The test suite uses is_IS.UTF-8 and is_IS.ISO8859-1 (via the
GETTEXT_LOCALE and GETTEXT_ISO_LOCALE prereq's. Ensure these locales
are available. Installing glibc-langpack-is is insufficient as it does
not provide is_IS.ISO8859-1, glibc-all-langpacks is also needed.
Now that we're installing additional langpacks, update the macro name
which was added in a6a24cf ("Add glibc-langpack-en BuildRequires for
en_US.UTF-8 locale", 2018-11-05).
The pcre BR was added in 6dc6285 ("Improve test suite coverage",
2017-11-10), which seems to have been an oversight. The test suite
improvements were worked on over a long period of time. It is quite
likely that the pcre BR was needed before 6dc6285 was finalized.
Regardless, we began building against pcre2 in 595b682 ("Use pcre2
library", 2017-07-22).
Note that pcre remains in the minimal buildroot due to dependencies in
glib2 and grep.
When preparing the srpm in mock or other minimal environments, the use
of %{_emacs_version} causes a spurious warning:
Possible unexpanded macro in: Requires: emacs-filesystem >= %{_emacs_version}
Prevent the warning with a check that the macro is defined before use.
(There is another use of %{_emacs_version}, but it only applies to EL-6
where the warning is not present. Just ignore it.)
Make it easier to tell what %if conditions are being ended. This is
particularly useful with nested conditions since we lack any indentation
to visually denote the conditional blocks.
The %{without ...} macro is easier to read than '! %{with ...}', use it
consistently.
(Note that using %without_* and %_without_* macros is still not
advised.)
The verification was simplified slightly in 903d8f3 ("Remove EL-5 and
old Fedora conditionals", 2017-07-22).
Further simplifications:
- do away with unneeded variables
- drop '--batch' and '>/dev/null' from gpg2 --dearmor
- check tarball signature via stdin
The "noisy output from GnuPG 2.0" alluded to on EL <= 7 is no longer
present. This has been tested in mock for el6, el7, and fedora
releases.
The chroot is a bit quicker to create and slightly smaller when building
'--without tests' if the BuildRequires needed to run the tests are
skipped.
Add pod2man dependency when documentation is enabled (the default).
Since git-2.17.0, pod2man is needed to build Git.3pm. The pod2man
command is in perl-podlators on Fedora and EL >= 7, but in perl on EL-6.
Use %{_bindir}/pod2man to ensure the dependency is found regardless of
what package provides it.
The dependency is only missed when building without the test deps, as
the many perl requirements pulled in for the test suite bring in
pod2man.
From the upstream release announcement:
These releases fix a security flaw (CVE-2018-17456), which allowed an
attacker to execute arbitrary code by crafting a malicious .gitmodules
file in a project cloned with --recurse-submodules.
When running "git clone --recurse-submodules", Git parses the supplied
.gitmodules file for a URL field and blindly passes it as an argument
to a "git clone" subprocess. If the URL field is set to a string that
begins with a dash, this "git clone" subprocess interprets the URL as
an option. This can lead to executing an arbitrary script shipped in
the superproject as the user who ran "git clone".
In addition to fixing the security issue for the user running "clone",
the 2.17.2, 2.18.1 and 2.19.1 releases have an "fsck" check which can
be used to detect such malicious repository content when fetching or
accepting a push. See "transfer.fsckObjects" in git-config(1).
Credit for finding and fixing this vulnerability goes to joernchen
and Jeff King, respectively.
References:
https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct.c.googlers.com/
While rpmbuild and mock have --nocheck to disable the %check section,
'fedpkg mockbuild' lacks this convenient option.
Add %bcond_without tests to allow 'fedpkg mockbuild --without tests' to
not run the test suite. Disabling the test suite cuts the build time by
approximately 60%, which is very useful while working on changes to the
packaging.
With curl-7.61.1 cookies are sorted by creation-time¹. Sort the output
used in the 'cookies stored in http.cookiefile when http.savecookies
set' test before comparing it to the expected cookies.
