These tests fail on s390x, but only with EL8. They succeed on Fedora
and EL9. This suggests the issue is not with git. Skip them to avoid
blocking the Fedora releases which we care most about while still
allowing builds in COPR and elsewhere for all Fedora/EPEL releases.
Regarding CVE-2022-24765, the release announcement says:
On multi-user machines, Git users might find themselves
unexpectedly in a Git worktree, e.g. when another user created a
repository in `C:\.git`, in a mounted network drive or in a
scratch space. Merely having a Git-aware prompt that runs `git
status` (or `git diff`) and navigating to a directory which is
supposedly not a Git worktree, or opening such a directory in an
editor or IDE such as VS Code or Atom, will potentially run
commands defined by that other user.
The new `safe.directory` setting may be used in either the system or
global configuration to list directories which git should consider safe
even if they are owned by someone other than the current user.
Release notes:
https://github.com/git/git/raw/v2.36.0-rc2/Documentation/RelNotes/2.36.0.txt
The httpd package was slimmed down per rhbz#2070517. Use the new
httpd-core package for the test suite requirements on F37+.
While here, adjust a nearby '# endif' comment to match reality.
The %_package_note_file definition added in 1dc07e7 (set path to linker
script in %_package_note_file, 2022-01-24) does not support release
candidates. Fix it.
Add 'fsmonitor--daemon is not supported on this platform' and 'missing
!REFFILES' to git.skip-test-patterns to match new test prerequisites
which are not relevant for our builds.
Adjust number of t5541 "push 2000 tags over http" test. It was shifted
from 35 to 36 by upstream c36c62859a (tests: use "test_hook" for misc
"mkdir -p" and "chmod" cases, 2022-03-17).
Replace `%__make test` with `%__make -C t all` to avoid re-compiling in
%check. This is an issue I have yet to fully diagnose. I suspect that
it is related to the nice work Ævar Arnfjörð Bjarmason has done upstream
to improve the efficiency and correctness of the build process. Work
around it for the moment.
Release notes:
https://github.com/git/git/raw/v2.36.0-rc0/Documentation/RelNotes/2.36.0.txt
The package-notes feature¹ creates a linker script in %{buildsubdir}.
Unfortunately, %{buildsubdir} is not set in %prep, leaving us with an
incorrect path to the linker script. The build then fails with:
/usr/bin/ld: cannot open linker script file
/builddir/build/BUILD/.package_note-git-2.35.0-0.2.rc2.fc36.3.x86_64.ld:
No such file or directory
Set the path to the linker script via %_package_note_file, per
suggestion by Zbigniew Jędrzejewski-Szmek².
References:
¹ https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects
² https://bugzilla.redhat.com/2044028#c10
The scalar command is being worked on incrementally upstream.
As it matures, we may consider building and distributing it. Whether
that will happen before it graduates from contrib or not is anyone's
guess.
For the moment, remove it to avoid cruft in git-core-doc.
Git now requires C99 support and a zlib with uncompress2 by default.
On EL7, gcc-4.8.5 requires a flag to enable C99 support.
Compilation also fails without -fPIC on EL7, for reasons of which I am
not entirely clear. (I do not like making a change I cannot justify or
explain properly, but it is better than dropping EL7 support until I
have time to learn the reason(s).)
Update the %build_cflags macro when building on EL7 to enable C99
support and set -fPIC.
Define NO_UNCOMPRESS2 to use compat/zlib-uncompress2.c.
The git checkout command crashes when run multiple times, if
`.git/refs/remotes/origin/HEAD` is manually copied into
`.git/refs/heads/$branch-name`.
Strictly, this is repository corruption, but it has been silently
tolerated until upstream 9081a421 (checkout: fix "branch info" memory
leaks, 2021-11-16), which added some sanity checking of the data.
Loosen the check via Junio's upstream commit 519947b69a (checkout: avoid
BUG() when hitting a broken repository, 2022-01-21).
