| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The package-notes feature¹ creates a linker script in %{buildsubdir}.
Unfortunately, %{buildsubdir} is not set in %prep, leaving us with an
incorrect path to the linker script. The build then fails with:
/usr/bin/ld: cannot open linker script file
/builddir/build/BUILD/.package_note-git-2.35.0-0.2.rc2.fc36.3.x86_64.ld:
No such file or directory
Set the path to the linker script via %_package_note_file, per
suggestion by Zbigniew Jędrzejewski-Szmek².
References:
¹ https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects
² https://bugzilla.redhat.com/2044028#c10
|
|
|
|
|
| |
Point to the "about" page which cgit uses as its homepage rather than to
the top of the git repository. It's a bit friendlier.
|
|
|
|
| |
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
|
|
|
| |
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use %make_build and %make_install since 5038a3a (Use cgit.conf and
config.mak for cgit/git build options, 2018-02-18). The macros allow
the make options to be overridden more easily.
For the same reason, replace make with %__make when running the test
suite.
Add %{?_smp_mflags} from the %make_build macro. In testing, this cuts
the build time by as much as 30%. In the case of the slowest koji arch
(armv7hl), it was 9 minutes 31 seconds before and 6 minutes 33 seconds
after. It's a nice speedup.
We don't use %make_build directly because it includes the -O option
(%{_make_output_sync}) which doesn't play nicely with the test output
during an interactive build or while tailing the build logs.
We also don't include %{_make_verbose} from %make_build. We set `V = 1`
in cgit.conf (and config.mak for git), which is what %{_make_verbose}
does. The macro is not defined on EL < 9 either.
|
|
|
|
|
|
|
|
|
|
| |
Apply the patches Christian Hesse has regularly posted upstream to track
the current git release. Just because it's bundled doesn't mean it
should fall so far behind.
While here, update the comment regarding bundled git provides. It is
neither safe nor fair to assume that the security team are the folks
interested in tracking the bundled git, nor that they are all guys. :)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The README.SELinux file says that the default directory has its context
set automatically. This is only true it the cgit package installs the
directory. Creating it manually does not result in the proper SELinux
context being set.
Create and own the directory so that the context is set when the package
is installed.
This directory is shared with the git-daemon package. We share
ownership because cgit is frequently used without git-daemon --
particularly now that the smart http git protocol is widely deployed.
|
|
|
|
|
| |
Avoid a wildcard glob. We know there is only one file in the cgi-bin
directory.
|
|
|
|
|
|
|
|
|
|
| |
Remove the needless %dist conditional, all supported Fedora and EPEL
releases use httpd-2.4.
Use macros consistently within the httpd.conf file.
Set the timestamp of the httpd.conf to match the README from the
tarball to keep it consistent across builds.
|
|
|
|
|
|
|
| |
Use `install -D` to create /etc/httpd/conf.d and install the cgit.conf
in one command instead of two. Add %{httpdconfd} to keep this short.
Replace `install -d` with `mkdir` for simple directory creation.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The documentation for SELinux has grown a little stale. Refresh it and
convert it to markdown syntax¹.
Remove outdated data about the graphical system-config-selinux tool.
Mention that restorecon might be needed to update /var/lib/git.
Use the semanage equality option (-e) to simplify the command used to
add an alternate location for git repositories.
¹ The main reason to convert to markdown is to avoid pagure displaying
it as one large blob.
|
|
|
|
| |
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
|
|
|
| |
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
|
|
|
|
|
| |
With `git am` we're less likely to have issues like we saw with the
patch command creating a .orig file while applying a patch with a small
offset.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch to default to highlight-3 applied with a bit of an offset.
On EL7 this causes a .orig file to be created. This is then copied into
the filter dir by the cgit install process.
Rebase the patch on the current cgit to avoid this bit of cruft.
