From f023ff37cbeeb0779fc81bc0d6c9af37239c39a6 Mon Sep 17 00:00:00 2001 From: Anas Nashif Date: Mon, 5 Nov 2012 06:33:57 -0800 Subject: [PATCH] add packaging Change-Id: I03211579b65f6156d9e059504b2f89721fe919c9 --- packaging/apache2-gitweb.conf | 10 ++ packaging/completion-wordbreaks.diff | 23 +++ packaging/git-nohardlink.diff | 16 ++ packaging/git-prevent_xss-default.diff | 38 +++++ packaging/git-python-install-fix.diff | 27 ++++ packaging/git.spec | 278 +++++++++++++++++++++++++++++++++ 6 files changed, 392 insertions(+) create mode 100644 packaging/apache2-gitweb.conf create mode 100644 packaging/completion-wordbreaks.diff create mode 100644 packaging/git-nohardlink.diff create mode 100644 packaging/git-prevent_xss-default.diff create mode 100644 packaging/git-python-install-fix.diff create mode 100644 packaging/git.spec diff --git a/packaging/apache2-gitweb.conf b/packaging/apache2-gitweb.conf new file mode 100644 index 0000000..dbe0a76 --- /dev/null +++ b/packaging/apache2-gitweb.conf @@ -0,0 +1,10 @@ +Alias /git "/usr/share/gitweb/" + + + Options ExecCGI + AllowOverride None + AddHandler cgi-script .cgi + DirectoryIndex gitweb.cgi + Order allow,deny + Allow from all + diff --git a/packaging/completion-wordbreaks.diff b/packaging/completion-wordbreaks.diff new file mode 100644 index 0000000..7dc112a --- /dev/null +++ b/packaging/completion-wordbreaks.diff @@ -0,0 +1,23 @@ +--- + contrib/completion/git-completion.bash | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/contrib/completion/git-completion.bash ++++ b/contrib/completion/git-completion.bash +@@ -77,10 +77,12 @@ + autoload -U +X bashcompinit && bashcompinit + fi + +-case "$COMP_WORDBREAKS" in +-*:*) : great ;; +-*) COMP_WORDBREAKS="$COMP_WORDBREAKS:" +-esac ++# SUSE-specific: We trust the system is consistent and do not let individual ++# scripts play ping-pong with the global $COMP_WORDBREAKS value. ++#case "$COMP_WORDBREAKS" in ++#*:*) : great ;; ++#*) COMP_WORDBREAKS="$COMP_WORDBREAKS:" ++#esac + + # __gitdir accepts 0 or 1 arguments (i.e., location) + # returns location of .git repo diff --git a/packaging/git-nohardlink.diff b/packaging/git-nohardlink.diff new file mode 100644 index 0000000..f898205 --- /dev/null +++ b/packaging/git-nohardlink.diff @@ -0,0 +1,16 @@ +don't use hardlinks as our .spec calls fdupes which converts the +hardlinks to symlinks again in an unpredicatable way +--- + Makefile | 1 - + 1 file changed, 1 deletion(-) + +--- a/Makefile ++++ b/Makefile +@@ -2252,7 +2252,6 @@ + done && \ + for p in $(BUILT_INS); do \ + $(RM) "$$execdir/$$p" && \ +- ln "$$execdir/git$X" "$$execdir/$$p" 2>/dev/null || \ + ln -s "git$X" "$$execdir/$$p" 2>/dev/null || \ + cp "$$execdir/git$X" "$$execdir/$$p" || exit; \ + done && \ diff --git a/packaging/git-prevent_xss-default.diff b/packaging/git-prevent_xss-default.diff new file mode 100644 index 0000000..4069efc --- /dev/null +++ b/packaging/git-prevent_xss-default.diff @@ -0,0 +1,38 @@ +From: Jakub Narebski +Subject: [PATCH] gitweb: Enable $prevent_xss by default + +This fixes issue CVE-2011-2186 originally reported in +https://launchpad.net/bugs/777804 + +Reported-by: dave b +Signed-off-by: Jakub Narebski +--- + git-instaweb.sh | 4 ++++ + gitweb/README | 5 +++-- + gitweb/gitweb.perl | 2 +- + 3 files changed, 8 insertions(+), 3 