summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* convert license to SPDXTodd Zullinger2022-12-011-2/+5
|
* set path to linker script in %_package_note_fileTodd Zullinger2022-08-011-0/+5
| | | | | | | | | | | | | | | | | The package-notes feature¹ creates a linker script in %{buildsubdir}. Unfortunately, %{buildsubdir} is not set in %prep, leaving us with an incorrect path to the linker script. The build then fails with: /usr/bin/ld: cannot open linker script file /builddir/build/BUILD/.package_note-git-2.35.0-0.2.rc2.fc36.3.x86_64.ld: No such file or directory Set the path to the linker script via %_package_note_file, per suggestion by Zbigniew Jędrzejewski-Szmek². References: ¹ https://fedoraproject.org/wiki/Changes/Package_information_on_ELF_objects ² https://bugzilla.redhat.com/2044028#c10
* update cgit homepageTodd Zullinger2022-08-011-2/+5
| | | | | Point to the "about" page which cgit uses as its homepage rather than to the top of the git repository. It's a bit friendlier.
* Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_RebuildFedora Release Engineering2022-07-201-1/+4
| | | | Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_RebuildFedora Release Engineering2022-01-191-1/+4
| | | | Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
* use %__make %{?_smp_mflags} to run tests in %checkTodd Zullinger2022-01-021-1/+2
| | | | | | | | | | | | | | | | | | | | | | We use %make_build and %make_install since 5038a3a (Use cgit.conf and config.mak for cgit/git build options, 2018-02-18). The macros allow the make options to be overridden more easily. For the same reason, replace make with %__make when running the test suite. Add %{?_smp_mflags} from the %make_build macro. In testing, this cuts the build time by as much as 30%. In the case of the slowest koji arch (armv7hl), it was 9 minutes 31 seconds before and 6 minutes 33 seconds after. It's a nice speedup. We don't use %make_build directly because it includes the -O option (%{_make_output_sync}) which doesn't play nicely with the test output during an interactive build or while tailing the build logs. We also don't include %{_make_verbose} from %make_build. We set `V = 1` in cgit.conf (and config.mak for git), which is what %{_make_verbose} does. The macro is not defined on EL < 9 either.
* build with git-2.34.1Todd Zullinger2022-01-023-5/+1024
| | | | | | | | | | Apply the patches Christian Hesse has regularly posted upstream to track the current git release. Just because it's bundled doesn't mean it should fall so far behind. While here, update the comment regarding bundled git provides. It is neither safe nor fair to assume that the security team are the folks interested in tracking the bundled git, nor that they are all guys. :)
* create /var/lib/git to improve SELinux compatibilityTodd Zullinger2022-01-011-1/+4
| | | | | | | | | | | | | | The README.SELinux file says that the default directory has its context set automatically. This is only true it the cgit package installs the directory. Creating it manually does not result in the proper SELinux context being set. Create and own the directory so that the context is set when the package is installed. This directory is shared with the git-daemon package. We share ownership because cgit is frequently used without git-daemon -- particularly now that the smart http git protocol is widely deployed.
* explicitly list the cgit cgi-bin scriptTodd Zullinger2022-01-011-1/+2
| | | | | Avoid a wildcard glob. We know there is only one file in the cgi-bin directory.
* improve httpd config file creationTodd Zullinger2022-01-011-6/+6
| | | | | | | | | | Remove the needless %dist conditional, all supported Fedora and EPEL releases use httpd-2.4. Use macros consistently within the httpd.conf file. Set the timestamp of the httpd.conf to match the README from the tarball to keep it consistent across builds.
* simplify install commandsTodd Zullinger2022-01-011-5/+6
| | | | | | | Use `install -D` to create /etc/httpd/conf.d and install the cgit.conf in one command instead of two. Add %{httpdconfd} to keep this short. Replace `install -d` with `mkdir` for simple directory creation.