¹ https://github.com/curl/curl/commit/e2ef8d6fa ("cookies: support
creation-time attribute for cookies", 2018-08-28)
When building with options "--without docs --without p4 --without cvs"
the build fails with the following errors:
error: Installed (but unpackaged) file(s) found:
/usr/share/doc/git/git-cvsexportcommit.txt
/usr/share/doc/git/git-cvsimport.txt
/usr/share/doc/git/git-cvsserver.txt
/usr/share/doc/git/git-p4.txt
Installed (but unpackaged) file(s) found:
/usr/share/doc/git/git-cvsexportcommit.txt
/usr/share/doc/git/git-cvsimport.txt
/usr/share/doc/git/git-cvsserver.txt
/usr/share/doc/git/git-p4.txt
The .txt files were not caught by the %files entry in the main git
package when cvs/p4 were disabled -- from 9cd8ee7 ("Disable CVS support
on EL > 7", 2018-03-14. Those only applied when documentation was not
disabled.
Remove git-cvs* and git-p4* files from Documentation as well as the
%{buildroot}. Simplify the find path by dropping %{_bindir} and
%{gitexecdir}. Tighten the git-p4 glob to avoid unintended matches.
Drop the conditional inclusion of cvs/p4 docs in the main git package in
favor of removing the files entirely.
Gives possibility to add dependencies for git-instaweb http daemon,
without having to install all dependencies at each git install.
Currently, lighttpd is required by the git-instaweb package.
The git-instaweb script supports other httpd daemons (httpd, mongoose,
plackup [in perl(Plack)], and webrick [in rub-libs]). lighttpd is the
default, works without any configuration, and is only ~1M installed.
Add a conditional to allow merging from master to f29. The obsoletes
should be removed when f29 is EOL. It was added in 2d1c8b1 ("Remove
obsolete gnome-keyring credential helper", 2018-01-09). The comment was
improved in 4a06e99 ("clarify comment for obsolete git-gnome-keyring",
2018-09-04).
Avoid shipping scripts which require python2 when building without
python2. The following scripts/directories are removed:
contrib/fast-import/import-zips.py
contrib/hg-to-git
contrib/svn-fe
A future release of git will likely remove contrib/svn-fe and
git-remote-testsvn¹. The git-remote-testsvn binary is the only noarch
file in the git-svn package. Seeing that it's utility is very
questionable, remove it so git-svn can return to a noarch package.
¹ https://public-inbox.org/git/20180817190310.GA5360@sigill.intra.peff.net/
9125e65 ("Use new INSTALL_SYMLINKS setting", 2018-05-30) broke builds
using --without cvs. /usr/libexec/git-core/git-cvsserver became a
symlink instead of hardlink. Adapt the find command used to exclude
'git-cvs*' files to detect symlinks as well.
We want to build all documentation in the %build phase rather than
falling through to the %install phase and building it as a dependency of
install-doc.
The git-contacts script was added to SubmittingPatches recently. Make
it easier for users who read about it in the documentation to make use
of the command.
The default target in contrib/credential/netrc/Makefile is, and has
always been, test. Running 'make -C contrib/credential/netrc/' in
%build is not needed.
Additionally, the tests recently were changed and require perl-Git to be
installed before running. The tests also exit cleanly regardless of any
failures encountered, which makes them unreliable. A fix for these
issues will be submitted upstream, but rather than apply it here, simply
drop the unneeded 'make' call.
Ideally, the tests will be run in %check once fixed. This does present
a small wrinkle due to the deletion of contrib/credential in %install.
Cross that bridge when we get there. :)
Replace NO_CROSS_DIRECTORY_HARDLINKS and NO_INSTALL_HARDLINKS with
INSTALL_SYMLINKS. The result is slightly improved; all symlinks will
point directly to the target rather than via multiple levels of
symlinks.
The rationale was covered in slightly more detail in d56cfc6 ("Use
symlinks instead of hardlinks for installed binaries", 2018-03-15).
Adjust the dangling-relative-symlink filter in the rpmlint config for
the new target of the git-difftool symlink.
The USE_LIBPCRE setting now defaults to pcre2; use it. It's still
valid to set USE_LIBPCRE2, but using the default should be cleaner in
the long-run.
The (long-unmaintained) emacs support has been dropped upstream in favor
of better alternatives. From the upstream commit¹:
The git-blame.el mode has been superseded by Emacs's own
vc-annotate (invoked by C-x v g). Users of the git.el mode are now
much better off using either Magit or the Git backend for Emacs's own
VC mode.
These modes were added over 10 years ago when Emacs's own Git support
was much less mature, and there weren't other mature modes in the wild
or shipped with Emacs itself.
