Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

git: 2.47.2 -> 2.48.1 #372784

Open
wants to merge 3 commits into
base: staging
Choose a base branch
from
Open

git: 2.47.2 -> 2.48.1 #372784

wants to merge 3 commits into from

Conversation

me-and
Copy link
Contributor

@me-and me-and commented Jan 10, 2025

Changelogs:

This also includes one commit from #370888, which is necessary for the build to complete.

No substantial changes that affect backwards compatibility AFAICS, so I don't think there's a need for a release note.

Haven't tested all executables in bin/, but I did check git --version as a quick test on top of the test suite and that's fine. Builds of nixosTests.gitdaemon, git.passthru.tests and tests.fetchgit, as safety checks, are on my system now.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@me-and
Copy link
Contributor Author

me-and commented Jan 13, 2025

@ofborg build git gitFull git.passthru.tests nixpkgs-manual nixpkgs-manual.tests

@LeSuisse
Copy link
Contributor

Note this will be need to be bumped to 2.48.1 to include fixes for CVE-2024-50349 and CVE-2024-52006 (see also #373801)

@me-and me-and changed the title Git: v2.47.1 -> v2.48.0 Git: v2.47.1 -> v2.48.1 Jan 14, 2025
@me-and
Copy link
Contributor Author

me-and commented Jan 14, 2025

I've updated this PR to target Git v2.48.1 rather than v2.48.0. I'm not adding the security tag as I think the security issue is better addressed by #373801.

Copy link
Member

@SuperSandro2000 SuperSandro2000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The commit message and PR title should not contain the v prefix.

@me-and me-and changed the title Git: v2.47.1 -> v2.48.1 Git: 2.47.1 -> 2.48.1 Jan 14, 2025
@me-and
Copy link
Contributor Author

me-and commented Jan 14, 2025

The commit message and PR title should not contain the v prefix.

Fixed, thank you!

@SuperSandro2000 SuperSandro2000 changed the title Git: 2.47.1 -> 2.48.1 git: 2.47.1 -> 2.48.1 Jan 15, 2025
Copy link
Member

@SuperSandro2000 SuperSandro2000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@wegank wegank added the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Jan 15, 2025
@matejc
Copy link
Contributor

matejc commented Jan 17, 2025

This version fixes security vulnerabilities (https://github.blog/open-source/git/git-security-vulnerabilities-announced-5/). Can we get this merged asap?

@me-and
Copy link
Contributor Author

me-and commented Jan 17, 2025

@matejc for the security fixes, I think you want #373801, which only covers the security fixes, whereas this is a more substantial update.

@SuperSandro2000
Copy link
Member

I've merged the small update. Can you rebase this on staging to fix the conflict?

For build process clarity, build documentation during the build phase.
Without this change, the docs are built during the install phase as
that's when `make` realises they're not yet present.

This also means that the main Git documentation is built before the
contrib/subtree documentation, which is necessary for the subtree
documentation to build successfully in Git v2.48.0-rc0 and -rc1 (and
presumably therefore in v2.48.0 when it is released).
@me-and
Copy link
Contributor Author

me-and commented Jan 18, 2025

@SuperSandro2000 done! Updated branch with updated commit message for the new version change.

@vcunat vcunat changed the title git: 2.47.1 -> 2.48.1 git: 2.47.2 -> 2.48.1 Jan 19, 2025
@wegank wegank removed the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Jan 19, 2025
Copy link
Member

@SuperSandro2000 SuperSandro2000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

build locally with success

@wegank wegank added the 12.approvals: 1 This PR was reviewed and approved by one reputable person label Jan 20, 2025
@SuperSandro2000
Copy link
Member

Anyone has an idea why some tests from https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/fetchgit/tests.nix#L49 are now suddenly failing? Do we just update the hashes?

@me-and
Copy link
Contributor Author

me-and commented Jan 25, 2025

Anyone has an idea why some tests from https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/fetchgit/tests.nix#L49 are now suddenly failing? Do we just update the hashes?

Ah! I've just looked at the different test outputs. The issue, at least for tests.fetchgit.leave-git is that the old version of Git created an empty .git/branches directory, which the new version omits. The culprit is git/git@ed060aa.

I'm not sure the best way to handle this. Options I can see:

  1. Update the hashes for the now-failing tests in tests.fetchgit only. That'll mean anything else that uses leaveDotGit, or anything that implies that, will be broken.
  2. Work out everything in nixpkgs that uses leaveDotGit and fix that up, too. I'm not entirely sure how to achieve that, but it sounds like something that at least ought be straightforward. This will still break anything external that uses that function.
  3. Change fetchgit to add the .git/branches directory back. This avoids breaking anything, but I'm not a fan of undoing upstream changes like that.

I'd default to option 2 + a release note, but I'd be interested in thoughts from people who've been doing this longer than I have!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
10.rebuild-darwin: 5001+ 10.rebuild-linux: 5001+ 12.approvals: 1 This PR was reviewed and approved by one reputable person
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants