[ANNOUNCE] Gerrit 2.0.24

17 views
Skip to first unread message

Shawn Pearce

unread,
Nov 2, 2009, 7:56:12 PM11/2/09
to repo-discuss
Gerrit 2.0.24 is now available in the usual location:

http://code.google.com/p/gerrit/downloads/list


==Schema Change==

*WARNING: This version contains a schema change* (since 2.0.21)

Apply the database specific schema script:

java -jar gerrit.war --cat sql/upgrade018_019_postgres.sql | psql reviewdb
java -jar gerrit.war --cat sql/upgrade018_019_mysql.sql | mysql reviewdb

==LDAP Change==

LDAP groups are now bound via their full distinguished name, and not
by their common name. Sites using LDAP groups will need to have the
site administrator visit every LDAP backed group through the web UI
(Admin > Groups), search for, and select the underlying LDAP group
from the directory server.

This change was made to remove some of the guesswork when it comes
to setting up an LDAP enabled group, as well as to permit creating
new LDAP enabled groups completely from the web UI. It also removes
an ambiguous case when different parts of the same directory space
create identically named groups.


==New Features==
* Check if the user has permission to upload changes

The new READ +2 permission is required to upload a change to a
project, while READ +1 permits read but denies uploading a change.
The schema upgrade script automatically converts READ +1 to +2.

* Use LDAP DN to match LDAP group to Gerrit group
* issue 297 Allow admins to search for and bind to LDAP groups

As noted above, LDAP groups now use the full DN to match to their
Gerrit database counterpart, rather than just the common name.

Administrators may now create Gerrit groups and attach them to
any LDAP group, by performing a query on the LDAP directory for
matching groups and selecting a result.

* issue 301 Try to prevent forgotten `git add` during replace

Users are now stopped from performing a replace of a patch set if
they have not made a meaningful change (modify a file, or modify
the commit message). If only the commit message was modified,
a warning is printed, but the replace still occurs.

* issue 126 Link to our issue tracker in the page footer

The footer now includes a link to the Gerrit project's issue
tracker, so end-users can more easily report bugs or feature
requests back to the developers.

* issue 300 Support SMTP over SSL/TLS

Encrypted SMTP is now supported natively within Gerrit, see

http://gerrit.googlecode.com/svn/documentation/2.0/config-gerrit.html#sendemail.smtpEncryption


==Bug Fixes==
* issue 290 Fix invalid drop index in upgrade017_018_mysql

Minor syntax error in SQL script.

* Fixed ActiveDirectory LDAP group support. Allows recu...
* issue 307 Set proper LDAP defaults for Active Directory

ActiveDirectory is now better supported out of the box. Defaults
for the LDAP configuration settings are automatically guessed at
startup based upon the type of server configured in ldap.server.

Recursive groups (group which is a member of a group) is also
now supported when using an ActiveDirectory server. Other LDAP
servers (e.g. OpenLDAP) probably don't support this.

* "250-AUTH " will be returned if 'AUTH' response does ...
* Fix: Authentication fail when authTypes is empty
* Fix a typo that broke the gerrit build

Outgoing SMTP sometimes failed to authenticate against a
SMTP server due to slightly incorrect handling of the AUTH
advertisement.

* Correct scp commands in documentation to include -p

Our documentation of how to copy the commit-msg hook down via
scp did not include the -p option, which is necessary to make
the client preserve the executable flag on the hook script.

* issue 291 Suggest latin1 charset for MySQL databases

Documentation was updated to encourage using latin1 for MySQL
as MySQL fails with key too long errors during schema creation
when the database is using the UTF-8 character set.

* issue 294 Fix OpenID self registration dialog

OpenID 'Register' hyperlink was broken due to the dialog having
no content added to it before display. This bug was fixed by
using the proper OpenID login dialog.

* issue 309 Clear message on publish comments screen after submit...

The publish comments button preserved your last comment, making
it easy for a user to accidentally publish the same message on
the same change twice. The message is now cleared after it has
been successfully sent.

* issue 299 Remove the branches table from the database
* Display current branch SHA-1 in Branches tab
* issue 299 Display not-yet-born HEAD branch in Branches tab

The not-yet-born branch in an empty project is now shown in the
Branches tab. (This is based on the value of the HEAD symbolic
reference within the project's Git repository.)

The branches table was removed from the database. We now fully
rely upon the Git repository to determine which branches exist
and thus permit changes to be uploaded to.

* issue 296 Make help more friendly over SSH

`ssh -p 29418 localhost help` is now more user friendly.