These days these modes have few if any users, and users of git aren't
well served by us shipping these (some OS's install them alongside git
by default, which is confusing and leads users astray).
¹ 6d5ed4836d ("git{,-blame}.el: remove old bitrotting Emacs code", 2018-04-11)
https://git.kernel.org/pub/scm/git/git.git/commit/?id=6d5ed4836d
Also drop DESTDIR and INSTALL from config.mak; they are both handled via
%make_install.
Remove the rpmlint filter for %buildroot usage which was only needed due
to DESTDIR's use in config.mak.
Specifically, t5512-ls-remote.sh has a test which starts a jgit daemon.
This has failed to exit on a number of occasions, only on s390x. We
could disable just that test with "GIT_SKIP_TESTS=t5512.28", but the
test number can and does change as more ls-remote tests are added.
Dropping the jgit BuildRequires is cleaner and only causes 3 tests to be
skipped, the offending t5512 test and two others in t5310-pack-bitmaps.
Access to s390x might help better debug this, but it does not occur
consistently and may be limited to koji. The issue could be a problem
in jgit as well. While looking at a hung build, Kevin Fenzi found a few
errors in t5512-ls-remote.out:
/usr/bin/build-classpath: Could not find xz-java Java extension for this JVM
/usr/bin/build-classpath: error: Some specified jars were not found
Unfortunately, it appears we need to carry this patch longer than
expected. Return to using %autosetup so other patches are easier to
manage. Use %apply_patch to manually apply the zlib patch only on
aarch64, as that is the only arch where it is required at this time.
A recent zlib build with optimization for ARM exposed an issue in git's
packfile handling.
Thanks to Pavel Cahyna for the initial report and debugging and Jeremy
Linton for further diagnosis and the subsequent patch.
The patch is currently being discussed upstream¹. Until it is accepted,
apply it only on aarch64 to avoid any unexpected issues with other
arches.
¹ https://public-inbox.org/git/20180525231713.23047-1-lintonrjeremy@gmail.com/T/#u
Fixes two security issues, described in the 2.13.7 release notes¹:
* Submodule "names" come from the untrusted .gitmodules file, but we
blindly append them to $GIT_DIR/modules to create our on-disk repo
paths. This means you can do bad things by putting "../" into the
name. We now enforce some rules for submodule names which will cause
Git to ignore these malicious names (CVE-2018-11235).
Credit for finding this vulnerability and the proof of concept from
which the test script was adapted goes to Etienne Stalmans.
* It was possible to trick the code that sanity-checks paths on NTFS
into reading random piece of memory (CVE-2018-11233).
¹ https://mirrors.edge.kernel.org/pub/software/scm/git/docs/RelNotes/2.13.7.txt
The unknown, but temporary, breakage in fedora-28-x86_64 buildroots
appears to be resolved.
The test was disabled in a998227 ("Disable t5000-tar-tree.sh on x86 in
f28", 2018-01-18).
The spec file is a bit easier to read with as few conditional blocks as
required. Use %bcond_(with|without) to allow easier toggling of the
link checking.
Using stderr rather than syslog should be a mild improvement with the
systemd journal. The reasons are detailed in the upstream commit
0c591cacba ("daemon: add --log-destination=(stderr|syslog|none)",
2018-02-04)¹:
The combination of --inetd with --log-destination=stderr is useful, for
instance, when running `git daemon` as an instanced systemd service
(with associated socket unit). In this case, log messages sent via
syslog are received by the journal daemon, but run the risk of being
processed at a time when the `git daemon` process has already exited
(especially if the process was very short-lived, e.g. due to client
error), so that the journal daemon can no longer read its cgroup and
attach the message to the correct systemd unit (see systemd/systemd#2913
[1]). Logging to stderr instead can solve this problem, because systemd
can connect stderr directly to the journal daemon, which then already
knows which unit is associated with this stream.
[1]: https://github.com/systemd/systemd/issues/2913
While here, wrap the git-daemon command line to improve readability.
¹ https://github.com/git/git/commit/0c591cacba
Move all Requires to their own lines for better readability.
We can safely drop the 'perl(Git)' requires from the cvs and email
packages because the perl rpm dependency generator already add it.
We can also drop 'perl-Git = %{version}-%{release}' from the email
package because it requires 'git = %{version}-%{release}' which in turn
requires the matching 'perl-Git' package.