deletions(-) + +--- a/git-instaweb.sh ++++ b/git-instaweb.sh +@@ -583,6 +583,10 @@ + our \$git_temp = "$fqgitdir/gitweb/tmp"; + our \$projects_list = \$projectroot; + ++# we can trust our own repository, so disable XSS prevention ++# to enable some extra features ++our \$prevent_xss = 0; ++ + \$feature{'remote_heads'}{'default'} = [1]; + EOF + } +--- a/gitweb/gitweb.perl ++++ b/gitweb/gitweb.perl +@@ -170,7 +170,7 @@ + + # Disables features that would allow repository owners to inject script into + # the gitweb domain. +-our $prevent_xss = 0; ++our $prevent_xss = 1; + + # Path to the highlight executable to use (must be the one from + # http://www.andre-simon.de due to assumptions about parameters and output). diff --git a/packaging/git-python-install-fix.diff b/packaging/git-python-install-fix.diff new file mode 100644 index 0000000..b37d571 --- /dev/null +++ b/packaging/git-python-install-fix.diff @@ -0,0 +1,27 @@ +--- + Makefile | 2 +- + git_remote_helpers/Makefile | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/git_remote_helpers/Makefile ++++ b/git_remote_helpers/Makefile +@@ -29,7 +29,7 @@ + $(QUIET)$(PYTHON_PATH) $(pysetupfile) $(QUIETSETUP) build + + install: $(pysetupfile) +- $(PYTHON_PATH) $(pysetupfile) install --prefix $(DESTDIR_SQ)$(prefix) ++ $(PYTHON_PATH) $(pysetupfile) install --prefix $(prefix) --root $(DESTDIR_SQ) + + instlibdir: $(pysetupfile) + @echo "$(DESTDIR_SQ)$(prefix)/$(PYLIBDIR)" +--- a/Makefile ++++ b/Makefile +@@ -1800,7 +1800,7 @@ + $(patsubst %.py,%,$(SCRIPT_PYTHON)): % : %.py + $(QUIET_GEN)$(RM) $@ $@+ && \ + INSTLIBDIR=`MAKEFLAGS= $(MAKE) -C git_remote_helpers -s \ +- --no-print-directory prefix='$(prefix_SQ)' DESTDIR='$(DESTDIR_SQ)' \ ++ --no-print-directory prefix='$(prefix_SQ)' DESTDIR=\ + instlibdir` && \ + sed -e '1s|#!.*python|#!$(PYTHON_PATH_SQ)|' \ + -e 's|\(os\.getenv("GITPYTHONLIB"\)[^)]*)|\1,"@@INSTLIBDIR@@")|' \ diff --git a/packaging/git.spec b/packaging/git.spec new file mode 100644 index 0000000..c37475e --- /dev/null +++ b/packaging/git.spec @@ -0,0 +1,278 @@ +%define gitexecdir %{_libexecdir}/git +%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services + +Name: git +Version: 1.7.10.4 +Release: 0 +License: GPL-2.0 +Summary: Fast, scalable, distributed revision control system +Url: http://git-scm.com +Group: Development/Tools/Version Control +Source: %{name}-%{version}.tar.bz2 +Source1: apache2-gitweb.conf +Source2: sysconfig.git-daemon +Source3: git-daemon.init +Source4: git.xinetd +Source5: usr.share.git-web.gitweb.cgi +Source6: susefirewall-git-daemon +Patch1: git-nohardlink.diff +Patch2: git-python-install-fix.diff +Patch3: completion-wordbreaks.diff +# CVE-2011-2186, bnc#698456 +Patch4: git-prevent_xss-default.diff +BuildRequires: curl +BuildRequires: expat-devel +BuildRequires: fdupes +BuildRequires: gettext-tools +BuildRequires: libcurl-devel +BuildRequires: libopenssl-devel +BuildRequires: perl-Error +BuildRequires: python +Requires: git-core = %{version} +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +Git is a fast, scalable, distributed revision control system with an +unusually rich command set that provides both high-level operations and +full access to internals. + +This package itself only provides the README of git but with the +packages it requires, it brings you a complete Git environment +including GTK and email interfaces and tools for importing source code +repositories from other revision control systems such as subversion, +CVS, and GNU arch. + +%package core +Summary: Core git tools +Group: Development/Tools/Version Control +Requires: less +Requires: openssh +Requires: perl-Error +Requires: perl-base = %{perl_version} +Requires: rsync + +%description core +Git is a fast, scalable, distributed revision control system with an +unusually rich command set that provides both high-level operations and +full access to internals. + +These are the core tools with minimal dependencies. + +%package svn +Summary: Git tools for importing Subversion repositories +Group: Development/Tools/Version Control +Requires: git-core = %{version} +Requires: subversion +Requires: subversion-perl + +%description svn +Tools for importing Subversion repositories to the Git version control +system. + +%package cvs +Summary: Git tools for importing CVS repositories +Group: Development/Tools/Version Control +Requires: cvs +Requires: cvsps +Requires: git-core = %{version} +Requires: perl-DBD-SQLite + +%description cvs +Tools for importing CVS repositories to the Git version control system. + +%package arch +Summary: Git tools for importing Arch repositories +Group: Development/Tools/Version Control +Requires: git-core = %{version} +# Requires: tla + +%description arch +Tools for importing GNU Arch repositories to the GIT version control +system. + +%package email +Summary: Git tools for sending email +Group: Development/Tools/Version Control +Requires: git-core = %{version} +# For sending mails over secure SMTP: +Recommends: perl-Authen-SASL +Recommends: perl-Net-SMTP-SSL, + +%description email +Email interface for the GIT version control system. + +%package daemon +Summary: Simple Server for Git Repositories +Group: Development/Tools/Version Control +Requires(pre): /usr/sbin/useradd +Requires: git-core = %{version} + +%description daemon +A really simple TCP git daemon. In the default configuration it allows +read only access to repositories in /srv/git/ that contain the +'git-daemon-export-ok' file. +%package -n gitk +Summary: Git revision tree visualiser +Group: Development/Tools/Version Control +Requires: git-core = %{version} +Requires: tk >= 8.4 +Supplements: packageand(git-core:tk) + +%description -n gitk +Grapical tool for visualization of revision trees of projects +maintained in the Git version control system. It name gitk indicates +that it's written using the Tk Widget set. + +A simple Tk based graphical interface for common Git operations is +found in the package git-gui. + +%package gui +Summary: Grapical tool for common git operations +Group: Development/Tools/Version Control +Requires: git-core = %{version} +Requires: tk >= 8.4 +Supplements: packageand(git-core:tk) + +%description gui +A Tcl/Tk based graphical user interface to Git. git-gui focuses on +allowing users to make changes to their repository by making new +commits, amending existing ones, creating branches, performing local +merges, and fetching/pushing to remote repositories. + +Unlike gitk, git-gui focuses on commit generation and single file +annotation, and does not show project history. It does however supply +menu actions to start a gitk session from within git-gui. + +%package web +Summary: Git