Add openssh-clients BuildRequires, for ssh-add. Upstream 350a2518c8
(ssh signing: support non ssh-* keytypes, 2021-11-19), added `ssh-add`
as a requirement of t7528-signed-commit-ssh's "sign commits using
literal public keys with ssh-agent" test.
Replace the openssh BR added in e8896ce (update to 2.34.0, 2021-11-15)
with openssh-clients. The latter requires the former.
Apply Taylor Blau's patch to fix a use-after-free bug in fmt-merge-msg¹.
Add `missing !LONG_IS_64BIT,EXPENSIVE` to git.skip-test-patterns. It is
used in t1051-large-conversion after upstream 596b5e77c9 (clean/smudge:
allow clean filters to process extremely large files, 2021-11-02).
Release notes:
https://github.com/git/git/raw/v2.35.0-rc0/Documentation/RelNotes/2.35.0.txt
¹ https://lore.kernel.org/git/CAHk-=whXPxWL7z3GiPkaDt+yygrRmagrYUnib7Lx=Vvrqx2ufg@mail.gmail.com/
The output of gpgsm changed slightly in gnupg-2.3, causing the git tests
for x509 signatures to be skipped. Update the tests to use the
machine-parseable --with-colons output.
It also appears that we need to reload the gpg-agent in order to pick up
the changes the test library makes to the trustlist.txt file. It might
be better to store that file with the other gpg files in the test suite
rather than generating it.
While we're at it, reload all the gpg components rather than just
gpg-agent. Adjust the earlier gpgconf kill to use the 'all' keyword as
well.
Next up, gpgsm removed a debug line from it's output which exposes a
problem in git's gpg-interface code. The git code presumes that the
'[GNUPG:] SIG_CREATED' line will follow a newline. That is no longer
true. The debug line was removed from GnuPG in a6d2f3133 (sm: Replace
some debug message by log_error or log_info, 2020-04-21).
Finally, a minor bug in gpgsm causes the error message returned when a
certificate is not found to differ from previous versions¹. Extend the
grep pattern in the test suite to catch both error messages.
¹ https://lists.gnupg.org/pipermail/gnupg-devel/2021-November/034991.html
Release notes:
https://github.com/git/git/raw/v2.34.0/Documentation/RelNotes/2.34.0.txt
Add `BuildRequires: openssh` for the `ssh-keygen` command; it is needed
to test the newly-added ssh signing support¹. Refer to the `gpg.format`
and `gpg.ssh.*` variables in git-config(1) for details.
[Unfortunately, openssh-8.7 has a bug in the requisite `ssh-keygen -Y
find-principals` command, which will limit the usefulness of this
feature on Fedora 35/36 until openssh is either rebased to 8.8 or the
patch² is backported. The git testsuite has been taught to skip the
tests when this bug is present, in upstream ca7a5bf4bd (t/lib-gpg: avoid
broken versions of ssh-keygen, 2021-11-10), but that won't help users
who try out this new feature. Hopefully we can get openssh-8.7 in
Fedora 35 & 36 patched or updated before too long.]
We have `Requires: openssh-clients` in git-core already. The
openssh-clients package requires openssh so we don't _need_ to add an
install-time requirement to ensure the `ssh-keygen` command is
available.
Ignore RUNTIME_PREFIX and SYMLINKS_WINDOWS test prerequisites when
looking for missing test suite BuildRequires³.
The RUNTIME_PREFIX prerequisite was added in b7d11a0f5d (tests: exercise
the RUNTIME_PREFIX feature, 2021-07-24)⁴. It is used to build binaries
which can be easily relocated, which we don't need in our builds.
The SYMLINKS_WINDOWS prerequisite was added in 3e7d4888e5 (mingw: align
symlinks-related rmdir() behavior with Linux, 2021-08-02)⁵. It is, as
the name implies, Windows-specific.
¹ https://github.com/git/git/commit/b5726a5d9c (ssh signing: preliminary
refactoring and clean-up, 2021-09-10) and the commits which follow.