* update SELinux READMETodd Zullinger2022-01-013-23/+34
| | | | | | | | | | | | | | | The documentation for SELinux has grown a little stale. Refresh it and convert it to markdown syntax¹. Remove outdated data about the graphical system-config-selinux tool. Mention that restorecon might be needed to update /var/lib/git. Use the semanage equality option (-e) to simplify the command used to add an alternate location for git repositories. ¹ The main reason to convert to markdown is to avoid pagure displaying it as one large blob.
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_RebuildFedora Release Engineering2021-07-211-1/+4
| | | | Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_RebuildFedora Release Engineering2021-07-210-0/+0
| | | | Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
* use git to apply patchesTodd Zullinger2021-06-061-1/+3
| | | | | | With `git am` we're less likely to have issues like we saw with the patch command creating a .orig file while applying a patch with a small offset.
* refresh highlight-3 patchTodd Zullinger2021-06-063-14/+30
| | | | | | | | | | | | The patch to default to highlight-3 applied with a bit of an offset. On EL7 this causes a .orig file to be created. This is then copied into the filter dir by the cgit install process. Rebase the patch on the current cgit to avoid this bit of cruft. Alternately (or additionally), we could add `--no-backup-if-mismatch` to the %_default_patch_flags macro for EL7 builds. This flag is set in newer Fedora and EL releases.
* limit *.py[co] %exclude to el7Todd Zullinger2021-06-061-2/+3
| | | | | | | The exclusion was added in 9febbf3 (disable automatic compilation of *.py files outside of python sitelib, 2018-06-15). Since that time, no supported Fedora releases need it and the only EL release which does is EL7. Update the comment to reflect this and only use %exclude on EL7.
* remove %_python_bytecompile_extraTodd Zullinger2021-06-061-4/+1
| | | | | This macro is no longer needed (nor wanted) in Fedora. It is not present in EL7/EL8. Remove it.
* remove stale comment regarding %autosetup on el6Todd Zullinger2021-06-061-2/+0
| | | | EL6 has been EOL since November 2020.
* clean up & improve dist conditionalsTodd Zullinger2021-06-061-9/+5
| | | | | | | Replace a number of `EL > 7` with `EL >= 8` to make the intention clearer. The next version of RHEL is no longer shrouded in mystery. Move the httpd_filesystem bcond into the block for Fedora && EL8+.
* preserve timestamps when running installTodd Zullinger2021-06-061-0/+2
| | | | | | | We preserve timestamps when running COPYTREE. Do so when running INSTALL as well, to better respect the Packaging Guidelines¹. ¹ https://docs.fedoraproject.org/en-US/packaging-guidelines/#_timestamps
* use %{gpgverify} macro to verify tarball signatureTodd Zullinger2021-06-061-21/+13
| | | | | | | | | | | The macro is now available for all supported Fedora and EPEL releases. (It is presumed that EL-9 will include %{gpgverify} as it will be branched from F-34. If that turns out to be false, we will adjust later.) The Packaging Guidelines require the use of the %{gpgverify} macro: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures
* update Junio's GPG key (with extended expiration)Todd Zullinger2021-06-061-104/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As explained in 50e6f6e (update Junio's GPG key (with extended expiration), 2021-01-27) in the git package¹, the key used to sign git releases expired in July 2020. While this doesn't strictly affect us because we use gpgv to verify the releases against a known key file, it is worth updating to make it clear that we're using the correct signing key. Here is a diff of the key file before and after the update: $ diff -u <(gpg gpgkey-96E07AF25771955980DAD10020D04E5A713660A7.asc~ 2>/dev/null) \ <(gpg gpgkey-96E07AF25771955980DAD10020D04E5A713660A7.asc 2>/dev/null) --- /dev/fd/63 2021-06-05 15:40:47.398256869 -0400 +++ /dev/fd/62 2021-06-05 15:40:47.399256908 -0400 @@ -3,6 +3,6 @@ uid Junio C Hamano <gitster@pobox.com> uid Junio C Hamano <junio@pobox.com> uid Junio C Hamano <jch@google.com> -sub rsa4096/B0B5E88696AFE6CB 2011-10-03 [S] [expired: 2020-07-26] +sub rsa4096/B0B5E88696AFE6CB 2011-10-03 [S] [expires: 2028-01-11] sub rsa4096/86B76D5D833262C4 2011-10-01 [E] -sub rsa4096/7594EEC7B3F7CAC9 2014-09-20 [S] [expired: 2020-07-26] +sub rsa4096/7594EEC7B3F7CAC9 2014-09-20 [S] [expires: 2028-01-11] A thread on the git list is where the question was raised and Junio confirmed he'd extended the expiration of his signing key². ¹ https://src.fedoraproject.org/rpms/git/c/50e6f6e ² https://lore.kernel.org/git/B6DFB74D-A722-4DBD-A4B2-562604B21CCB@alchemists.io/T/#u
* update Jason's GPG key (with extended expiration)Todd Zullinger2021-06-062-39/+62
| | | | | | | | | | | | | | | | | | | | | | | | | The key used to sign the cgit releases had its expiration date extended a few months back. Pull the updated key from Jason Donenfeld's web site¹. Here is a diff of the key file before and after the update: $ diff -u <(gpg gpgkey-AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc~ 2>/dev/null) \ <(gpg gpgkey-AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc 2>/dev/null) --- /dev/fd/63 2021-06-05 15:43:30.494570491 -0400 +++ /dev/fd/62 2021-06-05 15:43:30.495570529 -0400 @@ -1,4 +1,4 @@ -pub rsa4096/49FC7012A5DE03AE 2011-01-15 [SC] [expired: 2021-02-02] +pub rsa4096/49FC7012A5DE03AE 2011-01-15 [SC] [expires: 2022-02-11] AB9942E6D4A4CFC3412620A749FC7012A5DE03AE uid Jason A. Donenfeld <Jason@zx2c4.com> -sub rsa4096/D4F7A95DFB1EFB7F 2011-01-15 [E] [expired: 2021-02-02] +sub rsa4096/D4F7A95DFB1EFB7F 2011-01-15 [E] [expires: 2022-02-11] While here, fix a missing space in the comment which includes the URL to this key in the spec file. ¹ https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc
* explicitly disable expat, perl, python, and tcl/tk in git buildTodd Zullinger2021-06-061-0/+5
| | | | | | | | | | | | We don't want any of the git code which requires expat, perl, python, or tcl/tk to be built. Set the corresponding NO_* make variables. This ensures that even if git can find these tools in the buildroot, it won't use them. For example, we have perl in the buildroot because it's used in the test suite, but we don't want to build any of git's perl tools. If nothing else, this should slightly improve the build time.
* include output of cgit.conf and git/config.mak in build logsTodd Zullinger2021-06-061-3/+6
| | | | | | Having the output of the Makefile configuration for cgit and git in the buld logs is useful. It aids in debugging and allows easier verification of the options used for building the code.
* update tar/zstd patch from upstreamTodd Zullinger2020-12-292-8/+15
| | | | The patch has been accepted. Use the upstream URL as the patch source.
* improve test suite's use of zstd to decode a tar fileTodd Zullinger2020-08-082-0/+80
| | | | | | | | | | | The tar --zstd option was added in GNU tar-1.32 (2019-02-23). Supported EPEL releases lack support for this option. Avoid the requirement on any specific implementations or versions of tar by piping decompressed output to tar. This is compatible with older GNU tar releases as well as tar implementations from other vendors. (It may also be a slight benefit that this more closely matches what the snapshot creation code does.)