Git tries very hard to rely on as few non-core modules as possible. The
few that it does (currently Error and Mail::Address) are bundled. We've
disabled such bundling since it became an option in 2.17.0.
Go a step further and remove the Git::LoadCPAN wrapper. This allows
rpm's automatic dependency generator to find and add the needed
requirements.
With this change we can remove the manual 'Requires:' for perl(Error)
and perl(Mail::Address).
'Requires: perl(Error)' in the main git package has been unneeded for
many years. It was added in edddb83 ("Update to latest upstream
release. Fix some bugs at the same time", 2007-11-27), which was
git-1.5.3.6. It was needed for 'git svn' and 'git remote'. 'git svn'
requires perl(Git), which in turn requires perl(Error).
In git-1.5.5, 'git remote' was converted to a builtin command in C
rather than perl, removing the perl(Error) dependency.
Lastly, move the 'BuildRequires: perl(Error)' from perl-Git to the main
list of BuildRequires.
The bare p4 entry was a bit concerning; it's easy to imagine false
positives from such a short string. Remove git-remote-(bzr|hg) from the
pattern. The scripts and placeholders were removed in git-2.0.0.
While here, group all the git-* patterns and be more explicit with the
svn files.
Python 2 end of life is approaching, prepare for dropping it
along with all python2 scripts and subpackages requiring it.
Helped-by: Sebastian Kisela <skisela@redhat.com>
Helped-by: Pavel Cahyna <pcahyna@redhat.com>
The previous commit disabled the cvs subpackage on EL > 7. Convert to
the %bcond_with(out) macro to allow the subpackage to be toggled easily
via a --with/--without option at build time.
When setting NO_PERL_CPAN_FALLBACKS to avoid bundled perl modules, we
must take care to ensure the dependencies are required. The code which
handles modules via Git::LoadCPAN prevents the normal perl dependency
generator from identifying them. Thankfully, there should not be many
modules loaded this way.
Prior to 2.17.0 and NO_PERL_CPAN_FALLBACKS we were falling back to not
using Mail::Address, which is partly why the lack of the dependency
wasn't spotted with rpmdiff with and without NO_PERL_CPAN_FALLBACKS.
Using a simple glob in contrib/hooks/* to match contributed hook scripts
was valid when it was added in 762cf11 ("Update to git-1.6.3.3 - Move
contributed hooks to %{_datadir}/git-core/contrib/hooks (bug 500137)",
2009-06-28). With the addition of the multimail directory in git-1.8.4
it was no longer doing what was intended.
However, the scripts in contrib/hooks all ship with the execute bit set,
making the "chmod +x" unnecessary. If we did descend into the multimail
directory with a chmod (whether via "chmod -R" or "find | xargs ..."),
we would need to exclude the non-script files within that directory.
Fedora 28 prints a deprecation notice if /usr/bin/python is called in an
rpm build¹, which is done by default when byte-compiling python files
outside of %{_libdir}/pythonX.X.
Avoid the issue by dropping the .py extension from the multimail hook
script. The hook script is not used as a module and therefore has no
need to use the extension or be byte-compiled.
¹ https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build
Ensure find and xargs are required. While findutils is currently in the
default buildroot, we should still be explicit about the requirement.
Also improve the 'find | xargs' calls to handle files which may contain
spaces, quotes, or other characters which might cause spurious failures.
The gitweb httpd config file was added long before git gained support
for smart http, in c97cf8e ("Add git-daemon and gitweb packages",
2007-08-04).
Now, users who want to enable git's smart http support with apache will
often want to use /etc/httpd/conf.d/git.conf as the path.
Make this easier by giving the gitweb httpd config file a more logical
name going forward. Keep the current config file name in previous
releases.
The perl install process was updated to remove the need for
ExtUtils::MakeMaker. The main change for us is setting perllibdir to
keep the files installed in %{perl_vendorlib}.
Manpages for non-public portions of the Git perl modules are no longer
built. Anyone who wishes to make use of these modules can read the
source files or use pod2man.
Set NO_PERL_CPAN_FALLBACKS to ensure we don't package the bundled
fallback modules.
Also drop now-unneeded commands to remove *.bs, .packlist, and
perllocal.pod files. The new install method does not produce these
artifacts.