² https://github.com/openssh/openssh-portable/commit/ca0e455b93,
https://github.com/openssh/openssh-portable/commit/4afe431da9, and
https://www.mail-archive.com/source-changes@openbsd.org/msg127496.html
(plus the replies, which point out the typo in the first patch)
³ fa92661 (Add grep patterns for checking skipped tests, 2019-02-02)
⁴ https://github.com/git/git/commit/b7d11a0f5d
⁵ https://github.com/git/git/commit/3e7d4888e5
There were a few dependencies missing prior to the change in git-2.33
which Ondřej fixed in the previous commit.
Of the few dependencies being added, only Email::Address and
Sys::Hostname weren't already pulled in by other dependencies when
installing git-email. They each have fallback options, so they aren't
critical to the function of the application. (We could use Recommends
here, if we wanted -- though neither pull in any additional packages at
this time.)
Resolves: rhbz#2020487
In git version 2.33.0, git-send-email.perl has optimized modules
loading[1]. This resulted in perl.req not detecting requires properly,
because it doesn't detect requires that are not at the start of new line.
This commit adds explicit Requires into the spec file.
[1]f4dc9432fd
contrib/hooks/multimail is no longer distributed with git
The multimail hook was removed from the git contrib tree. From the
upstream commit f74d11471f (multimail: stop shipping a copy,
2021-06-10):
The multimail project is developed independently and has its own project
page. Traditionally, we shipped a copy in contrib/.
However, such a copy is prone to become stale, and users are much better
served to be directed to the actual project instead.
Upstream commit 3b072c577b (tests: replace test_tristate with "git
env--helper", 2019-06-21) semi-broke the git-svn tests which require
httpd. This was subsequently fixed in upstream commit 6a20b62d7e
(t/lib-git-svn.sh: check GIT_TEST_SVN_HTTPD when running SVN HTTP tests,
2019-09-06).
The upstream fix also adjusted the variable name to follow the preferred
naming scheme, i.e. GIT_SVN_TEST_ -> GIT_TEST_SVN_. Fix the variable in
%check to indicate that we want those tests to run.
We were still running the tests because we had all the necessary
dependencies. But we want to ensure that we don't skip them
opportunistically if those dependencies ever change.
Update comment which suggest a method for (manually) checking such
variables in the test suite.
The Documentation/cmd-list.perl script requires File::Compare to
generate various cmds-$area.txt file which are included in the main git
help. This has been broken since File::Compare was split from the main
perl package in 3b63b8c (Subpackage File::Compare, 2020-01-06)¹.
The result is a broken git man/html page. In git(1), the output is:
HIGH-LEVEL COMMANDS (PORCELAIN)
We separate the porcelain commands into the main commands
and some ancillary user utilities.
Main porcelain commands
Unresolved directive in git.txt -
include::cmds-mainporcelain.txt[]
Ancillary Commands
Manipulators:
Unresolved directive in git.txt -
include::cmds-ancillarymanipulators.txt[]
Interrogators:
Unresolved directive in git.txt -
include::cmds-ancillaryinterrogators.txt[]
...
This is logged during the build:
make[1]: Entering directory '/builddir/build/BUILD/git-2.32.0.rc3/Documentation'
rm -f cmd-list.made && \
/usr/bin/perl ./cmd-list.perl ../command-list.txt cmds-ancillaryinterrogators.txt cmds-ancillarymanipulators.txt cmds-mainporcelain.txt cmds-plumbinginterrogators.txt cmds-plumbingmanipulators.txt cmds-synchingrepositories.txt cmds-synchelpers.txt cmds-guide.txt cmds-purehelpers.txt cmds-foreignscminterface.txt && \
date >cmd-list.made
Can't locate File/Compare.pm in @INC (you may need to install the File::Compare module) (@INC contains: /usr/local/lib64/perl5/5.32 /usr/local/share/perl5/5.32 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at ./cmd-list.perl line 3.