* Don't request registration if the account exists
* issue 38 Fix OpenID delegate authentication

OpenID authentication was sometimes asking providers for
registation data when we already had it on hand, fixed.

OpenID delegate identities were being stored rather than claimed
identities when the claimed identity is just a delegate to the
delegate provider. We now store both in the account.


==Other Changes==
* Start 2.0.24 development
* Merge change Ie16b8ca2
* Switch to the new org.eclipse.jgit package
* Allow default of $JETTY_HOME in to_jetty.sh
* LdapRealm: Remove unused throws declaration
* LdapRealm: Fix missing type parameter warnings
* Remove dead exists method from AccountManager
* Document ldap.groupPattern
* AuthSMTPClient: Fix formatting errors
* style fixup: remote trailing whitespace from our sour...
* show-caches: Correct example output in documentation
* Move server programs section under User Guide
* Revert "Remove dead exists method from AccountManager"
* Ensure prior commit body is parsed before comparing m...
* Gerrit 2.0.24

Chad Fawcett

unread,
Nov 2, 2009, 11:26:05 PM11/2/09
to repo-d...@googlegroups.com
I seem unable to login to r.android.com all of a suddon, and I'm wondering if it's related to the openid delegate changes. I login and have my changes submitted via an openid of "http://www.chadfawcett.com" which points to http://entropi.myopenid.com as its delegate.  Trying to login with www.chadfawcett.com now gets me a login error, but entropi.myopenid.com apparently got registered as a duplicate account, so if I try logging in with that id I get an empty anonymous account.  

Anyway for me to fix this or is there somehow get those accounts/logins merged?



On Mon, Nov 2, 2009 at 4:56 PM, Shawn Pearce <s...@google.com> wrote:

  OpenID delegate identities were being stored rather than claimed
  identities when the claimed identity is just a delegate to the
  delegate provider.  We now store both in the account.


Shawn Pearce

unread,
Nov 3, 2009, 1:50:01 PM11/3/09
to repo-d...@googlegroups.com
On Mon, Nov 2, 2009 at 20:26, Chad Fawcett <ch...@useless.net> wrote:
> I seem unable to login to r.android.com all of a suddon, and I'm wondering
> if it's related to the openid delegate changes. I login and have my changes
> submitted via an openid of "http://www.chadfawcett.com" which points to
> http://entropi.myopenid.com as its delegate.  Trying to login with
> www.chadfawcett.com now gets me a login error, but entropi.myopenid.com
> apparently got registered as a duplicate account, so if I try logging in
> with that id I get an empty anonymous account.
> Anyway for me to fix this or is there somehow get those accounts/logins
> merged?

Ugh.

I just merged your two accounts back together again for you. I'm
starting to debug your particular delegate case, I'm not sure why it
borked here, but was working fine for me yesterday on before I tagged
and released .24.

Shawn Pearce

unread,
Nov 3, 2009, 2:13:47 PM11/3/09
to repo-d...@googlegroups.com

So I think what happened to you was an exceptional case.

On 2009-09-29 you registered with http://www.chadfawcett.com/, and
unlike other users, somehow Gerrit used your claimed identity rather
than your delegate identity as your database key. So this account had
your user data in it.

On 2009-10-16 you registered a different account with your delegate
identity, http://entropi.myopenid.com/. This account appeared to be
largely unused.

When I upgraded to .24 yesterday Gerrit wanted to attach your delegate
identity to your first account, but balked because it found two
different accounts matched what the OpenID login transaction was
claiming to be a single user. I had to merge the two accounts
together to make it happy.

Issue 38 was reopened on Oct 8th claiming delegate identity stuff
broke around that time frame. Perhaps that's what happened to you,
and is why on Oct. 16th your login created a different user account by
accident.

Chad Fawcett

unread,
Nov 4, 2009, 12:21:36 AM11/4/09
to repo-d...@googlegroups.com
Thanks Shawn. Working fine now.

I wish I could provide more info on the exceptional cause of my scenario, but it's not an area I've worked with much. I know I had issues logging in on 10/16 and tried a number of things to work around the issue, one of which was apparently logging in directly via the delegate id, inadvertently creating the second account. I doubt it's related, but at the time of the original 9/29 setup I only had openid.server and openid.delegate <link> entries on the claimed identify site and not the openid2.local_id and openid2.provider ones. I can't think of anything else off in the setup to cause the claimed identity to be used if that wasn't normal behavior for others. 

Thanks again,

 -Chad
Reply all
Reply to author
Forward
0 new messages