Closed
Bug 1257635
Opened 9 years ago
Closed 9 years ago
Upgrade git version to > 2.7.3 on linux build and test machines to address CVE-2016-2324 and CVE‑2016‑2315
Categories
(Infrastructure & Operations :: RelOps: Puppet, task)
Infrastructure & Operations
RelOps: Puppet
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: arich, Assigned: dividehex)
References
Details
Attachments
(2 files, 1 obsolete file)
|
3.09 KB,
patch
|
dustin
:
review+
dividehex
:
checked-in+
|
Details | Diff | Splinter Review |
|
3.19 KB,
patch
|
dustin
:
review+
dividehex
:
checked-in+
|
Details | Diff | Splinter Review |
No description provided.
|
Assignee | |
Comment 1•9 years ago
|
||
git 2.7.4 has been built for centos(both i386 and x86_64) and puppetagain repos have been updated. We'll deploy first thing Monday.
|
|
Assignee | |
Comment 2•9 years ago
|
||
Attachment #8732904 -
Flags: review?(dustin)
|
||
Comment 3•9 years ago
|
||
Comment on attachment 8732904 [details] [diff] [review]
bug11257635-1.patch
Review of attachment 8732904 [details] [diff] [review]:
-----------------------------------------------------------------
Very nice!
Attachment #8732904 -
Flags: review?(dustin) → review+
|
|
Assignee | |
Comment 4•9 years ago
|
||
Comment on attachment 8732904 [details] [diff] [review]
bug11257635-1.patch
remote: https://hg.mozilla.org/build/puppet/rev/71d4d717602d
remote: https://hg.mozilla.org/build/puppet/rev/47b220b79993
Attachment #8732904 -
Flags: checked-in+
|
|
Assignee | |
Comment 5•9 years ago
|
||
Comment on attachment 8732904 [details] [diff] [review]
bug11257635-1.patch
Backed out due to breaking other package dependency
remote: https://hg.mozilla.org/build/puppet/rev/7e1a8288462f
remote: https://hg.mozilla.org/build/puppet/rev/561da7d3e9aa
Mon Mar 21 10:08:02 -0700 2016 Puppet (err): Execution of '/bin/rpm -e mozilla-git-2.4.1-3.el6.x86_64' returned 1: error: Failed dependencies:
mozilla-git is needed by (installed) git-remote-hg-185852e-1.el6.x86_64
Mon Mar 21 10:08:02 -0700 2016 /Stage[main]/Packages::Mozilla::Git/Package[mozilla-git]/ensure (err): change from 2.4.1-3.el6 to absent failed: Execution of '/bin/rpm -e mozilla-git-2.4.1-3.el6.x86_64' returned 1: error: Failed dependencies:
mozilla-git is needed by (installed) git-remote-hg-185852e-1.el6.x86_64
Attachment #8732904 -
Flags: checked-in+ → checked-in-
|
|
||
Comment 6•9 years ago
|
||
I think only Mark uses git-remote-hg, and even then only maybe, and only on the puppetmasters. Maybe we should just give up on that?
|
|
Assignee | |
Comment 7•9 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] from comment #6)
> I think only Mark uses git-remote-hg, and even then only maybe, and only on
> the puppetmasters. Maybe we should just give up on that?
I rebuilt the package to require git instead of mozilla-git, but I'm all in favor of dropping tools like this. It also looks like the code base isn't being maintained anymore. This might be a problem as we move forward with updating git and/or hg
|
|
||
Comment 8•9 years ago
|
||
Yeah, apparently git-cinnabar is the way forward for git/hg integration. It's also possible, with modern hg's, to do puppet work in hg alone.
|
|
Assignee | |
Comment 9•9 years ago
|
||
Same as the last plus removal of git-remote-hg
Attachment #8732904 -
Attachment is obsolete: true
Attachment #8733074 -
Flags: review?(dustin)
|
|
||
Comment 10•9 years ago
|
||
Comment on attachment 8733074 [details] [diff] [review]
bug1257635-2.patch
Review of attachment 8733074 [details] [diff] [review]:
-----------------------------------------------------------------
OK if Mark's got a way to do development without git-remote-hg.
::: modules/packages/manifests/mozilla/git_remote_hg.pp
@@ +7,5 @@
> case $::operatingsystem {
> CentOS: {
> package {
> "git-remote-hg":
> + ensure => absent;
Is this just temporary, after which this class will be removed?
Attachment #8733074 -
Flags: review?(dustin) → review+
|
|
Assignee | |
Comment 11•9 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] from comment #10)
> Comment on attachment 8733074 [details] [diff] [review]
> bug1257635-2.patch
>
> Review of attachment 8733074 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> OK if Mark's got a way to do development without git-remote-hg.
>
> ::: modules/packages/manifests/mozilla/git_remote_hg.pp
> @@ +7,5 @@
> > case $::operatingsystem {
> > CentOS: {
> > package {
> > "git-remote-hg":
> > + ensure => absent;
>
> Is this just temporary, after which this class will be removed?
Yes. The class will be removed soon down the line.
|
|
Assignee | |
Comment 12•9 years ago
|
||
Comment on attachment 8733074 [details] [diff] [review]
bug1257635-2.patch
remote: https://hg.mozilla.org/build/puppet/rev/f2057c07032e
remote: https://hg.mozilla.org/build/puppet/rev/ff66fc5a84b6
Attachment #8733074 -
Flags: checked-in+
|
|
Assignee | |
Comment 13•9 years ago
|
||
Attachment #8733111 -
Flags: review?(dustin)
|
|
||
Updated•9 years ago
|
Attachment #8733111 -
Flags: review?(dustin) → review+
|
|
Assignee | |
Comment 14•9 years ago
|
||
Comment on attachment 8733111 [details] [diff] [review]
bug1257635-3-bump-git-version-ubuntu.patch
remote: https://hg.mozilla.org/build/puppet/rev/36f91620d83b
remote: https://hg.mozilla.org/build/puppet/rev/bef3388106f1
Attachment #8733111 -
Flags: checked-in+
|
|
Assignee | |
Comment 15•9 years ago
|
||
For reference, the ubuntu git packages were pulled directly from the Ubuntu git maintainer's stable ppa
https://launchpad.net/~git-core/+archive/ubuntu/ppa
|
|
Assignee | |
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•