BEGIN failed--compilation aborted at ./cmd-list.perl line 3.
make[1]: Leaving directory '/builddir/build/BUILD/git-2.32.0.rc3/Documentation'
This should probably cause a make error rather than generating
incomplete documentation. I'll try to report this upstream (ideally
with a patch to resolve it). It's also worth remembering to search the
build logs for such failures. "Can't locate .* in @INC" and "BEGIN
failed" are good strings to search.
¹ https://src.fedoraproject.org/rpms/perl/c/3b63b8c
With the impending removal of a large chunk of the Java package set,
jgit will become unavailable as a BuildRequires in Fedora soon. Remove
the build dependency on Fedora >= 35.
As noted in 8faf622 (drop jgit BR on Fedora > 30, 2019-07-29), this
affects 3 tests, 2 for packfile format (t5310-pack-bitmaps) and
1 of ls-remote (t5512-ls-remote).
The NEEDS_CRYPTO_WITH_SSL Makefile knob was added in 7878348 (Update to
git-1.7.0 - Link imap-send with libcrypto (#565147) - Disable building
of unused python remote helper libs, 2010-02-15). It is no longer
needed.
I'm not sure when it stopped being necessary, though I am sure I tried
removing once before in the 11 years since it was added.
Builds on Fedora and EL7/EL8 all properly pick up the -lssl -lcrypto
flags when compiling git-imap-send.
Incidentally, git-imap-send has used libcurl for handling IMAP rather
than low-level OpenSSL-based functions on Fedora since upstream commit
dbba42bb32 (imap-send: use curl by default when possible, 2017-09-14).
This applies to EL8 as well. On EL7, libcurl is too old (>= 7.34.0 is
required).
The git-p4 subpackage has been disabled in Fedora 30 via a4b4f7c (Add
support for disabling python2, 2018-03-28). Git 2.17.0 was the current
release at that time. The git-p4 script subsequently gained python3
support which was released in Git 2.27.0 (2020-05-31).
Adjust the python2/python3 conditionals and re-enable git-p4 when either
of them are available. Put python3 first in the various conditionals,
as that is our primary supported python. We only include python2 to aid
in building for EL7.
While here, remove the "# endif" comments within the config.mak output.
Remove all conditionals for EL-6; it is EOL as of November 2020.
Replace a number of `EL > 7` with `EL >= 8` to make the intention
clearer. The next version of RHEL is no longer shrouded in mystery.
Drop conditionals which apply only to long-obsolete Fedora releases.
All %defattr macros were removed in ff200ca (Remove obsolete %defattr,
2018-02-07). Two were subsequently added in f8a83b9 (Move instaweb to a
subpackage, 2018-09-06) and 9d91bab (split libsecret credential helper
into a subpackage (#1804741), 2020-02-19).
Remove both entries and (hopefully) avoid adding new entries in the
future.
This release includes a fix for CVE-2021-21300¹ in addition to the other
changes along the path to the final 2.31.0 release.
Release notes:
https://github.com/git/git/raw/v2.31.0-rc2/Documentation/RelNotes/2.31.0.txt
¹ Per the 2.17.6 release notes on CVE-2021-21300:
On case-insensitive file systems with support for symbolic links, if
Git is configured globally to apply delay-capable clean/smudge
filters (such as Git LFS), Git could be fooled into running remote
code during a clone.
Use %{gpgverify} macro to verify tarball signature. The macro is now
available for all supported Fedora and EPEL releases. (It is presumed
that EL-9 will include %{gpgverify} as it will be branched from F-34.
If that turns out to be false, we will adjust later.)
The Packaging Guidelines require the use of the %{gpgverify} macro:
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures
Add a BuildRequires for xz as well, since we use it explicitly in %prep.
Renumber Junio's GPG key from Source9 to Source2 so the %{gpgverify}
calls follow the typical pattern. It (mildly) lessens cognitive load
for anyone reviewing the spec file.
While here, remove a stale comment about leaving a blank line after
%autosetup to work around a bug on EL6.
We disabled t7812's 'PCRE v2: grep non-ASCII from invalid UTF-8 data'
test in 33ecb78 (skip failing test in t7812-grep-icase-non-ascii on
s390x, 2019-10-24).