Alternately (or additionally), we could add `--no-backup-if-mismatch` to
the %_default_patch_flags macro for EL7 builds. This flag is set in
newer Fedora and EL releases.
|
|
|
|
|
|
|
| |
The exclusion was added in 9febbf3 (disable automatic compilation of
*.py files outside of python sitelib, 2018-06-15). Since that time, no
supported Fedora releases need it and the only EL release which does is
EL7. Update the comment to reflect this and only use %exclude on EL7.
|
|
|
|
|
| |
This macro is no longer needed (nor wanted) in Fedora. It is not
present in EL7/EL8. Remove it.
|
|
|
|
| |
EL6 has been EOL since November 2020.
|
|
|
|
|
|
|
| |
Replace a number of `EL > 7` with `EL >= 8` to make the intention
clearer. The next version of RHEL is no longer shrouded in mystery.
Move the httpd_filesystem bcond into the block for Fedora && EL8+.
|
|
|
|
|
|
|
| |
We preserve timestamps when running COPYTREE. Do so when running
INSTALL as well, to better respect the Packaging Guidelines¹.
¹ https://docs.fedoraproject.org/en-US/packaging-guidelines/#_timestamps
|
|
|
|
|
|
|
|
|
|
|
| |
The macro is now available for all supported Fedora and EPEL releases.
(It is presumed that EL-9 will include %{gpgverify} as it will be
branched from F-34. If that turns out to be false, we will adjust
later.)
The Packaging Guidelines require the use of the %{gpgverify} macro:
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As explained in 50e6f6e (update Junio's GPG key (with extended
expiration), 2021-01-27) in the git package¹, the key used to sign git
releases expired in July 2020. While this doesn't strictly affect us
because we use gpgv to verify the releases against a known key file, it
is worth updating to make it clear that we're using the correct signing
key.
Here is a diff of the key file before and after the update:
$ diff -u <(gpg gpgkey-96E07AF25771955980DAD10020D04E5A713660A7.asc~ 2>/dev/null) \
<(gpg gpgkey-96E07AF25771955980DAD10020D04E5A713660A7.asc 2>/dev/null)
--- /dev/fd/63 2021-06-05 15:40:47.398256869 -0400
+++ /dev/fd/62 2021-06-05 15:40:47.399256908 -0400
@@ -3,6 +3,6 @@
uid Junio C Hamano <gitster@pobox.com>
uid Junio C Hamano <junio@pobox.com>
uid Junio C Hamano <jch@google.com>
-sub rsa4096/B0B5E88696AFE6CB 2011-10-03 [S] [expired: 2020-07-26]
+sub rsa4096/B0B5E88696AFE6CB 2011-10-03 [S] [expires: 2028-01-11]
sub rsa4096/86B76D5D833262C4 2011-10-01 [E]
-sub rsa4096/7594EEC7B3F7CAC9 2014-09-20 [S] [expired: 2020-07-26]
+sub rsa4096/7594EEC7B3F7CAC9 2014-09-20 [S] [expires: 2028-01-11]
A thread on the git list is where the question was raised and Junio
confirmed he'd extended the expiration of his signing key².
¹ https://src.fedoraproject.org/rpms/git/c/50e6f6e
² https://lore.kernel.org/git/B6DFB74D-A722-4DBD-A4B2-562604B21CCB@alchemists.io/T/#u
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The key used to sign the cgit releases had its expiration date extended
a few months back. Pull the updated key from Jason Donenfeld's web
site¹.
Here is a diff of the key file before and after the update:
$ diff -u <(gpg gpgkey-AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc~ 2>/dev/null) \
<(gpg gpgkey-AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc 2>/dev/null)
--- /dev/fd/63 2021-06-05 15:43:30.494570491 -0400
+++ /dev/fd/62 2021-06-05 15:43:30.495570529 -0400
@@ -1,4 +1,4 @@
-pub rsa4096/49FC7012A5DE03AE 2011-01-15 [SC] [expired: 2021-02-02]
+pub rsa4096/49FC7012A5DE03AE 2011-01-15 [SC] [expires: 2022-02-11]
AB9942E6D4A4CFC3412620A749FC7012A5DE03AE
uid Jason A. Donenfeld <Jason@zx2c4.com>
-sub rsa4096/D4F7A95DFB1EFB7F 2011-01-15 [E] [expired: 2021-02-02]
+sub rsa4096/D4F7A95DFB1EFB7F 2011-01-15 [E] [expires: 2022-02-11]
While here, fix a missing space in the comment which includes the URL to
this key in the spec file.