A recent discussion on the git list¹ suggested that using symlinks
should be clearer and have no drawbacks (except on filesystems where
symlinks are not well supported, e.g. on Windows).
This shrinks the git-core package by nearly 25% and saves almost 6MB in
the debuginfo package.
See also 6ef5f1f ("Disable cross-directory hardlinks", 2017-11-10).
¹ https://public-inbox.org/git/87y3iwp2z0.fsf@evledraar.gmail.com/#t
Ensure all binaries are hardened when building on EL-6 & EL-7. On EL-7
use the %{_hardened_build} macro. On EL-6 update %{optflags} and set
%{__global_ldflags}.
For EL-7 this could also be put in the existing Fedora and EL >= 7
condition, e.g.: %{!?_hardened_build: %global _hardened_build 1}. I
think this is a bit uglier than needed and is better in an %if condition
which only applied to EL-7.
The guidelines require all required packages to be explicitly listed.
This list may not be complete, but it's a start.
Additionally, a proposed change for Fedora 29 removes gcc from the
default BuildRoot.
While at it, sort a few BuildRequires in alphabetical order.
The use of %defattr has been unneeded since rpm-4.4. It was removed
from the guidelines 6 years ago¹. It was kept to allow builds on EL-5,
which has been EOL since March of last year.
¹ https://pagure.io/packaging-committee/issue/77
%defattr is no longer needed in Fedora
Re-enable t9128, t9141, and t9167 which were disabled due to these
random segfaults. The bug has also been reported against the subversion
perl bindings in Debian¹. Hopefully this will reach upstream subversion
if a fix is made to subversion.
¹ https://bugs.debian.org/888791
Move contrib/hooks/multimail from git-core to git and use python3 rather
than python2.
We still use python2 as the default PYTHON_PATH because not all of the
python scripts in git support python3. None of the other scripts are
included in git-core though.
Primarily, python2 is used by git-p4 and contrib/svn-fe/svnrdump_sim.py
(which is used by t9020-remote-svn.sh). Converting git-p4 to python3 is
not a trivial matter of fixing a few print statements. A simple
conversion using python3's 2to3 tool results in a large number of test
failures.
Add a python3-devel BuildRequires for %{__python3} and add python2-devel
to the tests section since t9020-remote-svn.sh uses python2. (We
already BR python2-devel in git-p4, but having it in the tests section
ensures we don't remove it if/when git-p4 supports python3.)
This release fixes an issue which only affects users on case-insensitive
file systems and repositories which contain paths that differ only in
case. Such circumstances result in a segmentation fault in various git
commands.
This test was passing as recently as last week. Something seems to have
changed or broken in the x86 arch of f28 since then. Disable the test
until the issue is determined and resolved.
With 'prove' as the test harness the tests can be run in parallel on
EPEL as well as Fedora targets.
Move GIT_TEST_OPTS to config.mak along with the new test options and
enable shell tracing (-x). The output from failures when tracing is
enabled should allow us to more easily diagnose test failures.
Explicitly use /bin/bash as the shell for the test suite; it allows
using "-x" reliably across the whole test suite. This is made possible
by changes included in 2.16.0 thanks to Jeff King¹, particularly:
3f824e91c8 t/Makefile: introduce TEST_SHELL_PATH
f5ba2de6bc test-lib: make "-x" work with "--verbose-log"
90c8a1db9d test-lib: silence "-x" cleanup under bash
¹ https://github.com/gitster/git/tree/jk/test-suite-tracing
The paths don't change often, but if they do this is one less place
which will need to be updated. It also makes it easier for anyone
rebuilding the packages to change the defaults.
Use a single macro rather than testing for %{fedora} and %{rhel}
versions repeatedly. The "dist" logic is best kept at the start of the
spec file (as much as possible).
Cleanup a few comments related to "dist" checks while we're at it.
The acl and perl(HTTP::Date) requirements are pulled in by other
packages on Fedora so they were not noticed when the test requirements
were updated in 6dc6285 ("Improve test suite coverage", 2017-11-10).
The highlight package is available in EPEL for EL-6 (on all supported
architectures). Extend the conditional to only exclude it on ppc64 for
EL-7.
The gnome-keyring credential helper was removed in Fedora 26, but
remained in builds for older Fedora and EL-7 releases. No official
release has shipped the gnome-keyring subpackage since 2.11.1-3.