It was subsequently fixed upstream in e714b898c6 (t7812: expect failure
for grep -i with invalid UTF-8 data, 2019-11-29) and more recently
improved with a4fea08b6e (grep/pcre2 tests: don't rely on invalid UTF-8
data test, 2021-01-24).
Don't skip the test any longer.
The `git difftool` command was converted to a builtin in git-2.12.0
(from 2017). We don't need to split it out of git-core.
This was missed in cb7fab7 (Move commands which no longer require perl
into git-core, 2017-11-10) and d56cfc6 (Use symlinks instead of
hardlinks for installed binaries, 2018-03-15). Better late than never.
We intend to support building on all supported Fedora and EPEL releases
from the Rawhide branch. On EL-7, the %build_cflags and %build_ldflags
macros are not present without installing epel-rpm-macros. Add a build
requirement to ensure these macros are available when building on EL-7.
A change in git-2.27.0¹ caused fast-import to leak memory and crash in
some cases. Apply the upstream fix², which didn't quite make it into
git-2.29.0.
¹ ddddf8d7e2 (fast-import: permit reading multiple marks files, 2020-02-22)
https://github.com/git/git/commit/ddddf8d7e2
² 3f018ec716 (fast-import: fix over-allocation of marks storage, 2020-10-15)
https://github.com/git/git/commit/3f018ec716
A change in git-2.24.0¹ resulted in a segfault when combining the
incompatible (and nonsensical) --follow and -L git log options. (These
options were used by the GitLens plugin for VS Code until recently².)
The upstream fix returns an error when these options are combined rather
than a segfault.
¹ a2bb801f6a (line-log: avoid unnecessary full tree diffs, 2019-08-21)
https://github.com/git/git/commit/a2bb801f6a
² Fixed in GitLens >= 10.2.3
https://github.com/eamodio/vscode-gitlens/issues/1139
Quoting from Jeff King's commit message:
Commit e8cbe2118a (am: stop exporting GIT_COMMITTER_DATE, 2020-08-17)
rewrote the code for setting the committer date to use fmt_ident(),
rather than setting an environment variable and letting commit_tree()
handle it. But it introduced two bugs:
- we use the author email string instead of the committer email
- when parsing the committer ident, we used the wrong variable to
compute the length of the email, resulting in it always being a
zero-length string
The regression affected both am and rebase. Apply the upstream fixes.
References:
https://lore.kernel.org/git/20201023070747.GA2198273@coredump.intra.peff.net/
The update to 2.29.1 is pointless on its own¹, but a subsequent commit
will add some additional post-release fixes for 2.29. Once we're
pushing an update, we might as well pick up the latest point release to
avoid anyone wondering why we've skipped an update.
Release notes:
https://github.com/git/git/raw/v2.29.1/Documentation/RelNotes/2.29.1.txt
¹ The only change in 2.29.1 is a Makefile fix for users of the
non-default SKIP_DASHED_BUILT_INS installation option.
The hg-to-git.py script in contrib grew python3 support in upstream
commit d17ae00c97 (hg-to-git: make it compatible with both python3 and
python2, 2019-09-18), which was released in git-2.24.0. Move it from
the python2-only conditionals.
(This leaves contrib/fast-import/import-zips.py as the sole python
script which is _not_ python3-compatible. It seems to need only minimal
fixes for python2/python3 compatibility -- per some light testing.)
Since git-2.18.0, the emacs files shipped in git have been stub files
which merely point users to better options. Stop shipping these stubs
with Fedora 34 and later.
Drop the emacs BuildRequires on Fedora >= 34. Elsewhere, replace it
with emacs-common. We need macros.emacs for %{_emacs_sitelispdir}
anywhere we ship the stub .el files¹.
The full emacs BR _was_ necessary prior to git-2.18.0, as /usr/bin/emacs
was used to byte compile the .el files. It traces all the way back to
e46bac5 (Add emacs-git package from Ville (#235431), 2007-06-22).