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_RebuildFedora Release Engineering2021-01-261-1/+4
| | | | Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_RebuildFedora Release Engineering2020-07-271-1/+4
| | | | Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
* Bump releaseBjörn Esser2020-04-021-1/+4
|
* Fix string quoting for rpm >= 4.16Björn Esser2020-04-021-1/+1
|
* update to 1.2.3Todd Zullinger2020-03-132-7/+14
| | | | | | | Add BuildRequires for tests of various compression tools. Release notes: https://lists.zx2c4.com/pipermail/cgit/2020-March/004480.html
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_RebuildFedora Release Engineering2020-01-281-1/+4
| | | | Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
* adjust highlight requirement conditional for EL7+Todd Zullinger2020-01-131-2/+3
| | | | | The highlight package is only available in EL7+ on ppc64le and x86_64. Exclude all other architectures for EL7 and EL8.
* update to 1.2.2Todd Zullinger2020-01-132-7/+10
| | | | | Release notes: https://lists.zx2c4.com/pipermail/cgit/2020-January/004455.html
* add missing zlib-devel BuildRequires, fixes FTBFS (#1737005)Todd Zullinger2019-08-021-1/+5
| | | | | The git build needs zlib-devel. It was previously pulled into the build root by something else, so it's absence in cgit went unnoticed.
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_RebuildFedora Release Engineering2019-07-241-1/+4
| | | | Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_RebuildFedora Release Engineering2019-01-311-1/+4
| | | | Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
* verify upstream GPG signatures in %prepTodd Zullinger2018-08-115-0/+641
| | | | | | | | Automate verification for both cgit and git tarballs. This is one less manual step for maintainers when updating a package. The GPG key for git should generally be copied from the git package: https://src.fedoraproject.org/rpms/git/raw/master/f/gpgkey-junio.asc
* clean up .gitignore rulesTodd Zullinger2018-08-101-2/+0
| | | | | | | The .build*.log files are no longer created by fedpkg. We moved to xz-compressed tarballs of git in f017a6c ("Update to 0.10.2. Fixes bug #1114970", 2014-07-01).
* use git's default, collision-detecting SHA1 implementationTodd Zullinger2018-08-101-2/+4
| | | | | | | | Now that the bundled git is > 2.13.0 we can drop the BLK_SHA1 make variable¹. The git default is now DC_SHA1 which provides collision detection to help protect against the SHATTERED attack. ¹ As noted in bb6278b ("avoid libcrypto.so requires", 2018-06-16)
* Update to 1.2.1, fixes directory traversal vulnerabilityTodd Zullinger2018-08-032-2/+5
| | | | | | References: https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html https://git.zx2c4.com/cgit/commit/?id=53efaf30b
* Update example cgtirc settingsTodd Zullinger2018-07-132-10/+60
| | | | | | | | | | Add a number of settings from the example cgitrc file section of the documentation. Update the config to reflect the default values, leaving them commented. Several settings which previously overrode the cgit defaults no longer do so. Those settings are: enable-commit-graph, enable-index-links, enable-log-filecount, enable-log-linecount, and max-stats.
* Include contrib dir in docsTodd Zullinger2018-07-131-1/+5
| | | | | The agefile setting is often used in combination with a post-receive hook. An example hook is included in contrib/hooks.
* Update to 1.2Todd Zullinger2018-07-133-72/+9
| | | | Remove extra '/' from git source URL.
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_RebuildFedora Release Engineering2018-07-121-1/+4
| | | | Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
* run test suite in %checkTodd Zullinger2018-06-161-0/+24
| | | | Run the test suite by default to help avoid shipping broken packages.
* avoid libcrypto.so requiresTodd Zullinger2018-06-161-0/+2
| | | | | | | | Enable the builtin BLK_SHA1 support in git to avoid the dependency on libcrypto.so. When cgit is updated to work with git >= 2.13.0 we can drop this, as the default SHA1 library was changed to DC_SHA1. The openssl-devel build dependency is still needed.
* cleanup cruft: drop Group tag, %defattr; use %licenseTodd Zullinger2018-06-161-5/+4
|