Obsolete it to ensure a clean upgrade path for any users who have it
installed. The Obsoletes can be removed after rawhide is branched for
Fedora 29.
Starting with rpm-build-4.13.0 (in F-22), brp-python-bytecompile
excludes files under /usr/share/doc by default. Restrict the %files
%exclude to EL <= 7 to avoid spurious 'File not found' warnings from
rpm-build.
Ensure these tests are not skipped if some dependency or other condition
is not met. We prefer to see the failure(s) in order to fix the
underlying issue(s).
Disable t9115-git-svn-dcommit-funky-renames on ppc-arches because it
frequently fails. The port it uses (9115) is already in use. It is unclear if
this is due to an issue in the test suite or a conflict with some other
process on the build host.
Add mod_dav_svn BuildRequires for t9115-git-svn-dcommit-funky-renames
(GIT_SVN_TEST_HTTPD).
When building release candidates the path to the perl requires filter
script is wrong. Correct it.
It's tempting to use the output of `pwd` to avoid future changes to the
build dir breaking it, but the call occurs prior to unpacking and thus
`pwd` is not suitable.
The tests appear to work reliably now, after a number of test builds. If
not, this is easily reverted. (The newly added test output may also
help determine the root cause.)
All tests which call 'git svn branch' fail intermittently with SIGSEGV
in the subversion bindings. The failures are not remotely consistent.
Until we can enable shell tracing (-x) in the test suite by default to
attempt to further debug the failure, disable these tests.
An option to enable parallel test runs was added in 6dc6285 ("Improve
test suite coverage", 2017-11-10). After further improvements it seems
to be reliable for use in koji builds.
It is still disabled for EPEL builds because make lacks support for the
-O (--output-sync) option. Without this option the output is much less
readable.
In the future we may be able to move to using 'prove' as the default
test harness which might allow us to run in parallel without requiring
the -O option.
Setting SVNSERVE_PORT enables several tests which require a local
svnserve daemon to be run (in t9113 & t9126). The tests share setup of
the local svnserve via `start_svnserve()`. The function uses svnserve's
`--listen-once` option, which causes svnserve to accept one connection
on the port, serve it, and exit. When running the tests in parallel
this fails if one test tries to start svnserve while the other is still
running.
Use the test number as the svnserve port (similar to httpd tests) to
avoid port conflicts. Set GIT_TEST_SVNSERVE to enable these tests.
The change should make it into 2.16 or 2.17. Until then, setting
GIT_TEST_SVNSERVE will disable the svnserve tests. There are only a few
tests affected and this allows more testing with parallel test runs, so
it's a reasonable trade. Once an upstream release with these changes
arrives, we'll begin running these tests without any further changes.
In c3202fd ("Use prebuilt documentation on EL-5, where asciidoc is too
old", 2013-01-04) the make targets to build and install the
documentation were split into separate make calls to handle prebuilt
docs on EL-5 where asciidoc was too old to build the documentation.
Support for EL-5 was removed in 903d8f3 ("Remove EL-5 and old Fedora
conditionals", 2017-07-22), making the separate make calls unneeded.
Using %autosetup frees us from having to manage %patch entries. It does
require that all patches use the same strip level (-p1 in our case).
There is also a mildly annoying bug in EL-6¹ which chokes on the patch
invocation if a blank line doesn't follow %autosetup. A comment should
prevent any problems.
The %autosetup -S option is deliberately avoided, to prevent needless
bootstrapping problems.
¹ https://bugzilla.redhat.com/1310704
When building in koji or copr and a test fails, the verbose output from
the tests can be very useful in determining the cause. Print the output
from failing tests, borrowing heavily from the upstream code¹ used when
running tests in Travis CI².
This could be done inline in %check rather than in a separate script.
The downside is that rpm would include each command invocation of the
loop in the output, which adds a lot of useless text to the already
copious build output.
¹ https://git.kernel.org/pub/scm/git/git.git/plain/ci/print-test-failures.sh
² https://travis-ci.org/git/git
We used to remove the contrib/credential tree from the build dir to
avoid binaries and other cruft from ending up in the doc dir. Doing so
prevented debuginfo from being generated for the credential helpers we
install. The following warnings were printed during the debuginfo
extraction:
cpio: git-2.15.1/contrib/credential/gnome-keyring: Cannot stat: No such file or directory
cpio: git-2.15.1/contrib/credential/gnome-keyring/git-credential-gnome-keyring.c: Cannot stat: No such file or directory
cpio: git-2.15.1/contrib/credential/libsecret: Cannot stat: No such file or directory
cpio: git-2.15.1/contrib/credential/libsecret/git-credential-libsecret.c: Cannot stat: No such file or directory
Keep contrib/credential in the build dir; remove it from the buildroot
instead.