¹ It might be nice if there were an emacs-rpm-macros for this. But
emacs-common is a lot lighter than emacs, so it's still a nice
improvement. Per `dnf install` in a current f33 container image:
$ dnf install emacs
...
Install 193 Packages
Total download size: 164 M
Installed size: 544 M
$ dnf install emacs-common
...
Install 7 Packages
Total download size: 36 M
Installed size: 89 M
Release notes:
https://github.com/git/git/raw/v2.28.0-rc0/Documentation/RelNotes/2.28.0.txt
Update git.skip-test-patterns to catch the 2GB clone test. The output
of the skipped test was changed (for the better) in upstream commit
d63ae31962 (t5608: avoid say() and use "skip_all" instead for
consistency, 2020-05-22).
From the upstream release notes¹:
With a crafted URL that contains a newline or empty host, or lacks
a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the
protocol in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent "host" parameter).
The attack has been made impossible by refusing to work with
under-specified credential patterns.
¹ https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.5.txt
From the upstream release notes¹:
With a crafted URL that contains a newline in it, the credential
helper machinery can be fooled to give credential information for
a wrong host. The attack has been made impossible by forbidding
a newline character in any value passed via the credential
protocol.
¹ https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.17.4.txt
When the libsecret credential helper was split out in 9d91bab (split
libsecret credential helper into a subpackage (#1804741), 2020-02-19), a
few rpmlint errors & warnings crept in.
Update the rpmlintrc file to ignore the no-documentation warning for the
libsecret subpackage (replacing the gnome-keyring entry which is no
longer needed). Fix an errant tab added to the spec file.
Moving the libsecret credential helper to a subpackage left no binaries
in the main git package, so rpmlint complains. Fixing this requires a
bit more investigation and care.
Quoting from the upstream patch:
Jan Alexander Steffens reported that when `rebase.abbreviateCommands'
is set, the merge backend fails to fast forward. This is because the
backend generates a todo list with only a `noop', and since this
command has no abbreviated form, it is replaced by a comment mark.
The sequencer then interprets it as if there is nothing to do, and
fails.
References:
https://github.com/git/git/commit/68e7090f31https://lore.kernel.org/git/9b4bc756764d87c9f34c11e6ec2fc6482f531805.camel@gmail.com/
The workaround added in 9a7edd4 (work around issue on s390x with gcc10
(#1799408), 2020-02-22) is no loner needed. The issue is fixed in
gcc-10.0.1-0.9.
A recent change to the perl packaging split many modules from the base
perl-interpreter package. Add the missing test dependencies.
A few non-perl packages are also added, as they are no longer pulled
into the buildroot automatically, but were not properly required.
The make test call was changed to use %make_build in d34bc42 (Use
make_build macro when running tests, 2020-01-14) in order to allow the
options to be more easily overridden. This enabled the -O option by
default, which causes the test output to be printed only after all the
tests have run.
That makes following the progress in both interactive and copr/koji
builds difficult. Replace %make_build with %__make to drop the unwanted
-O option but still allow the make command to be overridden.
The Asciidoctor project is more actively maintained than asciidoc. Use
it for building the documentation on Fedora. Asciidoctor is not
currently available for EL-6 or EL-8, though it is in EPEL for EL-7.
Exclude all EL builds for now, until we can reliably use it on EL-7 and
EL-8 (including CentOS-Stream, ideally).
This is made possible by the excellent work of both the Git and
Asciidoctor communities. Thanks in particular to brian m. carlson,
Martin Ågren, Jeff King, and Dan Allen.
When git is built with gcc10 on s390x, the diff builtin fails many
tests. Use -mtune=zEC12 as a workaround until the issue is fixed
(in gcc and/or git).
Many thanks to Jakub Jelinek for doing the hard work to track this down.
The libsecret package added a weak dependency on gnome-keyring in
4976bb0 (Recommend gnome-keyring, 2019-09-06). This pulls in a bit more
than we would like with the git package. Move the libsecret credential
helper to a subpackage.
