git224

[glianeric]

What new package do you want?

Git 2.24.1

Why?

CentOS 7 has only git 1.8.3, and IUS 2.22. Git 2.24.1 fixes significant vulnerabilities and provides new features used by the latest BitBucket server; I would like to plug the security issues, and the ability to use the new features is nice to have.

Testing

I agree to test the new package to ensure that it works as expected. Once I am satisfied with the results of my testing I will comment on this issue with the word "STABLE" to get it promoted to the stable repos.

[carlwgeorge]

Thanks for the request @glianeric.

Those security fixes were also released in 2.22.2 and 2.16.6, which are currently available in our testing repo for the existing git222 and git216 (renamed from git2u) packages.

There are indeed still new features in 2.24 which have been brought up before, so we can take a look at creating a new git224 package to address those needs.

[elyscape]

My team would appreciate a git224 package. Bitbucket 6.9 adds support for using Git commit-graphs provided that the system git is version 2.24 or greater. Since we're running our Bitbucket instance on a CentOS box, IUS is how we've been getting current versions of Git.

[odgrim]

+1, I actually have the exact same issue and reason as @elyscape

I'm using bitbucket and 2.24 brings advertised performance boosts to the latest release of bitbucket server

[mricon]

@elyscape @odgrim If it helps, I build git224 as part of icon/lfit COPR for EL7 -- it is built from pretty much the same spec file as IUS git222. We use this package internally at the Linux Foundation IT.

https://copr.fedorainfracloud.org/coprs/icon/lfit/packages/

[carlwgeorge]

@mricon Would you like to contribute your git224 spec file to IUS? We have a walkthrough on setting up the package source repository in a way that preserves the Fedora spec file's commit history.

https://github.com/iusrepo/packaging/wiki/walkthrough

The replacement package step is explained in further detail in our packaging guidelines.

https://github.com/iusrepo/packaging/wiki/guidelines

If you have this set up on GitHub, I can help you transfer it to the @iusrepo organization. Alternatively, I can just clone it and push to a new remote.

[silentpete]

I have diff'd the git222.spec from IUS and the git224.spec from LFIT and I find:

$ diff git222.spec git224.spec
86,88c86,88
< Name:           git222
< Version:        2.22.2
< Release:        1%{?dist}
---
> Name:           git224
> Version:        2.24.1
> Release:        2%{?dist}
477a478,483
> # For some very strange reasons, gpg fails on aarch64 with this error:
> # gpg: Fatal: can't disable core dumps: Operation not permitted
> # I have asked about this on the gnupg list and will re-enable once I have
> # an answer on how to fix the error:
> # https://lists.gnupg.org/pipermail/gnupg-users/2019-December/063170.html
> %ifnarch aarch64
485a492
> %endif
994,995c1001,1008
< * Wed Dec 18 2019 Carl George <carl@george.computer> - 2.22.2-1
< - Latest upstream
---
> * Mon Dec 30 2019 Konstantin Ryabitsev <konstantin@linuxfoundation.org> - 2.24.1-2
> - Disable gpg signature verification on aarch64 due to COPR build failure
>
> * Fri Dec 13 2019 Konstantin Ryabitsev <konstantin@linuxfoundation.org> - 2.24.1-1
> - Update to 2.24.1 with security fixes.
>
> * Tue Nov 19 2019 Konstantin Ryabitsev <konstantin@linuxfoundation.org> - 2.24.0-2
> - Update to 2.24.0 to fix a few backend bugs.

I have currently built the 2.24.1 Git RPM from kernel.org source tar files using IUS git222.spec, and just edit the Name and Version.

I am also using this RPM in my Atlassian Bitbucket 6.9.x environment.

@carlwgeorge , it would be nice to keep up building RPMs for the versions of Git available... so 2.23.x 2.24.x and now 2.25.x are available and the community can't really find anyone supporting RPM's.

I'm not sure if you/me/us/lfit can just copy git222 repo as git223/git224/git225?

I see the directions from the link above, can I attempt to do that from my github?

[carlwgeorge]

I have created git224 from the Fedora commit history as described in the walkthrough. It built successfully for both EL6 and EL7. I have published the resulting packages to the testing repositories. Please test them out and provide feedback.

[nkadel]

Git is now available at 2.25.1. Rather than maintaining all these slightly distinct strains, why don't we simply update the "git2u" package to that release? My patches are available at https://github.com/nkadel/nkadel-git2u-srpm . If we want to keep using "git222" or similar names, simply update the "Name" in the .spec file to be "git225" instead of "git2u".

[carlwgeorge]

@nkadel No. See this comment https://github.com/iusrepo/git216/issues/10#issuecomment-428360542 and the rest of that issue for the justification.

[nkadel]

I've published update to the very latest, 2.25.1, under this git repo:

https://github.com/nkadel/nkadel-git2u-srpm

The only important distinction and "git222" based names is the "Name" settings. Having branch after branch is somewhat confusing, but this is workable as a basis for an update to 2.25.1.

[carlwgeorge]

Has anyone had a chance to test the git224 rpms from the testing repository? If so I'll be happy to move them to the main repository for wider usage.

[nkadel]

I've tested builds with merely the "Name" and "Version" settings changed to "225" and "2.25.1" respectively, and it works fine for git 2.25.1 in my test setups.

[carlwgeorge]

@nkadel Thanks but I'm looking for someone to test the actual packages that are in the testing repository.

[carlwgeorge]

@glianeric @elyscape @odgrim ?

[Jackenmen]

git224 package seems to work just fine, I've tested it with a project that needs Git as part of its functionality + I ran all GitPython's test to have a little bigger test case.

[carlwgeorge]

Thanks for the feedback @jack1142! I've promoted git224 to the main repos.