Closed
Bug 1257635
Opened 8 years ago
Closed 8 years ago
Upgrade git version to > 2.7.3 on linux build and test machines to address CVE-2016-2324 and CVE‑2016‑2315
Categories
(Infrastructure & Operations :: RelOps: Puppet, task)
Infrastructure & Operations
RelOps: Puppet
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: arich, Assigned: dividehex)
References
Details
Attachments
(2 files, 1 obsolete file)
3.09 KB,
patch
|
dustin
:
review+
dividehex
:
checked-in+
|
Details | Diff | Splinter Review |
3.19 KB,
patch
|
dustin
:
review+
dividehex
:
checked-in+
|
Details | Diff | Splinter Review |
No description provided.
Assignee | ||
Comment 1•8 years ago
|
||
git 2.7.4 has been built for centos(both i386 and x86_64) and puppetagain repos have been updated. We'll deploy first thing Monday.
Assignee | ||
Comment 2•8 years ago
|
||
Attachment #8732904 -
Flags: review?(dustin)
Comment 3•8 years ago
|
||
Comment on attachment 8732904 [details] [diff] [review] bug11257635-1.patch Review of attachment 8732904 [details] [diff] [review]: ----------------------------------------------------------------- Very nice!
Attachment #8732904 -
Flags: review?(dustin) → review+
Assignee | ||
Comment 4•8 years ago
|
||
Comment on attachment 8732904 [details] [diff] [review] bug11257635-1.patch remote: https://hg.mozilla.org/build/puppet/rev/71d4d717602d remote: https://hg.mozilla.org/build/puppet/rev/47b220b79993
Attachment #8732904 -
Flags: checked-in+
Assignee | ||
Comment 5•8 years ago
|
||
Comment on attachment 8732904 [details] [diff] [review] bug11257635-1.patch Backed out due to breaking other package dependency remote: https://hg.mozilla.org/build/puppet/rev/7e1a8288462f remote: https://hg.mozilla.org/build/puppet/rev/561da7d3e9aa Mon Mar 21 10:08:02 -0700 2016 Puppet (err): Execution of '/bin/rpm -e mozilla-git-2.4.1-3.el6.x86_64' returned 1: error: Failed dependencies: mozilla-git is needed by (installed) git-remote-hg-185852e-1.el6.x86_64 Mon Mar 21 10:08:02 -0700 2016 /Stage[main]/Packages::Mozilla::Git/Package[mozilla-git]/ensure (err): change from 2.4.1-3.el6 to absent failed: Execution of '/bin/rpm -e mozilla-git-2.4.1-3.el6.x86_64' returned 1: error: Failed dependencies: mozilla-git is needed by (installed) git-remote-hg-185852e-1.el6.x86_64
Attachment #8732904 -
Flags: checked-in+ → checked-in-
Comment 6•8 years ago
|
||
I think only Mark uses git-remote-hg, and even then only maybe, and only on the puppetmasters. Maybe we should just give up on that?
Assignee | ||
Comment 7•8 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] from comment #6) > I think only Mark uses git-remote-hg, and even then only maybe, and only on > the puppetmasters. Maybe we should just give up on that? I rebuilt the package to require git instead of mozilla-git, but I'm all in favor of dropping tools like this. It also looks like the code base isn't being maintained anymore. This might be a problem as we move forward with updating git and/or hg
Comment 8•8 years ago
|
||
Yeah, apparently git-cinnabar is the way forward for git/hg integration. It's also possible, with modern hg's, to do puppet work in hg alone.
Assignee | ||
Comment 9•8 years ago
|
||
Same as the last plus removal of git-remote-hg
Attachment #8732904 -
Attachment is obsolete: true
Attachment #8733074 -
Flags: review?(dustin)
Comment 10•8 years ago
|
||
Comment on attachment 8733074 [details] [diff] [review] bug1257635-2.patch Review of attachment 8733074 [details] [diff] [review]: ----------------------------------------------------------------- OK if Mark's got a way to do development without git-remote-hg. ::: modules/packages/manifests/mozilla/git_remote_hg.pp @@ +7,5 @@ > case $::operatingsystem { > CentOS: { > package { > "git-remote-hg": > + ensure => absent; Is this just temporary, after which this class will be removed?
Attachment #8733074 -
Flags: review?(dustin) → review+
Assignee | ||
Comment 11•8 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] from comment #10) > Comment on attachment 8733074 [details] [diff] [review] > bug1257635-2.patch > > Review of attachment 8733074 [details] [diff] [review]: > ----------------------------------------------------------------- > > OK if Mark's got a way to do development without git-remote-hg. > > ::: modules/packages/manifests/mozilla/git_remote_hg.pp > @@ +7,5 @@ > > case $::operatingsystem { > > CentOS: { > > package { > > "git-remote-hg": > > + ensure => absent; > > Is this just temporary, after which this class will be removed? Yes. The class will be removed soon down the line.
Assignee | ||
Comment 12•8 years ago
|
||
Comment on attachment 8733074 [details] [diff] [review] bug1257635-2.patch remote: https://hg.mozilla.org/build/puppet/rev/f2057c07032e remote: https://hg.mozilla.org/build/puppet/rev/ff66fc5a84b6
Attachment #8733074 -
Flags: checked-in+
Assignee | ||
Comment 13•8 years ago
|
||
Attachment #8733111 -
Flags: review?(dustin)
Updated•8 years ago
|
Attachment #8733111 -
Flags: review?(dustin) → review+
Assignee | ||
Comment 14•8 years ago
|
||
Comment on attachment 8733111 [details] [diff] [review] bug1257635-3-bump-git-version-ubuntu.patch remote: https://hg.mozilla.org/build/puppet/rev/36f91620d83b remote: https://hg.mozilla.org/build/puppet/rev/bef3388106f1
Attachment #8733111 -
Flags: checked-in+
Assignee | ||
Comment 15•8 years ago
|
||
For reference, the ubuntu git packages were pulled directly from the Ubuntu git maintainer's stable ppa https://launchpad.net/~git-core/+archive/ubuntu/ppa
Assignee | ||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•