Web Interface +Group: Development/Tools/Version Control +Requires: git-core = %{version} +Supplements: packageand(git-core:apache2) + +%description web +CGI script that allows browsing git repositories via web interface. + +The apache2 configuration contained in this package installs a virtual +directory /git/ that calls the cgi script. + +%package remote-helpers +Summary: Python package for remote helper scripts +Group: Development/Tools/Version Control +Requires: git-core = %{version} +Requires: python + +%description remote-helpers +This package contains the building blocks for remote helpers written in Python. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 + +%build +cat > .make <<'EOF' +#!/bin/bash +make %{?_smp_mflags} CFLAGS="%{optflags}" \ + GITWEB_CONFIG="/etc/gitweb.conf" \ + GITWEB_PROJECTROOT="/srv/git" \ + WITH_OWN_SUBPROCESS_PY=YesPlease \ + DESTDIR=%{buildroot} \ + NO_CROSS_DIRECTORY_HARDLINKS=1 \ + V=1 \ + prefix=%{_prefix} mandir=%{_mandir} \ + gitexecdir=%{gitexecdir} \ + htmldir=%{_docdir}/git-core \ + "$@" +EOF +# +chmod 755 .make +./.make all %{?_smp_mflags} + +%check +make %{?_smp_mflags} test + +%install +./.make install +### +(find %{buildroot}%{_bindir} -type f | grep -vE "archimport|svn|cvs|email|gitk|daemon|gui" | sed -e s@^%{buildroot}@@) > bin-man-doc-files +(find %{buildroot}%{gitexecdir} -mindepth 1 | grep -vE "archimport|svn|cvs|email|gitk|daemon|gui" | sed -e s@^%{buildroot}@@) >> bin-man-doc-files +(find %{buildroot}%{_mandir} %{buildroot}/Documentation -type f | grep -vE "archimport|svn|git-cvs|email|gitk|daemon|gui" | sed -e s@^%{buildroot}@@ -e 's/$/*/' ) >> bin-man-doc-files +( pushd perl + perl Makefile.PL + make -f perl.mak DESTDIR=%{buildroot} install_vendor +) +rm -rf %{buildroot}/usr/lib/perl5/site_perl +%perl_process_packlist +find %{buildroot}/%{_mandir} -type f -print0 | xargs -0 chmod 644 +install -m 644 -D contrib/completion/git-completion.bash %{buildroot}%{_sysconfdir}/bash_completion.d/git.sh +%find_lang %{name} +cat %{name}.lang >>bin-man-doc-files +# use symlinks instead of hardlinks in sub-commands + + +rm -rf %{buildroot}/%{_datadir}/gitweb + +%fdupes -s %{buildroot} + + +%files +%defattr(-,root,root) +%doc README + +%files svn +%defattr(-,root,root) +%{gitexecdir}/*svn* +%doc Documentation/*svn*.txt + +%files cvs +%defattr(-,root,root) +%doc Documentation/*git-cvs*.txt +%{_bindir}/git-cvs* +%{gitexecdir}/*cvs* + +%files arch +%defattr(-,root,root) +%doc Documentation/git-archimport.txt +%{gitexecdir}/git-archimport + +%files email +%defattr(-,root,root) +%doc Documentation/*email*.txt +%{gitexecdir}/*email* + +%files daemon +%defattr(-,root,root) +%doc Documentation/*daemon*.txt +%{gitexecdir}/*daemon* + +%files -n gitk +%defattr(-,root,root) +%doc Documentation/*gitk*.txt +%{_bindir}/gitk +/usr/share/gitk + +%files gui +%defattr(-,root,root) +%doc Documentation/*gui*.txt +%{gitexecdir}/git-gui* +/usr/share/git-gui + +%files remote-helpers +%defattr(-,root,root) +%python_sitelib/* + +%files core -f bin-man-doc-files +%defattr(-,root,root) +%{_bindir}/git +%{_datadir}/git-core/ +%dir %{gitexecdir} +%doc README COPYING Documentation/*.txt +%{perl_vendorlib}/Git.pm +%{perl_vendorlib}/Git/ +%{perl_vendorlib}/Git/*.pm +%{perl_vendorarch}/auto/Git/ +%{_sysconfdir}/bash_completion.d/git.sh + +%changelog -- 2.7.4