if the BuildRequires needed to run the tests are
skipped.
Add pod2man dependency when documentation is enabled (the default).
Since git-2.17.0, pod2man is needed to build Git.3pm. The pod2man
command is in perl-podlators on Fedora and EL >= 7, but in perl on EL-6.
Use %{_bindir}/pod2man to ensure the dependency is found regardless of
what package provides it.
The dependency is only missed when building without the test deps, as
the many perl requirements pulled in for the test suite bring in
pod2man.
From the upstream release announcement:
These releases fix a security flaw (CVE-2018-17456), which allowed an
attacker to execute arbitrary code by crafting a malicious .gitmodules
file in a project cloned with --recurse-submodules.
When running "git clone --recurse-submodules", Git parses the supplied
.gitmodules file for a URL field and blindly passes it as an argument
to a "git clone" subprocess. If the URL field is set to a string that
begins with a dash, this "git clone" subprocess interprets the URL as
an option. This can lead to executing an arbitrary script shipped in
the superproject as the user who ran "git clone".
In addition to fixing the security issue for the user running "clone",
the 2.17.2, 2.18.1 and 2.19.1 releases have an "fsck" check which can
be used to detect such malicious repository content when fetching or
accepting a push. See "transfer.fsckObjects" in git-config(1).
Credit for finding and fixing this vulnerability goes to joernchen
and Jeff King, respectively.
References:
https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct.c.googlers.com/
While rpmbuild and mock have --nocheck to disable the %check section,
'fedpkg mockbuild' lacks this convenient option.
Add %bcond_without tests to allow 'fedpkg mockbuild --without tests' to
not run the test suite. Disabling the test suite cuts the build time by
approximately 60%, which is very useful while working on changes to the
packaging.
With curl-7.61.1 cookies are sorted by creation-time¹. Sort the output
used in the 'cookies stored in http.cookiefile when http.savecookies
set' test before comparing it to the expected cookies.
¹ https://github.com/curl/curl/commit/e2ef8d6fa ("cookies: support
creation-time attribute for cookies", 2018-08-28)
When building with options "--without docs --without p4 --without cvs"
the build fails with the following errors:
error: Installed (but unpackaged) file(s) found:
/usr/share/doc/git/git-cvsexportcommit.txt
/usr/share/doc/git/git-cvsimport.txt
/usr/share/doc/git/git-cvsserver.txt
/usr/share/doc/git/git-p4.txt
Installed (but unpackaged) file(s) found:
/usr/share/doc/git/git-cvsexportcommit.txt
/usr/share/doc/git/git-cvsimport.txt
/usr/share/doc/git/git-cvsserver.txt
/usr/share/doc/git/git-p4.txt
The .txt files were not caught by the %files entry in the main git
package when cvs/p4 were disabled -- from 9cd8ee7 ("Disable CVS support
on EL > 7", 2018-03-14. Those only applied when documentation was not
disabled.
Remove git-cvs* and git-p4* files from Documentation as well as the
%{buildroot}. Simplify the find path by dropping %{_bindir} and
%{gitexecdir}. Tighten the git-p4 glob to avoid unintended matches.
Drop the conditional inclusion of cvs/p4 docs in the main git package in
favor of removing the files entirely.
Gives possibility to add dependencies for git-instaweb http daemon,
without having to install all dependencies at each git install.
Currently, lighttpd is required by the git-instaweb package.
The git-instaweb script supports other httpd daemons (httpd, mongoose,
plackup [in perl(Plack)], and webrick [in rub-libs]). lighttpd is the
default, works without any configuration, and is only ~1M installed.
Add a conditional to allow merging from master to f29. The obsoletes
should be removed when f29 is EOL. It was added in 2d1c8b1 ("Remove
obsolete gnome-keyring credential helper", 2018-01-09). The comment was
improved in 4a06e99 ("clarify comment for obsolete git-gnome-keyring",
2018-09-04).
Avoid shipping scripts which require python2 when building without
python2. The following scripts/directories are removed:
contrib/fast-import/import-zips.py
contrib/hg-to-git
contrib/svn-fe