Building release candidates helps test the upstream code before it's
final. Make it easier to create such builds by defining an rcrev macro,
which is commented out by default.
The git-gui build tries to use tclsh to generate an index file. It
falls back to a static list, which is why this wasn't noticed before.
It's not a real problem, but git may soon also try to test that wish is
installed before building and installing git-gui and gitk, so this helps
prepare for that future.
The code to filter the spurious YAML::Any requires was removed in
903d8f3 (Remove EL-5 and old Fedora conditionals, 2017-07-22). The
comment was simply missed.
In older versions of git, the bash-completion script began with a
needless #!bash, which we removed before installation.
This and other unneeded shebangs were removed upstream in 1.9.0,
11d62145b9 (remove #!interpreter line from shell libraries, 2013-11-25).
3041eeb (Run git test suite, 2016-12-16) enabled the test suite, but
many of the tests were skipped due to missing requirements. Improve the
test suite coverage by ensuring as many requirements are present as
possible.
Also add an option to run the test suite with multiple jobs using the
%{?_smp_mflags} macro. This cut the test suite run time roughly in
half in local testing. The -O option to 'make' helps ensure the output
of each job is collected together rather than interspersed with output
from other jobs. Sadly, the tests fail when run in parallel in koji, so
this is disabled by default. It is included to speed up local builds.
To enable in rpmbuild and mock, use either "--with parallel_tests" or
"--define 'parallel_tests 1'" arguments. This is only supported on
Fedora, as it requires make >= 4.0, which neither EL6 nor EL7 satisfy.
Disable 2 failing tests which run with a limited stack on aarch64, arm*,
and ppc* architectures. Some debugging with the affected hardware is
needed.
Similarly, disable "git svn branch tests" globally for both
t9128-git-svn-cmd-branch and t9167-git-svn-cmd-branch-subproject because
they fail randomly. The bug seems likely to be in the subversion perl
bindings, but requires more testing. The failure output from a manual
run (./t9128-git-svn-cmd-branch.sh -v -x -d):
++ git svn branch a
Copying file:///home/tmz/rpmbuild/BUILD/git-2.14.2/t/trash%20directory.t9128-git-svn-cmd-branch/svnrepo/trunk at r2 to file:///home/tmz/rpmbuild/BUILD/git-2.14.2/t/trash%20directory.t9128-git-svn-cmd-branch/svnrepo/branches/a...
Found possible branch point: file:///home/tmz/rpmbuild/BUILD/git-2.14.2/t/trash%20directory.t9128-git-svn-cmd-branch/svnrepo/trunk => file:///home/tmz/rpmbuild/BUILD/git-2.14.2/t/trash%20directory.t9128-git-svn-cmd-branch/svnrepo/branches/a, 2
Found branch parent: (refs/remotes/origin/a) bb43a88ce94511096d7d774f4d5feae281603eb0
Following parent with do_switch
Successfully followed parent
r3 = 2e27ee45dadc098239114bc13a6ae6cf6122d16f (refs/remotes/origin/a)
error: git-svn died of signal 11
+ test_eval_ret_=139
+ want_trace
+ test t = t
+ test t = t
+ set +x
error: last command exited with $?=139
not ok 3 - git svn branch tests
The failure in t9167-git-svn-cmd-branch-subproject is similar.
A change to the git filter-branch command in git-2.15 added a perl
dependency, bd2c79fbfe (filter-branch: stash away ref map in a branch,
2017-09-21)¹.
This dependency is only present when using the option --state-branch,
which means many users of filter-branch will never notice the perl
dependency.
However, without moving the tool from git-core to git, any users running
filter-branch with the --state-branch option might find that the command
fails badly, potentially leaving their repository in a broken state.
This is not an acceptable trade-off, in my opinion.
I'm not sure if it's worthwhile to suggest a patch upstream to better
handle users running with the --state-branch option when perl is not
installed, allowing us to safely ship git filter-branch in git-core for
use on systems without perl.