¹ https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want any of the git code which requires expat, perl, python, or
tcl/tk to be built. Set the corresponding NO_* make variables.
This ensures that even if git can find these tools in the buildroot, it
won't use them. For example, we have perl in the buildroot because it's
used in the test suite, but we don't want to build any of git's perl
tools.
If nothing else, this should slightly improve the build time.
|
|
|
|
|
|
| |
Having the output of the Makefile configuration for cgit and git in the
buld logs is useful. It aids in debugging and allows easier
verification of the options used for building the code.
|
|
|
|
| |
The patch has been accepted. Use the upstream URL as the patch source.
|
|
|
|
|
|
|
|
|
|
|
| |
The tar --zstd option was added in GNU tar-1.32 (2019-02-23). Supported
EPEL releases lack support for this option.
Avoid the requirement on any specific implementations or versions of tar
by piping decompressed output to tar. This is compatible with older GNU
tar releases as well as tar implementations from other vendors. (It may
also be a slight benefit that this more closely matches what the
snapshot creation code does.)
|
|
|
|
| |
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
|
|
|
| |
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
| |
|
| |
|
|
|
|
|
|
|
| |
Add BuildRequires for tests of various compression tools.
Release notes:
https://lists.zx2c4.com/pipermail/cgit/2020-March/004480.html
|
|
|
|
| |
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
|
|
|
|
| |
The highlight package is only available in EL7+ on ppc64le and x86_64.
Exclude all other architectures for EL7 and EL8.
|
|
|
|
|
| |
Release notes:
https://lists.zx2c4.com/pipermail/cgit/2020-January/004455.html
|
|
|
|
|
| |
The git build needs zlib-devel. It was previously pulled into the build
root by something else, so it's absence in cgit went unnoticed.
|
|
|
|
| |
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
|
|
|
| |
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
|
|
|
|
|
|
|
| |
Automate verification for both cgit and git tarballs. This is one less
manual step for maintainers when updating a package.
The GPG key for git should generally be copied from the git package:
https://src.fedoraproject.org/rpms/git/raw/master/f/gpgkey-junio.asc
|
|
|
|
|
|
|
| |
The .build*.log files are no longer created by fedpkg.
We moved to xz-compressed tarballs of git in f017a6c ("Update to 0.10.2.
Fixes bug #1114970", 2014-07-01).
|
|
|
|
|
|
|
|
| |
Now that the bundled git is > 2.13.0 we can drop the BLK_SHA1 make
variable¹. The git default is now DC_SHA1 which provides collision
detection to help protect against the SHATTERED attack.
¹ As noted in bb6278b ("avoid libcrypto.so requires", 2018-06-16)
|
|
|
|
|
|
| |
References:
https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html
https://git.zx2c4.com/cgit/commit/?id=53efaf30b
|
|
|
|
|
|
|
|
|
|
| |
Add a number of settings from the example cgitrc file section of the
documentation. Update the config to reflect the default values, leaving
them commented.
Several settings which previously overrode the cgit defaults no longer
do so. Those settings are: enable-commit-graph, enable-index-links,
enable-log-filecount, enable-log-linecount, and max-stats.
|
|
|
|
|
| |
The agefile setting is often used in combination with a post-receive
hook. An example hook is included in contrib/hooks.
|
|
|
|
| |
Remove extra '/' from git source URL.
|
|
|
|
| |
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
|
|
|
| |
Run the test suite by default to help avoid shipping broken packages.
|
|
|
|
|
|
|
|
| |
Enable the builtin BLK_SHA1 support in git to avoid the dependency on
libcrypto.so. When cgit is updated to work with git >= 2.13.0 we can
drop this, as the default SHA1 library was changed to DC_SHA1.
The openssl-devel build dependency is still needed.
|
| |
|