¹ https://github.com/git/git/commit/bd2c79fbfe
Commands which required perl were moved from git-core to git in 6fdc5e5
(new subpackage git-core, which is perl-less and part of original git
rpm, 2015-06-03). This was with git-2.4.2. Since then, a number of
commands have been partially or entirely rewritten upstream and no
longer require perl. Move them back to git-core.
- git-am was converted to a builtin in 2.6.0, 783d7e865e (builtin-am:
remove redirection to git-am.sh, 2015-08-04)
- git-submodule's dependence on perl was removed in 2.10.0, 74703a1e4d
(submodule: rewrite `module_list` shell function in C, 2015-09-02)
- git-relink was removed in 2.12.0, ed21e30fef (relink: retire the
command, 2017-01-25)
Additionally, two sample hooks (pre-rebase and prepare-commit-msg) were
intended to be excluded from git-core due to their perl dependencies,
but were included due to the way the exclusion via %files lists are
created. List them explicitly in the git %files section and exclude
them from git-core.
Using the same variable make it clearer that we're referring to the same
thing as upstream when the Makefile uses gitexecdir.
Remove a stale conditional in git-cvs for handling the case where git's
binaries are stored in %{_bindir}. This support was dropped after
EL-5's support ended. Most similar conditionals were removed in 903d8f3
(Remove EL-5 and old Fedora conditionals, 2017-07-22).
Also remove the conditional setting of 'gitexecdir = %{_bindir}' which
was only used on EL-5 to prevent moving the git binaries during the
update to git-1.6.
In ef7ac1a (git-p4: adjust python2 shebang manually, 2017-08-03) we
dropped PYTHON_PATH due to failures in t9020-remote-svn.
Digging deeper, the issue appears to be caused by the test calling a
script which has a hard-coded #!/usr/bin/python shebang. On newer
fedora releases, /usr/bin/python is python3.
Replacing the shebang in contrib/svn-fe/svnrdump_sim.py (the script the
test calls) with #!%{__python2} allows the test to succeed while setting
PYTHON_PATH in config.mak, as desired.
Use '%{summary}.' as the %description for all subpackages where the
summary and description matched. This is one less place to change
if/when we update a summary/description in the future.
While looking at rpmlint complaints, gitk had a spelling warning because
the summary/description used the British English spelling of
"visualiser." Rather than simply change that to the American English
spelling, change the summary/description to match the gitk
documentation. Do the same for git-gui.
Using %summary fixes the %description for perl-Git-SVN, which previously
used the %description from perl-Git mistakenly.
Also improve/clarify the summary of git-gnome-keyring, git-send-email,
and git-svn.
The git-all subpackage added an obsoletes for older git packages in
0c4a11c (git 1.5.4.3 and include krh's change to rename git-core to git,
2008-02-23).
The git-arch subpackage was obsoleted many years ago in 3f997b4
(Obsolete git-arch as needed, 2011-08-05).
We don't need to carry either of these obsoletes any longer.
We cannot be sure that users installing the git package have not mounted
the git bin and lib dirs on different file systems. The cost is a small
amount of extra disk space (1.25M in the current build).
From the release announcement¹
A malicious third-party can give a crafted "ssh://..." URL to an
unsuspecting victim, and an attempt to visit the URL can result in
any program that exists on the victim's machine being executed.
Such a URL could be placed in the .gitmodules file of a malicious
project, and an unsuspecting victim could be tricked into running
"git clone --recurse-submodules" to trigger the vulnerability.
Credits to find and fix the issue go to Brian Neel at GitLab, Joern
Schneeweisz of Recurity Labs and Jeff King at GitHub.
¹ https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/
Setting 'PYTHON_PATH = %{__python2}' in config.mak should work, but
doing so causes the remote svn tests in t9020 (which use a python script
to similate svnrdump) to fail. Just fix the git-p4 shebang until the
svn test failures can be resolved.
The pcre1 library is only maintained for serious bugs and
vulnerabilities at this point. Further improvements are happening in
pcre2. In a future release git will make this the default library for
pcre support.
EL-5 has been EOL for several months now. We can drop all the
conditionals needed to build there, as well as some conditionals for
long-expired Fedora releases.
Without EL-5 we also no longer use the prebuilt documentation. Remove
these sources and simplify the gpg check for the remaining source.
